From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0086.outbound.protection.outlook.com [104.47.42.86]) by dpdk.org (Postfix) with ESMTP id 569BA7CB3 for ; Wed, 14 Mar 2018 07:06:25 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=eJObrZVIMRj0DepjnnXQppXLwVDwTr5PiLw+yiqOI3s=; b=HESIAQtegO1k7B3TlbnbHwuxG3AOAQHjLPG4LASct8Ej+T3eL4x8fJGSkSAk0n19/LUD41uiW83DwYPUuRon83qO0ta1P5n1HdlJYDeDlefKOUItvM9qZ4iWm/F6ikECE7r4Ju+RQGKCkABWZ268IbTKQpFjz+CPG077gNZQ77o= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Anoob.Joseph@cavium.com; Received: from hyd1ajoseph-dt.caveonetworks.com (115.113.156.2) by BLUPR0701MB1057.namprd07.prod.outlook.com (2a01:111:e400:8b0::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.567.12; Wed, 14 Mar 2018 06:06:20 +0000 To: Akhil Goyal , Declan Doherty , Radu Nicolau Cc: Jerin Jacob , Narayana Prasad , Nelio Laranjeiro , dev@dpdk.org References: <1519191430-19201-1-git-send-email-anoob.joseph@caviumnetworks.com> <1519896103-32479-1-git-send-email-anoob.joseph@caviumnetworks.com> <1519896103-32479-5-git-send-email-anoob.joseph@caviumnetworks.com> <3b57c323-69c0-a20e-b846-d686576ac1da@nxp.com> From: Anoob Joseph Message-ID: <1a37eafa-9b6a-64fb-7295-dbfef9c81ff2@caviumnetworks.com> Date: Wed, 14 Mar 2018 11:36:04 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <3b57c323-69c0-a20e-b846-d686576ac1da@nxp.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Originating-IP: [115.113.156.2] X-ClientProxiedBy: BM1PR0101CA0058.INDPRD01.PROD.OUTLOOK.COM (2603:1096:b00:19::20) To BLUPR0701MB1057.namprd07.prod.outlook.com (2a01:111:e400:8b0::26) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: b3e6fc13-a1b2-4ecc-2714-08d58971b5f4 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BLUPR0701MB1057; X-Microsoft-Exchange-Diagnostics: 1; BLUPR0701MB1057; 3:cYEO6XG2TFn5sRQ0LdAWYBCj6emh8+3HdCvik4dfqgSvaIj14yv88LBaS+R4+wvotFglMklLXY/OYGXDlKoAq5JjfealS0WaN+k5JQg9V9yV3eCXP1/zBkz5/kcN6eBiMxFZaC30dSz23tI1jjQFHrWxlvZ9WsXosS1NkW5nX38WNGr+rd8XsRoj+/nx0Fd7LgA9jltJh9NoIZKYbonxxM+ctUh4lckAo8AhRRYsOfnD31WRi6kzS4My0+hO7AmA; 25:npAOIdvq3qa7ZcdZOr9Lq1k6995neWW5r4cV9FsyIoINHc/Wp5VVPrvcQvaWnRmNH/ktCLo9ETJolulaq9fkLpBKNv/T50aJbaPqpDCgQbiGrFU7WZG5DzIUAh3icDJNnNzt2syWeOJTb4jd4iKVfuw+EBLY2y5orFIK8wvVWCw8Va4oEDSraJFf3RDpCDrQn3r8T653sPraRtyqquJBf4IYDlmuw/y45SgM+4Y5d5l7Jlod+eZCLEuzg3R1ME5bMvVJp6ZBvhOxjXwImSxduQSA+8L1utwdU5wuWNZ2xZ0hFqITbYyf45mQOUn6mLX8vgoWDk9VkdpXYvn1CE7g7A==; 