From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0060.outbound.protection.outlook.com [104.47.36.60]) by dpdk.org (Postfix) with ESMTP id 5A9E3A48A for ; Wed, 21 Mar 2018 06:20:30 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=LOKDP5txfYZMZY3l19KD8jn0D24MplS465o+FS3I2O0=; b=RkezgobB9j6yXUNadL0A0N+m5rf873A42/Dvx0x54JDmkYWcC0F883dbcVsZG8KncdANDNWJKtEgc6SFEGHcQ9RaCnjzKRxoru7CDnDG1NUB5ZwnNfqOKPxUww2Qv13I+oS05z2ZklOF80ULI8Pys/+w9yH+u9Zm7317jqWJe+Q= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Anoob.Joseph@cavium.com; Received: from hyd1ajoseph-dt.caveonetworks.com (115.113.156.2) by BLUPR0701MB1059.namprd07.prod.outlook.com (2a01:111:e400:8b0::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.609.10; Wed, 21 Mar 2018 05:20:26 +0000 From: Anoob Joseph To: Akhil Goyal , Declan Doherty , Radu Nicolau Cc: Jerin Jacob , Narayana Prasad , Nelio Laranjeiro , dev@dpdk.org References: <1519191430-19201-1-git-send-email-anoob.joseph@caviumnetworks.com> <1519896103-32479-1-git-send-email-anoob.joseph@caviumnetworks.com> <1519896103-32479-5-git-send-email-anoob.joseph@caviumnetworks.com> <3b57c323-69c0-a20e-b846-d686576ac1da@nxp.com> <1a37eafa-9b6a-64fb-7295-dbfef9c81ff2@caviumnetworks.com> Message-ID: <8e5ecbf8-d739-d6ee-1de5-49eaea2ebf1a@caviumnetworks.com> Date: Wed, 21 Mar 2018 10:50:07 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <1a37eafa-9b6a-64fb-7295-dbfef9c81ff2@caviumnetworks.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Originating-IP: [115.113.156.2] X-ClientProxiedBy: BMXPR01CA0021.INDPRD01.PROD.OUTLOOK.COM (2603:1096:b00:d::31) To BLUPR0701MB1059.namprd07.prod.outlook.com (2a01:111:e400:8b0::28) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 89e2ef57-cb48-43e3-ed91-08d58eeb7595 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:BLUPR0701MB1059; X-Microsoft-Exchange-Diagnostics: 1; BLUPR0701MB1059; 3:aKzz5xSNwRqP++/dT6pl/Db5AXlTJHbh0QwnEvAAXqoAjURV52AMIgG++YfHeodigi9VNLGiPQOzBuSs3/R4st30yA89VIMxs1aZSw/FBpNFEIwK6cRVevlWeCl5Jql+BqDt9nG8IvspuIdoJGU6Hu3StWmako7sxml3hAznrxWyTfN4CCY1Xw/la1HHpMSlMmirSzmgDmsPshPvxKsy4yaIg7ySn+hNQynNUySPgiojtpN6s/Sc1N7uWu2kzw7r; 25:JpFirF0ZokQvRo23TIsHQS4+fkLsl7MY/yQat9AG/JAq9/3fx1uBmIelgPW//YJIGR1u7MgjAG8uKzYWwEaKfIkqSQWi5YNFDaADVdpVecSiBiQ64Eg7847bJsQ/uXETSAybmU8aWzNrusVSFYe2JDWyrYTtVKOKCkZdA46yjQSDfn7VyvShQvTxRD9M498O95fqUMwrD8gOSzpJ7SnjtY7O4o1QUan1rgT50iXRC17DkTzZ+7D8RtpGzQywINrNBm8kWTdThRf3zbOtoqF3+3/kznAb1JLRmbxTykbCUfcS7XlildwOx+IjYVwz+i6fdAd7uMJGHOS8DplcSWiNdA==; 31:81iOOuYAJQIsfhLBI+FP2YGNyUJE7qW1yvyRlQLsrNO7QUbLdmb0ComALLsE8utlse/fO4jV4P+ePqtBIBUHauqdHOcGwrqnS3x7eiskuQJ/EcpQV4J19sckUG9FOtR+iKHsUxgIwnZDSlwxAGxwVkGxw5c11v/kL9sccknqxBZtsz0nqvSaMgIj4mslgk49q775Ja8EFmnZntNrta3u2TW4fU0xC8xphMPpP2J/ab0= X-MS-TrafficTypeDiagnostic: