From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 2E872A04F3;
	Tue, 24 Dec 2019 14:13:29 +0100 (CET)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 9FB291C01;
	Tue, 24 Dec 2019 14:13:27 +0100 (CET)
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 by dpdk.org (Postfix) with ESMTP id 9039EF72
 for <dev@dpdk.org>; Tue, 24 Dec 2019 14:13:25 +0100 (CET)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
 by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 24 Dec 2019 05:13:24 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.69,351,1571727600"; d="scan'208";a="249823272"
Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203])
 by fmsmga002.fm.intel.com with ESMTP; 24 Dec 2019 05:13:24 -0800
Received: from fmsmsx156.amr.corp.intel.com (10.18.116.74) by
 FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Tue, 24 Dec 2019 05:13:24 -0800
Received: from FMSEDG002.ED.cps.intel.com (10.1.192.134) by
 fmsmsx156.amr.corp.intel.com (10.18.116.74) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Tue, 24 Dec 2019 05:13:09 -0800
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (104.47.44.53) by
 edgegateway.intel.com (192.55.55.69) with Microsoft SMTP Server
 (TLS) id 14.3.439.0; Tue, 24 Dec 2019 05:13:08 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=LvLxMusfN7+RoxqzptBVzfOmKKFFJN8NdCpzWs6DBFyggJKuxJovZvJA8G+vDoX712YyFgf+/2zU2J+hiqzw/tJ5CQxsQ1zJodMrlVYINucdzOtJMAByYLEv/nAkM6kIe0ZExTG7swXDs+WPv3TUatEg58BYMxb6dEm2BsTfvfZ8fhpv3rmbNu+rIaSG4ftgjDUScbSbTqLb7J7tJpV7cSO4Jjogchy8J+EPUBaODSiyN1qC1kNCN1dXz+QHLL0fbrjW1Qs+FY2ZYAwTqwhUfqdot9h9tULoFHcailZkJjmh+VJSR2IIhaA68dmggV7c4+Byi7u1TXdndJ8sfwvE3w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=1TFVK4Vp4luQ6AKWdNwTYM3i3MbtyhiQezXEbqLOG3A=;
 b=UgYZ3stwZcZNFvlV5Pvu2mTLM6SNTat6NnOCuUXYTq09CP9AwwaFMDVu2WfKg9dN5N0ds2rBlqB9pg1GU8O4U1TyJcdfO/DaBRwoVVUgFhJvk2Ba26abslXLU29iPIZzmKZMRWIXV1e5utK1ZrOOZ+9dOhQ7dlv6YVq6UrzQiy6wODEv9cj4LCXMCaCvgfI8jRALhOT9hk2ud9Thi5xrEYS4SeqbKy2PYDMINu51GaFgXh1m2Z0/ASpkaD9fQClqtF/XtVvaMqLKBYinR1Tc0bQWD7B8bthcaZxgHtP1yaBiP/xi5H6VJWIouSDq0KCXdVDTJKTeIoLDMo5laHAlqg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; 
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=1TFVK4Vp4luQ6AKWdNwTYM3i3MbtyhiQezXEbqLOG3A=;
 b=U3ZhWX+liK7sRq4cdsx2BykbofFs31xTjw9NHz+2Rx2iZYkU6Lau+Pa3PPCEaQswwZj/sTHx/4FeRwET5h92P3NRUOLUEBJkRv8wZbaTr5/+Vi3AW1NyTAhPP48BQuZlhetgUI8GEOrAyqy33+eQM7UGz9RWZE/4JcB/f54ZldM=
Received: from SN6PR11MB2558.namprd11.prod.outlook.com (52.135.94.19) by
 SN6PR11MB3088.namprd11.prod.outlook.com (52.135.124.150) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2559.13; Tue, 24 Dec 2019 13:13:07 +0000
Received: from SN6PR11MB2558.namprd11.prod.outlook.com
