From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 71DF5A0548; Fri, 24 Sep 2021 12:22:21 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id E66B04122D; Fri, 24 Sep 2021 12:22:20 +0200 (CEST) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mails.dpdk.org (Postfix) with ESMTP id 3D25D40142 for ; Fri, 24 Sep 2021 12:22:19 +0200 (CEST) X-IronPort-AV: E=McAfee;i="6200,9189,10116"; a="211120832" X-IronPort-AV: E=Sophos;i="5.85,319,1624345200"; d="scan'208";a="211120832" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Sep 2021 03:22:18 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,319,1624345200"; d="scan'208";a="705103013" Received: from orsmsx606.amr.corp.intel.com ([10.22.229.19]) by fmsmga005.fm.intel.com with ESMTP; 24 Sep 2021 03:22:17 -0700 Received: from orsmsx606.amr.corp.intel.com (10.22.229.19) by ORSMSX606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Fri, 24 Sep 2021 03:22:17 -0700 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Fri, 24 Sep 2021 03:22:17 -0700 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.101) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Fri, 24 Sep 2021 03:22:12 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=k5+PsevskAnQB9Rcdn4NOc1jS18KqIdVIVf2gi+xkpnp8lR2t9stRGLM7PZ5XJfgHSdqfRCycXJ8tWHMHOlEji5Wcre6MGBsjSpcnzCTB+jPmflnBb0V35vZSKCJxqK8+A950ttI3m2IOE9a/gZbzWSHe3yly1TKYrhGPEsTOuysGnEPJmweIU/nbQP/L0TxOLT+uF2kOSb0FoVCbxejjeuD2YA5D9fatOedkaYX3FaIQ6nBgiQhDgbwmMlvDmav9UpDFJoy+Uz/+zUKPpTVTJN4vlDK/ixJoyQJSvQ6D3ttpQY+hbYs6urD1E3y4SLGRrtL+j6nk44ns9qP1zc6tQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=JZRfSxoDuUnrY7hmwIv1F0VNsFoDA5xeBloVFv95urs=; b=MfC95OAWiEc2knRS6DsYnXHcnzPnUfE/MCoUT1gcQHGoLAWb17meI1NdrZ+BvB8+iqy+onEZ+kYvEb4VqJJPwLbSNVo3ibtsI1aoLNl2cVdgIaQDe01lBXrkbyX3ZSmSO4rCS6HivHfikrfu1ZZznSLHgt4w/4W0TC4Kqt5smlneWPF/Q32QYT10WLs7zMmPhc5wMsxvAZdlMm5C5RYUR9h7PqemRXPD765nKuDLFo5FfrxeJoY+oEji6TqxPL2WSmo2NbGdLZElhQcYTs3GMf16n7+fqVKCp2XcVIlpVIB/8EHZ/AUHqeCixPppXPGayWKyhqjGVu6oVIrx9l7dOQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JZRfSxoDuUnrY7hmwIv1F0VNsFoDA5xeBloVFv95urs=; b=we6oOU7pMprFXVaPEHbeqxduFb8ZWXpCVtM/ySJWsDqnFiLbMpR7zstdLCUoc0fBiq2GIY+FIwHJhFErd3h2xzm+1emPSKXAdIVBR+0kpVFmW9hPz5mPCsBTPdKRIopIgNCGzjumsKsp4iq4n3utnqrzXiINcff9dkXcgCWxoaI= Received: from BY5PR11MB4482.namprd11.prod.outlook.com (2603:10b6:a03:1ca::33) by BY5PR11MB4275.namprd11.prod.outlook.com (2603:10b6:a03:1bd::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.18; Fri, 24 Sep 2021 10:22:01 +0000 Received: from BY5PR11MB4482.namprd11.prod.outlook.com ([fe80::a850:4ae9:9444:7334]) by BY5PR11MB4482.namprd11.prod.outlook.com ([fe80::a850:4ae9:9444:7334%5]) with mapi id 15.20.4544.018; Fri, 24 Sep 2021 10:22:00 +0000 From: "Ananyev, Konstantin" To: "Nicolau, Radu" , "Iremonger, Bernard" , "Medvedkin, Vladimir" CC: "dev@dpdk.org" , "mdr@ashroe.eu" , "Richardson, Bruce" , "Zhang, Roy