BLUPR0701MB1059: X-Microsoft-Exchange-Diagnostics: 1; BLUPR0701MB1059; 20:YDTPlEhquThfhyarpBkAq8+lPYNHiBH8zAyyNoj3xwH/v9B2fnIohVQ0c119EKGcEb88MLh5Uu+itioaImFbKNnGPisj9eB408cgBEKUYq8oXv0egLITrGmiYRErW26sIlrmb178Hcs+DNdVjI3Kn8CS1v9vH4z/PEXQzn6JjYTexPoMHN0OuCI0waXxZeui37qjJH844vlsz/ks+c2lQlDiXGkCDKJOg8E7P3yRQaefi/WwyOb+QN0G5v1vljlOtLZeQnNGH4oU8ta+eTVEgSx2b8KXXYj1Auzr4HMNJw7PUfhMcnOUi8BctCRV8JdebvIs42szejNhN9AUXxlCMBRj+NAN6ribwsbphzaXvGzBIlfn1u/B8rBZmRSdz4/c6KqUcjF/QdNM6Kax57fbNTuetTCu5qWVz196csm01UmmdPy4uYGCt4IBYsWSOz0EYlRgn34JiklyjDewTBZH7v7SZHtxvqmgj/YE3ufkhdjreglmDVkUardRr3XaTEPBPc9QhZ3Kw3BJYrwoarxNLPT4vzM5CTejlIYL8cfSL6lIbr2sz9yLIpt2TLdtzP+fExfUns7mmsZk58mQPFszKpsoQnM+x0VXM2bJAZrbY+4= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(278428928389397)(192374486261705); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231221)(944501319)(52105095)(93006095)(10201501046)(3002001)(6041310)(20161123558120)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(6072148)(201708071742011); SRVR:BLUPR0701MB1059; BCL:0; PCL:0; RULEID:; SRVR:BLUPR0701MB1059; X-Microsoft-Exchange-Diagnostics: 1; BLUPR0701MB1059; 4:+6gR3jkgcFQCjQ/VhzG8ormGogsFZYteinig0GBLv3mRi8S7o1M5uYaI6gxhg+QVTKIaz287xY3YiWMIJa3Y127dH/gUcH/ky9gcjAamMRoRJefOhbtesTcWTSG57mG4MYfmyr96p0OHpN4IYAl7pQ5TQlfqqyLA/tQkjTaaN+4X+ogMSin98M/RFuDQALteTOKn33ukl3cW/Vw8SJuWIPlB20pvs22e3DTkIGXg3THTby10RQslHUi0PBRPy0PymkGkH4oGjgZehUgZzduY3KFjreRfapeCZZDIKAE+9uz0DQPCR7ML4rRKTAp0ZCY5iwJgURwLnFPPFTs1wtGWpW4oecQuZu0mNTcaP6FTeVE= X-Forefront-PRVS: 0618E4E7E1 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(396003)(366004)(39860400002)(39380400002)(376002)(346002)(52054003)(199004)(189003)(8656006)(69596002)(31686004)(53416004)(42882007)(229853002)(2950100002)(6666003)(6116002)(3846002)(26005)(65826007)(5660300001)(53546011)(386003)(6506007)(55236004)(68736007)(305945005)(7736002)(186003)(316002)(16526019)(8936002)(58126008)(36756003)(31696002)(97736004)(52116002)(93886005)(47776003)(66066001)(65806001)(65956001)(81166006)(81156014)(8676002)(106356001)(64126003)(6512007)(105586002)(59450400001)(25786009)(72206003)(2870700001)(23676004)(2486003)(52146003)(50466002)(478600001)(76176011)(6486002)(67846002)(6246003)(53936002)(54906003)(4326008)(2906002)(110136005); DIR:OUT; SFP:1101; SCL:1; SRVR:BLUPR0701MB1059; H:hyd1ajoseph-dt.caveonetworks.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTFVQUjA3MDFNQjEwNTk7MjM6ZElwODBKaGJvcC81UjRHSnBmQWExRHgr?= =?utf-8?B?UmFVbnQ1L3prUWcxb24rR3pOLzcxVGdmR3NCa2R2Rk5VUTI3KzRiOWNDTFBt?