From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <akhil.goyal@nxp.com>
Received: from EUR01-HE1-obe.outbound.protection.outlook.com
(mail-he1eur01on0060.outbound.protection.outlook.com [104.47.0.60])
by dpdk.org (Postfix) with ESMTP id 7534B548B
for <dev@dpdk.org>; Tue, 13 Mar 2018 13:24:48 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=5h1cpX1XnUJTeAvZRGrfYwq62gip58EH3zpM/QpYx34=;
b=HoLxyY/HZ7pLaP9FBLU4yMlKVKIc6OJLvoGEoVIF6Z2Hz/XrTOTyZ15aVBfznSj0kJbz1p8Mvc58TQV19U8A24jq/ttdZRpJTiM+NEaznvRmnrckHgjvTcRm3jJrJ3JLEUkTRGYZ8ZJUeVNPinvtQ9AhnqHOZ/37nt9ozKE2Qu8=
Authentication-Results: spf=none (sender IP is )
smtp.mailfrom=akhil.goyal@nxp.com;
Received: from [IPv6:2402:3a80:936:1f2e:3902:95b6:f515:489b]
(2402:3a80:936:1f2e:3902:95b6:f515:489b) by
DB5PR04MB1381.eurprd04.prod.outlook.com (2a01:111:e400:58da::15) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.588.14; Tue, 13
Mar 2018 12:24:44 +0000
To: Anoob Joseph <anoob.joseph@caviumnetworks.com>,
Declan Doherty <declan.doherty@intel.com>,
Radu Nicolau <radu.nicolau@intel.com>
Cc: Jerin Jacob <jerin.jacob@caviumnetworks.com>,
Narayana Prasad <narayanaprasad.athreya@caviumnetworks.com>,
Nelio Laranjeiro <nelio.laranjeiro@6wind.com>, dev@dpdk.org
References: <1519191430-19201-1-git-send-email-anoob.joseph@caviumnetworks.com>
<1519896103-32479-1-git-send-email-anoob.joseph@caviumnetworks.com>
<1519896103-32479-5-git-send-email-anoob.joseph@caviumnetworks.com>
From: Akhil Goyal <akhil.goyal@nxp.com>
Message-ID: <3b57c323-69c0-a20e-b846-d686576ac1da@nxp.com>
Date: Tue, 13 Mar 2018 17:54:14 +0530
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101
Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <1519896103-32479-5-git-send-email-anoob.joseph@caviumnetworks.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Originating-IP: [2402:3a80:936:1f2e:3902:95b6:f515:489b]
X-ClientProxiedBy: MA1PR01CA0086.INDPRD01.PROD.OUTLOOK.COM (2603:1096:a00::26)
To DB5PR04MB1381.eurprd04.prod.outlook.com
(2a01:111:e400:58da::15)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: d5db17ae-362c-4b32-b863-08d588dd68bb
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020);
SRVR:DB5PR04MB1381;
X-Microsoft-Exchange-Diagnostics: 1; DB5PR04MB1381;
3:0mQ4uaS3XrPi2O8wqufntrsCPbYicXFGOyDKv+fCMoe8Fu20Y76vXI7m/fLbExCPcZ+SvonB50CRGsxARiT8vFe/WOeHQ7z687hEFMVcTFPJWui6tyzl8demFeVQpwA4vT35I80HREXOBOnVhOyrIDieYid9n5D6k6tjzDvbi3w+Ox4PZ2XTlnbPAb9pTboBqnFdS6XIah/xiecUKAVcK+Ogv3RLSXexfGfGyFByoQp8TYsqn3RMx7DJj3x/J+nW;