Fan" , "hemant.agrawal@nxp.com" , "gakhil@marvell.com" , "anoobj@marvell.com" , "Doherty, Declan" , "Sinha, Abhijit" , "Buckley, Daniel M" , "marchana@marvell.com" , "ktejasree@marvell.com" , "matan@nvidia.com" Thread-Topic: [PATCH v6 09/10] ipsec: add support for initial SQN value Thread-Index: AQHXq6YbbsgK3zbcvUWuPSyokmaiOauy/wGQ Date: Fri, 24 Sep 2021 10:22:00 +0000 Message-ID: References: <20210713133542.3550525-1-radu.nicolau@intel.com> <20210917091747.1528262-1-radu.nicolau@intel.com> <20210917091747.1528262-10-radu.nicolau@intel.com> In-Reply-To: <20210917091747.1528262-10-radu.nicolau@intel.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.6.200.16 authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 9c5c5b7d-8e36-4634-5f57-08d97f452597 x-ms-traffictypediagnostic: BY5PR11MB4275: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: kcd6z7Oy2Mhp33hTRtTnseNyKhpphZS0ghTlfN9jWaBTRg5O52SvUNNInqQjht4w7AGwfki4lVnRzAUXqX2ZXWr/5tHOuhUwya1u5oD6TrHjmiFSbFmn76dk2buprQdKrw7Y5bNh1riOI8R8DtUPUfW2AJN98bLdLo291D3dFaKmL3Ipma17jxtpZ263mBQOH7AocdOV4xxY3yKMFHoeorX8KnZBlBE240vjCH0ZvPfTqDAitRYnJAsZjJeIbA5P13fUXbTP8vcwLBdaUKEl5t/NiF7JrxO3JIbqAzNy+JR3c3VQMEQtg/J40QtY+1puoKDDwVRhyhRHunCkeDtJD1fk6wun1cpV2e8Z038W+BPfEa3iC/lYdHJx8+mOKmTjm1kmSmz9DrXF4aDdJ5usHg2vT+IngsZGcf8fGSoDTbwC2+488O8k8sm6h/jvi9URpGMBq8iR17WPOLvSglhxDumgP3QQVRfclmI0HUR+YiDmizslIGfBoJDc63jH1yiunOqhm7wfGfdoOtQNWzTT56VBaCabqvYWZaVC++nTP9fw/qGnrfSmdPQwMChv2Uh/Om7EpNithfwjZbxTAEqIxnNY1va1i8jMi1z3l533Pzyv7DI3rQJNh04BWMHE6p6/LHUQvPy4G2lZeaS81tlxJyY6dTJ/uqDHDN1318xLhvR6XqocC3ecVvkWkgFu1vmUzozLiZ/9f/8C2MR8DLqJow== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BY5PR11MB4482.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(26005)(52536014)(6506007)(38070700005)(33656002)(110136005)(186003)(76116006)(6636002)(7696005)(54906003)(508600001)(5660300002)(4326008)(64756008)(55236004)(38100700002)(122000001)(8676002)(83380400001)(66476007)(66946007)(66446008)(9686003)(8936002)(316002)(66556008)(55016002)(86362001)(71200400001)(2906002); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?uDDq8TZjWLPZ9VNJ26GB20ruIANUxRR+x0FLMeFNuPkYxfvZYUt2R8Y7W5LP?= =?us-ascii?Q?zSR7dit+B9B6ue3vw8LKQriHlnC9ySVuQJbesuTYfMSO3n3exdHzzR3mpET2?= =?us-ascii?Q?QMQIWzMgiz4Tu0Dh7R+0J9G5viMlFLMi79cJNslPQV/suMIogtWEyKetm0cK?= =?us-ascii?Q?cWkEqOFW7HtN74AXKQHGIp+fV5Rl+M/DedFmbL8jvF8l/vEnB6doQKZNGWwp?= =?us-ascii?Q?gLfNt78gPnG0a19N7quxz2J2EZPD5Sw8iTXpySYxyK4mcHYXIb/Ht6oWo1nL?= =?us-ascii?Q?DOc1SyhZeXdV/Bm9YWWQ0/zVyROX35yYALXO1xvXcxMnK+vkyh1lXK1Prh+Y?= =?us-ascii?Q?yRzOprdcHRJRTzxcJhn/IR9ipUTPt70AWKQfRxLkesq4wE39+sXL9qTj8vf8?= =?us-ascii?Q?+zGzacAwxBMLZSDoYyynODiS28OEiGUBZni0JZ4s17UQHo1cEPy0Jbsoj5rv?= =?us-ascii?Q?zlyIbHMYEyPdJB40nmeYnnFremLQ5GWtd9bVIWx5YG0VzMl3GvvOwbi271uE?= =?us-ascii?Q?8qJj6RztSUL3UJ9snUWjd0vSZ+q0h3JJiexfTWIDrnop9outf24DH0nTNQyP?= =?us-ascii?Q?