[dpdk-dev] [PATCH] security: remove experimental tag

[dpdk-dev] [PATCH] security: remove experimental tag

[Akhil Goyal]

rte_security has been experimental since DPDK 17.11 release.
Now the library has matured and expermental tag is removed in
this patch.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 MAINTAINERS                                  |  2 +-
 lib/librte_security/Makefile                 |  1 -
 lib/librte_security/meson.build              |  1 -
 lib/librte_security/rte_security.c           | 18 +++++++++---------
 lib/librte_security/rte_security.h           | 27 +++++++++++++--------------
 lib/librte_security/rte_security_driver.h    |  1 -
 lib/librte_security/rte_security_version.map |  2 +-
 7 files changed, 24 insertions(+), 28 deletions(-)

diff --git a/MAINTAINERS b/MAINTAINERS
index 19353ac..bdd6747 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -347,7 +347,7 @@ F: lib/librte_cryptodev/
 F: test/test/test_cryptodev*
 F: examples/l2fwd-crypto/
 
-Security API - EXPERIMENTAL
+Security API
 M: Akhil Goyal <akhil.goyal@nxp.com>
 M: Declan Doherty <declan.doherty@intel.com>
 T: git://dpdk.org/next/dpdk-next-crypto
diff --git a/lib/librte_security/Makefile b/lib/librte_security/Makefile
index 8daebea..bd92343 100644
--- a/lib/librte_security/Makefile
+++ b/lib/librte_security/Makefile
@@ -10,7 +10,6 @@ LIB = librte_security.a
 LIBABIVER := 1
 
 # build flags
-CFLAGS += -DALLOW_EXPERIMENTAL_API
 CFLAGS += -O3
 CFLAGS += $(WERROR_FLAGS)
 LDLIBS += -lrte_eal -lrte_mempool
diff --git a/lib/librte_security/meson.build b/lib/librte_security/meson.build
index 4c85894..532953f 100644
--- a/lib/librte_security/meson.build
+++ b/lib/librte_security/meson.build
@@ -1,7 +1,6 @@
 # SPDX-License-Identifier: BSD-3-Clause
 # Copyright(c) 2017 Intel Corporation
 
-allow_experimental_apis = true
 sources = files('rte_security.c')
 headers = files('rte_security.h', 'rte_security_driver.h')
 deps += ['mempool', 'cryptodev']
diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
index c6355de..bc81ce1 100644
--- a/lib/librte_security/rte_security.c
+++ b/lib/librte_security/rte_security.c
@@ -10,7 +10,7 @@
 #include "rte_security_driver.h"
 
 struct rte_security_session *
-__rte_experimental rte_security_session_create(struct rte_security_ctx *instance,
+rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
 			    struct rte_mempool *mp)
 {
@@ -33,7 +33,7 @@ __rte_experimental rte_security_session_create(struct rte_security_ctx *instance
 	return sess;
 }
 
-int __rte_experimental
+int
 rte_security_session_update(struct rte_security_ctx *instance,
 			    struct rte_security_session *sess,
 			    struct rte_security_session_conf *conf)
@@ -42,14 +42,14 @@ rte_security_session_update(struct rte_security_ctx *instance,
 	return instance->ops->session_update(instance->device, sess, conf);
 }
 
-unsigned int __rte_experimental
+unsigned int
 rte_security_session_get_size(struct rte_security_ctx *instance)
 {
 	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
 	return instance->ops->session_get_size(instance->device);
 }
 
-int __rte_experimental
+int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
 			       struct rte_security_session *sess,
 			       struct rte_security_stats *stats)
@@ -58,7 +58,7 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
 	return instance->ops->session_stats_get(instance->device, sess, stats);
 }
 
-int __rte_experimental
+int
 rte_security_session_destroy(struct rte_security_ctx *instance,
 			     struct rte_security_session *sess)
 {
@@ -76,7 +76,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
 	return ret;
 }
 
-int __rte_experimental
+int
 rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
 			      struct rte_security_session *sess,
 			      struct rte_mbuf *m, void *params)
@@ -86,7 +86,7 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
 					       sess, m, params);
 }
 
-void * __rte_experimental
+void *
 rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
 {
 	void *userdata = NULL;
@@ -98,14 +98,14 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
 	return userdata;
 }
 
-const struct rte_security_capability * __rte_experimental
+const struct rte_security_capability *
 rte_security_capabilities_get(struct rte_security_ctx *instance)
 {
 	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
 	return instance->ops->capabilities_get(instance->device);
 }
 
-const struct rte_security_capability * __rte_experimental
+const struct rte_security_capability *
 rte_security_capability_get(struct rte_security_ctx *instance,
 			    struct rte_security_capability_idx *idx)
 {
diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index 1431b4d..e07b132 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -8,7 +8,6 @@
 