 ([fe80::4d86:362a:13c3:8386]) by SN6PR11MB2558.namprd11.prod.outlook.com
 ([fe80::4d86:362a:13c3:8386%7]) with mapi id 15.20.2559.017; Tue, 24 Dec 2019
 13:13:06 +0000
From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: Anoob Joseph <anoobj@marvell.com>, Akhil Goyal <akhil.goyal@nxp.com>,
 "Nicolau, Radu" <radu.nicolau@intel.com>, Thomas Monjalon
 <thomas@monjalon.net>
CC: Lukasz Bartosik <lbartosik@marvell.com>, Jerin Jacob <jerinj@marvell.com>, 
 Narayana Prasad <pathreya@marvell.com>,
 Ankur Dwivedi <adwivedi@marvell.com>, 
 Archana Muniganti <marchana@marvell.com>, Tejasree Kondoj
 <ktejasree@marvell.com>, Vamsi Attunuru <vattunuru@marvell.com>,
 "dev@dpdk.org" <dev@dpdk.org>
Thread-Topic: [PATCH 11/14] examples/ipsec-secgw: add app processing code
Thread-Index: AQHVrcOadPqTP1DsRkKLTgq8QBAlEKfJVg1w
Date: Tue, 24 Dec 2019 13:13:06 +0000
Message-ID: <SN6PR11MB25588A8754DA54B7CB8C80909A290@SN6PR11MB2558.namprd11.prod.outlook.com>
References: <1575808249-31135-1-git-send-email-anoobj@marvell.com>
 <1575808249-31135-12-git-send-email-anoobj@marvell.com>
In-Reply-To: <1575808249-31135-12-git-send-email-anoobj@marvell.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMTY0ZDE0YWUtZWY5YS00ZDZlLWE3M2MtYTgzMmEzYjI4OWQ0IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoicGlXQ1I5VU9KaUMrbFBnNXgyRGxpQmt2U1RwdkQwdVJkQnlvc2FFUnFja2ptMFM0a1VydW9vUks0c0tJbU5XNSJ9
dlp-product: dlpe-windows
dlp-reaction: no-action
dlp-version: 11.2.0.6
x-ctpclassification: CTP_NT
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=konstantin.ananyev@intel.com; 
x-originating-ip: [192.198.151.176]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b4e29c2c-40b8-480b-8d1e-08d788730437
x-ms-traffictypediagnostic: SN6PR11MB3088:
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <SN6PR11MB3088501E28E12B264462A9B09A290@SN6PR11MB3088.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-forefront-prvs: 0261CCEEDF
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10019020)(376002)(39860400002)(366004)(396003)(346002)(136003)(189003)(199004)(81156014)(64756008)(8676002)(66446008)(33656002)(66946007)(8936002)(4326008)(9686003)(76116006)(7416002)(55016002)(52536014)(66556008)(5660300002)(66476007)(478600001)(81166006)(2906002)(86362001)(186003)(110136005)(316002)(6506007)(26005)(7696005)(71200400001)(54906003);
 DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR11MB3088;
 H:SN6PR11MB2558.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; MX:1; A:1; 