25:dtPsTsjRm0WQttP6X+Wkm0odMdwCiwkHqEcB49Mpwd5toSXNL1HEWj3TUZpui598ZkODqWaZtlbZLAmlXrAa4b8FubQfoa2e9zfb+HzgjAFzlKnxyiajHByL0g603SAI5A4EiaEVA9BN6gP8MDAfCYAsFCLeWO8jONP2XqL3RV/G+/T3RkKx/oSun1o+EcDdUxIXoE4ZyolENMw7dEo2XykuI7O1mIfAk8Ju/cu6/8XJxG0SllDSVPHDxz75B6rwHRH+/rKpRxH6R1tGWqMhhqrdUpui3XyZ8YibAWY5K4B39omT8zVADyYNePN1IF+LRRAIfgOuxB0LtQN0TpDA1ObBns4peWmu85U/7Oi3ziA=;
31:xmRvHoiueBfjSRT0LNAApIWfC3UjATeDICSHeII6E2ho2J4hep9tLTnd4nB8cO1Sbozxd2tmeLjf8wA86cpDLrQWhh4ZORqUeT1Pca+DS2xo2RlKP66AZlU14DFo6mHqRQvMow5IM7nwztsLMWFVxYEafxPpHQryGig0EAVFUxN6XypyIau7YPP0gkDUgb0G3jcQrZ5eIUfyC1XDuSM+PgyQPsUN1+RsX2jb0UGsj8E=
X-MS-TrafficTypeDiagnostic: DB5PR04MB1381:
X-Microsoft-Exchange-Diagnostics: 1; DB5PR04MB1381;
20:L942lNtLMp7NZS6qETW5vjIs19pSf2/qdbCkVGMhGLBgdmSh92Az9LCzSRlFqHWv3IB14olB9b4t2f7f2kin8U1A3d0eqlh2VEwftbZiINcn9/XGKQrn5gpwD9hbFcJVxvxCicrZlFiytgStYtHTy2MBZ7pN3KAmEgsZ4SnzNku3k6ZhIDceEvj5SLHsHJld3mMEXqt2BwmZB2rQgMUZU8E/DbXqZJsTmDUJh9/WiXIbrR8gsu6Y9u1IjX5hQy2UnEYEJDPHegbzQ5hL7Kd3coGTOX1BpfM/WiEG0MkY+ECnwafILheGReLCJ/82Paf3zIfILY9I6ka7HcT2eVgaXG8Pmw4vdpxIBskbOP7+Upgt+j0G0Aoo+S+Lk5pCGZVXFavRFkCEBhEOFs6IOZPHxlfp/QB/PqvZEtoHg0iBAPGAXSjt4DTh2BcOx25+Cq5yshjz8+omLqQ6ft6t48HwJOkTXdz3A2MQbaJ3Xp2MYVr72PrSWafg1sH9Zn2ijpoh;
4:DZK7tN3ThMruewzI6QgQGqTdrTiTAhWYvq7P+Ddnn0YZsNiH+E9fI1O4oKVAQuGw/IcX6/Pxxlcoh0qkttd1Ve7SokZbxTdNAFS86LnIJwanhFU2FLAMSyXp0DroUgh7kkzS8JUcRXtokZOIKar6Y2fWex2Yyhi3F6t5xMdr6JlobFdcH1zD5NMfaOwtVvmjsuf5DAQuear7M+SKphqtmBom4OKMDfIQGEyiZd+Z1HXf2FU5UflNkdCwgQfibIYcIHKWgD7pCBp7sZZ1hIYvSYF2+DKkNQUl8vQXLdZkOnQHQp3yQ/nTJNa44ZGgqOBl
X-Microsoft-Antispam-PRVS: <DB5PR04MB1381D659131458124FC3AAB9E6D20@DB5PR04MB1381.eurprd04.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(192374486261705);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(3231221)(944501244)(52105095)(3002001)(10201501046)(6055026)(6041310)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(6072148)(201708071742011);
SRVR:DB5PR04MB1381; BCL:0; PCL:0; RULEID:; SRVR:DB5PR04MB1381;
X-Forefront-PRVS: 0610D16BBE
X-Forefront-Antispam-Report: SFV:NSPM;
SFS:(10009020)(366004)(376002)(346002)(39860400002)(396003)(39380400002)(199004)(189003)(2906002)(46003)(65806001)(47776003)(8676002)(86362001)(25786009)(478600001)(305945005)(7736002)(53936002)(53546011)(64126003)(65826007)(65956001)(81166006)(81156014)(8936002)(97736004)(54906003)(31686004)(68736007)(58126008)(110136005)(6486002)(105586002)(4326008)(316002)(76176011)(2486003)(52116002)(23676004)(52146003)(229853002)(52396003)(16526019)(36756003)(59450400001)(2950100002)(6116002)(386003)(230700001)(6246003)(186003)(31696002)(106356001)(67846002)(5660300001)(50466002)(6666003)(1706002);
DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR04MB1381;
H:[IPv6:2402:3a80:936:1f2e:3902:95b6:f515:489b]; FPR:; SPF:None;
PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Received-SPF: None (protection.outlook.com: nxp.com does not designate
permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtEQjVQUjA0TUIxMzgxOzIzOjlCMUI2TVVvUlNyaWhHV29TcVZOYnowcW9I?=
=?utf-8?B?T1pwZ2dWSnhuTG5ZMExXbXJldCt4M0lpbWNHbHNZbXhoQlZHZDU5NVFkdDBF?=
=?utf-8?B?anZsSWlOcUlFdjQwc1dKZG5OdGRMSjI4TjBwY3RGYXJ3Sm85UisxSXR1bkx3?=
=?utf-8?B?WUlKSXNLQlR6V2lEOFV1M2YwZE1PUnpaNVgyVGJkcGUvWTNoRGZQNEtjTkNH?=
=?utf-8?B?Q2hqdE5TcFM5bzFEVkhERnk1K0NVM2NGVVR0VXR1dUg4M1ZzZ2g0Y1JtNkFq?=
=?utf-8?B?QmtvZHZnT2ZSbVk5YS9NRVFaTkRDdS82VWFrem02aHZsWXNkQlV4S1dacUlR?=
=?utf-8?B?OXF6a0pyYjVXMHdjYzd6ZWVnRHBZeHkvK2o5aVJGYTZaUkpyLzNaeFJjQ3BS?=
=?utf-8?B?dC85Vlk4YmcvQVZIWDJFdGxFdE56OVFiNnRtckZhd2lQY2FLVUpsTDNnMEVS?=
=?utf-8?B?cUFuRi9ReDA3Zll5ZERLdkgvZnNqa0ZFRk9icmJPYVFyM1JUVWIyajFjdTNp?=
=?utf-8?B?bU9uUXBXV3hSclVpaTBxSGczdkNsbzFtekRHcHJKd0ZBOG1BZTRUa1Z2Yiti?=
=?utf-8?B?b0hnV2xHV2drOW04Snh2Z3ErcDlPcTdtSzRLRStMOHNvQ3RHRkRJcGhMeDdB?=
=?utf-8?B?eTFiT3ZPaEQyQS93Vmh5dnkyWUYvVElaWFRUNjlBV0xpQ01OWm1XS0habURE?=
=?utf-8?B?L3JKcjZ1V1pZajI1cHFVcGlMWGNYYWZrdDB6M3grS25ML1BKUUhyUTRBeDhY?=
=?utf-8?B?elBvWW5XOXo2amJNWnZiaTMwYnc3REFvY1o5RXF4WXV2Sy9JUkd2Q05CcEFY?=
=?utf-8?B?WkVBd0hOTEhOVjdtNWlPWFV5UlJsSWpZOFpsd0RQcXNNQnliQXpCTG5FSkcy?=
=?utf-8?B?SFhZM21MWWRhVXA3RkVqc29vS2gzVUo5OTZsMWZCOU1ndXNFeVFSODIra3dl?=
=?utf-8?B?eEp6bzdFby9ZeEp5YzlPMi8ya0ZaRjkzRVhGU2l6eisrMU9BVlFYcG1lN21H?=
=?utf-8?B?M2NWT0JEY2Z3Y0hZS3RxVE1nNENJTHZhUTlrc2M5dU5DVkdlOTJYTkp3ZEZu?=
=?utf-8?B?K3QwNEwvdnBjM2hVUzhsZmNtMS9FLzhyRjBYMXdZSVlwRTN4RFlHbExXYThB?=
=?utf-8?B?TWxUR1VISTdKcXhJUTh6K2RtcHNERjRTTmxieEhUSW1TYklCaWZWNnhRbnFO?=
=?utf-8?B?TUhSU2s3eDgzWHZEYkk0QXFQdk5Kckp4b21jcWswU2IzSXVzMXdyNHNQQllH?=
=?utf-8?B?QUpTL2lsek04U2lEN1lKMGlmdkU3anE3L1hyVllRVlhWdUw3MTdsU01wZ0JG?=
=?utf-8?B?VllCNkFYcXJpU2Q5ckc4MGxLNkRBQWVha3BXdVlKR2hhTkxTRDNSZHhuRkR6?=
=?utf-8?B?MnhMWHVSZVREaFlGeWNmR2M0YkdtTHIrVnNIVUsyamRuVjh0KzhCNlgybmw0?=
=?utf-8?B?dEU3ckl5T0dqRVduTEZCL2lBdFRxR3BjbklRblFJQ0lIOGJ2RTBleWJjanZq?=
=?utf-8?B?R1JKMXF4TzRpanZ0Z0VFM3BYeUl5YUdTalhtb3k1NUloUTU3L3ZGa0d6blhj?=
=?utf-8?B?bE00OEY3NW5rVTArdEpxakN5T1FyOXBTR0FWbHJsNUhuamRHUURpR0ZOQUhY?=
