[Moving the discussion to the ODP list]
> > Bogdan: I wonder why ODP did not considered to signal SA expiry as a status
> > event (like
> ODP_IPSEC_STATUS_SA_DISABLE)... meaning, what if there is no packet?
>
> This is an ODP question and that discussion should be moved to the ODP
> mailing list. The answer is that IPsec exceptions have yet to be
> defined as the IPsec API is still a working definition and not yet
> finalized. This is something we should finalize at next month's design
> sprint.
>
Commenting from the point-of-view of the current API draft:
Soft expiry for byte or packet based lifetimes does not indicate
any error in processing the packet and therefore using the normal
per-SA completion queue is desired since then packet order is
reserved and different SAs can use different queues for more
parallelism.
For time based soft lifetimes the current mechanism is indeed not
very useful as the expiration can be signaled only if there was
a packet for the SA *). Therefore the application would need to
keep track of time based lifetimes anyway.
I would still keep byte and packet based lifetime expirations in the
operation result since they are related to the processed packets,
but maybe soft time based lifetimes should be moved to the status
event (or even removed altogether?).
Even if the expiration of hard time based lifetimes could be
signaled through the status event, the status is needed also
in the operation result for the case an attempt is made to
use an expired SA.
*) Actually, time based life time expiration could be signaled
through the operation result e.g. by generating an event (or
one additional result to an event) that does not correspond to
any input packet and does not have a valid packet pointer.
But if that was the intention, the API would have said something
about it.
Janne
