From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <Anoob.Joseph@cavium.com>
Received: from NAM02-SN1-obe.outbound.protection.outlook.com
 (mail-sn1nam02on0060.outbound.protection.outlook.com [104.47.36.60])
 by dpdk.org (Postfix) with ESMTP id 5A9E3A48A
 for <dev@dpdk.org>; Wed, 21 Mar 2018 06:20:30 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=LOKDP5txfYZMZY3l19KD8jn0D24MplS465o+FS3I2O0=;
 b=RkezgobB9j6yXUNadL0A0N+m5rf873A42/Dvx0x54JDmkYWcC0F883dbcVsZG8KncdANDNWJKtEgc6SFEGHcQ9RaCnjzKRxoru7CDnDG1NUB5ZwnNfqOKPxUww2Qv13I+oS05z2ZklOF80ULI8Pys/+w9yH+u9Zm7317jqWJe+Q=
Authentication-Results: spf=none (sender IP is )
 smtp.mailfrom=Anoob.Joseph@cavium.com; 
Received: from hyd1ajoseph-dt.caveonetworks.com (115.113.156.2) by
 BLUPR0701MB1059.namprd07.prod.outlook.com (2a01:111:e400:8b0::28) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.609.10; Wed, 21 Mar
 2018 05:20:26 +0000
From: Anoob Joseph <Anoob.Joseph@caviumnetworks.com>
To: Akhil Goyal <akhil.goyal@nxp.com>,
 Declan Doherty <declan.doherty@intel.com>,
 Radu Nicolau <radu.nicolau@intel.com>
Cc: Jerin Jacob <jerin.jacob@caviumnetworks.com>,
 Narayana Prasad <narayanaprasad.athreya@caviumnetworks.com>,
 Nelio Laranjeiro <nelio.laranjeiro@6wind.com>, dev@dpdk.org
References: <1519191430-19201-1-git-send-email-anoob.joseph@caviumnetworks.com>
 <1519896103-32479-1-git-send-email-anoob.joseph@caviumnetworks.com>
 <1519896103-32479-5-git-send-email-anoob.joseph@caviumnetworks.com>
 <3b57c323-69c0-a20e-b846-d686576ac1da@nxp.com>
 <1a37eafa-9b6a-64fb-7295-dbfef9c81ff2@caviumnetworks.com>
Message-ID: <8e5ecbf8-d739-d6ee-1de5-49eaea2ebf1a@caviumnetworks.com>
Date: Wed, 21 Mar 2018 10:50:07 +0530
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <1a37eafa-9b6a-64fb-7295-dbfef9c81ff2@caviumnetworks.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Originating-IP: [115.113.156.2]
X-ClientProxiedBy: BMXPR01CA0021.INDPRD01.PROD.OUTLOOK.COM
 (2603:1096:b00:d::31) To BLUPR0701MB1059.namprd07.prod.outlook.com
 (2a01:111:e400:8b0::28)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 89e2ef57-cb48-43e3-ed91-08d58eeb7595
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
 RULEID:(7020095)(4652020)(5600026)(4604075)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020);
 SRVR:BLUPR0701MB1059; 
X-Microsoft-Exchange-Diagnostics: 1; BLUPR0701MB1059;
 3:aKzz5xSNwRqP++/dT6pl/Db5AXlTJHbh0QwnEvAAXqoAjURV52AMIgG++YfHeodigi9VNLGiPQOzBuSs3/R4st30yA89VIMxs1aZSw/FBpNFEIwK6cRVevlWeCl5Jql+BqDt9nG8IvspuIdoJGU6Hu3StWmako7sxml3hAznrxWyTfN4CCY1Xw/la1HHpMSlMmirSzmgDmsPshPvxKsy4yaIg7ySn+hNQynNUySPgiojtpN6s/Sc1N7uWu2kzw7r;
