From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0085.outbound.protection.outlook.com [104.47.42.85]) by dpdk.org (Postfix) with ESMTP id 66055397D for ; Fri, 15 Dec 2017 18:01:38 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=KNDWDRr2a+e7vLuFBFwp5txPpjhcTyxqolZaPs42TJM=; b=Ox0O9HddhxC0iHa8gY/VcDE1qtgP10GuUzULvmDpBqjbSGCN4JZCbx5x5nBQ4deysKGN3i0ZN7k+y2XOxO8xnwuul8slEfchuoYTuIxH5F5c+1Ai9BBmKE6hUAhJJ1O6LeDVS1JWhg2FvOqGRtIxqEiS4cRo9/6OXH1930CCbyM= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Anoob.Joseph@cavium.com; Received: from [192.168.0.107] (183.82.140.80) by CY4PR0701MB3633.namprd07.prod.outlook.com (2603:10b6:910:92::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.302.9; Fri, 15 Dec 2017 17:01:34 +0000 To: Nelio Laranjeiro Cc: Sergio Gonzalez Monroy , Radu Nicolau , dev@dpdk.org References: <5d3fdd0c05d5f8afd3f8e38ca03eaf25187d5c98.1513000931.git.nelio.laranjeiro@6wind.com> <89add3272024fefe644a9e636a476c85d39e398b.1513264386.git.nelio.laranjeiro@6wind.com> <78f97959-bf6c-33cc-e758-d232013ea159@caviumnetworks.com> <20171215135300.zm6ubao24qqxstpl@laranjeiro-vm.dev.6wind.com> <20171215165352.htocozxulv74e6xc@laranjeiro-vm.dev.6wind.com> From: Anoob Joseph Message-ID: <6189158c-c341-cb57-02b3-ab050e0c6e30@caviumnetworks.com> Date: Fri, 15 Dec 2017 22:31:12 +0530 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: <20171215165352.htocozxulv74e6xc@laranjeiro-vm.dev.6wind.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Originating-IP: [183.82.140.80] X-ClientProxiedBy: SG2PR0601CA0008.apcprd06.prod.outlook.com (2603:1096:3::18) To CY4PR0701MB3633.namprd07.prod.outlook.com (2603:10b6:910:92::35) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: d3d4dac1-cbc1-4312-1716-08d543dd7ff2 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603307); SRVR:CY4PR0701MB3633; X-Microsoft-Exchange-Diagnostics: 1; CY4PR0701MB3633; 3:QBF3ZPFwWGMCIcKkHPkH4BBImTcBupezE1Jdta0F1rv41O51VdYAw1p87aMArD3WVvRck0HHCEnvhX0mciURbBB324A01vp+FAQASxrD10YSds30f9BYkoGW6JbAf9XoI9Rq4molTIlPhTUR7S/riIK8P6v+AKTSdceAiJnDUZ5JY1/VEfBQ2NhWnqHF3AuzH9+LbrykLiGi5Ko/UDIpaOuMg/qvIcx2f8+a6nR7q2Wrh4I0Vpw/G1rPmnhLS0oB; 25:XO96GCVW4iL6lAgTtaj9usCFwMFnkZfRTf6CbCiOlT7YhuIDXIorEfvRJ9qNuAl766a7ZcBdiqLjuGOnOLWyBD9Dr5rvN0NW7XiHT3AK5DcxOt6RCyOIybqurXmzma6lPAwiT3g9qvDMMJQES/OLQnJs/MsnCg5AHoob4YEcfSuWeyj24tAejf26UMp21kZ71T5tetYwGVSu06PFKN0XqkUGe7AJwPnE6xk/5BjBUD0udGRJ8nhnnSz3kBCL91xwAsKwqXzlMud0AaCyUiRCm69rdvTxHWIISvOalRGYl6cBDWMjEqQefzwaWfjt1KDQixbEaGNOcTAhTGUaFA4AFQ==; 31:WFd/GrSh1wJiIMt8sMLNS59FB6oyk5wbCc7SuSg8OyfTAlULG/+uBCzrT7eT8rqDF6fxLDGtOeuEJ1WR/c8fe5hCZaKFwv71IsvBNmhOYWF5pG0CNtF4l75pTUC3yg/qevfEr++oJCPjSmDVUr9zk27iM/Tyx14VRpE3qEymMa5+j7MtPt1mO7YpK+UzkchUcZpKSXbAq729CrdprT6cHYyBLNh7Mkllzzni05W/8Hc= X-MS-TrafficTypeDiagnostic: CY4PR0701MB3633: X-Microsoft-Exchange-Diagnostics: 