+Fb/Hm2dx3uI6Z492JuZA/LTnFfALZbGq9m2G3nFE4CSEVHPVDtNFQdzW+yj?= =?us-ascii?Q?cSi3JjQYfdkT/PH97kRGK9vlLH89XlgDiYUUa/YYEfgWUj7eV0YXUxvhcvbL?= =?us-ascii?Q?013jBLVirB3nHZoBho2gApHViqg7EasDX1h2yBzawyfylgBxXsTxEINWXfln?= =?us-ascii?Q?6qahSqneIwte9mscWcJjckrOsoHh2MGSHyAIWvP6XfTDrOuXgDRtYaVwsLGj?= =?us-ascii?Q?e0OAKwKmQ1eIqU69ZltIhPN+3xhzxwuV11CZr4gK79+9rm+av0/HM/sAd8/a?= =?us-ascii?Q?C28uXNRrCXYu9gSZi1WCaLuXowLBOoeX2m0AKnKIWbxdq3qXhPpR5zckEwHG?= =?us-ascii?Q?mbQ8bT444RzBpv4AjeAd5TyxlzTEDe8A/2LZ0SCmjZ2dUTzYXLBpLLZPfUYv?= =?us-ascii?Q?ANiqTO0uXWqTptfrOpf0l/7ePXtgwHLdnoQDp26fNI5Tgg8BOiX+C5XFKbBI?= =?us-ascii?Q?CDKEK8Rn3Oh1m/Dv2GZ5SqjGe0bTzjrrzO/fnoErTdrnIHXXxKONwpsn5m1o?= =?us-ascii?Q?7CYGygKyvixq+FLeCqI+8W7reYeLnDOkODeBtUQxOXJrP8CSbXqqlziw+rIV?= =?us-ascii?Q?wxBQ9nZmDizQnQgRWAC686K5f9iN3GN//7iwqM1XSHR219/lOatWklhHK/kL?= =?us-ascii?Q?UqbOPCdP5jmk22gYTE7cI/+hWXLXAEwPdLte4DqPIXoDD/FbHouZRUdFFHOT?= =?us-ascii?Q?+g1gkm45OkM3qSGnhRZyAgDr?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BY5PR11MB4482.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9c5c5b7d-8e36-4634-5f57-08d97f452597 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Sep 2021 10:22:00.8294 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: T4aW+raGsSLsfva7fPEvXk2kWyfbMFbPtWrTR4fCjAVvQ9AU6F3AalhYpmWSS7jhITrVcRIdl3OSdEgHBZZ3Fib26xEurhwWfKNPVtXFnKo= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR11MB4275 X-OriginatorOrg: intel.com Subject: Re: [dpdk-dev] [PATCH v6 09/10] ipsec: add support for initial SQN value X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > Update IPsec library to support initial SQN value. >=20 > Signed-off-by: Declan Doherty > Signed-off-by: Radu Nicolau > Signed-off-by: Abhijit Sinha > Signed-off-by: Daniel Martin Buckley > Acked-by: Fan Zhang > --- > lib/ipsec/esp_outb.c | 19 ++++++++++++------- > lib/ipsec/sa.c | 29 ++++++++++++++++++++++------- > 2 files changed, 34 insertions(+), 14 deletions(-) >=20 > diff --git a/lib/ipsec/esp_outb.c b/lib/ipsec/esp_outb.c > index 2c02c3bb12..8a6d09558f 100644 > --- a/lib/ipsec/esp_outb.c > +++ b/lib/ipsec/esp_outb.c > @@ -661,7 +661,7 @@ esp_outb_sqh_process(const struct rte_ipsec_session *= ss, struct rte_mbuf *mb[], > */ > static inline void > inline_outb_mbuf_prepare(const struct rte_ipsec_session *ss, > - struct rte_mbuf *mb[], uint16_t num) > + struct rte_mbuf *mb[], uint16_t num, uint64_t *sqn) > { > uint32_t i, ol_flags, bytes =3D 0; >=20 > @@ -672,7 +672,7 @@ inline_outb_mbuf_prepare(const struct rte_ipsec_sessi= on *ss, > bytes +=3D mb[i]->data_len; > if (ol_flags !