Structure rte_security_session is moved to internal
headers which are not visible to applications.
The only field which should be used by app is opaque_data.
This field can now be accessed via set/get APIs added in this
patch.
Subsequent changes in app and lib are made to compile the code.

Signed-off-by: Akhil Goyal <gak...@marvell.com>
---
 app/test-crypto-perf/cperf_ops.c              |  6 +-
 .../cperf_test_pmd_cyclecount.c               |  2 +-
 app/test-crypto-perf/cperf_test_throughput.c  |  2 +-
 app/test/test_cryptodev.c                     |  2 +-
 app/test/test_cryptodev_security_ipsec.c      |  2 +-
 app/test/test_cryptodev_security_ipsec.h      |  2 +-
 app/test/test_security.c                      | 32 ++++----
 app/test/test_security_inline_proto.c         | 10 +--
 drivers/crypto/caam_jr/caam_jr.c              |  2 +-
 drivers/crypto/cnxk/cn10k_cryptodev_ops.c     |  4 +-
 drivers/crypto/cnxk/cn9k_cryptodev_ops.c      |  6 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  6 +-
 drivers/crypto/dpaa_sec/dpaa_sec.c            |  2 +-
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c        |  4 +-
 drivers/crypto/qat/qat_sym.c                  |  4 +-
 drivers/crypto/qat/qat_sym.h                  |  4 +-
 drivers/net/iavf/iavf_ipsec_crypto.h          |  2 +-
 examples/ipsec-secgw/ipsec_worker.c           |  2 +-
 lib/cryptodev/rte_crypto_sym.h                |  4 +-
 lib/ipsec/rte_ipsec_group.h                   | 12 +--
 lib/ipsec/ses.c                               |  2 +-
 lib/security/rte_security.c                   | 13 ++-
 lib/security/rte_security.h                   | 80 ++++++++++++-------
 lib/security/rte_security_driver.h            | 18 +++++
 24 files changed, 131 insertions(+), 92 deletions(-)

diff --git a/app/test-crypto-perf/cperf_ops.c b/app/test-crypto-perf/cperf_ops.c
index bd3c941fea..7ba4e13244 100644
--- a/app/test-crypto-perf/cperf_ops.c
+++ b/app/test-crypto-perf/cperf_ops.c
@@ -65,8 +65,7 @@ cperf_set_ops_security(struct rte_crypto_op **ops,
 
        for (i = 0; i < nb_ops; i++) {
                struct rte_crypto_sym_op *sym_op = ops[i]->sym;
-               struct rte_security_session *sec_sess =
-                       (struct rte_security_session *)sess;
+               void *sec_sess = (void *)sess;
                uint32_t buf_sz;
 
                uint32_t *per_pkt_hfn = rte_crypto_op_ctod_offset(ops[i],
@@ -131,8 +130,7 @@ cperf_set_ops_security_ipsec(struct rte_crypto_op **ops,
                uint16_t iv_offset __rte_unused, uint32_t *imix_idx,
                uint64_t *tsc_start)
 {
-       struct rte_security_session *sec_sess =
-                       (struct rte_security_session *)sess;
+       void *sec_sess = sess;
        const uint32_t test_buffer_size = options->test_buffer_size;
        const uint32_t headroom_sz = options->headroom_sz;
        const uint32_t segment_sz = options->segment_sz;
diff --git a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c 
b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
index 988b79380d..ae09fed6c2 100644
--- a/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
+++ b/app/test-crypto-perf/cperf_test_pmd_cyclecount.c
@@ -70,7 +70,7 @@ cperf_pmd_cyclecount_test_free(struct 
cperf_pmd_cyclecount_ctx *ctx)
                                (struct rte_security_ctx *)
                                rte_cryptodev_get_sec_ctx(ctx->dev_id);
                        rte_security_session_destroy(sec_ctx,
-                               (struct rte_security_session *)ctx->sess);
+                               (void *)ctx->sess);
                } else
 #endif
                        rte_cryptodev_sym_session_free(ctx->dev_id, ctx->sess);
diff --git a/app/test-crypto-perf/cperf_test_throughput.c 
b/app/test-crypto-perf/cperf_test_throughput.c
index 4d0505174b..be586e4a0a 100644
--- a/app/test-crypto-perf/cperf_test_throughput.c
+++ b/app/test-crypto-perf/cperf_test_throughput.c
@@ -47,7 +47,7 @@ cperf_throughput_test_free(struct cperf_throughput_ctx *ctx)
                                        rte_cryptodev_get_sec_ctx(ctx->dev_id);
                        rte_security_session_destroy(
                                sec_ctx,
-                               (struct rte_security_session *)ctx->sess);
+                               (void *)ctx->sess);
                }
 #endif
                else
diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index ad565983c8..b465e3900b 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -84,7 +84,7 @@ struct crypto_unittest_params {
        union {
                struct rte_cryptodev_sym_session *sess;
 #ifdef RTE_LIB_SECURITY
-               struct rte_security_session *sec_session;
+               void *sec_session;
 #endif
        };
 #ifdef RTE_LIB_SECURITY
diff --git a/app/test/test_cryptodev_security_ipsec.c 
b/app/test/test_cryptodev_security_ipsec.c
index 3f691f0f56..cb77b39dbb 100644
--- a/app/test/test_cryptodev_security_ipsec.c
+++ b/app/test/test_cryptodev_security_ipsec.c
@@ -1126,7 +1126,7 @@ test_ipsec_status_check(const struct ipsec_test_data *td,
 