=?utf-8?B?V21tZ0wwOGZFaHFNTFI2ZjlwY0ltVGlnYUMrMVVzR0FiZHdhakt3VE8vaEFX?=
=?utf-8?B?V2pza2lQelNmYUFxN0h3TmF6NzRBZkZFM0E2QmJEZnQ4d00zdFl4R042eE80?=
=?utf-8?B?Z3hHakVwR3NhR282aTVEeHhYQ213V1RGZnRTdGxMSldrY2xpcWdBeTBLMzVs?=
=?utf-8?B?dEV3TzdpMEhvNXpCMkJnRDdBNDVHaVl6azFxUUdORlZMcnc9PQ==?=
X-Microsoft-Antispam-Message-Info: Bw0IP+OY4/pgfowx/SHKvydP8oFrQlhz4bZI9xcsPLa1JvtS4+uNYKok32uKcoGv3hfsMmY01lfqKzCtZVGpgeMd97ij9b3vm9620lXT0j4xWAySCbzIU2UTJkfgG7lKG1ZizfgfJ8aPvfGXVjOTye6ICN9R9k6QQi+mn52F1xzwIM7FRw+QV0zLU64TdFJe
X-Microsoft-Exchange-Diagnostics: 1; DB5PR04MB1381;
6:UXqyPmI+KQjbEWx3CiAeAfnZHVYL85NL1lKhj/ZY61hNRw8REgKY7lyvpHXLPQQOEICgMqGKZ6N/Th2dA1VSpCOntXss4U1Hozu3jv/rj31WKH2y4XWoNXThUVd8il8Qmin7YSAVZn+fnVR+DLE6IxPSEOPH+0veks2PL37h0UiBFJJWjJto6xyvcjYHs0o+m4FZaMYoSf5uONnWEtYypUGwgOKypzkLdwpS18vw1VE0c5X2QunqWvbzo9US3AFFAfWZ/H8cCJfYIlabgvaORj+pgaCG9+iJm43RPVHYaFAiVjBxydxfBlhn7tUAxFGaYlbhqMQS7yPjxJ5c9ZEMD8x7dYlqghJwEH9YkAlZ1Y0=;
5:DHfmbR+8yhKN807nvdWKCanh5FZn2XzYiINY5rNQz3CgOfAM0uaBD++on/4ilDlHEPDUSByNk9oFn2aVAq4TMIrr33YIsp33BKCnnfdwAeuLnmcoFKaKfLah+WcyGtCRPKmOuyccLhm3G793nqSG3YMtb8w07RMdn1bati7Kqsc=;
24:X2DfSvflGyBWI6dsBuxfnMU0NK7jYqjy4NQ0MRqS3Sme+wvZUFqturGkjadB+VFeqMRGh8qycSurBnHrDTwD82/pqmImJZjt9MZh9Qluslk=;
7:/9nNxVeH1rYHvEjVQVzh6vX2QPeriqc3VkFyTelL/Belw4eW43etlB6bnypJcbk/dipyFbt+dughr5K5Wob1tkT+QM9lGo7+4dgzwEJCBjcUnPclFGUq1JqQl7d1QANFqfXqjS2NfH2cz/MHW59OudlGWvrOWpD5+xfWwFluLwkDR+3itXDN/w5uvq5WEv7E/0qbqUw021FhwxmDHkL4NYFIf5JGSh/JZ7CHX+o61GKDlAP+WWGwwnRBfe8ES3Wg
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: nxp.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Mar 2018 12:24:44.4075 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d5db17ae-362c-4b32-b863-08d588dd68bb
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR04MB1381
Subject: Re: [dpdk-dev] [PATCH v2 4/5] examples/ipsec-secgw: handle ESN soft
limit event
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://dpdk.org/ml/options/dev>,
<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://dpdk.org/ml/listinfo/dev>,
<mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Mar 2018 12:24:49 -0000
Hi Anoob,
On 3/1/2018 2:51 PM, Anoob Joseph wrote:
> For inline protocol processing, the PMD/device is required to maintain
> the ESN. But the application is required to monitor ESN overflow to
> initiate SA expiry.
>
> For such cases, application would set the ESN soft limit. An IPsec event
> would be raised by rte_eth_event framework, when ESN hits the soft limit
> set by the application.