1; CY4PR0701MB3633; 20:yjCDArCNj9AseGiquXbLYL5AA2RaNd/FzDrixhq4yE31Ep5jb/zVtXW1l5TMRpOSLwHyK/RZFxWOw5iZe/eGrNfb0OmXRqqJSaHoQP94WrXC2/Fhk/BM/3gj9K/7aKv1fKM7E1QUfn8iaG4cL7Zh2QUzcWzypUrxQmChPjRIPLQl8cnr8fxZz3+Vojn4MSvJOePsdn93NvDJYVYMCmL63hEdzl3N+vBLWMGDukesfrpbTg0POHJIFgsMwEllUHr6/rRBNuLH29ySvG8WHbxMqHX2QMr6HHdcDhX6zHQIt2S99We3NIHX6hyE0mHcFkCm2UuslDxPAwsPNNXxuOWVRpLLjG9EqrB7IJOqdx4wAYH8xoJ4Dg7LJ6eyPdVqUPul/xuOSCN8LqULYdZ3VM1jdNDJLe+4RNp7bAbRwIAtHYgeUUVzUOaDjsGVP7VAXZKE93WVaX5SsE89qEVWpaYBsa2C3QWf06iSKGYZ/js15zBQtLs6Dd/TKo0IWJmZf5c/ERA8iJPRu/B09VvOuZ0vaS26UIMj5N/ODazAfwgnW9jMzyjY+mWrG8VlskLshEjiL0p5NQGiCiQN9DPkIacVi7up0gKVAZaPx+jH+la4AGo=; 4:y4ya5OygpDQVjKbXIWMZSBsGRlvBDVJMzgRYc5dLrJeLNFaMuKOluRoErzVZdL4CH6t6MrxYY2dKzcejDn+zmg0NzjVu8Hl9Gv8+KDtP/qyDL/Y6aZm5vajL2ao+WN2PwNS/kJnJkAyjG2a4P4wfVHT6AcbDP9ukeZBOokrZpPhCwDVe8zXddSaTqHkKE2OkdG/OmAexUnbaN7fZr7LrJcXFe+Oz2k1yM0MVrJztswafXQUD/tUrHXFIMQn+lkgofwxpCDt9zwC9CFvU4LrPnun+gb440s/0A0elNKC49GEIR3jGF/AXmrEj8n+la50W X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(8121501046)(5005006)(3002001)(10201501046)(3231023)(93006095)(6041248)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123562025)(20161123555025)(20161123558100)(6072148)(201708071742011); SRVR:CY4PR0701MB3633; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:CY4PR0701MB3633; X-Forefront-PRVS: 05220145DE X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6049001)(346002)(396003)(376002)(366004)(39860400002)(199004)(189003)(52164004)(377424004)(24454002)(52146003)(7736002)(117156002)(8676002)(76176011)(2486003)(6306002)(316002)(52116002)(97736004)(93886005)(966005)(81156014)(81166006)(305945005)(72206003)(478600001)(23676004)(31696002)(6246003)(77096006)(229853002)(67846002)(53936002)(53546011)(68736007)(42882006)(58126008)(16526018)(65826007)(59450400001)(16576012)(54906003)(5660300001)(25786009)(2950100002)(6916009)(83506002)(3260700006)(386003)(6666003)(6486002)(105586002)(2906002)(36756003)(3846002)(64126003)(2870700001)(8936002)(4326008)(106356001)(31686004)(66066001)(65956001)(47776003)(65806001)(6116002)(50466002); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR0701MB3633; H:[192.168.0.107]; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTRQUjA3MDFNQjM2MzM7MjM6RDZ2djRESzZGSDA3Nit5ckVJMFZXV0Nq?= =?utf-8?B?cndRSkRXT0FrYWpLc2J3SnNGMFdHdmJXb2VhNVdHUlVsanN6d28yVHpQSUor?= =?utf-8?B?WnlSb3FNRDRxWjE1S0NFRWZnWlI2bk9BY3NaaFBMdE5uaXNQNE93UzMxck9Z?= =?utf-8?B?bGd4M05vYUNsMnhWK0NxVUM2UWkrVGdHRUltWnZkcit6dDhhWkZLandmbEFM?= =?utf-8?B?OUNIbVQwcnlYK1NxM01WcFpkVC9LUm1uR0FZVzZ2Q2VseFZidWh3aTROTWdH?= =?utf-8?B?N05uRHNTM2tJZlQ5T2lCaElQMG1GNVFObTB2TXMrN25Ga21nZ2lDV2tYVWw1?= =?utf-8?B?dnlWbEF3eXhDcWZORVVDeVNiMExzalRsTjNha2NzWFRFYlZTKzhJVTk5OXlz?= =?utf-8?B?Z0dhdEM1d0pXTFhqYUlxU0NReFIySUJ6aGh3Mml5TDh3UjVjMHVobnNLT2JD?