31:3iQfRIDRudXns2tRFxkhY7SDyuaWyru6E5rwSOQ50sCO3PRm4Nlk8v1/5Algab28RdAjZnMktWAE6qgQS6MyRxKwWD6Ub1ySY64iNIu2YcWuwk+3GhMdVAUKvE96JGSSdNGIZlZZoHqjH9FeAvsus/URTbrHY/LNJrEN9Ms1czvEjsrafkUxCMiV9PT3J1RlpabolWuGObbDASm9bICi/6uWVzNDrWFG2QwxANYlcjU= X-MS-TrafficTypeDiagnostic: BLUPR0701MB1057: X-Microsoft-Exchange-Diagnostics: 1; BLUPR0701MB1057; 20:E726F6XqnlYwecYL0y4LR4wLchgs9WrIeT3wlU3xV18V+by1gncR1e3IqVWRTcq0tMekchNAZkbNo+Pa3WDPzn1NPmzFrrvHiygHMIM5yXHAqCvcR2C8UoeJcCNjlE9IWwYixyZRgunGHbVgMqnX6A7LeOMuCQAQrkwXF1PZwImJlNWVNqSXVALuJ6sUvMFCT0btSSJJpgGcbU03JEQZ4nQ9/lrs0calxMGxy1S9UUmuTakwIlPkddSmwRuFaIV2sGO9i30I479oWY9r7FtU8Gr/V2QdgSK6J1wGFzVTEYKkiMGvFnK+Q+0c+vNbrTVCEa/EQDeBkFUqJ5xD7nXRCAdEozCadKue0rog4ssClmrz3//dgR/zccOB9ujnXumf4vfaNWJMgzyYyEjW88b8Vmvkq2VeFLobsNqG3dnF9ZxEF7VoqO3/2Y68OB46kP4DybfDpzQrGllkfoD5MJ10laPMhHtvkkJy8uwvbCNYX9c9CarBTqwNOQyZ/t2wXsVHu04E4Jv+XJ155girqJ4giTFqUJs/xz934S/Uzuj4c5bgE8xsV/6xrZrpGaBcs3aN+THEwjeQEgfEvcej8KL0L9+CjwOSU/d3VbUrpdpKgAQ= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(278428928389397)(192374486261705); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(3231221)(944501244)(52105095)(3002001)(10201501046)(6041310)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123562045)(20161123558120)(6072148)(201708071742011); SRVR:BLUPR0701MB1057; BCL:0; PCL:0; RULEID:; SRVR:BLUPR0701MB1057; X-Microsoft-Exchange-Diagnostics: 1; BLUPR0701MB1057; 4:0u9X6TjQY79e6D046SOZDr7UXFHtWhtYEz2DXGCCNRBnESDCHWjJGepHacJqy0WQyz94tc3P1yBScTmVF/pwvk+iua/tQMo4w3qJgvfWuqdS8+51RLB1I2HM7FVyXcdg7aq3nbTNet+0xQV75ANbQ444cWLoffUbVewaZkFGRFu4b8MpePHsKwgjjalvfELuQg9lLQjVQmvc4fHLPvclRUt5Hfy28Aq1e8T4UAAKMPAhaG87anjcrSydbnQ7JUoO8E+HUhUaJMFYleUsXVjO3dpC1l3GPrjt/zWO6N1HROJDVeyA3ZXbwFvzLqDYXlaVNhKojDgdX75MgttzcnrYvaOcFB4Uml3d5NGnmJIyQ0w= X-Forefront-PRVS: 0611A21987 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(39860400002)(39380400002)(376002)(366004)(396003)(346002)(52054003)(199004)(189003)(55236004)(106356001)(229853002)(6246003)(65806001)(65956001)(305945005)(66066001)(6486002)(4326008)(53936002)(5660300001)(7736002)(47776003)(68736007)(50466002)(69596002)(97736004)(31696002)(36756003)(31686004)(2906002)(105586002)(2870700001)(65826007)(53416004)(64126003)(2950100002)(6512007)(6666003)(6116002)(93886005)(8656006)(186003)(26005)(3846002)(81156014)(81166006)(53546011)(8936002)(25786009)(6506007)(386003)(52146003)(16526019)(72206003)(2486003)(52116002)(23676004)(59450400001)(316002)(54906003)(8676002)(42882007)(67846002)(76176011)(58126008)(478600001)(110136005); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR0701MB1057; H:hyd1ajoseph-dt.caveonetworks.