 int
 test_ipsec_stats_verify(struct rte_security_ctx *ctx,
-                       struct rte_security_session *sess,
+                       void *sess,
                        const struct ipsec_test_flags *flags,
                        enum rte_security_ipsec_sa_direction dir)
 {
diff --git a/app/test/test_cryptodev_security_ipsec.h 
b/app/test/test_cryptodev_security_ipsec.h
index 02b08f9f95..6a119bee46 100644
--- a/app/test/test_cryptodev_security_ipsec.h
+++ b/app/test/test_cryptodev_security_ipsec.h
@@ -277,7 +277,7 @@ int test_ipsec_status_check(const struct ipsec_test_data 
*td,
                            int pkt_num);
 
 int test_ipsec_stats_verify(struct rte_security_ctx *ctx,
-                           struct rte_security_session *sess,
+                           void *sess,
                            const struct ipsec_test_flags *flags,
                            enum rte_security_ipsec_sa_direction dir);
 
diff --git a/app/test/test_security.c b/app/test/test_security.c
index d6e0a9b737..954a023470 100644
--- a/app/test/test_security.c
+++ b/app/test/test_security.c
@@ -234,7 +234,7 @@
 static struct mock_session_create_data {
        void *device;
        struct rte_security_session_conf *conf;
-       struct rte_security_session *sess;
+       void *sess;
        struct rte_mempool *mp;
        struct rte_mempool *priv_mp;
 
@@ -268,7 +268,7 @@ mock_session_create(void *device,
  */
 static struct mock_session_update_data {
        void *device;
-       struct rte_security_session *sess;
+       void *sess;
        struct rte_security_session_conf *conf;
 
        int ret;
@@ -322,7 +322,7 @@ mock_session_get_size(void *device)
  */
 static struct mock_session_stats_get_data {
        void *device;
-       struct rte_security_session *sess;
+       void *sess;
        struct rte_security_stats *stats;
 
        int ret;
@@ -352,7 +352,7 @@ mock_session_stats_get(void *device,
  */
 static struct mock_session_destroy_data {
        void *device;
-       struct rte_security_session *sess;
+       void *sess;
 
        int ret;
 
@@ -377,7 +377,7 @@ mock_session_destroy(void *device, struct 
rte_security_session *sess)
  */
 static struct mock_set_pkt_metadata_data {
        void *device;
-       struct rte_security_session *sess;
+       void *sess;
        struct rte_mbuf *m;
        void *params;
 