= =?utf-8?B?L0l2d1k3Rjc2MFIrYi9IM0w0bTkzZXRYa3NtcUhpL2FNVnN3MkZMUW1Bc2pQ?= =?utf-8?B?NTZFV1k2MDFPZnpxWHhpMEtJalN5Y0V5WXMyWGdPRFlsd0RBUmdqbjFqUVlD?= =?utf-8?B?U0g0OGpUOHNEb2RnbW9DUDVMRWMyY3hHQWdITi85QjRUUjNycmhldXdmdjY0?= =?utf-8?B?K1dTdzFDamJrTGxCakRJa0lpbldHaVZEYXZKUHllS0llSncwNnlETjNYRGdv?= =?utf-8?B?TTdKUTcvNWpTZkZOZmhGMWY2RW5wS0xSdDhGRnUxNU1CamppWktQVFpxLzBN?= =?utf-8?B?akVzZU1Fc3YyWUJtdENPcjRPNlVSVklZVEZpUC9vMENucHhIbUVmOVZyanB1?= =?utf-8?B?M0k3SUhaazZxUnc3dkRxS0JLa2pncWdZVUYxdk52cno3dnpieXJGNEV0VmF2?= =?utf-8?B?SFRCYmI2aWE2RmpBem9jcHUySGQxTWl0REtvYXd6VnZrOWdoVjI1NnNWSDJK?= =?utf-8?B?Q09XQmVyWGJ6eHhTR1dVSjBESVVpR1V1TVVxbWpwaWV0K2NMOFpVeXVzMFlD?= =?utf-8?B?Tjg5RlpjbXBTNHZ0aTR3UlQzR1BSYnlqVWFjYzdaUHpNYjFEVi94Y1hXMk9L?= =?utf-8?B?K1lUNWE2dWJrYWdjSXBwUUFxODdBZm1pV3FlZ1JaRHdvYzJlb3AxeGljYkps?= =?utf-8?B?UUJSMk5NUXFYcUpLU0JLVGxTRlRJVDZvdC82d0NTbzY5UlZvNWp2cGN0M3U3?= =?utf-8?B?RWxjQm1NQzlsaEFxcUFFbEo4Z1c4TVVhMkFNN2kvTXFSdU9CS0pndCtIbkVQ?= =?utf-8?B?MTRhNFZjREc0SmZJN05EV1ROV0d2dXdYbjRncWxIay80cmdLME1JSFFkUTVG?= =?utf-8?B?dHM5S3g1VE0wREUxU01oV3QyMm5ZeVNrSVhONHRJZEFSdU1XaFQ1RzhPTzF2?= =?utf-8?B?eXZPYUVSTGlScjZXbHJaYWVWVTN2dUU0MEZnVXByamFMQmx6bzV1K0lQcjE2?= =?utf-8?B?b1R3NnluU1pYVWtyR3htZmpRZUVYRklRUUhXemNJeG5ZVTRDS3hBdWZ4SnJR?= =?utf-8?B?TGtJMXFQSmhveGZkaEdqZVZTWHUzTXFmd0ZlVUJYRE9DUGxvMkZpcTF3aU9u?= =?utf-8?B?VFg3cWttK2xtelo2L1FxSzZzeE5YaGRBSXhKQXQwQzE4R2lKVkNOTEh5SGJC?= =?utf-8?B?RnU1ZGR3dTA4WXhJczdDcHIwWXZ6RnpPWTljQzJycGI4UGVMdm5oMTFyQUND?= =?utf-8?B?V2dQY2g0ZFBCN3lCQjJsTUUvZzU1M0JtNG16M2Z0YUlySGg3VTZmb3Q3Z2VD?= =?utf-8?B?OSs0dWlQSUJqdGRZb1hCZ1RUNXczWmF3ZFNlWW5RblBXdjRzR2U3TG5aK3Ru?= =?utf-8?B?SFJkUDFuOEI2S3ZFYjFIZDlmdWxGMk13VU4vdzFZaXRnWUxydHI4S3VldW1m?= =?utf-8?B?V0lSdGhmRGxrSUxGRmhBNGRkSmN1clhOU2pjMVZZOW1oVm9HTURES016a2xF?= =?utf-8?B?NlNZcWk3Y0FEVG4vbDM2TTZGYUlBQnpacnZTQ0NjMnU5eUFLa01rZzJkbXRv?= =?utf-8?B?ZDJYaE1ibFRTVXhLMk1VeXVlY2dYWGE0b2ppWmI2dVJKS3VHRlh1YkRTUU03?= =?utf-8?B?T1RuQTZZQ2ZwNHNTcGdITnk4bjVBWFI1Y0VoK1hGekdSU2ZWbXVaUWpLdzZT?= =?utf-8?Q?cji+0dufy406KV43sHPzcp5/c=3D?= X-Microsoft-Exchange-Diagnostics: 1; CY4PR0701MB3633; 6:pGmJcLjawfw1EvFkH4EczJabrPliaTJHmjdvIUhqPO99H3TiuH1rdwcQqcOikxjhnw+enT85QRmgogDrN4orMJngdwCmu5c4dE9y+a3Moh50Mt3ELUuLBJMgp/Xajik2E+N3TcFUHYGwT6Pt+RNU5QnGcevrNf0Uv36O7FN/ZhcrRuTkzOgI5tuq7/EBeJspIw+0/fAqgK6daeu0vss2f5IReMUFROnOD8k8Zh458lsLqnOUQRxIjjMsBoe4g4fIWh+QQg7vT15jx/r/jrPQgUFxaCdhuJVJZs6OsPjqrd81Pm9/f73YiQ5YfTevH9dMIwTUwp805dWHT/Dm7/lNr2somlYNRbFWrPPdgSRPdvk=; 5:zNHqwlkh4ipI6vFYb+5D2uvxQJPTu75B5+Ud5+cCvPMBgPBz6D5vBBDGrtUD8nl5AUH0EWC4CMJb5P47UAIPjpdlQao8sLcj7R2+YfXj8qXjoKEcvcNLHP6RREn9r9wAEOh+bH97NSs3mypT0cr0pUfC+rRZj6YLSL4GB2JnJkc=; 24:aCgwmAMi0JrvzokmMbpdrAvYpe9UqoLEgTDimzC81Y/03+GTNCdam/RJDk/1t4571WUAIRe8kEndMh79EunV6YZZiRyTsL1I5fw6ZS99g7E=; 