From patchwork Thu Nov 16 01:00:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Github ODP bot X-Patchwork-Id: 119005 Delivered-To: patch@linaro.org Received: by 10.140.22.164 with SMTP id 33csp4991097qgn; Wed, 15 Nov 2017 17:00:51 -0800 (PST) X-Google-Smtp-Source: AGs4zMY2XnqgJ6Kn+IZ/8P6pebmOO9apN2xHNUA1Z1hbsyhfbwSr+OqHP1QMItGs6bMnuTPokQyj X-Received: by 10.233.230.69 with SMTP id x5mr26091490qkl.321.1510794051130; Wed, 15 Nov 2017 17:00:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510794051; cv=none; d=google.com; s=arc-20160816; b=FjK5c/5fFwFOQJB1wCdSoJlEImZJSHSNflknB/GmD3yYjCs7ioy6qM5kCXMAh7Ec5W dw1dLZoNpIr7/RIQo3upm+jTpJ9m9c37gTHhhlimUHQrFi0ba3kKh2uen+CT7Y1mf9NH BbVXtYukL8lXZXaGo+9UTLMC3pN2nwQFHlO89KQibhRtqWAi2OftmsCXhWao7dmQigAJ ikhhdQM+zNYVuRggNORoFHsPje+Fcrxy9BdQQ4LkgwWLZtzhminS11njnLIm8Sr0b+fA Ji7O3Bo4SGdGsZYYW/+3wlHgGtVZOF5HcRkQLBInPm8nmzgPl98/4RXzpwA/4AaIODyu YqJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:github-pr-num :references:in-reply-to:message-id:date:to:from:delivered-to :arc-authentication-results; bh=nJn+brGv1rbHXL1DWAMugY7KAE9bCUL6MNt1K2pXW5E=; b=GadScEAsm0inKS9mWodP1Iioe25mghgu/8NnpPmZY52yyMwZ2feiGMcf8wgT/q/Cr0 Hyt9tkSwDh9Kn0ZVAxsnWMEuC1VFtJhujyR/M6U27c7xWowjfwfnb1KkeLVTCZBEHm68 EBlK4n/umILMIKIaNQL0xxFmGNl/huwTDY5Niv5z4wOvWB+uK0F1K5chECD9O+V5eGmj CZonBKlNkqmEHSCKcE+1mm8+1fxWrjVXetaPapt/K1RnqfsjFHdrbGixCH13EK3Sipjw vtzDzceDqnCtAzZeK4/zyIM0WEoo+EFXf2ogqZ8lhyyzeLyjPxNKFM98gLVwplWQDlc/ Yh3Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Return-Path: Received: from lists.linaro.org (ec2-54-197-127-237.compute-1.amazonaws.com. [54.197.127.237]) by mx.google.com with ESMTP id m24si8007080qta.98.2017.11.15.17.00.50; Wed, 15 Nov 2017 17:00:51 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) client-ip=54.197.127.237; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.197.127.237 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=yandex.ru Received: by lists.linaro.org (Postfix, from userid 109) id CDD9760736; Thu, 16 Nov 2017 01:00:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,URIBL_BLOCKED autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id B493260721; Thu, 16 Nov 2017 01:00:24 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id 6A4796068B; Thu, 16 Nov 2017 01:00:14 +0000 (UTC) Received: from forward106j.mail.yandex.net (forward106j.mail.yandex.net [5.45.198.249]) by lists.linaro.org (Postfix) with ESMTPS id 1012260678 for ; Thu, 16 Nov 2017 01:00:10 +0000 (UTC) Received: from mxback5j.mail.yandex.net (mxback5j.mail.yandex.net [IPv6:2a02:6b8:0:1619::10e]) by forward106j.mail.yandex.net (Yandex) with ESMTP id 84A3D18035EA for ; Thu, 16 Nov 2017 04:00:08 +0300 (MSK) Received: from smtp1p.mail.yandex.net (smtp1p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:6]) by mxback5j.mail.yandex.net (nwsmtp/Yandex) with ESMTP id RYjoW5ihOp-08B0BrTO; Thu, 16 Nov 2017 04:00:08 +0300 Received: by smtp1p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id C5IlVRx92u-07WSaNmc; Thu, 16 Nov 2017 04:00:07 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client certificate not present) From: Github ODP bot To: lng-odp@lists.linaro.org Date: Thu, 16 Nov 2017 04:00:06 +0300 Message-Id: <1510794006-1938-2-git-send-email-odpbot@yandex.ru> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510794006-1938-1-git-send-email-odpbot@yandex.ru> References: <1510794006-1938-1-git-send-email-odpbot@yandex.ru> Github-pr-num: 296 Subject: [lng-odp] [PATCH API-NEXT v1 1/1] doc: userguide: ipsec state machine changes X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" From: Bill Fischofer Split the single IPsec FSM into separate FSM diagrams showing SA state transitions and IPsec packet operations on SAs. Update User Guide to reflect these changes as well. Signed-off-by: Bill Fischofer --- /** Email created from pull request 296 (Bill-Fischofer-Linaro:ipsec-doc) ** https://github.com/Linaro/odp/pull/296 ** Patch: https://github.com/Linaro/odp/pull/296.patch ** Base sha: d4b364849c4abb4c71e0c5260e1a793ebb8dc97d ** Merge commit sha: b79ed4256cf492938cee07b27d83ee1c83fe9b52 **/ doc/images/.gitignore | 3 ++- doc/images/ipsec_fsm.gv | 32 -------------------------------- doc/images/ipsec_op_fsm.gv | 21 +++++++++++++++++++++ doc/images/ipsec_sa_fsm.gv | 18 ++++++++++++++++++ doc/users-guide/Makefile.am | 6 ++++-- doc/users-guide/users-guide-ipsec.adoc | 9 +++++++-- 6 files changed, 52 insertions(+), 37 deletions(-) delete mode 100644 doc/images/ipsec_fsm.gv create mode 100644 doc/images/ipsec_op_fsm.gv create mode 100644 doc/images/ipsec_sa_fsm.gv diff --git a/doc/images/.gitignore b/doc/images/.gitignore index 0aa34793f..1876610e5 100644 --- a/doc/images/.gitignore +++ b/doc/images/.gitignore @@ -1,5 +1,6 @@ resource_management.svg -ipsec_fsm.svg +ipsec_op_fsm.svg +ipsec_sa_fsm.svg pktio_fsm.svg timer_fsm.svg timeout_fsm.svg diff --git a/doc/images/ipsec_fsm.gv b/doc/images/ipsec_fsm.gv deleted file mode 100644 index 1e78c8b85..000000000 --- a/doc/images/ipsec_fsm.gv +++ /dev/null @@ -1,32 +0,0 @@ -digraph ipsec_state_machine { - rankdir=LR; - size="12,12"; - node [fontsize=28]; - edge [fontsize=28]; - node [shape=doublecircle]; Unconfigured Configured SA_Ready SA_Expired; - node [shape=circle]; - Unconfigured -> Configured [label="odp_ipsec_config()" - constraint=false]; - Configured -> SA_Ready [label="odp_ipsec_sa_create()"]; - SA_Ready -> Disable_Pending [label="odp_ipsec_sa_disable()"]; - Disable_Pending -> Disable_Check [label="odp_queue_deq()"]; - Disable_Pending -> Disable_Check [label="odp_schedule()"]; - SA_Disabled -> Configured [label="odp_ipsec_sa_destroy()" - constraint=false]; - SA_Ready -> Processing [label="odp_ipsec_in_enq()"]; - SA_Ready -> Processing [label="odp_ipsec_out_enq()"]; - Processing -> Op_Complete [label="odp_queue_deq()"]; - Processing -> Op_Complete [label="odp_schedule()"]; - Op_Complete -> SA_Expired [label="hard limit reached" constraint=false]; - SA_Ready -> SA_Ready [label="odp_ipsec_in()"]; - SA_Ready -> SA_Ready [label="odp_ipsec_out()"]; - SA_Ready -> SA_Ready [label="odp_ipsec_out_inline()"]; - SA_Ready -> SA_Expired [label="hard limit reached"]; - Op_Complete -> SA_Ready [label="odp_ipsec_result()"] - Op_Complete -> SA_Ready [label="odp_ipsec_status()"] - Disable_Check -> SA_Disabled [label="odp_ipsec_status()" - constraint=false]; - Disable_Check -> Disable_Pending [label="odp_ipsec_result()" - constraint=false]; - SA_Expired -> Disable_Pending [label="odp_ipsec_sa_disable()"]; -} diff --git a/doc/images/ipsec_op_fsm.gv b/doc/images/ipsec_op_fsm.gv new file mode 100644 index 