On 05.05.2017 11:12, Savolainen, Petri (Nokia - FI/Espoo) wrote: > > >> -----Original Message----- >> From: lng-odp [mailto:lng-odp-boun...@lists.linaro.org] On Behalf Of >> Github ODP bot >> Sent: Thursday, May 04, 2017 8:00 PM >> To: lng-odp@lists.linaro.org >> Subject: [lng-odp] [PATCH API-NEXT v1 1/2] api: ipsec: add soft limit >> expiration event >> >> From: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org> >> >> If outbound packet was processed in inline mode, soft limit expiration >> event is not reported, as packet goes to the interface. Instead report >> this as an ODP_IPSEC_STATUS_SA_SOFT_EXPIRED. >> >> Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsoleni...@linaro.org> >> --- >> /** Email created from pull request 22 (lumag:ipsec-limits) >> ** https://github.com/Linaro/odp/pull/22 >> ** Patch: https://github.com/Linaro/odp/pull/22.patch >> ** Base sha: 0707c974ed19c859fb92778c35a2f92bf7cd9fc6 >> ** Merge commit sha: bff71bdc47fecb62fced59449c139d3ea4b44def >> **/ >> include/odp/api/spec/ipsec.h | 5 ++++- >> 1 file changed, 4 insertions(+), 1 deletion(-) >> >> diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h >> index 384c43d..2f8a007 100644 >> --- a/include/odp/api/spec/ipsec.h >> +++ b/include/odp/api/spec/ipsec.h >> @@ -1080,7 +1080,10 @@ typedef struct odp_ipsec_op_result_t { >> */ >> typedef enum odp_ipsec_status_id_t { >> /** Response to SA disable command */ >> - ODP_IPSEC_STATUS_SA_DISABLE = 0 >> + ODP_IPSEC_STATUS_SA_DISABLE = 0, >> + >> + /** Soft limit expired on this SA */ >> + ODP_IPSEC_STATUS_SA_SOFT_EXPIRED >> >> } odp_ipsec_status_id_t; >> > > I was speculating this with Janne. We can to an conclusion that is better not > to force every IPsec implementation to run a timer. > > So, either keep the current situation where time expiry is reported only with > packets, or remove the time expiry support altogether. Checking time with > incoming packets is easy, compared to running timers (which may need a > background thread to serve SA timers, etc). In both cases application would > run its own timer, if it needs to notice expiry before packets hit it.
This was thought as an event for bytes/packets expiry. Not for time-based expiry. -- With best wishes Dmitry