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: pOvJW/GMHU8Rj8yeVJ0JP46+JkDXmHag57NP3WI6pEC/e+LQsn39i4WUwdyYuM0fPgTg1QOkxQ9CDt2CDb91GOCvlURBGdQrBd29riXeQfOd/pvINCfZZEHXG/cCDNMcC0Bot0aJ9Ll+UC/lZtrSLPamHVlaH2nwBeM5Bs9e6Am0Grjghy9C9PYxtqKj0Bv2NmmmzPBTzbJYAgiC+KlNKCM4gy5KUBGnQdVZy1DEGmw0af6XHaR9sR6hncyHJuunsusVt+UIl8SU6cX0VPsPTWW1UyuTNmmpA+4nyv5obqQnSkLTfAfbQ5eUsNolXOZxqDsKHFpcjxjfMIUoW8sjzU8nEin0uil3xFzriiI/Fvqzzjio5T1IyekGPfTMBKUYzIcUDJxu8072G3ihAA9bSQjxsx+9LwNUxHPJWVcHvw19SkzuNr6znyyLzN8J8xS3
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: b4e29c2c-40b8-480b-8d1e-08d788730437
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Dec 2019 13:13:06.7521 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vBQrJxZeKHpUeUmQ5+b1+NKC7u8bu0SbZxse9p+PYrxgHl8+xpBh81qOuZrbzQPnjazMOLmAml28zLNgrn3TM5/qUuHyBfYUEU26IEZCQXs=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR11MB3088
X-OriginatorOrg: intel.com
Subject: Re: [dpdk-dev] [PATCH 11/14] examples/ipsec-secgw: add app
	processing code
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>


> --- a/examples/ipsec-secgw/ipsec_worker.c
> +++ b/examples/ipsec-secgw/ipsec_worker.c
> @@ -15,6 +15,7 @@
>  #include <ctype.h>
>  #include <stdbool.h>
>=20
> +#include <rte_acl.h>
>  #include <rte_common.h>
>  #include <rte_log.h>
>  #include <rte_memcpy.h>
> @@ -29,12 +30,51 @@
>  #include <rte_eventdev.h>
>  #include <rte_malloc.h>
>  #include <rte_mbuf.h>
> +#include <rte_lpm.h>
> +#include <rte_lpm6.h>
>=20
>  #include "ipsec.h"
> +#include "ipsec_worker.h"
>  #include "event_helper.h"
>=20
>  extern volatile bool force_quit;
>=20
> +static inline enum pkt_type
> +process_ipsec_get_pkt_type(struct rte_mbuf *pkt, uint8_t **nlp)
> +{
> +	struct rte_ether_hdr *eth;
> +
> +	eth =3D rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *);
> +	if (eth->ether_type =3D=3D rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV4)) {
> +		*nlp =3D RTE_PTR_ADD(eth, RTE_ETHER_HDR_LEN +
> +				offsetof(struct ip, ip_p));
> +		if (**nlp =3D=3D IPPROTO_ESP)
> +			return PKT_TYPE_IPSEC_IPV4;
> +		else
> +			return PKT_TYPE_PLAIN_IPV4;
> +	} else if (eth->ether_type =3D=3D rte_cpu_to_be_16(RTE_ETHER_TYPE_IPV6)=
) {
> +		*nlp =3D RTE_PTR_ADD(eth, RTE_ETHER_HDR_LEN +
> +				offsetof(struct ip6_hdr, ip6_nxt));
> +		if (**nlp =3D=3D IPPROTO_ESP)
> +			return PKT_TYPE_IPSEC_IPV6;
> +		else
> +			return PKT_TYPE_PLAIN_IPV6;
> +	}
> +
> +	/* Unknown/Unsupported type */
> +	return PKT_TYPE_INVALID;
> +}

Looking though that file, it seems like you choose to create your own set o=
f
helper functions, instead of trying to reuse existing ones:=20

process_ipsec_get_pkt_type()  VS prepare_one_packet()
update_mac_addrs() VS prepare_tx_pkt()
check_sp() VS  inbound_sp_sa()

Obviously there is nothing good in code (and possible bugs) duplication.
Any reason why you can't reuse existing functions and need to reinvent your=
 own?
