security: add SA lifetime configuration
authorAnoob Joseph <anoobj@marvell.com>
Tue, 28 Sep 2021 10:59:54 +0000 (16:29 +0530)
committerAkhil Goyal <gakhil@marvell.com>
Tue, 28 Sep 2021 12:11:29 +0000 (14:11 +0200)
commitad7515a39f2af82b1f8ae8e3cb83dda44ae75c69
treec46ce6786551c3954d5d8de16eff77381cb281c1
parent0532f50c0e8a0e46fa98c36b53ce2b5989eb9054
security: add SA lifetime configuration

Add SA lifetime configuration to register soft and hard expiry limits.
Expiry can be in units of number of packets or bytes. Crypto op
status is also updated to include new field, aux_flags, which can be
used to indicate cases such as soft expiry in case of lookaside
protocol operations.

In case of soft expiry, the packets are successfully IPsec processed but
the soft expiry would indicate that SA needs to be reconfigured. For
inline protocol capable ethdev, this would result in an eth event while
for lookaside protocol capable cryptodev, this can be communicated via
`rte_crypto_op.aux_flags` field.

In case of hard expiry, the packets will not be IPsec processed and
would result in error.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
app/test/test_cryptodev_security_ipsec_test_vectors.h
doc/guides/rel_notes/deprecation.rst
doc/guides/rel_notes/release_21_11.rst
examples/ipsec-secgw/ipsec.c
examples/ipsec-secgw/ipsec.h
lib/cryptodev/rte_crypto.h
lib/security/rte_security.h