From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0063.outbound.protection.outlook.com [104.47.1.63]) by dpdk.org (Postfix) with ESMTP id 9357B2C36 for ; Wed, 21 Mar 2018 08:31:20 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=fTjoQe5U4CHi/cnfsV47/z648qGku0Bd7zxe7NsjEco=; b=LWf27pZRxomGdBibGne3L6Tqwl24yKAtCJSs7vmPU2VfxPelxYhiDco1VqGDCnz9mzkHHoami9Zob8zvCJchkdIHUM4qAE3nOL/eOUDpGba4URlRgAzYpjc4r9sxNztznfYAf2OqMs/+UG2Mt8wwYWIU0Xi9vnl3NExJ0Rb7CHY= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=akhil.goyal@nxp.com; Received: from [IPv6:2402:3a80:9f9:628a:e852:325f:9caf:7b05] (2402:3a80:9f9:628a:e852:325f:9caf:7b05) by DB5PR04MB1382.eurprd04.prod.outlook.com (2a01:111:e400:58da::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.588.14; Wed, 21 Mar 2018 07:31:12 +0000 To: Anoob Joseph , Declan Doherty , Radu Nicolau Cc: Jerin Jacob , Narayana Prasad , Nelio Laranjeiro , dev@dpdk.org References: <1519191430-19201-1-git-send-email-anoob.joseph@caviumnetworks.com> <1519896103-32479-1-git-send-email-anoob.joseph@caviumnetworks.com> <1519896103-32479-5-git-send-email-anoob.joseph@caviumnetworks.com> <3b57c323-69c0-a20e-b846-d686576ac1da@nxp.com> <1a37eafa-9b6a-64fb-7295-dbfef9c81ff2@caviumnetworks.com> <8e5ecbf8-d739-d6ee-1de5-49eaea2ebf1a@caviumnetworks.com> From: Akhil Goyal Message-ID: Date: Wed, 21 Mar 2018 13:00:52 +0530 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <8e5ecbf8-d739-d6ee-1de5-49eaea2ebf1a@caviumnetworks.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Originating-IP: [2402:3a80:9f9:628a:e852:325f:9caf:7b05] X-ClientProxiedBy: BM1PR01CA0105.INDPRD01.PROD.OUTLOOK.COM (2603:1096:b00::21) To DB5PR04MB1382.eurprd04.prod.outlook.com (2a01:111:e400:58da::16) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: e4c8a615-3dff-4bc5-0c64-08d58efdbcd3 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:DB5PR04MB1382; X-Microsoft-Exchange-Diagnostics: 1; DB5PR04MB1382; 3:oHm4Wc5qVdMrHdCU+EBi6/uXf2TZ5jmVICRN0zYC6slrqkPgvV9+4oPm+2hELstKJ0DH12ssWNlHhXp+TLBopW0AmeNTLfF4zcwiMxjo4CqSfq0Kau9Ratim9iKeR80HnDJppnR7JJNVHtXItSzTWiiTfu8BBXseWYcai0G6QnZ3Dkt/VMuGDsa6r+178+kItuSbtCDo8Nk/zxcQeZYAiBhMKr7SFRUoYb0Je/KsuW5CpPtFeGnrV0biY5Efn21h; 25:9zQPhohxT1vydORbsq1vy/bb4hFgKRDb8zqh9wExTmqQKTVdE0ICiId4sOY2Dd3KCurHyHKw0DI8cNbSdmPOSfLBTGC/+uV+EQ0G34NUhWLRF/OiqCd49x/lz05DFm4kmPMSB7Gk2CnYYh1w1dd8ke4NswwVkZVkrQiUEueE70OZw59HFJbEt0/qh6oOpcxnz0l51HHF0s388CNdO4s2wwtPiDtXOAwwQfnMP2YlsQn5sEqB2aL9zAxIYFo1XrukH5lzoUM/KKfpqRqRBUedbMcOtb/DuRi2N7oK+CS80ZU7T6BHZzHHznd5QB3+UiIeHuCjBDfXKDG4SaWoveNq4A==; 