= =?utf-8?B?cTNRSWQyRDdoTk1Za2hleWdLOXdSQitoeVZKSnoxeGRSZWM3TjlKWW4vYkpW?= =?utf-8?B?YlJLQXh3ckZ0R3FLQ3pyV3UxVTNOOGRrRDM5ZHNFQWt1QktpMGdRUEhHNFZ2?= =?utf-8?B?TlRHbzhOaCt2NFJGSzZISFN1U21acno4dnNRZ1FXTENzbXAvT0VlL1VZRUhG?= =?utf-8?B?T0NvZ2ZoeVNhclBQbkh5VGlPcnlFZ2x0SndlRXFVSEhUUGpIMkU0WUNOT1V2?= =?utf-8?B?eEN6RnpjUmkrMjNNT3VmbHVtaFlwdllHUUxYUkJsdFBLN0FjT04xa1FESEJH?= =?utf-8?B?b3BBUG9rVUVWV0EyZndJbmtZYWt3QVkrRHc0dFB4aEFuejlmVGpHaFV5WkZS?= =?utf-8?B?K3QzaVlSdDlXclNyLzV3NG4rMmNQY3VPUGVObnRBK0ttOW43dlYzN2tQLzhs?= =?utf-8?B?YjdHZ1BqVnBDemZXRzlwWnVCZ2toNnpyYkVoM3lUaDVSczg1YlNXSVdHYlFB?= =?utf-8?B?ZHFUNks4L2hpSGYwTnZhdlBMZTFzS3ZKMi9sRmV3SFNDVXo4R25hZGJWZGFD?= =?utf-8?B?eVFwWDJUTXdBbEt4S1VMTTlodXVJMVBURXd0L3dYZVFqNUlQRXBDK2NpK3hE?= =?utf-8?B?SnhBcHlnT0YvM3J3WnREeHpReE9HRWY2enMwKzk4ZUpnRElOeHRFY3BZcUVa?= =?utf-8?B?SFd4Z0tQdkRSRXdXbFF3ZHZBdTc1dnFUN2k4RnA3Sk9IY3dIelk2K3V5b3dB?= =?utf-8?B?MllHY3pYMVZCeFlDVldRVGtEUzVNNWhZRHNIMUhES1Y1QTZ5NlpkUGhLS0tv?= =?utf-8?B?WTR5cGdaK3hUeXptRXpGckc2Z1ZGdUZQa08vVkZEUTViOG95citvLzFjeDVE?= =?utf-8?B?d3FWbEw0OEJFanNGbkV1ZW5QaEx1UU50azFIMnhpOFZRMGhpQXhlV0NzT25q?= =?utf-8?B?VHM3dnE0d3V0RmZhcjJ0MGJUdFUvMUwwZmpVYXgzZ0M1aHp5WW9jYi83Y2pM?= =?utf-8?B?TElCZnByeG53N2p6L1k1WDk2R3RwRWFlYzdTazdzTFVudU5lOGl4SDNjNHJZ?= =?utf-8?B?cm8rQ1ZZMzZrMmJwL1Q1dnJDK1BjVUlaMEw2SVUvOTBzYlQ1YnRHMmtnSVBm?= =?utf-8?B?QU1jbk44cE9uc2VkYi9yU09WVjAxRlBSM2ZXV3VqWEdmQTRVNjBockplUzJa?= =?utf-8?B?d05YQnFVbytkNVA1NmtVUmpmaEI5V2hkQTB0ZVowU2FqVXpLd1VaaEU5Z01v?= =?utf-8?B?U0htTkJOYVorbVdtU2FjMGRVQzJNRG5rSGJkcU8zQVoyUFJENFk4b24rRFlV?= =?utf-8?B?NDdjVGRZZXA2TWM3bXB0ODI1VFF3VVdpMHVyZjVRSE5oY0xUSXFjci81Ty81?= =?utf-8?B?VG84LzdjM0RSWFRoeitGS3d2QXo5WW9Nbjl6RHlLMldjWTlxUmsyRjB0aCtY?= =?utf-8?B?YkNpUjVQS2Nzc0dEMjE2TnlXZVFCbEJGcnJGQmVLamhrRFc0R0lxc1RTYnVR?= =?utf-8?B?THNBV21rQTEwV2RTbGcxMkJzQkFzVVB3L3lHc2VOOGJRSkVWSGd0dFJRam1Q?= =?utf-8?B?OU80ZldaeGdaNUFnL0MyZnN4QUFabG93MEtpZ0EzeGRwOEtvUE92N1hTdFh6?= =?utf-8?B?Skd2UVppcGduNStEa0xCSWhtM3lqUHA4dWVwNXorZ2NwRVhEMXl3cHFWREdh?= =?utf-8?B?OFNXUHhZdXJiUWxQbTFSRi9WTUM2d3cxektxS0dtbkpWd2Q0NFN0cFRGYmVD?= =?utf-8?B?R2FFQXhxQnYya2VVMVY1Y2dSNTlpNUMrRTRJVmNOWnhaR2s5QUVQaURaUDBF?= =?utf-8?B?R3p3UjNzMHVHOHgwWHZGWTlwWmJvdFRwS2RIYmxHT2VjQUtKZmxjc1VQZjdG?= =?utf-8?B?SUNtYkxCMC9MK2dOa1cxOURmL1UyYW9BS005K05IbjJseHozM21hS21GUzBh?= =?utf-8?B?bkFzM3JxR29jRk1jOXBtNURCSkI1RnhEL3dVczhCc0QyY0dTNmZDVy8zWGlN?= =?utf-8?Q?SLrII0e4ZRQ1+4vEjVCX61YFP2c?