000000000..c1d548b12 --- /dev/null +++ b/doc/images/ipsec_op_fsm.gv @@ -0,0 +1,21 @@ +digraph ipsec_op_state_machine { + rankdir=LR; + size="12,12"; + node [fontsize=28]; + edge [fontsize=28]; + node [shape=doublecircle]; SA_Ready + node [shape=circle]; + + SA_Ready -> SA_Ready [lable="odp_ipsec_in()"]; + SA_Ready -> SA_Ready [label="odp_ipsec_out()"] + SA_Ready -> SA_Ready [label="odp_ipsec_out_inline()"]; + + SA_Ready -> Processing [label="odp_ipsec_in_enq()"]; + SA_Ready -> Processing [label="odp_ipsec_out_enq()"]; + + Processing -> Op_Complete [label="odp_queue_deq()"]; + Processing -> Op_Complete [label="odp_schedule()"]; + + Op_Complete -> SA_Ready [label="odp_ipsec_result()"]; + Op_Complete -> SA_Ready [label="odp_ipsec_status()"]; +} diff --git a/doc/images/ipsec_sa_fsm.gv b/doc/images/ipsec_sa_fsm.gv new file mode 100644 index 000000000..93e8f5851 --- /dev/null +++ b/doc/images/ipsec_sa_fsm.gv @@ -0,0 +1,18 @@ +digraph ipsec_sa_state_machine { + rankdir=LR; + size="12,12"; + node [fontsize=28]; + edge [fontsize=28]; + node [shape=doublecircle]; Nonexistent SA_Ready SA_Expired + node [shape=circle]; + + SA_Ready -> SA_Ready [label="ODP IPsec packet operations"]; + Nonexistent -> SA_Ready [label="odp_ipsec_sa_create()" + constraint=false]; + SA_Ready -> SA_Expired [label="hard limit reached"]; + SA_Expired -> Disable_Pending [label="odp_ipsec_sa_disable()"]; + SA_Ready -> Disable_Pending [label="odp_ipsec_sa_disable()"]; + Disable_Pending -> Disable_Pending [label="odp_ipsec_result()"]; + Disable_Pending -> SA_Disabled [label="odp_ipsec_status()"]; + SA_Disabled -> Nonexistent [label="odp_ipsec_sa_destroy()"]; +} diff --git a/doc/users-guide/Makefile.am b/doc/users-guide/Makefile.am index 54f87bb63..171e0cf28 100644 --- a/doc/users-guide/Makefile.am +++ b/doc/users-guide/Makefile.am @@ -11,7 +11,8 @@ SRC = users-guide.adoc \ TARGET = users-guide.html IMAGES = $(IMAGES_DIR)/overview.svg \ $(IMAGES_DIR)/atomic_queue.svg \ - $(IMAGES_DIR)/ipsec_fsm.svg \ + $(IMAGES_DIR)/ipsec_op_fsm.svg \ + $(IMAGES_DIR)/ipsec_sa_fsm.svg \ $(IMAGES_DIR)/odp_components.svg \ $(IMAGES_DIR)/ODP-Logo-HQ.svg \ $(IMAGES_DIR)/odp_rx_processing.svg \ @@ -48,7 +49,8 @@ IMAGES += $(IMAGES_DIR)/resource_management.svg endif IMAGES_SRCS = \ - $(IMAGES_DIR)/ipsec_fsm.gv \ + $(IMAGES_DIR)/ipsec_op_fsm.gv \ + $(IMAGES_DIR)/ipsec_sa_fsm.gv \ $(IMAGES_DIR)/pktio_fsm.gv \ $(IMAGES_DIR)/resource_management.msc \ $(IMAGES_DIR)/timeout_fsm.gv \ diff --git a/doc/users-guide/users-guide-ipsec.adoc b/doc/users-guide/users-guide-ipsec.adoc index d560df9c4..ded22abb8 100644 --- a/doc/users-guide/users-guide-ipsec.adoc +++ b/doc/users-guide/users-guide-ipsec.adoc @@ -245,9 +245,14 @@ As can be seen, SAs have a large degree of configurability. ==== SA Lifecycle Management In discussing the lifecycle of an SA, it is useful to refer to the following -state diagram: +two state diagrams. The first shows the SA state transitions: -image::ipsec_fsm.svg[align="center"] +image::ipsec_sa_fsm.svg[align="center"] + +The second shows the state transitions of IPsec operations performed against +SAs: + +image::ipsec_op_fsm.svg[align="center"] After creation, IPsec services are active for this Security Association. The specific APIs that can be used on this SA depends on the IPsec operating mode