=3D 0) > rte_security_set_pkt_metadata(ss->security.ctx, > - ss->security.ses, mb[i], NULL); > + ss->security.ses, mb[i], sqn); rte_security_set_pkt_metadata() doc says that param is device specific para= meter... Could you probably explain what is the intention here: Why we need to set pointer to sqn value as device specific parameter? What PMD expects to do here? What will happen if PMD expects that parameter to be something else (not a pointer to sqn value)? > } > ss->sa->statistics.count +=3D num; > ss->sa->statistics.bytes +=3D bytes - (ss->sa->hdr_len * num); > @@ -764,7 +764,10 @@ inline_outb_tun_pkt_process(const struct rte_ipsec_s= ession *ss, > if (k !=3D num && k !=3D 0) > move_bad_mbufs(mb, dr, num, num - k); >=20 > - inline_outb_mbuf_prepare(ss, mb, k); > + if (sa->sqn_mask > UINT32_MAX) Here and in other places: there is a special macro: IS_ESN(sa) for that. > + inline_outb_mbuf_prepare(ss, mb, k, &sqn); > + else > + inline_outb_mbuf_prepare(ss, mb, k, NULL); Ok, so why we need to pass sqn to metadata only for ESN case? Is that because inside ESP header we store only lower 32-bits of SQN value? But, as I remember SQN.hi are still stored inside the packet, just in diff= erent place (between ESP trailer and ICV). > return k; > } >=20 > @@ -799,8 +802,7 @@ inline_outb_trs_pkt_process(const struct rte_ipsec_se= ssion *ss, > if (nb_sqn_alloc !=3D nb_sqn) > rte_errno =3D EOVERFLOW; >=20 > - k =3D 0; > - for (i =3D 0; i !=3D num; i++) { > + for (i =3D 0, k =3D 0; i !=3D num; i++) { No reason for change. >=20 > sqc =3D rte_cpu_to_be_64(sqn + i); > gen_iv(iv, sqc); > @@ -828,7 +830,10 @@ inline_outb_trs_pkt_process(const struct rte_ipsec_s= ession *ss, > if (k !=3D num && k !=3D 0) > move_bad_mbufs(mb, dr, num, num - k); >=20 > - inline_outb_mbuf_prepare(ss, mb, k); > + if (sa->sqn_mask > UINT32_MAX) > + inline_outb_mbuf_prepare(ss, mb, k, &sqn); > + else > + inline_outb_mbuf_prepare(ss, mb, k, NULL); > return k; > } >=20 > @@ -840,6 +845,6 @@ uint16_t > inline_proto_outb_pkt_process(const struct rte_ipsec_session *ss, > struct rte_mbuf *mb[], uint16_t num) > { > - inline_outb_mbuf_prepare(ss, mb, num); > + inline_outb_mbuf_prepare(ss, mb, num, NULL); > return num; > } > diff --git a/lib/ipsec/sa.c b/lib/ipsec/sa.c > index 5b55bbc098..d94684cf96 100644 > --- a/lib/ipsec/sa.c > +++ b/lib/ipsec/sa.c > @@ -294,11 +294,11 @@ esp_inb_tun_init(struct rte_ipsec_sa *sa, const str= uct rte_ipsec_sa_prm *prm) > * Init ESP outbound specific things. > */ > static void > -esp_outb_init(struct rte_ipsec_sa *sa, uint32_t hlen) > +esp_outb_init(struct rte_ipsec_sa *sa, uint32_t hlen, uint64_t sqn) > { > uint8_t algo_type; >=20 > - sa->sqn.outb =3D 1; > + sa->sqn.outb =3D sqn; >=20 > algo_type =3D sa->algo_type; >=20 > @@ -356,6 +356,8 @@ esp_outb_init(struct rte_ipsec_sa *sa, uint32_t hlen) > static void > esp_outb_tun_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm= *prm) > { > + uint64_t sqn =3D prm->ipsec_xform.esn.value > 0 ? > + prm->ipsec_xform.esn.value : 1; No need to do same thing twice - esp_outb_tun_init can take sqn value as a = parameter. > sa->proto =3D prm->tun.next_proto; > sa->hdr_len =3D