 25:JpFirF0ZokQvRo23TIsHQS4+fkLsl7MY/yQat9AG/JAq9/3fx1uBmIelgPW//YJIGR1u7MgjAG8uKzYWwEaKfIkqSQWi5YNFDaADVdpVecSiBiQ64Eg7847bJsQ/uXETSAybmU8aWzNrusVSFYe2JDWyrYTtVKOKCkZdA46yjQSDfn7VyvShQvTxRD9M498O95fqUMwrD8gOSzpJ7SnjtY7O4o1QUan1rgT50iXRC17DkTzZ+7D8RtpGzQywINrNBm8kWTdThRf3zbOtoqF3+3/kznAb1JLRmbxTykbCUfcS7XlildwOx+IjYVwz+i6fdAd7uMJGHOS8DplcSWiNdA==;
 31:81iOOuYAJQIsfhLBI+FP2YGNyUJE7qW1yvyRlQLsrNO7QUbLdmb0ComALLsE8utlse/fO4jV4P+ePqtBIBUHauqdHOcGwrqnS3x7eiskuQJ/EcpQV4J19sckUG9FOtR+iKHsUxgIwnZDSlwxAGxwVkGxw5c11v/kL9sccknqxBZtsz0nqvSaMgIj4mslgk49q775Ja8EFmnZntNrta3u2TW4fU0xC8xphMPpP2J/ab0=
X-MS-TrafficTypeDiagnostic: BLUPR0701MB1059:
X-Microsoft-Exchange-Diagnostics: 1; BLUPR0701MB1059;
 20:YDTPlEhquThfhyarpBkAq8+lPYNHiBH8zAyyNoj3xwH/v9B2fnIohVQ0c119EKGcEb88MLh5Uu+itioaImFbKNnGPisj9eB408cgBEKUYq8oXv0egLITrGmiYRErW26sIlrmb178Hcs+DNdVjI3Kn8CS1v9vH4z/PEXQzn6JjYTexPoMHN0OuCI0waXxZeui37qjJH844vlsz/ks+c2lQlDiXGkCDKJOg8E7P3yRQaefi/WwyOb+QN0G5v1vljlOtLZeQnNGH4oU8ta+eTVEgSx2b8KXXYj1Auzr4HMNJw7PUfhMcnOUi8BctCRV8JdebvIs42szejNhN9AUXxlCMBRj+NAN6ribwsbphzaXvGzBIlfn1u/B8rBZmRSdz4/c6KqUcjF/QdNM6Kax57fbNTuetTCu5qWVz196csm01UmmdPy4uYGCt4IBYsWSOz0EYlRgn34JiklyjDewTBZH7v7SZHtxvqmgj/YE3ufkhdjreglmDVkUardRr3XaTEPBPc9QhZ3Kw3BJYrwoarxNLPT4vzM5CTejlIYL8cfSL6lIbr2sz9yLIpt2TLdtzP+fExfUns7mmsZk58mQPFszKpsoQnM+x0VXM2bJAZrbY+4=
X-Microsoft-Antispam-PRVS: <BLUPR0701MB1059B2FEC372224F8A89F632F8AA0@BLUPR0701MB1059.namprd07.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(278428928389397)(192374486261705);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
 RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231221)(944501319)(52105095)(93006095)(10201501046)(3002001)(6041310)(20161123558120)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(6072148)(201708071742011);
 SRVR:BLUPR0701MB1059; BCL:0; PCL:0; RULEID:; SRVR:BLUPR0701MB1059; 
X-Microsoft-Exchange-Diagnostics: 1; BLUPR0701MB1059;
 4:+6gR3jkgcFQCjQ/VhzG8ormGogsFZYteinig0GBLv3mRi8S7o1M5uYaI6gxhg+QVTKIaz287xY3YiWMIJa3Y127dH/gUcH/ky9gcjAamMRoRJefOhbtesTcWTSG57mG4MYfmyr96p0OHpN4IYAl7pQ5TQlfqqyLA/tQkjTaaN+4X+ogMSin98M/RFuDQALteTOKn33ukl3cW/Vw8SJuWIPlB20pvs22e3DTkIGXg3THTby10RQslHUi0PBRPy0PymkGkH4oGjgZehUgZzduY3KFjreRfapeCZZDIKAE+9uz0DQPCR7ML4rRKTAp0ZCY5iwJgURwLnFPPFTs1wtGWpW4oecQuZu0mNTcaP6FTeVE=
X-Forefront-PRVS: 0618E4E7E1
X-Forefront-Antispam-Report: SFV:NSPM;
