From: Dmitry Eremin-Solenikov <[email protected]> According to the discussion on mailing list, most of implementations will not be able to support odp_ipsec_sa_disable() status event directly. Instead they will submit a dummy packet to that SA. Then after receiving this packet after odp_ipsec_result() will detect this packet and will report it as a packet with odp_ipsec_error_t->sa_disabled bit set.
Signed-off-by: Dmitry Eremin-Solenikov <[email protected]> Cc: Nikhil Agarwal <[email protected]> Cc: Balasubramanian Manoharan <[email protected]> --- /** Email created from pull request 256 (lumag:ipsec_sa_disable_v2) ** https://github.com/Linaro/odp/pull/256 ** Patch: https://github.com/Linaro/odp/pull/256.patch ** Base sha: 825f75ed8644ef57c5648961e7982daf13cd9375 ** Merge commit sha: 1bab6bb255422c8eb061c6482397eb498fc7b1cc **/ include/odp/api/spec/ipsec.h | 38 ++++++++++++++------------------------ 1 file changed, 14 insertions(+), 24 deletions(-) diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h index 26e852fca..f550b6bac 100644 --- a/include/odp/api/spec/ipsec.h +++ b/include/odp/api/spec/ipsec.h @@ -842,11 +842,12 @@ odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param); * the SA and be processed successfully. * * When in synchronous operation mode, the call will return when it's possible - * to destroy the SA. In asynchronous mode, the same is indicated by an - * ODP_EVENT_IPSEC_STATUS event sent to the queue specified for the SA. The - * status event is guaranteed to be the last event for the SA, i.e. all + * to destroy the SA. In asynchronous mode, the same is indicated by a packet + * event sent to the queue specified for the SA having sa_disabled error bit + * set. The packet is guaranteed to be the last event for the SA, i.e. all * in-progress operations have completed and resulting events (including status - * events) have been enqueued before it. + * events) have been enqueued before it. The will be no more packets coming + * from SA queue. * * @param sa IPSEC SA to be disabled * @@ -914,6 +915,8 @@ typedef struct odp_ipsec_error_t { /** Hard lifetime expired: packets */ uint32_t hard_exp_packets : 1; + + uint32_t sa_disabled : 1; }; /** All error bits @@ -927,7 +930,12 @@ typedef struct odp_ipsec_error_t { } odp_ipsec_error_t; -/** IPSEC warnings */ +/** IPSEC warnings + * + * For outbound SAs in ODP_IPSEC_OP_MODE_INLINE mode warnings can be reported + * only as status events. In all other cases warnings can be reported either as + * a part of packet result or via separate ODP status event. + */ typedef struct odp_ipsec_warn_t { /** IPSEC warnings */ union { @@ -1133,15 +1141,6 @@ typedef struct odp_ipsec_packet_result_t { * IPSEC status ID */ typedef enum odp_ipsec_status_id_t { - /** Response to SA disable command - * - * Following status event (odp_ipsec_status_t) fields have valid - * content, other fields must be ignored: - * - sa: The SA that was requested to be disabled - * - result: Operation result - */ - ODP_IPSEC_STATUS_SA_DISABLE = 0, - /** Warning from inline IPSEC processing * * Following status event (odp_ipsec_status_t) fields have valid @@ -1152,7 +1151,7 @@ typedef enum odp_ipsec_status_id_t { * This status event is generated only for outbound SAs in * ODP_IPSEC_OP_MODE_INLINE mode. */ - ODP_IPSEC_STATUS_WARN + ODP_IPSEC_STATUS_WARN = 0 } odp_ipsec_status_id_t; @@ -1166,13 +1165,6 @@ typedef struct odp_ipsec_status_t { /** IPSEC SA that was target of the operation */ odp_ipsec_sa_t sa; - /** Result of the operation - * - * 0: Success - * <0: Failure - */ - int result; - /** Warnings of an ODP_IPSEC_STATUS_WARN status event */ odp_ipsec_warn_t warn; @@ -1469,8 +1461,6 @@ int odp_ipsec_result(odp_ipsec_packet_result_t *result, odp_packet_t packet); * * @retval 0 On success * @retval <0 On failure - * - * @see odp_ipsec_sa_disable() */ int odp_ipsec_status(odp_ipsec_status_t *status, odp_event_t event);