prm->tun.hdr_len; > sa->hdr_l3_off =3D prm->tun.hdr_l3_off; > @@ -366,7 +368,7 @@ esp_outb_tun_init(struct rte_ipsec_sa *sa, const stru= ct rte_ipsec_sa_prm *prm) >=20 > memcpy(sa->hdr, prm->tun.hdr, sa->hdr_len); >=20 > - esp_outb_init(sa, sa->hdr_len); > + esp_outb_init(sa, sa->hdr_len, sqn); > } >=20 > /* > @@ -376,6 +378,8 @@ static int > esp_sa_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm, > const struct crypto_xform *cxf) > { > + uint64_t sqn =3D prm->ipsec_xform.esn.value > 0 ? > + prm->ipsec_xform.esn.value : 1; Here and everywhere: Please try to keep variable definition and its value assignement at differe= nt statements. Will keep coding-style similar across the file and is easier to follow (at = least to me). > static const uint64_t msk =3D RTE_IPSEC_SATP_DIR_MASK | > RTE_IPSEC_SATP_MODE_MASK | > RTE_IPSEC_SATP_NATT_MASK; > @@ -492,7 +496,7 @@ esp_sa_init(struct rte_ipsec_sa *sa, const struct rte= _ipsec_sa_prm *prm, > case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TRANS | > RTE_IPSEC_SATP_NATT_ENABLE): > case (RTE_IPSEC_SATP_DIR_OB | RTE_IPSEC_SATP_MODE_TRANS): > - esp_outb_init(sa, 0); > + esp_outb_init(sa, 0, sqn); > break; > } >=20 > @@ -503,15 +507,19 @@ esp_sa_init(struct rte_ipsec_sa *sa, const struct r= te_ipsec_sa_prm *prm, > * helper function, init SA replay structure. > */ > static void > -fill_sa_replay(struct rte_ipsec_sa *sa, uint32_t wnd_sz, uint32_t nb_buc= ket) > +fill_sa_replay(struct rte_ipsec_sa *sa, > + uint32_t wnd_sz, uint32_t nb_bucket, uint64_t sqn) > { > sa->replay.win_sz =3D wnd_sz; > sa->replay.nb_bucket =3D nb_bucket; > sa->replay.bucket_index_mask =3D nb_bucket - 1; > sa->sqn.inb.rsn[0] =3D (struct replay_sqn *)(sa + 1); > - if ((sa->type & RTE_IPSEC_SATP_SQN_MASK) =3D=3D RTE_IPSEC_SATP_SQN_ATOM= ) > + sa->sqn.inb.rsn[0]->sqn =3D sqn; > + if ((sa->type & RTE_IPSEC_SATP_SQN_MASK) =3D=3D RTE_IPSEC_SATP_SQN_ATOM= ) { > sa->sqn.inb.rsn[1] =3D (struct replay_sqn *) > ((uintptr_t)sa->sqn.inb.rsn[0] + rsn_size(nb_bucket)); > + sa->sqn.inb.rsn[1]->sqn =3D sqn; > + } > } >=20 > int > @@ -830,13 +838,20 @@ rte_ipsec_sa_init(struct rte_ipsec_sa *sa, const st= ruct rte_ipsec_sa_prm *prm, > sa->sqn_mask =3D (prm->ipsec_xform.options.esn =3D=3D 0) ? > UINT32_MAX : UINT64_MAX; >=20 > + /* if we are starting from a non-zero sn value */ > + if (prm->ipsec_xform.esn.value > 0) { > + if (prm->ipsec_xform.direction =3D=3D > + RTE_SECURITY_IPSEC_SA_DIR_EGRESS) > + sa->sqn.outb =3D prm->ipsec_xform.esn.value; Hmm... you do set sa->sqn.outb inside esp_outb_init(). Why do you need to duplicate it here? > + } > + > rc =3D esp_sa_init(sa, prm, &cxf); > if (rc !=3D 0) > rte_ipsec_sa_fini(sa); >=20 > /* fill replay window related fields */ > if (nb !=3D 0) > - fill_sa_replay(sa, wsz, nb); > + fill_sa_replay(sa, wsz, nb, prm->ipsec_xform.esn.value); >=20 > return sz; > } > -- > 2.25.1