@@ -513,7 +513,7 @@ static struct security_testsuite_params {
 static struct security_unittest_params {
        struct rte_security_ctx ctx;
        struct rte_security_session_conf conf;
-       struct rte_security_session *sess;
+       void *sess;
 } unittest_params = {
        .ctx = {
                .device = NULL,
@@ -650,7 +650,7 @@ ut_setup_with_session(void)
 {
        struct security_unittest_params *ut_params = &unittest_params;
        struct security_testsuite_params *ts_params = &testsuite_params;
-       struct rte_security_session *sess;
+       void *sess;
 
        int ret = ut_setup();
        if (ret != TEST_SUCCESS)
@@ -701,7 +701,7 @@ test_session_create_inv_context(void)
 {
        struct security_testsuite_params *ts_params = &testsuite_params;
        struct security_unittest_params *ut_params = &unittest_params;
-       struct rte_security_session *sess;
+       void *sess;
 
        sess = rte_security_session_create(NULL, &ut_params->conf,
                        ts_params->session_mpool);
@@ -723,7 +723,7 @@ test_session_create_inv_context_ops(void)
 {
        struct security_testsuite_params *ts_params = &testsuite_params;
        struct security_unittest_params *ut_params = &unittest_params;
-       struct rte_security_session *sess;
+       void *sess;
 
        ut_params->ctx.ops = NULL;
 
@@ -747,7 +747,7 @@ test_session_create_inv_context_ops_fun(void)
 {
        struct security_testsuite_params *ts_params = &testsuite_params;
        struct security_unittest_params *ut_params = &unittest_params;
-       struct rte_security_session *sess;
+       void *sess;
 
        ut_params->ctx.ops = &empty_ops;
 
@@ -770,7 +770,7 @@ test_session_create_inv_configuration(void)
 {
        struct security_testsuite_params *ts_params = &testsuite_params;
        struct security_unittest_params *ut_params = &unittest_params;
-       struct rte_security_session *sess;
+       void *sess;
 
        sess = rte_security_session_create(&ut_params->ctx, NULL,
                        ts_params->session_mpool);
@@ -791,7 +791,7 @@ static int
 test_session_create_inv_mempool(void)
 {
        struct security_unittest_params *ut_params = &unittest_params;
-       struct rte_security_session *sess;
+       void *sess;
 
        sess = rte_security_session_create(&ut_params->ctx, &ut_params->conf, 
NULL);
        TEST_ASSERT_MOCK_FUNCTION_CALL_RET(rte_security_session_create,
@@ -812,8 +812,8 @@ test_session_create_mempool_empty(void)
 {
        struct security_testsuite_params *ts_params = &testsuite_params;
        struct security_unittest_params *ut_params = &unittest_params;
-       struct rte_security_session *tmp[SECURITY_TEST_MEMPOOL_SIZE];
-       struct rte_security_session *sess;
+       void *tmp[SECURITY_TEST_MEMPOOL_SIZE];
+       void *sess;
 
        /* Get all available objects from mempool. */
        int i, ret;
@@ -853,7 +853,7 @@ test_session_create_ops_failure(void)
 {
        struct security_testsuite_params *ts_params = &testsuite_params;
        struct security_unittest_params *ut_params = &unittest_params;
-       struct rte_security_session *sess;
+       void *sess;
 
        mock_session_create_exp.device = NULL;
        mock_session_create_exp.conf = &ut_params->conf;
@@ -879,7 +879,7 @@ test_session_create_success(void)
 {
        struct security_testsuite_params *ts_params = &testsuite_params;
        struct security_unittest_params *ut_params = &unittest_params;
-       struct rte_security_session *sess;
+       void *sess;
 