>
> Signed-off-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
> ---
> v2:
> * No change
>
> examples/ipsec-secgw/ipsec-secgw.c | 56 ++++++++++++++++++++++++++++++++++++++
> examples/ipsec-secgw/ipsec.c | 10 +++++--
> examples/ipsec-secgw/ipsec.h | 2 ++
> 3 files changed, 65 insertions(+), 3 deletions(-)
>
> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
> index 3a8562e..5726fd3 100644
> --- a/examples/ipsec-secgw/ipsec-secgw.c
> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> @@ -40,6 +40,7 @@
> #include <rte_hash.h>
> #include <rte_jhash.h>
> #include <rte_cryptodev.h>
> +#include <rte_security.h>
>
> #include "ipsec.h"
> #include "parser.h"
> @@ -1640,6 +1641,58 @@ pool_init(struct socket_ctx *ctx, int32_t socket_id, uint32_t nb_mbuf)
> printf("Allocated mbuf pool on socket %d\n", socket_id);
> }
>
> +static inline int
> +inline_ipsec_event_esn_overflow(struct rte_security_ctx *ctx, uint64_t md)
> +{
> + struct ipsec_sa *sa;
> +
> + /* For inline protocol processing, the metadata in the event will
> + * uniquely identify the security session which raised the event.
> + * Application would then need the userdata it had registered with the
> + * security session to process the event.
> + */
> +
> + sa = (struct ipsec_sa *)rte_security_get_userdata(ctx, md);
> +
> + if (sa == NULL) {
> + /* userdata could not be retrieved */
> + return -1;
> + }
> +
> + /* Sequence number over flow. SA need to be re-established */
With this patchset, application will be able to get notification if the
error has occurred. But it is not re-configuring the SA.
Do you intend to add the same?
> + RTE_SET_USED(sa);
> + return 0;
> +}
> +
> +static int
> +inline_ipsec_event_callback(uint16_t port_id, enum rte_eth_event_type type,
> + void *param, void *ret_param)
> +{
> + struct rte_eth_event_ipsec_desc *event_desc = NULL;
> + struct rte_security_ctx *ctx = (struct rte_security_ctx *)
> + rte_eth_dev_get_sec_ctx(port_id);
> +
> + RTE_SET_USED(param);
> +
> + if (type != RTE_ETH_EVENT_IPSEC)
> + return -1;
> +
> + event_desc = ret_param;
> + if (event_desc == NULL) {
> + printf("Event descriptor not set\n");
> + return -1;
> + }
> +
> + if (event_desc->stype == RTE_ETH_EVENT_IPSEC_ESN_OVERFLOW)
> + return inline_ipsec_event_esn_overflow(ctx, event_desc->md);
> + else if (event_desc->stype >= RTE_ETH_EVENT_IPSEC_MAX) {
> + printf("Invalid IPsec event reported\n");
> + return -1;
> + }
> +
> + return -1;
> +}
> +
> int32_t
> main(int32_t argc, char **argv)
> {
> @@ -1727,6 +1780,9 @@ main(int32_t argc, char **argv)
> */
> if (promiscuous_on)
> rte_eth_promiscuous_enable(portid);
> +
> + rte_eth_dev_callback_register(portid,
> + RTE_ETH_EVENT_IPSEC, inline_ipsec_event_callback, NULL);
> }
>
> check_all_ports_link_status(nb_ports, enabled_port_mask);
> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> index 5fb5bc1..acdd189 100644
> --- a/examples/ipsec-secgw/ipsec.c
> +++ b/examples/ipsec-secgw/ipsec.c
> @@ -36,6 +36,7 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec)
> }
> /* TODO support for Transport and IPV6 tunnel */
> }
> + ipsec->esn_soft_limit = IPSEC_OFFLOAD_ESN_SOFTLIMIT;
> }
>
> static inline int
> @@ -270,11 +271,14 @@ create_session(struct ipsec_ctx *ipsec_ctx, struct ipsec_sa *sa)
> * the packet is received, this userdata will be
> * retrieved using the metadata from the packet.
> *
> - * This is required only for inbound SAs.
> + * The PMD is expected to set similar metadata for other
> + * operations, like rte_eth_event, which are tied to
> + * security session. In such cases, the userdata could
> + * be obtained to uniquely identify the security
> + * parameters denoted.
> */
>
> - if (sa->direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
> - sess_conf.userdata = (void *) sa;
> + sess_conf.userdata = (void *) sa;
>
> sa->sec_session = rte_security_session_create(ctx,
> &sess_conf, ipsec_ctx->session_pool);
> diff --git a/examples/ipsec-secgw/ipsec.h b/examples/ipsec-secgw/ipsec.h
> index 6059f6c..c1450f6 100644
> --- a/examples/ipsec-secgw/ipsec.h
> +++ b/examples/ipsec-secgw/ipsec.h
> @@ -21,6 +21,8 @@
>
> #define MAX_DIGEST_SIZE 32 /* Bytes -- 256 bits */
>
> +#define IPSEC_OFFLOAD_ESN_SOFTLIMIT 0xffffff00
> +
> #define IV_OFFSET (sizeof(struct rte_crypto_op) + \
> sizeof(struct rte_crypto_sym_op))
>
>