31:RarbtVvaX942saJ3OT/rcNill6EV26NLqdQOgUrQDoYXnBguiB9S+gEMhuci22SFeZmIcWx6FGT4MoYI49NkiBowi2QqwCyXJzU7RRjWBK7DlmOjQqHlXD7iaEhy9/RgN6XMcF7aSi1tFcNU1yi0Mm+wtZfyFwci30H6/0jXQAQPZRG6Ptss+U1iDa3I+Qov2ogoALJt3OfwlEORR1YNUa6t9gEnjaMYFv2zR4b3/wE= X-MS-TrafficTypeDiagnostic: DB5PR04MB1382: X-Microsoft-Exchange-Diagnostics: 1; DB5PR04MB1382; 20:xFpX+jmck6tT9Y1maa4KmMJK4ZzaqFqGGxPbFwSq8h+DyNhslBZFJm/c4RxdkQgXR2W153IkhFze7K0mXIlm9a72Pdu1egRBFAIklR8ukqQ3xOZvKPPVgHxulfR+g5BOwoxjUQ51ZvvyHwZHWifjt/sTvL+h8BINrCe2FFyvZILJkLa3e1S/jU707eqmtKk/+f3F01/IF+V7h5rPDxjPGrKlOc4duKtYb7BN95ekNay1wIvaCaHseRLhfc1evpu8ZYAYqSSYZLHHjne1hwmnJAOH25oy/kQVJfRAN0Jo8chzITvKAA44DEK1lFxDC9bwq/3wXeK/80PkfsMUlkbZiHadF0X2CvXRyTUZfYPIMo6xwTdbLNWUq7rsihf0gb2DeZIi8IVp213W5WfK/oylPDBWTMo4q7eF44kO+4Mg6COfP7uQHTr40erWcDdfiWtU8YpFczOjLuexDPK+eQSllHQpITLplagoN1akmYS1pr206fHSFrSvyIBLVYorYqbk; 4:x9eCU6F0x2Jz2a/m5vB2J4X4bv0mU2ZzaMbstRXrJ2uAITLs3XicVIg8LWffSvCioLGohYE9WSMKVlEnJWsSbc12lbxhqVnBHefXxzhpzSLVB1ZGXreTtOChQiTTBshCr5sgt9aRyv0dKgFwGcziDmnhBXHpbsUQNTd3t9GmoEPedRiGTnS4jRUU2oMXLq6LLn890HZ2I87qlab9vxjFN7c73CIYPZcF/KyFeY3VOER16QDh+TXRAYwyYJrI/J1AXQPjn2D+N5hmRqLdtOaM6xdptU8iq0ZsZhBNDckorRBGX+k9sOh0Zz+SvnQhQzptiFvWutgY87kO7swUvc0HQW32+GPkKaW1St2EOSIUQbY= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(278428928389397)(192374486261705); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93001095)(3231221)(944501320)(52105095)(10201501046)(6055026)(6041310)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123558120)(6072148)(201708071742011); SRVR:DB5PR04MB1382; BCL:0; PCL:0; RULEID:; SRVR:DB5PR04MB1382; X-Forefront-PRVS: 0618E4E7E1 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(346002)(376002)(396003)(366004)(39860400002)(39380400002)(52054003)(199004)(189003)(110136005)(67846002)(25786009)(2950100002)(76176011)(81156014)(478600001)(2870700001)(8936002)(6666003)(36756003)(81166006)(8676002)(7736002)(305945005)(31696002)(97736004)(46003)(86362001)(93886005)(68736007)(65956001)(65806001)(6486002)(2906002)(229853002)(47776003)(105586002)(52396003)(58126008)(16526019)(59450400001)(386003)(50466002)(6116002)(53546011)(186003)(2486003)(106356001)(316002)(64126003)(23676004)(52146003)(52116002)(1706002)(31686004)(53936002)(65826007)(54906003)(5660300001)(6246003)(4326008); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR04MB1382; H:[IPv6:2402:3a80:9f9:628a:e852:325f:9caf:7b05]; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtEQjVQUjA0TUIxMzgyOzIzOi9oVnhaWDF0T2tFUDR0eW5STGM5ajFkbDl4?= =?utf-8?B?NCtxVnNWVHh2ZDc2M0RodksvQ0pkVGJ6Q1BXU1ZlakRGMUdHM054akhLUHZk?= =?utf-8?B?ekFOTzhyNS9UWTRrWGpWYWlESndPQXI3M3VWNDYyTGdpVWduTlU5anlLeXBo?