        mock_session_create_exp.device = NULL;
        mock_session_create_exp.conf = &ut_params->conf;
diff --git a/app/test/test_security_inline_proto.c 
b/app/test/test_security_inline_proto.c
index 50b8915e75..26d618b35d 100644
--- a/app/test/test_security_inline_proto.c
+++ b/app/test/test_security_inline_proto.c
@@ -119,7 +119,7 @@ static struct rte_flow *default_flow[RTE_MAX_ETHPORTS];
 /* Create Inline IPsec session */
 static int
 create_inline_ipsec_session(struct ipsec_test_data *sa, uint16_t portid,
-               struct rte_security_session **sess, struct rte_security_ctx 
**ctx,
+               void **sess, struct rte_security_ctx **ctx,
                uint32_t *ol_flags, const struct ipsec_test_flags *flags,
                struct rte_security_session_conf *sess_conf)
 {
@@ -681,8 +681,8 @@ static int
 test_ipsec_with_reassembly(struct reassembly_vector *vector,
                const struct ipsec_test_flags *flags)
 {
-       struct rte_security_session *out_ses[ENCAP_DECAP_BURST_SZ] = {0};
-       struct rte_security_session *in_ses[ENCAP_DECAP_BURST_SZ] = {0};
+       void *out_ses[ENCAP_DECAP_BURST_SZ] = {0};
+       void *in_ses[ENCAP_DECAP_BURST_SZ] = {0};
        struct rte_eth_ip_reassembly_params reass_capa = {0};
        struct rte_security_session_conf sess_conf_out = {0};
        struct rte_security_session_conf sess_conf_in = {0};
@@ -944,7 +944,7 @@ test_ipsec_inline_proto_process(struct ipsec_test_data *td,
        struct rte_crypto_sym_xform cipher = {0};
        struct rte_crypto_sym_xform auth = {0};
        struct rte_crypto_sym_xform aead = {0};
-       struct rte_security_session *ses;
+       void *ses;
        struct rte_security_ctx *ctx;
        int nb_rx = 0, nb_sent;
        uint32_t ol_flags;
@@ -1177,7 +1177,7 @@ test_ipsec_inline_proto_process_with_esn(struct 
ipsec_test_data td[],
        struct rte_mbuf *rx_pkt = NULL;
        struct rte_mbuf *tx_pkt = NULL;
        int nb_rx, nb_sent;
-       struct rte_security_session *ses;
+       void *ses;
        struct rte_security_ctx *ctx;
        uint32_t ol_flags;
        int i, ret;
diff --git a/drivers/crypto/caam_jr/caam_jr.c b/drivers/crypto/caam_jr/caam_jr.c
index c88483b735..865f0ecdef 100644
--- a/drivers/crypto/caam_jr/caam_jr.c
+++ b/drivers/crypto/caam_jr/caam_jr.c
@@ -1359,7 +1359,7 @@ caam_jr_enqueue_op(struct rte_crypto_op *op, struct 
caam_jr_qp *qp)
                ses = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
                break;
        case RTE_CRYPTO_OP_SECURITY_SESSION:
-               ses = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+               ses = GET_SECURITY_SESS_PRIV(op->sym->session);
                break;
        default:
                CAAM_JR_DP_ERR("sessionless crypto op not supported");
diff --git a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
index b7dc13178b..0f6ac6fe46 100644
--- a/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn10k_cryptodev_ops.c
@@ -103,7 +103,7 @@ cn10k_cpt_fill_inst(struct cnxk_cpt_qp *qp, struct 
rte_crypto_op *ops[],
 
        if (op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC) {
                if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-                       sec_sess = GET_SECURITY_SESS_PRIV(sym_op->sec_session);
+                       sec_sess = GET_SECURITY_SESS_PRIV(sym_op->session);
                        ret = cpt_sec_inst_fill(qp, op, sec_sess, &inst[0]);
                        if (unlikely(ret))
                                return 0;
@@ -322,7 +322,7 @@ cn10k_ca_meta_info_extract(struct rte_crypto_op *op,
                        struct cn10k_sec_session *priv;
                        struct cn10k_ipsec_sa *sa;
 
-                       priv = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+                       priv = GET_SECURITY_SESS_PRIV(op->sym->session);
                        sa = &priv->sa;
                        *qp = sa->qp;
                        *w2 = sa->inst.w2;
diff --git a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c 
b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
index ed4c92b09f..de7a202666 100644
--- a/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
+++ b/drivers/crypto/cnxk/cn9k_cryptodev_ops.c
@@ -27,7 +27,7 @@ cn9k_cpt_sec_inst_fill(struct rte_crypto_op *op,
        struct cn9k_ipsec_sa *sa;
        int ret;
 
-       priv = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+       priv = GET_SECURITY_SESS_PRIV(op->sym->session);
        sa = &priv->sa;
 
        if (unlikely(sym_op->m_dst && sym_op->m_dst != sym_op->m_src)) {
@@ -374,7 +374,7 @@ cn9k_ca_meta_info_extract(struct rte_crypto_op *op,
                        struct cn9k_sec_session *priv;
                        struct cn9k_ipsec_sa *sa;
 
-                       priv = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+                       priv = GET_SECURITY_SESS_PRIV(op->sym->session);
                        sa = &priv->sa;
                        *qp = sa->qp;
                        inst->w2.u64 = sa->inst.w2;
@@ -539,7 +539,7 @@ cn9k_cpt_sec_post_process(struct rte_crypto_op *cop,
                             CPT_OP_FLAGS_IPSEC_INB_REPLAY)) {
                        int ret;
 
