+/**
+ * Get userdata associated with the security session which processed the
+ * packet. This userdata would be registered while creating the session, and
+ * application can use this to identify the SA etc. Device-specific metadata
+ * in the mbuf would be used for this.
+ *
+ * This is valid only for inline processed ingress packets.
+ *
+ * @param instance security instance
+ * @param md device-specific metadata set in mbuf
+ *
+ * @return
+ * - On success, userdata
+ * - On failure, NULL
+ */
+void * __rte_experimental
+rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
+