git.droids-corp.org - dpdk.git/commit

author	Anoob Joseph <anoobj@marvell.com>
	Tue, 28 Sep 2021 10:59:54 +0000 (16:29 +0530)
committer	Akhil Goyal <gakhil@marvell.com>
	Tue, 28 Sep 2021 12:11:29 +0000 (14:11 +0200)
commit	ad7515a39f2af82b1f8ae8e3cb83dda44ae75c69
tree	c46ce6786551c3954d5d8de16eff77381cb281c1	tree \| snapshot
parent	0532f50c0e8a0e46fa98c36b53ce2b5989eb9054	commit \| diff

security: add SA lifetime configuration

Add SA lifetime configuration to register soft and hard expiry limits.
Expiry can be in units of number of packets or bytes. Crypto op
status is also updated to include new field, aux_flags, which can be
used to indicate cases such as soft expiry in case of lookaside
protocol operations.

In case of soft expiry, the packets are successfully IPsec processed but
the soft expiry would indicate that SA needs to be reconfigured. For
inline protocol capable ethdev, this would result in an eth event while
for lookaside protocol capable cryptodev, this can be communicated via
`rte_crypto_op.aux_flags` field.

In case of hard expiry, the packets will not be IPsec processed and
would result in error.

Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

app/test/test_cryptodev_security_ipsec_test_vectors.h		diff \| blob \| history
doc/guides/rel_notes/deprecation.rst		diff \| blob \| history
doc/guides/rel_notes/release_21_11.rst		diff \| blob \| history
examples/ipsec-secgw/ipsec.c		diff \| blob \| history
examples/ipsec-secgw/ipsec.h		diff \| blob \| history
lib/cryptodev/rte_crypto.h		diff \| blob \| history
lib/security/rte_security.h		diff \| blob \| history