 SFS:(10009020)(396003)(366004)(39860400002)(39380400002)(376002)(346002)(52054003)(199004)(189003)(8656006)(69596002)(31686004)(53416004)(42882007)(229853002)(2950100002)(6666003)(6116002)(3846002)(26005)(65826007)(5660300001)(53546011)(386003)(6506007)(55236004)(68736007)(305945005)(7736002)(186003)(316002)(16526019)(8936002)(58126008)(36756003)(31696002)(97736004)(52116002)(93886005)(47776003)(66066001)(65806001)(65956001)(81166006)(81156014)(8676002)(106356001)(64126003)(6512007)(105586002)(59450400001)(25786009)(72206003)(2870700001)(23676004)(2486003)(52146003)(50466002)(478600001)(76176011)(6486002)(67846002)(6246003)(53936002)(54906003)(4326008)(2906002)(110136005);
 DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR0701MB1059;
 H:hyd1ajoseph-dt.caveonetworks.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1;
 MX:1; LANG:en; 
Received-SPF: None (protection.outlook.com: cavium.com does not designate
 permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTFVQUjA3MDFNQjEwNTk7MjM6ZElwODBKaGJvcC81UjRHSnBmQWExRHgr?=
 =?utf-8?B?UmFVbnQ1L3prUWcxb24rR3pOLzcxVGdmR3NCa2R2Rk5VUTI3KzRiOWNDTFBt?=
 =?utf-8?B?cTNRSWQyRDdoTk1Za2hleWdLOXdSQitoeVZKSnoxeGRSZWM3TjlKWW4vYkpW?=
 =?utf-8?B?YlJLQXh3ckZ0R3FLQ3pyV3UxVTNOOGRrRDM5ZHNFQWt1QktpMGdRUEhHNFZ2?=
 =?utf-8?B?TlRHbzhOaCt2NFJGSzZISFN1U21acno4dnNRZ1FXTENzbXAvT0VlL1VZRUhG?=
 =?utf-8?B?T0NvZ2ZoeVNhclBQbkh5VGlPcnlFZ2x0SndlRXFVSEhUUGpIMkU0WUNOT1V2?=
 =?utf-8?B?eEN6RnpjUmkrMjNNT3VmbHVtaFlwdllHUUxYUkJsdFBLN0FjT04xa1FESEJH?=
 =?utf-8?B?b3BBUG9rVUVWV0EyZndJbmtZYWt3QVkrRHc0dFB4aEFuejlmVGpHaFV5WkZS?=
 =?utf-8?B?K3QzaVlSdDlXclNyLzV3NG4rMmNQY3VPUGVObnRBK0ttOW43dlYzN2tQLzhs?=
 =?utf-8?B?YjdHZ1BqVnBDemZXRzlwWnVCZ2toNnpyYkVoM3lUaDVSczg1YlNXSVdHYlFB?=
 =?utf-8?B?ZHFUNks4L2hpSGYwTnZhdlBMZTFzS3ZKMi9sRmV3SFNDVXo4R25hZGJWZGFD?=
 =?utf-8?B?eVFwWDJUTXdBbEt4S1VMTTlodXVJMVBURXd0L3dYZVFqNUlQRXBDK2NpK3hE?=
 =?utf-8?B?SnhBcHlnT0YvM3J3WnREeHpReE9HRWY2enMwKzk4ZUpnRElOeHRFY3BZcUVa?=
 =?utf-8?B?SFd4Z0tQdkRSRXdXbFF3ZHZBdTc1dnFUN2k4RnA3Sk9IY3dIelk2K3V5b3dB?=
 =?utf-8?B?MllHY3pYMVZCeFlDVldRVGtEUzVNNWhZRHNIMUhES1Y1QTZ5NlpkUGhLS0tv?=
 =?utf-8?B?WTR5cGdaK3hUeXptRXpGckc2Z1ZGdUZQa08vVkZEUTViOG95citvLzFjeDVE?=
 =?utf-8?B?d3FWbEw0OEJFanNGbkV1ZW5QaEx1UU50azFIMnhpOFZRMGhpQXhlV0NzT25q?=
 =?utf-8?B?VHM3dnE0d3V0RmZhcjJ0MGJUdFUvMUwwZmpVYXgzZ0M1aHp5WW9jYi83Y2pM?=
 =?utf-8?B?TElCZnByeG53N2p6L1k1WDk2R3RwRWFlYzdTazdzTFVudU5lOGl4SDNjNHJZ?=
 =?utf-8?B?cm8rQ1ZZMzZrMmJwL1Q1dnJDK1BjVUlaMEw2SVUvOTBzYlQ1YnRHMmtnSVBm?=
 =?utf-8?B?QU1jbk44cE9uc2VkYi9yU09WVjAxRlBSM2ZXV3VqWEdmQTRVNjBockplUzJa?=
 =?utf-8?B?d05YQnFVbytkNVA1NmtVUmpmaEI5V2hkQTB0ZVowU2FqVXpLd1VaaEU5Z01v?=
 =?utf-8?B?U0htTkJOYVorbVdtU2FjMGRVQzJNRG5rSGJkcU8zQVoyUFJENFk4b24rRFlV?=
 =?utf-8?B?NDdjVGRZZXA2TWM3bXB0ODI1VFF3VVdpMHVyZjVRSE5oY0xUSXFjci81Ty81?=
 =?utf-8?B?VG84LzdjM0RSWFRoeitGS3d2QXo5WW9Nbjl6RHlLMldjWTlxUmsyRjB0aCtY?=
 =?utf-8?B?YkNpUjVQS2Nzc0dEMjE2TnlXZVFCbEJGcnJGQmVLamhrRFc0R0lxc1RTYnVR?=
