On 12/18/2017 12:45 PM, Anoob Joseph wrote:

In case of inline protocol processed ingress traffic, the packet may not
have enough information to determine the security parameters with which
the packet was processed. In such cases, application could get metadata
from the packet which could be used to identify the security parameters
with which the packet was processed.

Application could register "userdata" with the security session, and
this could be retrieved from the metadata of inline processed packets.
The metadata returned by "rte_security_get_pkt_metadata()" will be
device specific. Also the driver is expected to return the application
registered "userdata" as is, without any modifications.

Signed-off-by: Anoob Joseph <redacted>
---
v6:
* The file *_version.map needs APIs to be in alphabetical order. Fixed this
   for the new API added.

v5:
* No change

v4:
* Documented the usage of rte_mbuf.udata64 field by security library
* Removed (rte_security_get_pkt_metadata() API as the udata64 field itself
   will have device-specific metadata, and could be directly used

v3:
* Replaced 64 bit metadata in conf with (void *)userdata
* The API(rte_security_get_pkt_metadata) would return void * instead of
   uint64_t

v2:
* Replaced get_session and get_cookie APIs with get_pkt_metadata API

  doc/guides/prog_guide/rte_security.rst       | 22 +++++++++++++++++++++-
  lib/librte_security/rte_security.c           | 12 ++++++++++++
  lib/librte_security/rte_security.h           | 20 ++++++++++++++++++++
  lib/librte_security/rte_security_driver.h    | 18 ++++++++++++++++++
  lib/librte_security/rte_security_version.map |  1 +
  5 files changed, 72 insertions(+), 1 deletion(-)

library Patch
Acked-by: Akhil Goyal <redacted>