-                       priv = GET_SECURITY_SESS_PRIV(sym_op->sec_session);
+                       priv = GET_SECURITY_SESS_PRIV(sym_op->session);
                        sa = &priv->sa;
 
                        ret = ipsec_antireplay_check(
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c 
b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 548497ed0e..94f3cf460f 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -1382,7 +1382,7 @@ build_sec_fd(struct rte_crypto_op *op,
                sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIB_SECURITY
        else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-               sess = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+               sess = GET_SECURITY_SESS_PRIV(op->sym->session);
 #endif
        else {
                DPAA2_SEC_DP_ERR("Session type invalid\n");
@@ -1582,7 +1582,7 @@ sec_simple_fd_to_mbuf(const struct qbman_fd *fd)
        mbuf->buf_iova = op->sym->aead.digest.phys_addr;
        op->sym->aead.digest.phys_addr = 0L;
 
-       sess_priv = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+       sess_priv = GET_SECURITY_SESS_PRIV(op->sym->session);
        if (sess_priv->dir == DIR_ENC)
                mbuf->data_off += SEC_FLC_DHR_OUTBOUND;
        else
@@ -1678,7 +1678,7 @@ dpaa2_sec_dump(struct rte_crypto_op *op)
                sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
 #ifdef RTE_LIBRTE_SECURITY
        else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION)
-               sess = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+               sess = GET_SECURITY_SESS_PRIV(op->sym->session);
 #endif
 
        if (sess == NULL)
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c 
b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 42a5e17746..8b7d1f2f9a 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -1926,7 +1926,7 @@ dpaa_sec_enqueue_burst(void *qp, struct rte_crypto_op 
**ops,
                                break;
 #ifdef RTE_LIB_SECURITY
                        case RTE_CRYPTO_OP_SECURITY_SESSION:
-                               ses = 
GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+                               ses = GET_SECURITY_SESS_PRIV(op->sym->session);
                                break;
 #endif
                        default:
diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c 
b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index e98c01d10a..73b79dc420 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1584,7 +1584,7 @@ set_sec_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp 
*qp,
                op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
                return -1;
        }
-       session = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+       session = GET_SECURITY_SESS_PRIV(op->sym->session);
 
        if (unlikely(session == NULL)) {
                op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
@@ -1719,7 +1719,7 @@ post_process_mb_job(struct ipsec_mb_qp *qp, IMB_JOB *job)
                 * this is for DOCSIS
                 */
                is_docsis_sec = 1;
-               sess = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+               sess = GET_SECURITY_SESS_PRIV(op->sym->session);
        } else
 #endif
                sess = CRYPTODEV_GET_SYM_SESS_PRIV(op->sym->session);
diff --git a/drivers/crypto/qat/qat_sym.c b/drivers/crypto/qat/qat_sym.c
index c301fc32c6..f51948e2cd 100644
--- a/drivers/crypto/qat/qat_sym.c
+++ b/drivers/crypto/qat/qat_sym.c
@@ -101,7 +101,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
 
 #ifdef RTE_LIB_SECURITY
        else if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-               ctx = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+               ctx = GET_SECURITY_SESS_PRIV(op->sym->session);
                if (unlikely(!ctx)) {
                        QAT_DP_LOG(ERR, "No session for this device");
                        return -EINVAL;
@@ -145,7 +145,7 @@ qat_sym_build_request(void *in_op, uint8_t *out_msg,
                                }
                        }
 
-                       sess = (uintptr_t)op->sym->sec_session;
+                       sess = (uintptr_t)op->sym->session;
                        build_request = ctx->build_request[proc_type];
                        opaque[0] = sess;
                        opaque[1] = (uintptr_t)build_request;
diff --git a/drivers/crypto/qat/qat_sym.h b/drivers/crypto/qat/qat_sym.h
index adc173b802..9c2148c507 100644
--- a/drivers/crypto/qat/qat_sym.h
+++ b/drivers/crypto/qat/qat_sym.h
@@ -277,7 +277,7 @@ qat_sym_preprocess_requests(void **ops, uint16_t nb_ops)
                op = (struct rte_crypto_op *)ops[i];
 
                if (op->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-                       ctx = GET_SECURITY_SESS_PRIV(op->sym->sec_session);
+                       ctx = GET_SECURITY_SESS_PRIV(op->sym->session);
 