= =?utf-8?B?bFU3NWc1WTJOOGx1MnljYzRDczJVc1JLaG9MRGZEd3ZqaFE4Qy9FSHIrYkgx?= =?utf-8?B?Z2xaMTVjWlpVYWdGdjlaUjFiaXdiVFRVODl3aWZhRmN6WldrdTg2UzdLcXVv?= =?utf-8?B?aW1DQ3ZFMlAzNDR4RGRDMmYwWi9TWGpaYXAvYzcwMTRBRjUwSDlERVB5VEtm?= =?utf-8?B?SEdJTnpEVFo5MUJ4VVR6SmkxTTFJVkRMMUhZSHBhUG5aalpvbzZjY1E2NmxY?= =?utf-8?B?RnAzYU01Q1MydHFGV1AxekYvcGgwM2JobVpUS2orUmx0YzFybHY3R093V3Jl?= =?utf-8?B?YlROKzNJS1lHUmZTRHVwVk4vZXBxWjlGb0JwTkxRTTNLRDZHOUdLQlZZQS85?= =?utf-8?B?ZHhJNWljVlVlem5LTVRtSFB6QVFoMTRRcmZiMHVNay9rUjE3M2ZMd0RGY2Vm?= =?utf-8?B?eHNsSkRNWFdnc3lwU0NENTExVVRPRzB5MjFUeDRmWnlIbHMrZkFXM3krQ3F3?= =?utf-8?B?RC80RFNxaThIb29vVVdOcjlVdGZxa0lHaVFmdUN2MnJnNzFUQ1VXbDVCZ1c0?= =?utf-8?B?aVJld25sQ2dkTitPZGtBRlY0enhqLzdsMXlqN25TN0RJYjlyMTlGMW1saXdw?= =?utf-8?B?cjVOYWx2RlNQZm9MYXk3ajdWYmduSXVEYlBJbnJZWkFKRitjdEtIa0ZZYnZE?= =?utf-8?B?MDR1ano4SEk0SFJ6aTNKWFdnaUJmeG1hSFRJSHlMcVdZUzdrRC82UlJwdjB0?= =?utf-8?B?K28yTk12UnRwWDlaNitqeDROTy9hTjZRdmNSNG1qeWRnN1dTby9USE5meTZ4?= =?utf-8?B?NW9KUjA5QmpFempWaE9VeFpZbFVlR2lkeGNxd2E4dTB3djJKL1p3UWtrY1Zs?= =?utf-8?B?bGFRS3o0MTZPYXlOcy83TVFSWGI5ZUhiMGRJNjZuSnd4aG9acWpSZENYL25N?= =?utf-8?B?QXRiSnNvZFowbExJb0lwa3hQRDM4RWdqcmQ5RWZJYVB5OWJqZUxWcU5lT3Zx?= =?utf-8?B?OWsybXdpQ295bjVaYnUvNHFuSkwzamp6anA1YlVJclBmUTZDWUpSVVZ2VEFz?= =?utf-8?B?WG1iY3J3ZXZ6NStQSzlHcXlseU1tT01McnpuMWZuY2dQbzJrK1NjU0k4NjBh?= =?utf-8?B?ckYydXpsL3JCdUlWZk9RWmRaemIydm9nbzBVYjdYQnJlTlhnV1BnRlQwbmlU?= =?utf-8?B?K3hTMGhWYVd2S1N5QkdERjd4dG1HZ0o0UmFzS1NiRzZ1NVpDL0x2RmFaem1Q?= =?utf-8?B?WUdrcTVxUEsxK2VOR2p5aGxaWm1ncDdreG1WZGFLS0pUc1dUYTFqWjY1Wno1?= =?utf-8?B?eDlQMmRZakl5M1FacnlPSGJxQWZ5OGIyTkpvaUw2KzQxODJEUTU5Y0FoN25X?= =?utf-8?B?TUFvV2RHTTFHNzcyY1ZDOTJWeXJVT3Z6bGdnUG5PSXBUTGh1T1pRMXJkYnV4?= =?utf-8?B?NHp4NGVXUTR4NlQrN2FTK3YzdzZnNmtQUHo4ekYyTllBUWFZNFNsMkx4WkU5?= =?utf-8?B?d3FzVHB2SzRNMG5tOVBnQnRwUlBtckRQT0x5d3lUd1hpVC9FZ3hjSGlFN05q?= =?utf-8?B?U1h5ZWxKcC9ueFhXc0tGZ2NrOEszeTVHdHhNdlN4OHlRcDh0WlU4YkNZMmhz?= =?utf-8?B?eVpOYTFha05WeGErOTZZU3gzbWlIa3EvVHlJellUS1J5T0tFcXB4V3NKdHNz?= =?utf-8?B?YWV6U2wweHc3QVhMYU96WjVBemtsMHZpVitZK1NsK2srMXpwblJCRHhoV0po?= =?utf-8?Q?JynK3DUbuVoOwzodrtA6uYNZO83PkjFa?= X-Microsoft-Antispam-Message-Info: tKNfiiBVfB0mRM3z2QK27qcykWuoB2zaDmOBbQXbAHwtA0hHX9PdGRYnefV5QGng11GmVzMsqHcFGbTMdrWbdslMLKdYdGYkIIOEZRQc6SJaOzyWi3uq/aE5BHfr/Ftv8adW277zFhmT+lEPsR5Cv++6wO2wEgF3ff0A2/YlKqC5qMItXHwaMr2+ZB+JD8ss X-Microsoft-Exchange-Diagnostics: 1; DB5PR04MB1382; 6:rDf30ZW/IyqVRxCkeD2N+jNDO+KeSOCFlpifGz+PGYse4sFu+0heAyWlr0gu4tuall5WG6k3G+gwuVUQglsIleDmErgb60misf9wYB2fTkQmV5wd/SEwAJR5O0IjNymTr5UB9IiQpPYLSBC0rZSp1P5IHjA2qYGwSoIXFwa5ruJIYa/xlQCtnzhOE+b9uJoxfApeqZ8Li7xH1wfMecLbPwFUs8aju22g5ZKEi3iNvogMoN5pRA0Dq1bC12ha4kll2YC7D2PQphJma2jAsW5PZ6+MikzI2xsr/Gd3y3+7/A7yw86yRS9/vLGplKJx8qW7XBecqtdGh9rfkS0da93Meov9WAQlxWMDQmIK4H506tQ=; 