=20

> +
> +static inline void
> +update_mac_addrs(struct rte_mbuf *pkt, uint16_t portid)
> +{
> +	struct rte_ether_hdr *ethhdr;
> +
> +	ethhdr =3D rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *);
> +	memcpy(&ethhdr->s_addr, &ethaddr_tbl[portid].src, RTE_ETHER_ADDR_LEN);
> +	memcpy(&ethhdr->d_addr, &ethaddr_tbl[portid].dst, RTE_ETHER_ADDR_LEN);
> +}
> +
>  static inline void
>  ipsec_event_pre_forward(struct rte_mbuf *m, unsigned int port_id)
>  {
> @@ -45,6 +85,177 @@ ipsec_event_pre_forward(struct rte_mbuf *m, unsigned =
int port_id)
>  	rte_event_eth_tx_adapter_txq_set(m, 0);
>  }
>=20
> +static inline int
> +check_sp(struct sp_ctx *sp, const uint8_t *nlp, uint32_t *sa_idx)
> +{
> +	uint32_t res;
> +
> +	if (unlikely(sp =3D=3D NULL))
> +		return 0;
> +
> +	rte_acl_classify((struct rte_acl_ctx *)sp, &nlp, &res, 1,
> +			DEFAULT_MAX_CATEGORIES);
> +
> +	if (unlikely(res =3D=3D 0)) {
> +		/* No match */
> +		return 0;
> +	}
> +
> +	if (res =3D=3D DISCARD)
> +		return 0;
> +	else if (res =3D=3D BYPASS) {
> +		*sa_idx =3D 0;
> +		return 1;
> +	}
> +
> +	*sa_idx =3D SPI2IDX(res);
> +	if (*sa_idx < IPSEC_SA_MAX_ENTRIES)
> +		return 1;
> +
> +	/* Invalid SA IDX */
> +	return 0;
> +}
> +
> +static inline uint16_t
> +route4_pkt(struct rte_mbuf *pkt, struct rt_ctx *rt_ctx)
> +{
> +	uint32_t dst_ip;
> +	uint16_t offset;
> +	uint32_t hop;
> +	int ret;
> +
> +	offset =3D RTE_ETHER_HDR_LEN + offsetof(struct ip, ip_dst);
> +	dst_ip =3D *rte_pktmbuf_mtod_offset(pkt, uint32_t *, offset);
> +	dst_ip =3D rte_be_to_cpu_32(dst_ip);
> +
> +	ret =3D rte_lpm_lookup((struct rte_lpm *)rt_ctx, dst_ip, &hop);
> +
> +	if (ret =3D=3D 0) {
> +		/* We have a hit */
> +		return hop;
> +	}
> +
> +	/* else */
> +	return RTE_MAX_ETHPORTS;
> +}
> +
> +/* TODO: To be tested */
> +static inline uint16_t
> +route6_pkt(struct rte_mbuf *pkt, struct rt_ctx *rt_ctx)
> +{
> +	uint8_t dst_ip[16];
> +	uint8_t *ip6_dst;
> +	uint16_t offset;
> +	uint32_t hop;
> +	int ret;
> +
> +	offset =3D RTE_ETHER_HDR_LEN + offsetof(struct ip6_hdr, ip6_dst);
> +	ip6_dst =3D rte_pktmbuf_mtod_offset(pkt, uint8_t *, offset);
> +	memcpy(&dst_ip[0], ip6_dst, 16);
> +
> +	ret =3D rte_lpm6_lookup((struct rte_lpm6 *)rt_ctx, dst_ip, &hop);
> +
> +	if (ret =3D=3D 0) {
> +		/* We have a hit */
> +		return hop;
> +	}
> +
> +	/* else */
> +	return RTE_MAX_ETHPORTS;
> +}
> +
> +static inline uint16_t
> +get_route(struct rte_mbuf *pkt, struct route_table *rt, enum pkt_type ty=
pe)
> +{
> +	if (type =3D=3D PKT_TYPE_PLAIN_IPV4 || type =3D=3D PKT_TYPE_IPSEC_IPV4)
> +		return route4_pkt(pkt, rt->rt4_ctx);
> +	else if (type =3D=3D PKT_TYPE_PLAIN_IPV6 || type =3D=3D PKT_TYPE_IPSEC_=
IPV6)
> +		return route6_pkt(pkt, rt->rt6_ctx);
> +
> +	return RTE_MAX_ETHPORTS;
> +}
> +
> +static inline int
> +process_ipsec_ev_inbound(struct ipsec_ctx *ctx, struct route_table *rt,
> +		struct rte_event *ev)
> +{
> +	struct ipsec_sa *sa =3D NULL;