= X-Microsoft-Antispam-Message-Info: 99C9qTvGRlR1PLb+xmsnaWVk4S6IHPHBZwHHaRVHYZH9Rzk3LTVpFsL9uAOiP0pcsC6lAcDbfzfNB4gtmcMxP5wd5X2ccrxJIF1mzx/qUkEoAmqpoBP12iJ6y8rclU04mU2EXcxZ/dwWmk8YEzbukBq0lHcE2ksRYfSD/u9Q1f45+KLYsGJc1E3uY3eARhRu X-Microsoft-Exchange-Diagnostics: 1; BLUPR0701MB1059; 6:vGLAnHvCOio9QtfxARFzT4ERPlWU1pMHyRW43IVvmQDFRYEurTNSpEJR+jIAw+7luYGf88iPGY2YCnfPVrtaP+Qa96mYlGF62c7kaOWS7dKKEmCF5/tK3ZcIgOgAjk2q9HkpcX8EpYI5tk0lmnmqglQdAevYBCvDx5Q0TMOrGg7ZfNNjBCdspMRmh15BDP438vi3TWmwyM28housGc9On2v8kw/LCNfsqWg4TUXZhjXHruMvjzOghaQRz5SFwgRWcV4RjxwPvuluzW5yDy8W9KqMw6hDbK7C+RZmnVHX7WiWsLRR2TNXN7Qnno2KJ9R5kC/n7wEn3GkoLp3W5B604zAKGbXtGomwN6aOjQ6B2twMKhfaO0RGOtIjKXVdBqzDdv7lW5PTcIVtAqKPm3rqk5WQmV6Td34YeMAXflSIo4AswQtq8fviaxKVdV55f1d1ZJ4wCXdug9Jp75Bgs2oWqA==; 5:sJWjkFIOVTbyYRJYKW/88eI6cm3HOWuIgxLDU9QU9bDIpuKor+is/V13ZYirDCjKjpVs19u4ifP4NaoksnfpdPg8n3DuVJBE3CYrp3j9gvIuhJ/1lf8Fmo3hHDNmZfOxVY//nPnNSxe8UV0OjtP+qEoToosoUwO2l5L9y2cfnCE=; 24:KViyAXjIt36x+uT9kG0SuO9zM+vlUOzNoyHDTLM25CkXOd+jlvjwowUW94l8WsK7YVTy5rsjSsL4DrUs/BjqvpxhIa+wTgePm7KK9Mukv+I= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BLUPR0701MB1059; 7:USUOAX/xxw3lc022LhllvaXZg28WR1QA3fqCL5nWURihA8xPn/MwJGGv/paa0/4nBiuZN4Bx3Dilw42GmYZq5t5Y5KNlzf92pij75L5xBZQ1e0bpsG1myTZPrms8jr3MBXaABzFZjKPrBVrAMl8XtzxZD0FqsMCvr7y5OgsBAS8QMJBfW6J9mjgzNERDRjlT3C9Lfa1DJ1eE5IML+AZ7s8BKUU9pBVblfoh2p4WZz4P2nbG4S12w8T6qLL0W3vAA X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Mar 2018 05:20:26.4596 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 89e2ef57-cb48-43e3-ed91-08d58eeb7595 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR0701MB1059 Subject: Re: [dpdk-dev] [PATCH v2 4/5] examples/ipsec-secgw: handle ESN soft limit event X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Mar 2018 05:20:30 -0000 Hi Akhil, If you are fine with the existing code, I'll send a revised patchset incorporating the comment change you had suggested for 3rd patch. Shall I proceed? Thanks, Anoob On 14/03/18 11:36, Anoob Joseph wrote: > Hi Akhil, > > Please see inline. > > Thanks, > Anoob > > On 13/03/18 17:54, Akhil Goyal wrote: >> Hi Anoob, >> >> On 3/1/2018 2:51 PM, Anoob Joseph wrote: >>> For inline protocol processing, the PMD/device is required to maintain >>> the ESN. But the application is required to monitor ESN overflow to >>> initiate SA expiry. >>> >>> For such cases, application would set the ESN soft limit. An IPsec >>> event >>> would be raised by rte_eth_event framework, when ESN hits the soft >>> limit >>> set by the application. >>> >>> Signed-off-by: Anoob Joseph >>> --- >>> v2: >>> * No change >>> >>>   examples/ipsec-secgw/ipsec-secgw.c | 56 >>> ++++++++++++++++++++++++++++++++++++++ >>>   examples/ipsec-secgw/ipsec.c       | 10 +++++-- >>>   examples/ipsec-secgw/ipsec.h       |  2 ++ >>>   3 files changed, 65 insertions(+), 3 deletions(-) >>> >>> diff --git a/examples/ipsec-secgw/ipsec-secgw.c >>> b/examples/ipsec-secgw/ipsec-secgw.c >>> index 3a8562e..5726fd3 100644 >>> --- a/examples/ipsec-secgw/ipsec-secgw.c >>> +++ b/examples/ipsec-secgw/ipsec-secgw.c >>> @@ -40,6 +40,7 @@ >>>   #include >>>   #include >>>   #include >>> +#include >>>     #include "ipsec.h" >>>   #include "parser.h" >>> @@ -1640,6 +1641,58 @@ pool_init(struct socket_ctx *ctx, int32_t >>> socket_id, uint32_t nb_mbuf) >>>           printf("Allocated mbuf pool on socket %d\n", socket_id); >>>   } >>>   +static inline int >>> +inline_ipsec_event_esn_overflow(struct rte_security_ctx *ctx, >>> uint64_t md) >>> +{ >>> +    struct ipsec_sa *sa; >>> + >>> +    /* For inline protocol processing, the metadata in the event will >>> +     * uniquely identify the security session which raised the event. >>> +     * Application would then need the userdata it had registered >>> with the >>> +     * security session to process the event. >>> +     */ >>> + >>> +    sa = (struct ipsec_sa *)rte_security_get_userdata(ctx, md); >>> + >>> +    if (sa == NULL) { >>> +        /* userdata could not be retrieved */ >>> +        return -1; >>> +    } >>> + >>> +    /* Sequence number over flow. SA need to be re-established */ >> >> >> With this patchset, application will be able to get notification if >> the error has occurred. But it is not re-configuring the SA. >> Do you intend to add the same? > Ideally the application should initiate a SA renegotiation sequence > (with IKE etc). But ipsec-secgw uses predetermined SAs, and so > addition of SA renegotiation might not fit in with the current design. > I was just adding this as a place holder for future expansion (and a > model for real applications). > > What are your thoughts on addition here? Similar handling would be > needed for byte & time expiry as well, when that is added. May be we > could just log the event and leave it be. >> >>> +    RTE_SET_USED(sa); >>> +    return 0; >>> +} >>> + >>> +static int >>> +inline_ipsec_event_callback(uint16_t port_id, enum >>> rte_eth_event_type type, >>> +         void *param, void *ret_param) >>> +{ >>> +    struct rte_eth_event_ipsec_desc *event_desc = NULL; >>> +    struct rte_security_ctx *ctx = (struct rte_security_ctx *) >>> +                    rte_eth_dev_get_sec_ctx(port_id); >>> + >>> +    RTE_SET_USED(param); >>> + >>> +    if (type != RTE_ETH_EVENT_IPSEC) >>> +        return -1; >>> + >>> +    event_desc = ret_param; >>> +    if (event_desc == NULL) { >>> +        printf("Event descriptor not set\n"); >>> +        return -1; >>> +    } >>> + >>> +    if (event_desc->stype == RTE_ETH_EVENT_IPSEC_ESN_OVERFLOW) >>> +        