 =?utf-8?B?THNBV21rQTEwV2RTbGcxMkJzQkFzVVB3L3lHc2VOOGJRSkVWSGd0dFJRam1Q?=
 =?utf-8?B?OU80ZldaeGdaNUFnL0MyZnN4QUFabG93MEtpZ0EzeGRwOEtvUE92N1hTdFh6?=
 =?utf-8?B?Skd2UVppcGduNStEa0xCSWhtM3lqUHA4dWVwNXorZ2NwRVhEMXl3cHFWREdh?=
 =?utf-8?B?OFNXUHhZdXJiUWxQbTFSRi9WTUM2d3cxektxS0dtbkpWd2Q0NFN0cFRGYmVD?=
 =?utf-8?B?R2FFQXhxQnYya2VVMVY1Y2dSNTlpNUMrRTRJVmNOWnhaR2s5QUVQaURaUDBF?=
 =?utf-8?B?R3p3UjNzMHVHOHgwWHZGWTlwWmJvdFRwS2RIYmxHT2VjQUtKZmxjc1VQZjdG?=
 =?utf-8?B?SUNtYkxCMC9MK2dOa1cxOURmL1UyYW9BS005K05IbjJseHozM21hS21GUzBh?=
 =?utf-8?B?bkFzM3JxR29jRk1jOXBtNURCSkI1RnhEL3dVczhCc0QyY0dTNmZDVy8zWGlN?=
 =?utf-8?Q?SLrII0e4ZRQ1+4vEjVCX61YFP2c?=
X-Microsoft-Antispam-Message-Info: 99C9qTvGRlR1PLb+xmsnaWVk4S6IHPHBZwHHaRVHYZH9Rzk3LTVpFsL9uAOiP0pcsC6lAcDbfzfNB4gtmcMxP5wd5X2ccrxJIF1mzx/qUkEoAmqpoBP12iJ6y8rclU04mU2EXcxZ/dwWmk8YEzbukBq0lHcE2ksRYfSD/u9Q1f45+KLYsGJc1E3uY3eARhRu
X-Microsoft-Exchange-Diagnostics: 1; BLUPR0701MB1059;
 6:vGLAnHvCOio9QtfxARFzT4ERPlWU1pMHyRW43IVvmQDFRYEurTNSpEJR+jIAw+7luYGf88iPGY2YCnfPVrtaP+Qa96mYlGF62c7kaOWS7dKKEmCF5/tK3ZcIgOgAjk2q9HkpcX8EpYI5tk0lmnmqglQdAevYBCvDx5Q0TMOrGg7ZfNNjBCdspMRmh15BDP438vi3TWmwyM28housGc9On2v8kw/LCNfsqWg4TUXZhjXHruMvjzOghaQRz5SFwgRWcV4RjxwPvuluzW5yDy8W9KqMw6hDbK7C+RZmnVHX7WiWsLRR2TNXN7Qnno2KJ9R5kC/n7wEn3GkoLp3W5B604zAKGbXtGomwN6aOjQ6B2twMKhfaO0RGOtIjKXVdBqzDdv7lW5PTcIVtAqKPm3rqk5WQmV6Td34YeMAXflSIo4AswQtq8fviaxKVdV55f1d1ZJ4wCXdug9Jp75Bgs2oWqA==;
 5:sJWjkFIOVTbyYRJYKW/88eI6cm3HOWuIgxLDU9QU9bDIpuKor+is/V13ZYirDCjKjpVs19u4ifP4NaoksnfpdPg8n3DuVJBE3CYrp3j9gvIuhJ/1lf8Fmo3hHDNmZfOxVY//nPnNSxe8UV0OjtP+qEoToosoUwO2l5L9y2cfnCE=;
 24:KViyAXjIt36x+uT9kG0SuO9zM+vlUOzNoyHDTLM25CkXOd+jlvjwowUW94l8WsK7YVTy5rsjSsL4DrUs/BjqvpxhIa+wTgePm7KK9Mukv+I=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; BLUPR0701MB1059;
 7:USUOAX/xxw3lc022LhllvaXZg28WR1QA3fqCL5nWURihA8xPn/MwJGGv/paa0/4nBiuZN4Bx3Dilw42GmYZq5t5Y5KNlzf92pij75L5xBZQ1e0bpsG1myTZPrms8jr3MBXaABzFZjKPrBVrAMl8XtzxZD0FqsMCvr7y5OgsBAS8QMJBfW6J9mjgzNERDRjlT3C9Lfa1DJ1eE5IML+AZ7s8BKUU9pBVblfoh2p4WZz4P2nbG4S12w8T6qLL0W3vAA
X-OriginatorOrg: caviumnetworks.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Mar 2018 05:20:26.4596 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 89e2ef57-cb48-43e3-ed91-08d58eeb7595
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR0701MB1059
Subject: Re: [dpdk-dev] [PATCH v2 4/5] examples/ipsec-secgw: handle ESN soft
 limit event
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Mar 2018 05:20:30 -0000

Hi Akhil,

If you are fine with the existing code, I'll send a revised patchset 
incorporating the comment change you had suggested for 3rd patch. Shall 
I proceed?

