+static int
+cn10k_sec_session_stats_get(void *device, struct rte_security_session *sess,
+ struct rte_security_stats *stats)
+{
+ struct rte_cryptodev *crypto_dev = device;
+ struct roc_ot_ipsec_outb_sa *out_sa;
+ struct roc_ot_ipsec_inb_sa *in_sa;
+ union roc_ot_ipsec_sa_word2 *w2;
+ struct cn10k_sec_session *priv;
+ struct cn10k_ipsec_sa *sa;
+ struct cnxk_cpt_qp *qp;
+
+ priv = get_sec_session_private_data(sess);
+ if (priv == NULL)
+ return -EINVAL;
+
+ qp = crypto_dev->data->queue_pairs[0];
+ if (qp == NULL)
+ return -EINVAL;
+
+ sa = &priv->sa;
+ w2 = (union roc_ot_ipsec_sa_word2 *)&sa->in_sa.w2;
+
+ stats->protocol = RTE_SECURITY_PROTOCOL_IPSEC;
+
+ if (w2->s.dir == ROC_IE_SA_DIR_OUTBOUND) {
+ out_sa = &sa->out_sa;
+ roc_cpt_lf_ctx_flush(&qp->lf, out_sa, false);
+ rte_delay_ms(1);
+ stats->ipsec.opackets = out_sa->ctx.mib_pkts;
+ stats->ipsec.obytes = out_sa->ctx.mib_octs;
+ } else {
+ in_sa = &sa->in_sa;
+ roc_cpt_lf_ctx_flush(&qp->lf, in_sa, false);
+ rte_delay_ms(1);
+ stats->ipsec.ipackets = in_sa->ctx.mib_pkts;
+ stats->ipsec.ibytes = in_sa->ctx.mib_octs;
+ }
+
+ return 0;
+}
+
+static int
+cn10k_sec_session_update(void *device, struct rte_security_session *sess,
+ struct rte_security_session_conf *conf)
+{
+ struct rte_cryptodev *crypto_dev = device;
+ struct cn10k_sec_session *priv;
+ struct roc_cpt *roc_cpt;
+ struct cnxk_cpt_qp *qp;
+ struct cnxk_cpt_vf *vf;
+ int ret;
+
+ priv = get_sec_session_private_data(sess);
+ if (priv == NULL)
+ return -EINVAL;
+
+ qp = crypto_dev->data->queue_pairs[0];
+ if (qp == NULL)
+ return -EINVAL;
+
+ if (conf->ipsec.direction == RTE_SECURITY_IPSEC_SA_DIR_INGRESS)
+ return -ENOTSUP;
+
+ ret = cnxk_ipsec_xform_verify(&conf->ipsec, conf->crypto_xform);
+ if (ret)
+ return ret;
+
+ vf = crypto_dev->data->dev_private;
+ roc_cpt = &vf->cpt;
+
+ return cn10k_ipsec_outb_sa_create(roc_cpt, &qp->lf, &conf->ipsec,
+ conf->crypto_xform, sess);
+}
+