7:XWTM8m2Jl70iu/j4vaKrELv4/D18UvzjhdybniG5Lf/IZknIXPh9wmbjhVcJD2t9/rymi3TQ3hBcr3eF+AQY9bExcXFIkBGP/rkqDGYDnhP+NVvhxAs9Q5AnOq0pfd/rD2cXj3FSaoiZ/zAT+y9IR7kOyLKt2vrZHxBhKKl3hnh9nnsaZ9C3A/vuduje+zFNlwLwv5dduYJYPMr1M8wMCx4cUAP+EPA7qGA1zL4qK9em+u3RXj65jItHHNkvuy8R SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Dec 2017 17:01:34.1354 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d3d4dac1-cbc1-4312-1716-08d543dd7ff2 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR0701MB3633 Subject: Re: [dpdk-dev] [PATCH v4 3/3] examples/ipsec-secgw: add Egress flow actions X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Dec 2017 17:01:39 -0000 Hi Nelio, Agreed. Those can be addressed in other patches. I just wanted your opinion on how the present patch can be finalized keeping in mind the situations that we should address. And yeah, with the change in commit log, this should be enough. Thanks, Anoob On 15-12-2017 22:23, Nelio Laranjeiro wrote: > Hi Anoob, > > Seems you want to address a lot of stuff where is should be done in > a different series, please see below, > > On Fri, Dec 15, 2017 at 09:09:00PM +0530, Anoob Joseph wrote: >> Hi Nelio, >> >> >> On 15-12-2017 19:23, Nelio Laranjeiro wrote: >>> Hi Anoob, >>> >>> On Fri, Dec 15, 2017 at 02:35:12PM +0530, Anoob Joseph wrote: >>>> Hi Nelio, >>>> >>>> On 12/14/2017 08:44 PM, Nelio Laranjeiro wrote: >>>>> Add Egress flow create for devices supporting >>>>> RTE_SECURITY_TX_HW_TRAILER_OFFLOAD. >>>>> >>>>> Signed-off-by: Nelio Laranjeiro >>>>> --- >>>>> examples/ipsec-secgw/ipsec.c | 8 ++++++++ >>>>> 1 file changed, 8 insertions(+) >>>>> >>>>> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c >>>>> index 8e8dc6df7..d49970ad8 100644 >>>>> --- a/examples/ipsec-secgw/ipsec.c >>>>> +++ b/examples/ipsec-secgw/ipsec.c >>>>> @@ -201,6 +201,7 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa) >>>>> sa->action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY; >>>>> sa->action[0].conf = sa->sec_session; >>>>> + sa->action[1].type = RTE_FLOW_ACTION_TYPE_END; >>>>> sa->attr.egress = (sa->direction == >>>>> RTE_SECURITY_IPSEC_SA_DIR_EGRESS); >>>>> @@ -253,6 +254,13 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa) >>>>> &err); >>>>> if (ret) >>>>> goto flow_create_failure; >>>>> + } else if (sa->attr.egress && >>>>> + (sa->ol_flags & >>>>> + RTE_SECURITY_TX_HW_TRAILER_OFFLOAD)) { >>>> If this flag is not set, the following code won't be executed, but it would >>>> still try to create the flow. >>> Right, with actions Security + END as the original code. >>> >>>> And if the flow create fails in that case then create_session would fail. >>> Do you mean the original code is also wrong? >> I would say it's not handling all the cases. Just like how we finalized the >> ingress, egress might also need some work. Or may be we can retain the >> original behavior with this patch and take up this