                        if (ctx == NULL || ctx->bpi_ctx == NULL)
                                continue;
@@ -310,7 +310,7 @@ qat_sym_process_response(void **op, uint8_t *resp, void 
*op_cookie,
                 * Assuming at this point that if it's a security
                 * op, that this is for DOCSIS
                 */
-               sess = GET_SECURITY_SESS_PRIV(rx_op->sym->sec_session);
+               sess = GET_SECURITY_SESS_PRIV(rx_op->sym->session);
                is_docsis_sec = 1;
        } else
 #endif
diff --git a/drivers/net/iavf/iavf_ipsec_crypto.h 
b/drivers/net/iavf/iavf_ipsec_crypto.h
index 8ea0f9540e..49f9202aca 100644
--- a/drivers/net/iavf/iavf_ipsec_crypto.h
+++ b/drivers/net/iavf/iavf_ipsec_crypto.h
@@ -5,7 +5,7 @@
 #ifndef _IAVF_IPSEC_CRYPTO_H_
 #define _IAVF_IPSEC_CRYPTO_H_
 
-#include <rte_security.h>
+#include <rte_security_driver.h>
 
 #include "iavf.h"
 
diff --git a/examples/ipsec-secgw/ipsec_worker.c 
b/examples/ipsec-secgw/ipsec_worker.c
index 803157d8ee..ac576f2d7c 100644
--- a/examples/ipsec-secgw/ipsec_worker.c
+++ b/examples/ipsec-secgw/ipsec_worker.c
@@ -17,7 +17,7 @@
 #endif
 
 struct port_drv_mode_data {
-       struct rte_security_session *sess;
+       void *sess;
        struct rte_security_ctx *ctx;
 };
 
diff --git a/lib/cryptodev/rte_crypto_sym.h b/lib/cryptodev/rte_crypto_sym.h
index 84deecac48..b1650adcac 100644
--- a/lib/cryptodev/rte_crypto_sym.h
+++ b/lib/cryptodev/rte_crypto_sym.h
@@ -617,11 +617,9 @@ struct rte_crypto_sym_op {
        RTE_STD_C11
        union {
                void *session;
-               /**< Handle for the initialised session context */
+               /**< Handle for the initialised crypto/security session context 
*/
                struct rte_crypto_sym_xform *xform;
                /**< Session-less API crypto operation parameters */
-               struct rte_security_session *sec_session;
-               /**< Handle for the initialised security session context */
        };
 
        RTE_STD_C11
diff --git a/lib/ipsec/rte_ipsec_group.h b/lib/ipsec/rte_ipsec_group.h
index a4e0e128f8..c6458ef81e 100644
--- a/lib/ipsec/rte_ipsec_group.h
+++ b/lib/ipsec/rte_ipsec_group.h
@@ -44,16 +44,16 @@ struct rte_ipsec_group {
 static inline struct rte_ipsec_session *
 rte_ipsec_ses_from_crypto(const struct rte_crypto_op *cop)
 {
-       const struct rte_security_session *ss;
-       void *cs;
+       void *ses;
 
        if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) {
-               ss = cop->sym[0].sec_session;
-               return (struct rte_ipsec_session *)(uintptr_t)ss->opaque_data;
+               ses = cop->sym[0].session;
+               return (struct rte_ipsec_session *)(uintptr_t)
+                       rte_security_session_opaque_data_get(ses);
        } else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) {
-               cs = cop->sym[0].session;
+               ses = cop->sym[0].session;
                return (struct rte_ipsec_session *)(uintptr_t)
-                       rte_cryptodev_sym_session_opaque_data_get(cs);
+                       rte_cryptodev_sym_session_opaque_data_get(ses);
        }
        return NULL;
 }
diff --git a/lib/ipsec/ses.c b/lib/ipsec/ses.c
index 0d3c932302..d9ab1e6d2b 100644
--- a/lib/ipsec/ses.c
+++ b/lib/ipsec/ses.c
@@ -48,7 +48,7 @@ rte_ipsec_session_prepare(struct rte_ipsec_session *ss)
                rte_cryptodev_sym_session_opaque_data_set(ss->crypto.ses,
                        (uintptr_t)ss);
        else
-               ss->security.ses->opaque_data = (uintptr_t)ss;
+               rte_security_session_opaque_data_set(ss->security.ses, 
(uintptr_t)ss);
 
        return 0;
 }
diff --git a/lib/security/rte_security.c b/lib/security/rte_security.c
index 2e2906a73c..dfd05498e3 100644
--- a/lib/security/rte_security.c
+++ b/lib/security/rte_security.c
@@ -39,7 +39,7 @@ rte_security_dynfield_register(void)
        return rte_security_dynfield_offset;
 }
 