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTFVQUjA3MDFNQjEwNTc7MjM6Vm1SbGZENThkV202djJQVVJTODEzNW0v?= =?utf-8?B?cjcyTjRsRUJmdHZFSHk3NENaREVhdlZGcS9iUGRKMjlHaklKeXNzRncwa0wy?= =?utf-8?B?eEF2c25QRlYvTVNmb0tQMlhLdUNrbmdqNUZBc0FTVFJKV3lvNjkvZUVoYlRO?= =?utf-8?B?UWlHWHRxbVNIVUFMNlFhTWpzeDl3ajVEYzh0a2l2dFUyTWlISFRuYUJmZ0Vq?= =?utf-8?B?cWptdXdHdlZhYzVVOE9DOXhkTWxyaG85L0hjdUNBTmRGQUhVZDNFckZWcUZu?= =?utf-8?B?a3Y0YWJEaEx5aEVPVS9BbUlJV0NRaDRmMDJJZ1VoMTVGamVnaFB0bWJoL0hU?= =?utf-8?B?ZFJoSE51aG1mcUFiMzRRalJDT0lIeit4MlZXY28ycEdocXo5UzFQSlBxSFo3?= =?utf-8?B?b2xnd0xhbCtvY2ZZcmdqaVIyQ3lZS2NQQVFmYjU0RXBaRjhQQUlRbzN4VU5r?= =?utf-8?B?dmV1Rm5WTm52VmZCVVcxdUpRd1ZCWFhXWktRNWNBY1VxRVFJR0RxMXAxdnhx?= =?utf-8?B?K1lMaUs4Qy9hTERnbXNDRzdjMkZ4c3Vxd0RSZDN6dlVFQzI3TU1laU9nLzVE?= =?utf-8?B?U1M5aTFVdENkejcvaDBROXNKdlFoQmFYaFpoVWNrYXpyelJMZk81SXBYczMx?= =?utf-8?B?a0ovYUU0MHhxSzdLYi9EZHE2R01PNHdyVks3cGgvVjRNdXhWMnBEbjk4NWFR?= =?utf-8?B?d3VhVnNPRlRneDkvWVREeHUyUks3U2hHK0dtUFhNcmtMYUlkK0YzcG9XY1hE?= =?utf-8?B?d1lwYURielFLWFVNS3BSS2pUYmYzUU5rU0hsQzJqRXFzWmdXVG9uUURuQ0l4?= =?utf-8?B?NGpCcjlHcjcwUHVzQTE0Y1ZoTUFDUnQwT3haNkZGUjg0bWF1NEdVTzJNSnA0?= =?utf-8?B?MW9memgwdmx3MzBQR01YbVU5dzYva3VSK0hVYmZxYzZYTyt1bGNZRGo3VVQ3?= =?utf-8?B?bk11TTJUbklpNVVvYWxXb21vMDRkYTdXaVcyZzErM3NXRW1qbWJ5bEdZOHIy?= =?utf-8?B?WFlXR3hhNTRzYUNaUDBLQWMzNlViUkx3MmtEd1FLc1JZUEhMV0U3Vng1MVRG?= =?utf-8?B?OXF4QXdzMUk3S2krN1oxaXg4Q0NCL1pFY0I3MW9UUzNmQkE2cE8yUnFVcDFi?= =?utf-8?B?ZjQ4UEZRZWxoN1FSM2Nma21OdXhMU0RXenpZbUZEVGNQeWM1U3RoRDR5TE1V?= =?utf-8?B?Z3dtdmFFVU0yeXY0dDhhWG1waW9qNnY5eGQ1YlpGMGJPaDRtQk1hd3JXSmN5?= =?utf-8?B?alBqY2dKejhCMDRMRjF2UDNEZ1pjVHNvNkJnTEp4M1djWHdXNHZCQWNsSmhQ?= =?utf-8?B?VURBZWZlTEREbE5IMlN2bFZnc2txQUJiUGlJK1lvUW1sOU90OVhFTjdMbGMr?= =?utf-8?B?TWEzMzNUTFRydTBsOVlPS1FhbE84c3QrMzdIMFl5dG9wR0FkeC9vTXRqOHIz?= =?utf-8?B?dWFNUTBMSmhyLzN1KzZnRDd5cnVrd1dDVzI1eUwydFpxT29zZEtCVkY0SnhM?= =?utf-8?B?MzhzY3l4T0huYzhzNEIwQmMxL29TeW5lbkJ1SHFENjNQQWovbGpFSktFWllG?= =?utf-8?B?YVgvZUJmWDNmMW56VkxQeW1tbnlWckpZb1RCK25qeEdHd0lUcjFqeDNoSmh5?= =?utf-8?B?dkZUSjJLQzVTVDlXZ25Td0l4NWxwYVRLRGpQUElmcWFGbGNReEVCZHNkTG5t?= =?utf-8?B?dzFOckhOYVY5RFk4UUdjTXVFRUovT2VRenp4SXBuZHVYQ1pGNnlDV0pGSEJy?= =?utf-8?B?VmtwRjQ1S2JucHdYQ0ZtQzN5eGJJeDhUbGEvSTAzeEJucDQrSGdkaFVjeEY5?= =?utf-8?B?Vm5DdTRmaHVGOENxT0lJUzR2UkY2UHBRY0J5NDhjOFcwazVmSzQ3dTNJTTRU?= =?utf-8?B?NkNJYm9GMEZaMWRZYThDZnBoK0Z2bURLUDA3K1RnSEoxWnhhSFRFUkQ0QjB1?= =?utf-8?B?UDVGZ25PMDZzZmwwVU5zcHJObmlQTTJlMUhHUVBpWVlhSThtQTZLakdGVnY1?= =?utf-8?B?TlkvK2FSUTk5YmIrdUZ0RHhiS2UwUWpWOEczRHlsczNnMnFSWXdVaTUvYWFY?