Thanks,
Anoob

On 14/03/18 11:36, Anoob Joseph wrote:
> Hi Akhil,
>
> Please see inline.
>
> Thanks,
> Anoob
>
> On 13/03/18 17:54, Akhil Goyal wrote:
>> Hi Anoob,
>>
>> On 3/1/2018 2:51 PM, Anoob Joseph wrote:
>>> For inline protocol processing, the PMD/device is required to maintain
>>> the ESN. But the application is required to monitor ESN overflow to
>>> initiate SA expiry.
>>>
>>> For such cases, application would set the ESN soft limit. An IPsec 
>>> event
>>> would be raised by rte_eth_event framework, when ESN hits the soft 
>>> limit
>>> set by the application.
>>>
>>> Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
>>> ---
>>> v2:
>>> * No change
>>>
>>>   examples/ipsec-secgw/ipsec-secgw.c | 56 
>>> ++++++++++++++++++++++++++++++++++++++
>>>   examples/ipsec-secgw/ipsec.c       | 10 +++++--
>>>   examples/ipsec-secgw/ipsec.h       |  2 ++
>>>   3 files changed, 65 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/examples/ipsec-secgw/ipsec-secgw.c 
>>> b/examples/ipsec-secgw/ipsec-secgw.c
>>> index 3a8562e..5726fd3 100644
>>> --- a/examples/ipsec-secgw/ipsec-secgw.c
>>> +++ b/examples/ipsec-secgw/ipsec-secgw.c
>>> @@ -40,6 +40,7 @@
>>>   #include <rte_hash.h>
>>>   #include <rte_jhash.h>
>>>   #include <rte_cryptodev.h>
>>> +#include <rte_security.h>
>>>     #include "ipsec.h"
>>>   #include "parser.h"
>>> @@ -1640,6 +1641,58 @@ pool_init(struct socket_ctx *ctx, int32_t 
>>> socket_id, uint32_t nb_mbuf)
>>>           printf("Allocated mbuf pool on socket %d\n", socket_id);
>>>   }
>>>   +static inline int
>>> +inline_ipsec_event_esn_overflow(struct rte_security_ctx *ctx, 
>>> uint64_t md)
>>> +{
>>> +    struct ipsec_sa *sa;
>>> +
>>> +    /* For inline protocol processing, the metadata in the event will
>>> +     * uniquely identify the security session which raised the event.
>>> +     * Application would then need the userdata it had registered 
>>> with the
>>> +     * security session to process the event.
>>> +     */
>>> +
>>> +    sa = (struct ipsec_sa *)rte_security_get_userdata(ctx, md);
>>> +
>>> +    if (sa == NULL) {
>>> +        /* userdata could not be retrieved */
>>> +        return -1;
>>> +    }
>>> +
>>> +    /* Sequence number over flow. SA need to be re-established */
>>
>>
>> With this patchset, application will be able to get notification if 
>> the error has occurred. But it is not re-configuring the SA.
>> Do you intend to add the same?
> Ideally the application should initiate a SA renegotiation sequence 
> (with IKE etc). But ipsec-secgw uses predetermined SAs, and so 
> addition of SA renegotiation might not fit in with the current design. 