-struct rte_security_session *
+void *
 rte_security_session_create(struct rte_security_ctx *instance,
                            struct rte_security_session_conf *conf,
                            struct rte_mempool *mp)
@@ -69,12 +69,12 @@ rte_security_session_create(struct rte_security_ctx 
*instance,
        }
        instance->sess_cnt++;
 
-       return sess;
+       return (void *)sess;
 }
 
 int
 rte_security_session_update(struct rte_security_ctx *instance,
-                           struct rte_security_session *sess,
+                           void *sess,
                            struct rte_security_session_conf *conf)
 {
        RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_update, -EINVAL,
@@ -96,7 +96,7 @@ rte_security_session_get_size(struct rte_security_ctx 
*instance)
 
 int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
-                              struct rte_security_session *sess,
+                              void *sess,
                               struct rte_security_stats *stats)
 {
        RTE_PTR_CHAIN3_OR_ERR_RET(instance, ops, session_stats_get, -EINVAL,
@@ -108,8 +108,7 @@ rte_security_session_stats_get(struct rte_security_ctx 
*instance,
 }
 
 int
-rte_security_session_destroy(struct rte_security_ctx *instance,
-                            struct rte_security_session *sess)
+rte_security_session_destroy(struct rte_security_ctx *instance, void *sess)
 {
        int ret;
 
@@ -131,7 +130,7 @@ rte_security_session_destroy(struct rte_security_ctx 
*instance,
 
 int
 __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-                               struct rte_security_session *sess,
+                               void *sess,
                                struct rte_mbuf *m, void *params)
 {
 #ifdef RTE_DEBUG
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index bf4ff3c18c..2e717b7468 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -518,20 +518,6 @@ struct rte_security_session_conf {
        /**< Application specific userdata to be saved with session */
 };
 
-struct rte_security_session {
-       RTE_MARKER cacheline0;
-       uint64_t opaque_data;
-       /**< Opaque user defined data */
-       uint64_t fast_mdata;
-       /**< Fast metadata to be used for inline path */
-       rte_iova_t driver_priv_data_iova;
-       /**< session private data IOVA address */
-
-       RTE_MARKER cacheline1 __rte_cache_min_aligned;
-       uint8_t driver_priv_data[0];
-       /**< Private session material, variable size (depends on driver) */
-};
-
 /**
  * Create security session as specified by the session configuration
  *
@@ -542,7 +528,7 @@ struct rte_security_session {
  *  - On success, pointer to session
  *  - On failure, NULL
  */
-struct rte_security_session *
+void *
 rte_security_session_create(struct rte_security_ctx *instance,
                            struct rte_security_session_conf *conf,
                            struct rte_mempool *mp);
@@ -560,7 +546,7 @@ rte_security_session_create(struct rte_security_ctx 
*instance,
 __rte_experimental
 int
 rte_security_session_update(struct rte_security_ctx *instance,
-                           struct rte_security_session *sess,
+                           void *sess,
                            struct rte_security_session_conf *conf);
 
 /**
@@ -590,8 +576,7 @@ rte_security_session_get_size(struct rte_security_ctx 
*instance);
  *  - other negative values in case of freeing private data errors.
  */
 int
-rte_security_session_destroy(struct rte_security_ctx *instance,
-                            struct rte_security_session *sess);
+rte_security_session_destroy(struct rte_security_ctx *instance, void *sess);
 
 /** Device-specific metadata field type */
 typedef uint64_t rte_security_dynfield_t;
@@ -634,10 +619,52 @@ static inline bool 
rte_security_dynfield_is_registered(void)
        return rte_security_dynfield_offset >= 0;
 }
 