5:zOcFJTyf6YQpdETBZo0/DC6JYUtA87hwZ231NRfjO622o3QeVJxQYCjwi1zbU9zzv/Lm5p+up1bPX74eLU21eSaOcn5CyHdwWepQFu8pOVOTxt44M0DyUPG5c0WlVrilzZ688tBaZDi9tpuoKP7Rkgw0fKzlpfvLMTSBPjJLLBs=; 24:S4fomX65kFOmTr/RVj0YUFOBjTtXTa9wKSuTIdHstmmAV6vre5fSyDhkmt1ia5p4lbZbmVo0gh+QAZC8SsXKBXBpstO9S0+RYtFAK5bqnC4=; 7:oq3P0lDrg9hwcqA5j8kuyAlG59tE5z/inuctg4FEoIhcE6TE/zY1uMjvcgUb3aSiuVJJ844S7LjrtRiklU4kRd19OOr7Eyv7o5Mu+vBNfd6NNotsbImpKbAKegD5DMentxckCZFbUNBCa5+MSVbW6dPQBzUpM0YxR+slRcB2AitdvMUDjBRbPDybGc6FuPm+6IsV1b1sazp1uczqXxrRbjsCdg2v23JOYJ52Q9wNlxVm9HLDcKZY6hubR7Y5udXO SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Mar 2018 07:31:12.1732 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e4c8a615-3dff-4bc5-0c64-08d58efdbcd3 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR04MB1382 Subject: Re: [dpdk-dev] [PATCH v2 4/5] examples/ipsec-secgw: handle ESN soft limit event X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Mar 2018 07:31:20 -0000 Hi Anoob, On 3/21/2018 10:50 AM, Anoob Joseph wrote: > Hi Akhil, > > If you are fine with the existing code, I'll send a revised patchset > incorporating the comment change you had suggested for 3rd patch. Shall > I proceed? > > Thanks, > Anoob > Yes you can send the patchset with existing code. BTW we are open for an approach to add sa rediscovery in the application in future. Thanks, Akhil > On 14/03/18 11:36, Anoob Joseph wrote: >> Hi Akhil, >> >> Please see inline. >> >> Thanks, >> Anoob >> >> On 13/03/18 17:54, Akhil Goyal wrote: >>> Hi Anoob, >>> >>> On 3/1/2018 2:51 PM, Anoob Joseph wrote: >>>> For inline protocol processing, the PMD/device is required to maintain >>>> the ESN. But the application is required to monitor ESN overflow to >>>> initiate SA expiry. >>>> >>>> For such cases, application would set the ESN soft limit. An IPsec >>>> event >>>> would be raised by rte_eth_event framework, when ESN hits the soft >>>> limit >>>> set by the application. >>>> >>>> Signed-off-by: Anoob Joseph >>>> --- >>>> v2: >>>> * No change >>>> >>>>   examples/ipsec-secgw/ipsec-secgw.c | 56 >>>> ++++++++++++++++++++++++++++++++++++++ >>>>   examples/ipsec-secgw/ipsec.c       | 10 +++++-- >>>>   examples/ipsec-secgw/ipsec.h       |  2 ++ >>>>   3 files changed, 65 insertions(+), 3 deletions(-) >>>> >>>> diff --git a/examples/ipsec-secgw/ipsec-secgw.c >>>> b/examples/ipsec-secgw/ipsec-secgw.c >>>> index 3a8562e..5726fd3 100644 >>>> --- a/examples/ipsec-secgw/ipsec-secgw.c >>>> +++ b/examples/ipsec-secgw/ipsec-secgw.c >>>> @@ -40,6 +40,7 @@ >>>>   #include >>>>   #include >>>>   #include >>>> +#include >>>>     #include "ipsec.h" >>>>   #include "parser.h" >>>> @@ -1640,6 +1641,58 @@ pool_init(struct socket_ctx *ctx, int32_t >>>> socket_id, uint32_t nb_mbuf) >>>>           printf("Allocated mbuf pool on socket %d\n", socket_id); >>>>   } >>>>   +static inline int >>>> +inline_ipsec_event_esn_overflow(struct rte_security_ctx *ctx, >>>> uint64_t md) >>>> +{ >>>> +    struct ipsec_sa *sa; >>>> + >>>> +    /* For inline protocol processing, the metadata in the event will >>>> +     * uniquely identify the security session which raised the event. >>>> +     * Application would then need the userdata it had registered >>>> with the >>>> +     * security session to process the event. >>>> +     */ >>>> + >>>> +    sa = (struct ipsec_sa *)rte_security_get_userdata(ctx, md); >>>> + >>>> +    if (sa == NULL) { >>>> +        /* userdata could not be retrieved */ >>>> +        return -1; >>>> +    } >>>> + >>>> +    /* Sequence number over flow. SA need to be re-established */ >>> >>> >>> With this patchset, application will be able to get notification if >>> the error has occurred. But it is not re-configuring the SA. >>> Do you intend to add the same? >> Ideally the application should initiate a SA renegotiation sequence >> (with IKE etc). But ipsec-secgw uses predetermined SAs, and so >> addition of SA renegotiation might not fit in with the current design. >> I was just adding this as a place holder for future expansion (and a >> model for real applications). >> >> What are your thoughts on addition here? Similar handling would be >> needed for byte & time expiry as well, when that is added. May be we >> could just log the event and leave it be. >>> >>>> +    RTE_SET_USED(sa); >>>> +    return 0; >>>> +} >>>> + >>>> +static int >>>> +inline_ipsec_event_callback(uint16_t port_id, enum >>>> rte_eth_event_type type, >>>> +         void *param, void *ret_param) >>>> +{ >>>> +    struct rte_eth_event_ipsec_desc *event_desc = NULL; >>>> +    struct rte_security_ctx *ctx = (struct rte_security_ctx *) >>>> +                    rte_eth_dev_get_sec_ctx(port_id); >>>> + >>>> +    RTE_SET_USED(param); >>>> + >>>> +    if (type != RTE_ETH_EVENT_IPSEC) >>>> +        return -1; >>>> + >>>> +    event_desc = ret_param; >>>> +    if (event_desc == NULL) { >>>> +        printf("Event descriptor not set\n"); >>>> +        return -1; >>>> +    } >>>> + >>>> +    if (event_desc->stype == RTE_ETH_EVENT_IPSEC_ESN_OVERFLOW) >>>> +        return inline_ipsec_event_esn_overflow(ctx, event_desc->md); >>>> +    else if (event_desc->stype >= RTE_ETH_EVENT_IPSEC_MAX) { >>>> +        printf("Invalid IPsec event reported\n"); >>>> +        return -1; >>>> +    } >>>> + >>>> +    return -1; >>>> +} >>>> + >>>>   int32_t >>>>   main(int32_t argc, char **argv) >>>>   { >>>> @@ -1727,6 +1780,9 @@ main(int32_t argc, char **argv) >>>>            */ >>>>           if (promiscuous_on) >>>>               rte_eth_promiscuous_enable(portid); >>>> + >>>> +        rte_eth_dev_callback_register(portid, >>>> +            RTE_ETH_EVENT_IPSEC, inline_ipsec_event_callback, NULL); >>>>       } >>>>         check_all_ports_link_status(nb_ports, enabled_port_mask); >>>> diff --git a/examples/ipsec-secgw/ipsec.c >>>> b/examples/ipsec-secgw/ipsec.c >>>> index 5fb5bc1..acdd189 100644 >>>> --- a/examples/ipsec-secgw/ipsec.c >>>> +++ b/examples/ipsec-secgw/ipsec.c >>>> @@ -36,6 +36,7 @@ set_ipsec_conf(struct ipsec_sa *sa, struct >>>> rte_security_ipsec_xform *ipsec) >>>>           } >>>>           /* TODO support for Transport and IPV6 tunnel */ >>>>       } >>>> +    ipsec->esn_soft_limit = IPSEC_OFFLOAD_ESN_SOFTLIMIT; >>>>   } >>>>     static inline int >>>> @@ -270,11 +271,14 @@ create_session(struct ipsec_ctx *ipsec_ctx, >>>> struct ipsec_sa *sa) >>>>                * the packet is received, this userdata will be >>>>                * retrieved using the metadata from the packet. >>>>                * >>>> -             * This is required only for inbound SAs. >>>> +             * The PMD is expected to set similar metadata for other >>>> +             * operations, like rte_eth_event, which are tied to >>>> +             * security session. In such cases, the userdata could >>>> +             * be obtained to uniquely identify the security >>>> +             * parameters denoted. >>>>                */ >>>>   -            if (sa->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS) >>>> -                sess_conf.userdata = (void *) sa; >>>> +            sess_conf.userdata = (void *) sa; >>>>                 sa->sec_session = rte_security_session_create(ctx, >>>>                       &sess_conf, ipsec_ctx->session_pool); >>>> diff --git a/examples/ipsec-secgw/ipsec.h >>>> b/examples/ipsec-secgw/ipsec.h >>>> index 6059f6c..c1450f6 100644 >>>> --- a/examples/ipsec-secgw/ipsec.h >>>> +++ b/examples/ipsec-secgw/ipsec.h >>>> @@ -21,6 +21,8 @@ >>>>     #define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */ >>>>   +#define IPSEC_OFFLOAD_ESN_SOFTLIMIT 0xffffff00 >>>> + >>>>   #define IV_OFFSET        (sizeof(struct rte_crypto_op) + \ >>>>                   sizeof(struct rte_crypto_sym_op)) >>>> >>> >> > >