= =?utf-8?Q?+W7gi7NAXw8g22rRGIB3Rg+hB4f?= X-Microsoft-Antispam-Message-Info: ZJp5jH0dNQw2/SGNL5CCxpaE9J4oWtrzxTYplqFLwM06Q4LO8kGCW7XwVRb17rHZc/E9HHJgEtbAXw0k2Y2lhvxariI0t7wqdtGWKUXtMRj81cGrP0b9cOOi6iNqjhcCg/HuoS4omcc0r8DPfEce61w16z+PXCb+P3AF6o4x92g0/lSRpFs4oPcuPhj95kJE X-Microsoft-Exchange-Diagnostics: 1; BLUPR0701MB1057; 6:qvztDD17jXL7lBWGJgdz+hrRc1P2/OXR3D+fdL5cVQ4YyoJ0BUpb/LTpgzJn0qBwcXBegO6PLuTE7/85JSe8Y7c9KyBxVb7qlBvSKmpzMCSiNDtdM4eAC1aLL7dmj3lGyLHr/m8FtdwJCtSgrMhyaRV0gneP1D1h3DlaGnX3JHpy/qWJItC8QJYs6Zm3/3mcct0vsc3xIgYwz+aYFNoptDAk3XEty2zedImgBTC/L9KG48MpZbzfve7LMytu63pxtcNIQtDI4VIIKOBrIekzfb9GEgEpRhQsBfnZn8HChiW/qHam9LHTsvP5sck4x9fo8aYko2U6ivEUmQSq5/abOk0XgsROsaMwSEkcFuK4O7w=; 5:lTuhfDHxbR8jVM7Xpg+al/JpTcPEgACty4LMAykQe/b7jP+hyWn8WwKNEQ7D2Q2NHB3DW8e/dTKqvjZrQgoCoR7DZdrPB9oBxoA6lTR5dERAr9yjTqQzUja90vmwu27AGw11o/F9oGRYbCfYd6z/5GTRnKySm3V5gGaEDRsjwF4=; 24:7booRWghgX+McfkWDCQeZh15Fjpi6oDXnO224BHCBfCHIpujJckzLMlpAlhvYZUJtq2lbu4QucO2yimYoP5U7fI80VVmiW+6PEX06vkpEzQ=; 7:4Q/4bm+Foqz1F+HT13YQ8mufy/uIcI3EDGkgQp/40j+fIpAur+pVxfobskMsU63mVYFkiVjuEJ7PCebBxuUfZzbr0n8JvL9snQ0pDt5WwRtTlB1HMJKE8jhM+ONeKj6X0h6MSj2qlp2f4ju3B2HDXM6f8HlKzmfFKKiyRBFeLegVCT74DwJjpNDdwG6yzVfNi8cXDolV+2ZcaE3UWelV0gYr4lJMpPIF7dv9VriDjw2GRfse4OuhlnTP58moF8CR SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Mar 2018 06:06:20.0915 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b3e6fc13-a1b2-4ecc-2714-08d58971b5f4 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR0701MB1057 Subject: Re: [dpdk-dev] [PATCH v2 4/5] examples/ipsec-secgw: handle ESN soft limit event X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2018 06:06:26 -0000 Hi Akhil, Please see inline. Thanks, Anoob On 13/03/18 17:54, Akhil Goyal wrote: > Hi Anoob, > > On 3/1/2018 2:51 PM, Anoob Joseph wrote: >> For inline protocol processing, the PMD/device is required to maintain >> the ESN. But the application is required to monitor ESN overflow to >> initiate SA expiry. >> >> For such cases, application would set the ESN soft limit. An IPsec event >> would be raised by rte_eth_event framework, when ESN hits the soft limit >> set by the application. >> >> Signed-off-by: Anoob Joseph >> --- >> v2: >> * No change >> >>   examples/ipsec-secgw/ipsec-secgw.c | 56 >> ++++++++++++++++++++++++++++++++++++++ >>   examples/ipsec-secgw/ipsec.c       | 10 +++++-- >>   examples/ipsec-secgw/ipsec.h       |  2 ++ >>   3 files changed, 65 insertions(+), 3 deletions(-) >> >> diff --git a/examples/ipsec-secgw/ipsec-secgw.c >> b/examples/ipsec-secgw/ipsec-secgw.c >> index 3a8562e..5726fd3 100644 >> --- a/examples/ipsec-secgw/ipsec-secgw.c >> +++ b/examples/ipsec-secgw/ipsec-secgw.c >> @@ -40,6 +40,7 @@ >>   #include >>   #include >>   #include >> +#include >>     #include "ipsec.h" >>   #include "parser.h" >> @@ -1640,6 +1641,58 @@ pool_init(struct socket_ctx *ctx, int32_t >> socket_id, uint32_t nb_mbuf) >>           printf("Allocated mbuf pool on socket %d\n", socket_id); >>   } >>   +static inline int >> +inline_ipsec_event_esn_overflow(struct rte_security_ctx *ctx, >> uint64_t md) >> +{ >> +    struct ipsec_sa *sa; >> + >> +    /* For inline protocol processing, the metadata in the event will >> +     * uniquely identify the security session which raised the event. >> +     * Application would then need the userdata it had registered >> with the >> +     * security session to process the event. >> +     */ >> + >> +    sa = (struct ipsec_sa *)rte_security_get_userdata(ctx, md); >> + >> +    if (sa == NULL) { >> +        /* userdata could not be retrieved */ >> +        return -1; >> +    } >> + >> +    /* Sequence number over flow. SA need to be re-established */ > > > With this patchset, application will be able to get notification if > the error has occurred. But it is not re-configuring the SA. > Do you intend to add the same? Ideally the application should initiate a SA renegotiation sequence (with IKE etc). But ipsec-secgw uses predetermined SAs, and so addition of SA renegotiation might not fit in with the current design. I was just adding this as a place holder for future expansion (and a model for real applications). What are your thoughts on addition here? Similar handling would be needed for byte & time expiry as well, when that is added. May be we could just log the event and leave it be. > >> +    RTE_SET_USED(sa); >> +    return 0; >> +} >> + >> +static int >> +inline_ipsec_event_callback(uint16_t port_id, enum >> rte_eth_event_type type, >> +         void *param, void *ret_param) >> +{ >> +    struct rte_eth_event_ipsec_desc *event_desc = NULL; >> +    struct rte_security_ctx *ctx = (struct rte_security_ctx *) >> +                    rte_eth_dev_get_sec_ctx(port_id); >> + >> +    RTE_SET_USED(param); >> + >> +    if (type != RTE_ETH_EVENT_IPSEC) >> +        return -1; >> + >> +    event_desc = ret_param; >> +    if (event_desc == NULL) { >> +        printf("Event descriptor not set\n"); >> +        return -1; >> +    } >> + >> +    if (event_desc->stype == RTE_ETH_EVENT_IPSEC_ESN_OVERFLOW) >> +        return