return inline_ipsec_event_esn_overflow(ctx, event_desc->md); >>> +    else if (event_desc->stype >= RTE_ETH_EVENT_IPSEC_MAX) { >>> +        printf("Invalid IPsec event reported\n"); >>> +        return -1; >>> +    } >>> + >>> +    return -1; >>> +} >>> + >>>   int32_t >>>   main(int32_t argc, char **argv) >>>   { >>> @@ -1727,6 +1780,9 @@ main(int32_t argc, char **argv) >>>            */ >>>           if (promiscuous_on) >>>               rte_eth_promiscuous_enable(portid); >>> + >>> +        rte_eth_dev_callback_register(portid, >>> +            RTE_ETH_EVENT_IPSEC, inline_ipsec_event_callback, NULL); >>>       } >>>         check_all_ports_link_status(nb_ports, enabled_port_mask); >>> diff --git a/examples/ipsec-secgw/ipsec.c >>> b/examples/ipsec-secgw/ipsec.c >>> index 5fb5bc1..acdd189 100644 >>> --- a/examples/ipsec-secgw/ipsec.c >>> +++ b/examples/ipsec-secgw/ipsec.c >>> @@ -36,6 +36,7 @@ set_ipsec_conf(struct ipsec_sa *sa, struct >>> rte_security_ipsec_xform *ipsec) >>>           } >>>           /* TODO support for Transport and IPV6 tunnel */ >>>       } >>> +    ipsec->esn_soft_limit = IPSEC_OFFLOAD_ESN_SOFTLIMIT; >>>   } >>>     static inline int >>> @@ -270,11 +271,14 @@ create_session(struct ipsec_ctx *ipsec_ctx, >>> struct ipsec_sa *sa) >>>                * the packet is received, this userdata will be >>>                * retrieved using the metadata from the packet. >>>                * >>> -             * This is required only for inbound SAs. >>> +             * The PMD is expected to set similar metadata for other >>> +             * operations, like rte_eth_event, which are tied to >>> +             * security session. In such cases, the userdata could >>> +             * be obtained to uniquely identify the security >>> +             * parameters denoted. >>>                */ >>>   -            if (sa->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) >>> -                sess_conf.userdata = (void *) sa; >>> +            sess_conf.userdata = (void *) sa; >>>                 sa->sec_session = rte_security_session_create(ctx, >>>                       &sess_conf, ipsec_ctx->session_pool); >>> diff --git a/examples/ipsec-secgw/ipsec.h >>> b/examples/ipsec-secgw/ipsec.h >>> index 6059f6c..c1450f6 100644 >>> --- a/examples/ipsec-secgw/ipsec.h >>> +++ b/examples/ipsec-secgw/ipsec.h >>> @@ -21,6 +21,8 @@ >>>     #define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */ >>>   +#define IPSEC_OFFLOAD_ESN_SOFTLIMIT 0xffffff00 >>> + >>>   #define IV_OFFSET        (sizeof(struct rte_crypto_op) + \ >>>                   sizeof(struct rte_crypto_sym_op)) >>> >> >