> +	struct rte_mbuf *pkt;
> +	uint16_t port_id =3D 0;
> +	enum pkt_type type;
> +	uint32_t sa_idx;
> +	uint8_t *nlp;
> +
> +	/* Get pkt from event */
> +	pkt =3D ev->mbuf;
> +
> +	/* Check the packet type */
> +	type =3D process_ipsec_get_pkt_type(pkt, &nlp);
> +
> +	switch (type) {
> +	case PKT_TYPE_PLAIN_IPV4:
> +		if (pkt->ol_flags & PKT_RX_SEC_OFFLOAD)
> +			sa =3D (struct ipsec_sa *) pkt->udata64;
> +
> +		/* Check if we have a match */
> +		if (check_sp(ctx->sp4_ctx, nlp, &sa_idx) =3D=3D 0) {
> +			/* No valid match */
> +			goto drop_pkt_and_exit;
> +		}
> +		break;
> +
> +	case PKT_TYPE_PLAIN_IPV6:
> +		if (pkt->ol_flags & PKT_RX_SEC_OFFLOAD)
> +			sa =3D (struct ipsec_sa *) pkt->udata64;
> +
> +		/* Check if we have a match */
> +		if (check_sp(ctx->sp6_ctx, nlp, &sa_idx) =3D=3D 0) {
> +			/* No valid match */
> +			goto drop_pkt_and_exit;
> +		}
> +		break;
> +
> +	default:
> +		RTE_LOG(ERR, IPSEC, "Unsupported packet type =3D %d\n", type);
> +		goto drop_pkt_and_exit;
> +	}
> +
> +	/* Check if the packet has to be bypassed */
> +	if (sa_idx =3D=3D 0)
> +		goto route_and_send_pkt;
> +
> +	/* Else the packet has to be protected with SA */
> +
> +	/* If the packet was IPsec processed, then SA pointer should be set */
> +	if (sa =3D=3D NULL)
> +		goto drop_pkt_and_exit;
> +
> +	/* SPI on the packet should match with the one in SA */
> +	if (unlikely(sa->spi !=3D sa_idx))
> +		goto drop_pkt_and_exit;
> +
> +route_and_send_pkt:
> +	port_id =3D get_route(pkt, rt, type);
> +	if (unlikely(port_id =3D=3D RTE_MAX_ETHPORTS)) {
> +		/* no match */
> +		goto drop_pkt_and_exit;
> +	}
> +	/* else, we have a matching route */
> +
> +	/* Update mac addresses */
> +	update_mac_addrs(pkt, port_id);
> +
> +	/* Update the event with the dest port */
> +	ipsec_event_pre_forward(pkt, port_id);
> +	return 1;
> +
> +drop_pkt_and_exit:
> +	RTE_LOG(ERR, IPSEC, "Inbound packet dropped\n");
> +	rte_pktmbuf_free(pkt);
> +	ev->mbuf =3D NULL;
> +	return 0;
> +}
> +
>  /*
>   * Event mode exposes various operating modes depending on the
>   * capabilities of the event device and the operating mode
> @@ -134,11 +345,11 @@ static void
>  ipsec_wrkr_non_burst_int_port_app_mode_inb(struct eh_event_link_info *li=
nks,
>  		uint8_t nb_links)
>  {
> +	struct lcore_conf_ev_tx_int_port_wrkr lconf;
>  	unsigned int nb_rx =3D 0;
> -	unsigned int port_id;
> -	struct rte_mbuf *pkt;
>  	struct rte_event ev;
>  	uint32_t lcore_id;
> +	int32_t socket_id;
>=20
>  	/* Check if we have links registered for this lcore */
>  	if (nb_links =3D=3D 0) {
> @@ -151,6 +362,21 @@ ipsec_wrkr_non_burst_int_port_app_mode_inb(struct eh=
_event_link_info *links,
>  	/* Get core ID */
>  	lcore_id =3D rte_lcore_id();
>=20
> +	/* Get socket ID */
> +	socket_id =3D rte_lcore_to_socket_id(lcore_id);
> +
> +	/* Save routing table */
> +	lconf.rt.rt4_ctx =3D socket_ctx[socket_id].rt_ip4;
> +	lconf.rt.rt6_ctx =3D socket_ctx[socket_id].rt_ip6;