+#define RTE_SECURITY_SESS_OPAQUE_DATA_OFF      0
+#define RTE_SECURITY_SESS_FAST_MDATA_OFF       1
+/**
+ * Get opaque data from session handle
+ */
+static inline uint64_t
+rte_security_session_opaque_data_get(void *sess)
+{
+       return *((uint64_t *)sess + RTE_SECURITY_SESS_OPAQUE_DATA_OFF);
+}
+
+/**
+ * Set opaque data in session handle
+ */
+static inline void
+rte_security_session_opaque_data_set(void *sess, uint64_t opaque)
+{
+       uint64_t *data;
+       data = (((uint64_t *)sess) + RTE_SECURITY_SESS_OPAQUE_DATA_OFF);
+       *data = opaque;
+}
+
+/**
+ * Get fast mdata from session handle
+ */
+static inline uint64_t
+rte_security_session_fast_mdata_get(void *sess)
+{
+       return *((uint64_t *)sess + RTE_SECURITY_SESS_FAST_MDATA_OFF);
+}
+
+/**
+ * Set fast mdata in session handle
+ */
+static inline void
+rte_security_session_fast_mdata_set(void *sess, uint64_t fdata)
+{
+       uint64_t *data;
+       data = (((uint64_t *)sess) + RTE_SECURITY_SESS_FAST_MDATA_OFF);
+       *data = fdata;
+}
+
 /** Function to call PMD specific function pointer set_pkt_metadata() */
 __rte_experimental
 extern int __rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-                                          struct rte_security_session *sess,
+                                          void *sess,
                                           struct rte_mbuf *m, void *params);
 
 /**
@@ -655,13 +682,13 @@ extern int __rte_security_set_pkt_metadata(struct 
rte_security_ctx *instance,
  */
 static inline int
 rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
-                             struct rte_security_session *sess,
+                             void *sess,
                              struct rte_mbuf *mb, void *params)
 {
        /* Fast Path */
        if (instance->flags & RTE_SEC_CTX_F_FAST_SET_MDATA) {
-               *rte_security_dynfield(mb) =
-                       (rte_security_dynfield_t)(sess->fast_mdata);
+               *rte_security_dynfield(mb) = (rte_security_dynfield_t)
+                       rte_security_session_fast_mdata_get(sess);
                return 0;
        }
 
@@ -710,10 +737,9 @@ rte_security_get_userdata(struct rte_security_ctx 
*instance, uint64_t md)
  * @param      sess    security session
  */
 static inline int
-__rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
-                             struct rte_security_session *sess)
+__rte_security_attach_session(struct rte_crypto_sym_op *sym_op, void *sess)
 {
-       sym_op->sec_session = sess;
+       sym_op->session = sess;
 
        return 0;
 }
@@ -729,7 +755,7 @@ __rte_security_attach_session(struct rte_crypto_sym_op 
*sym_op,
  */
 static inline int
 rte_security_attach_session(struct rte_crypto_op *op,
-                           struct rte_security_session *sess)
+                           void *sess)
 {
        if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
                return -EINVAL;
@@ -791,7 +817,7 @@ struct rte_security_stats {
 __rte_experimental
 int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
-                              struct rte_security_session *sess,
+                              void *sess,
                               struct rte_security_stats *stats);
 
 /**
diff --git a/lib/security/rte_security_driver.h 
b/lib/security/rte_security_driver.h
index 43024e7d85..10fd838b94 100644
--- a/lib/security/rte_security_driver.h
+++ b/lib/security/rte_security_driver.h
@@ -19,6 +19,24 @@ extern "C" {
 
 #include "rte_security.h"
 
+/**
+ * @internal
+ * Security session to be used by library for internal usage
+ */
+struct rte_security_session {
+       RTE_MARKER cacheline0;
+       uint64_t opaque_data;
+       /**< Opaque user defined data */
+       uint64_t fast_mdata;
+       /**< Fast metadata to be used for inline path */
+       rte_iova_t driver_priv_data_iova;
+       /**< session private data IOVA address */
+
+       RTE_MARKER cacheline1 __rte_cache_min_aligned;
+       uint8_t driver_priv_data[0];
+       /**< Private session material, variable size (depends on driver) */
+};
+
 /**
  * Helper macro to get driver private data
  */
-- 
2.25.1

Reply via email to