> -----Original Message----- > From: lng-odp [mailto:[email protected]] On Behalf Of > Github ODP bot > Sent: Thursday, May 04, 2017 8:00 PM > To: [email protected] > Subject: [lng-odp] [PATCH API-NEXT v1 1/2] api: ipsec: add soft limit > expiration event > > From: Dmitry Eremin-Solenikov <[email protected]> > > If outbound packet was processed in inline mode, soft limit expiration > event is not reported, as packet goes to the interface. Instead report > this as an ODP_IPSEC_STATUS_SA_SOFT_EXPIRED. > > Signed-off-by: Dmitry Eremin-Solenikov <[email protected]> > --- > /** Email created from pull request 22 (lumag:ipsec-limits) > ** https://github.com/Linaro/odp/pull/22 > ** Patch: https://github.com/Linaro/odp/pull/22.patch > ** Base sha: 0707c974ed19c859fb92778c35a2f92bf7cd9fc6 > ** Merge commit sha: bff71bdc47fecb62fced59449c139d3ea4b44def > **/ > include/odp/api/spec/ipsec.h | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h > index 384c43d..2f8a007 100644 > --- a/include/odp/api/spec/ipsec.h > +++ b/include/odp/api/spec/ipsec.h > @@ -1080,7 +1080,10 @@ typedef struct odp_ipsec_op_result_t { > */ > typedef enum odp_ipsec_status_id_t { > /** Response to SA disable command */ > - ODP_IPSEC_STATUS_SA_DISABLE = 0 > + ODP_IPSEC_STATUS_SA_DISABLE = 0, > + > + /** Soft limit expired on this SA */ > + ODP_IPSEC_STATUS_SA_SOFT_EXPIRED > > } odp_ipsec_status_id_t; >
I was speculating this with Janne. We can to an conclusion that is better not to force every IPsec implementation to run a timer. So, either keep the current situation where time expiry is reported only with packets, or remove the time expiry support altogether. Checking time with incoming packets is easy, compared to running timers (which may need a background thread to serve SA timers, etc). In both cases application would run its own timer, if it needs to notice expiry before packets hit it. -Petri