> I was just adding this as a place holder for future expansion (and a 
> model for real applications).
>
> What are your thoughts on addition here? Similar handling would be 
> needed for byte & time expiry as well, when that is added. May be we 
> could just log the event and leave it be.
>>
>>> +    RTE_SET_USED(sa);
>>> +    return 0;
>>> +}
>>> +
>>> +static int
>>> +inline_ipsec_event_callback(uint16_t port_id, enum 
>>> rte_eth_event_type type,
>>> +         void *param, void *ret_param)
>>> +{
>>> +    struct rte_eth_event_ipsec_desc *event_desc = NULL;
>>> +    struct rte_security_ctx *ctx = (struct rte_security_ctx *)
>>> +                    rte_eth_dev_get_sec_ctx(port_id);
>>> +
>>> +    RTE_SET_USED(param);
>>> +
>>> +    if (type != RTE_ETH_EVENT_IPSEC)
>>> +        return -1;
>>> +
>>> +    event_desc = ret_param;
>>> +    if (event_desc == NULL) {
>>> +        printf("Event descriptor not set\n");
>>> +        return -1;
>>> +    }
>>> +
>>> +    if (event_desc->stype == RTE_ETH_EVENT_IPSEC_ESN_OVERFLOW)
>>> +        return inline_ipsec_event_esn_overflow(ctx, event_desc->md);
>>> +    else if (event_desc->stype >= RTE_ETH_EVENT_IPSEC_MAX) {
>>> +        printf("Invalid IPsec event reported\n");
>>> +        return -1;
>>> +    }
>>> +
>>> +    return -1;
>>> +}
>>> +
>>>   int32_t
>>>   main(int32_t argc, char **argv)
>>>   {
>>> @@ -1727,6 +1780,9 @@ main(int32_t argc, char **argv)
>>>            */
>>>           if (promiscuous_on)
>>>               rte_eth_promiscuous_enable(portid);
>>> +
>>> +        rte_eth_dev_callback_register(portid,
>>> +            RTE_ETH_EVENT_IPSEC, inline_ipsec_event_callback, NULL);
>>>       }
>>>         check_all_ports_link_status(nb_ports, enabled_port_mask);
>>> diff --git a/examples/ipsec-secgw/ipsec.c 
>>> b/examples/ipsec-secgw/ipsec.c
>>> index 5fb5bc1..acdd189 100644
>>> --- a/examples/ipsec-secgw/ipsec.c
>>> +++ b/examples/ipsec-secgw/ipsec.c
>>> @@ -36,6 +36,7 @@ set_ipsec_conf(struct ipsec_sa *sa, struct 
>>> rte_security_ipsec_xform *ipsec)
>>>           }
>>>           /* TODO support for Transport and IPV6 tunnel */
>>>       }
>>> +    ipsec->esn_soft_limit = IPSEC_OFFLOAD_ESN_SOFTLIMIT;
>>>   }
>>>     static inline int
>>> @@ -270,11 +271,14 @@ create_session(struct ipsec_ctx *ipsec_ctx, 
>>> struct ipsec_sa *sa)
>>>                * the packet is received, this userdata will be
>>>                * retrieved using the metadata from the packet.
>>>                *
>>> -             * This is required only for inbound SAs.
>>> +             * The PMD is expected to set similar metadata for other
>>> +             * operations, like rte_eth_event, which are tied to
>>> +             * security session. In such cases, the userdata could
>>> +             * be obtained to uniquely identify the security
>>> +             * parameters denoted.
>>>                */
>>>   -            if (sa->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
>>> -                sess_conf.userdata = (void *) sa;
>>> +            sess_conf.userdata = (void *) sa;
>>>                 sa->sec_session = rte_security_session_create(ctx,
>>>                       &sess_conf, ipsec_ctx->session_pool);
>>> diff --git a/examples/ipsec-secgw/ipsec.h 
>>> b/examples/ipsec-secgw/ipsec.h
>>> index 6059f6c..c1450f6 100644
>>> --- a/examples/ipsec-secgw/ipsec.h
>>> +++ b/examples/ipsec-secgw/ipsec.h
>>> @@ -21,6 +21,8 @@
>>>     #define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */
>>>   +#define IPSEC_OFFLOAD_ESN_SOFTLIMIT 0xffffff00
>>> +
>>>   #define IV_OFFSET        (sizeof(struct rte_crypto_op) + \
>>>                   sizeof(struct rte_crypto_sym_op))
>>>
>>
>