Re: [dpdk-dev] [PATCH] security: remove experimental tag

[Akhil Goyal]

> 
> Hi Konstantin,
> 
> On 11/13/2018 5:19 PM, Ananyev, Konstantin wrote:
> > Hi Akhil,
> >
> >> -----Original Message-----
> >> From: Akhil Goyal [mailto:akhil.go...@nxp.com]
> >> Sent: Tuesday, November 13, 2018 11:28 AM
> >> To: dev@dpdk.org
> >> Cc: tho...@monjalon.net; Ananyev, Konstantin 
> >> <konstantin.anan...@intel.com>; jerin.ja...@caviumnetworks.com; 
> >> anoob.jos...@caviumnetworks.com; Nicolau, Radu 
> >> <radu.nico...@intel.com>; Doherty, Declan 
> >> <declan.dohe...@intel.com>; Hemant Agrawal 
> >> <hemant.agra...@nxp.com>; Akhil Goyal <akhil.go...@nxp.com>
> >> Subject: [PATCH] security: remove experimental tag
> >>
> >> rte_security has been experimental since DPDK 17.11 release.
> >> Now the library has matured and expermental tag is removed in this 
> >> patch.
> > I agree that it is present for a while in dpdk.org, but as I can see 
> > we still have unimplemented API here.
> > Which makes me doubt that it is ok to remove experimental tag from it.
> > Konstantin
> 3 vendors(Intel/Cavium/NXP) have tested their PMDs on security and 
> made the changes that they need.
> Which APIs are missing? 

What I am aware about:
a) rte_security_ops. get_userdata
[Akhil] I believe Cavium added some patches in ipsec-secgw app for its usage 
and I believe they do have implementation for that. Also I cannot see any 
changes in rte_security for its support in PMDs.

b) RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL

[Akhil] Cavium supports it.

c) rte_security_capability.ol_flags:
    RTE_SECURITY_PDCP_ORDERING_CAP
    RTE_SECURITY_PDCP_DUP_DETECT_CAP

[Akhil] PDCP is not currently supported by any of the vendors except NXP and 
NXP do not support these capabilities.
For this also, I don’t see any change in the library. It would be only PMD 
which needs to support it.

    RTE_SECURITY_TX_HW_TRAILER_OFFLOAD
    RTE_SECURITY_RX_HW_TRAILER_OFFLOAD

[Akhil] Same here, these are all PMD capabilities which do not require any 
change in rte_security.

>I believe addition of protocols is not an issue  even if we remove 
>experimental tag.

After another thought - it is probably unfair to keep whole lib as experimental 
because few things are missing.
But I think things that are unimplemented (or related to them) need to stay in 
'experimental' state.

[Akhil] I do not foresee any changes in library, so I believe experimental is 
not required. Please correct me if this is incorrect understanding.

Konstantin

> 
> -Akhil