inline_ipsec_event_esn_overflow(ctx, event_desc->md); >> +    else if (event_desc->stype >= RTE_ETH_EVENT_IPSEC_MAX) { >> +        printf("Invalid IPsec event reported\n"); >> +        return -1; >> +    } >> + >> +    return -1; >> +} >> + >>   int32_t >>   main(int32_t argc, char **argv) >>   { >> @@ -1727,6 +1780,9 @@ main(int32_t argc, char **argv) >>            */ >>           if (promiscuous_on) >>               rte_eth_promiscuous_enable(portid); >> + >> +        rte_eth_dev_callback_register(portid, >> +            RTE_ETH_EVENT_IPSEC, inline_ipsec_event_callback, NULL); >>       } >>         check_all_ports_link_status(nb_ports, enabled_port_mask); >> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c >> index 5fb5bc1..acdd189 100644 >> --- a/examples/ipsec-secgw/ipsec.c >> +++ b/examples/ipsec-secgw/ipsec.c >> @@ -36,6 +36,7 @@ set_ipsec_conf(struct ipsec_sa *sa, struct >> rte_security_ipsec_xform *ipsec) >>           } >>           /* TODO support for Transport and IPV6 tunnel */ >>       } >> +    ipsec->esn_soft_limit = IPSEC_OFFLOAD_ESN_SOFTLIMIT; >>   } >>     static inline int >> @@ -270,11 +271,14 @@ create_session(struct ipsec_ctx *ipsec_ctx, >> struct ipsec_sa *sa) >>                * the packet is received, this userdata will be >>                * retrieved using the metadata from the packet. >>                * >> -             * This is required only for inbound SAs. >> +             * The PMD is expected to set similar metadata for other >> +             * operations, like rte_eth_event, which are tied to >> +             * security session. In such cases, the userdata could >> +             * be obtained to uniquely identify the security >> +             * parameters denoted. >>                */ >>   -            if (sa->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) >> -                sess_conf.userdata = (void *) sa; >> +            sess_conf.userdata = (void *) sa; >>                 sa->sec_session = rte_security_session_create(ctx, >>                       &sess_conf, ipsec_ctx->session_pool); >> diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h >> index 6059f6c..c1450f6 100644 >> --- a/examples/ipsec-secgw/ipsec.h >> +++ b/examples/ipsec-secgw/ipsec.h >> @@ -21,6 +21,8 @@ >>     #define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */ >>   +#define IPSEC_OFFLOAD_ESN_SOFTLIMIT 0xffffff00 >> + >>   #define IV_OFFSET        (sizeof(struct rte_crypto_op) + \ >>                   sizeof(struct rte_crypto_sym_op)) >> >