issue separately. > It is better to not mix everything, the final work can be done after. > >>>> I would suggest moving the flow_create also into the block (for >>>> ingress and egress). Or may be initialize the flow with >>>> actions END+END+END, and add SECURITY++END as it hits >>>> various conditions. I'm not sure what the flow_create would do for such an >>>> action. This would look ugly in any case. See if you get any better ideas! >>> I think this comment is related to second patch where the >>> "sa->action[1].type = RTE_FLOW_ACTION_TYPE_END;" is wrongly removed. >>> >>> Can you confirm before I send a new revision? >> No. I was suggesting an alternate algorithm to handle the situation when >> egress may/may not create flow while ingress would need flow by default. >> What I suggested is something like this, > The default behavior of this function for > RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO is to call a flow in both side > Ingress and Egress. Default behavior coded in main repository in this > file [1]. > > This series is only adding final actions to respect the generic flow > API. > >> sa->action[0].type = RTE_FLOW_ACTION_TYPE_END; >> sa->action[1].type = RTE_FLOW_ACTION_TYPE_END; >> sa->action[2].type = RTE_FLOW_ACTION_TYPE_END; > An END is final independently of what is after, as the extra actions are > only handled in their respective if branches, no need to initialize > everything to END. > >> if (ingress) { >>     sa->action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY; >>     ... >> } else if (egress && FLAG_ENABLED) { >>     sa->action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY; >>     ... >> } >> >> flow_create(); >> >> On second thought, this may not work well. Another suggestion is, >> >> if (ingress) { >>     sa->action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY; >>     ... >>     flow_create(); >> } else if (egress && FLAG_ENABLED) { >>     sa->action[0].type = RTE_FLOW_ACTION_TYPE_SECURITY; >>     ... >>     flow_create(); >> } >> // Here if flow_create fails, create_session should fail. >> // Either flow or metadata flag is required >> if (sa->flow == NULL && !(NEEDS_METADATA)) { >>     return -1; >> } > This patch scope is done to respect generic flow API calls for > RTE_SECURITY_TX_HW_TRAILER_OFFLOAD devices as written in the commit log. > For RTE_SECURITY_TX_OLOAD_NEED_MDATA devices, it should be handled in a > separate patch/series, the default behavior is maintained for them. > >>>>> + sa->action[1].type = >>>>> + RTE_FLOW_ACTION_TYPE_PASSTHRU; >>>>> + sa->action[2].type = >>>>> + RTE_FLOW_ACTION_TYPE_END; >>>>> } >>>>> flow_create: >>>>> sa->flow = rte_flow_create(sa->portid, >>> Thanks, >>> > Thanks, > > [1] https://dpdk.org/browse/dpdk/tree/examples/ipsec-secgw/ipsec.c#n132 >