> +	lconf.inbound.sp4_ctx =3D socket_ctx[socket_id].sp_ip4_in;
> +	lconf.inbound.sp6_ctx =3D socket_ctx[socket_id].sp_ip6_in;
> +	lconf.inbound.sa_ctx =3D socket_ctx[socket_id].sa_in;
> +	lconf.inbound.session_pool =3D socket_ctx[socket_id].session_pool;
> +	lconf.outbound.sp4_ctx =3D socket_ctx[socket_id].sp_ip4_out;
> +	lconf.outbound.sp6_ctx =3D socket_ctx[socket_id].sp_ip6_out;
> +	lconf.outbound.sa_ctx =3D socket_ctx[socket_id].sa_out;
> +	lconf.outbound.session_pool =3D socket_ctx[socket_id].session_pool;
> +
>  	RTE_LOG(INFO, IPSEC,
>  		"Launching event mode worker (non-burst - Tx internal port - "
>  		"app mode - inbound) on lcore %d\n", lcore_id);
> @@ -175,13 +401,11 @@ ipsec_wrkr_non_burst_int_port_app_mode_inb(struct e=
h_event_link_info *links,
>  		if (nb_rx =3D=3D 0)
>  			continue;
>=20
> -		port_id =3D ev.queue_id;
> -		pkt =3D ev.mbuf;
> -
> -		rte_prefetch0(rte_pktmbuf_mtod(pkt, void *));
> -
> -		/* Process packet */
> -		ipsec_event_pre_forward(pkt, port_id);
> +		if (process_ipsec_ev_inbound(&lconf.inbound,
> +				&lconf.rt, &ev) !=3D 1) {
> +			/* The pkt has been dropped */
> +			continue;
> +		}
>=20
>  		/*
>  		 * Since tx internal port is available, events can be
> diff --git a/examples/ipsec-secgw/ipsec_worker.h b/examples/ipsec-secgw/i=
psec_worker.h
> new file mode 100644
> index 0000000..fd18a2e
> --- /dev/null
> +++ b/examples/ipsec-secgw/ipsec_worker.h
> @@ -0,0 +1,39 @@
> +/* SPDX-License-Identifier: BSD-3-Clause
> + * Copyright(c) 2018 Cavium, Inc
> + */
> +#ifndef _IPSEC_WORKER_H_
> +#define _IPSEC_WORKER_H_
> +
> +#include "ipsec.h"
> +
> +enum pkt_type {
> +	PKT_TYPE_PLAIN_IPV4 =3D 1,
> +	PKT_TYPE_IPSEC_IPV4,
> +	PKT_TYPE_PLAIN_IPV6,
> +	PKT_TYPE_IPSEC_IPV6,
> +	PKT_TYPE_INVALID
> +};
> +
> +struct route_table {
> +	struct rt_ctx *rt4_ctx;
> +	struct rt_ctx *rt6_ctx;
> +};
> +
> +/*
> + * Conf required by event mode worker with tx internal port
> + */
> +struct lcore_conf_ev_tx_int_port_wrkr {
> +	struct ipsec_ctx inbound;
> +	struct ipsec_ctx outbound;
> +	struct route_table rt;
> +} __rte_cache_aligned;
> +
> +/* TODO
> + *
> + * Move this function to ipsec_worker.c
> + */
> +void ipsec_poll_mode_worker(void);
> +
> +int ipsec_launch_one_lcore(void *args);
> +
> +#endif /* _IPSEC_WORKER_H_ */
> diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
> index 7f046e3..9e17ba0 100644
> --- a/examples/ipsec-secgw/sa.c
> +++ b/examples/ipsec-secgw/sa.c
> @@ -772,17 +772,6 @@ print_one_sa_rule(const struct ipsec_sa *sa, int inb=
ound)
>  	printf("\n");
>  }
>=20
> -struct sa_ctx {
> -	void *satbl; /* pointer to array of rte_ipsec_sa objects*/
> -	struct ipsec_sa sa[IPSEC_SA_MAX_ENTRIES];
> -	union {
> -		struct {
> -			struct rte_crypto_sym_xform a;
> -			struct rte_crypto_sym_xform b;
> -		};
> -	} xf[IPSEC_SA_MAX_ENTRIES];
> -};
> -
>  static struct sa_ctx *
>  sa_create(const char *name, int32_t socket_id)
>  {
> --
> 2.7.4