 /**
  * @file rte_security.h
- * @b EXPERIMENTAL: this API may change without prior notice
  *
  * RTE Security Common Definitions
  *
@@ -330,7 +329,7 @@ struct rte_security_session {
  *  - On success, pointer to session
  *  - On failure, NULL
  */
-struct rte_security_session * __rte_experimental
+struct rte_security_session *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
 			    struct rte_mempool *mp);
@@ -345,7 +344,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
  *  - On success returns 0
  *  - On failure return errno
  */
-int __rte_experimental
+int
 rte_security_session_update(struct rte_security_ctx *instance,
 			    struct rte_security_session *sess,
 			    struct rte_security_session_conf *conf);
@@ -359,7 +358,7 @@ rte_security_session_update(struct rte_security_ctx *instance,
  *   - Size of the private data, if successful
  *   - 0 if device is invalid or does not support the operation.
  */
-unsigned int __rte_experimental
+unsigned int
 rte_security_session_get_size(struct rte_security_ctx *instance);
 
 /**
@@ -374,7 +373,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance);
  *  - -EINVAL if session is NULL.
  *  - -EBUSY if not all device private data has been freed.
  */
-int __rte_experimental
+int
 rte_security_session_destroy(struct rte_security_ctx *instance,
 			     struct rte_security_session *sess);
 
@@ -391,7 +390,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
  *  - On success, zero.
  *  - On failure, a negative value.
  */
-int __rte_experimental
+int
 rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
 			      struct rte_security_session *sess,
 			      struct rte_mbuf *mb, void *params);
@@ -413,7 +412,7 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
  *  - On success, userdata
  *  - On failure, NULL
  */
-void * __rte_experimental
+void *
 rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
 
 /**
@@ -422,7 +421,7 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
  * @param	sym_op	crypto operation
  * @param	sess	security session
  */
-static inline int __rte_experimental
+static inline int
 __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
 			      struct rte_security_session *sess)
 {
@@ -431,13 +430,13 @@ __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
 	return 0;
 }
 
-static inline void * __rte_experimental
+static inline void *
 get_sec_session_private_data(const struct rte_security_session *sess)
 {
 	return sess->sess_private_data;
 }
 
-static inline void __rte_experimental
+static inline void
 set_sec_session_private_data(struct rte_security_session *sess,
 			     void *private_data)
 {
@@ -453,7 +452,7 @@ set_sec_session_private_data(struct rte_security_session *sess,
  * @param	op	crypto operation
  * @param	sess	security session
  */
-static inline int __rte_experimental
+static inline int
 rte_security_attach_session(struct rte_crypto_op *op,
 			    struct rte_security_session *sess)
 {
@@ -500,7 +499,7 @@ struct rte_security_stats {
  *  - On success return 0
  *  - On failure errno
  */
-int __rte_experimental
+int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
 			       struct rte_security_session *sess,
 			       struct rte_security_stats *stats);
@@ -608,7 +607,7 @@ struct rte_security_capability_idx {
  *   - Returns array of security capabilities.
  *   - Return NULL if no capabilities available.
  */
-const struct rte_security_capability * __rte_experimental
+const struct rte_security_capability *
 rte_security_capabilities_get(struct rte_security_ctx *instance);
 
 /**
@@ -622,7 +621,7 @@ rte_security_capabilities_get(struct rte_security_ctx *instance);
  *     index criteria.
  *   - Return NULL if the capability not matched on security instance.
  */
-const struct rte_security_capability * __rte_experimental
+const struct rte_security_capability *
 rte_security_capability_get(struct rte_security_ctx *instance,
 			    struct rte_security_capability_idx *idx);
 
diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h
index 42f42ff..1b561f8 100644
--- a/lib/librte_security/rte_security_driver.h
+++ b/lib/librte_security/rte_security_driver.h
@@ -8,7 +8,6 @@
 
 /**
  * @file rte_security_driver.h
- * @b EXPERIMENTAL: this API may change without prior notice
  *
  * RTE Security Common Definitions
  *
diff --git a/lib/librte_security/rte_security_version.map b/lib/librte_security/rte_security_version.map
index 5a1c8ae..a77ca4b 100644
--- a/lib/librte_security/rte_security_version.map
+++ b/lib/librte_security/rte_security_version.map
@@ -1,4 +1,4 @@
-EXPERIMENTAL {
+DPDK_18.11 {
 	global:
 
 	rte_security_attach_session;
-- 
2.7.4

Re: [dpdk-dev] [PATCH] security: remove experimental tag

[Ananyev, Konstantin]

Hi Akhil,

> -----Original Message-----
> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> Sent: Tuesday, November 13, 2018 11:28 AM
> To: dev@dpdk.org
> Cc: thomas@monjalon.net; Ananyev, Konstantin <konstantin.ananyev@intel.com>; jerin.jacob@caviumnetworks.com;
> anoob.joseph@caviumnetworks.com; Nicolau, Radu <radu.nicolau@intel.com>; Doherty, Declan <declan.doherty@intel.com>; Hemant
> Agrawal <hemant.agrawal@nxp.com>; Akhil Goyal <akhil.goyal@nxp.com>
> Subject: [PATCH] security: remove experimental tag
> 
> rte_security has been experimental since DPDK 17.11 release.
> Now the library has matured and expermental tag is removed in
> this patch.

I agree that it is present for a while in dpdk.org,
but as I can see we still have unimplemented API here.
Which makes me doubt that it is ok to remove experimental tag from it.
Konstantin

> 
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> ---
>  MAINTAINERS                                  |  2 +-
>  lib/librte_security/Makefile                 |  1 -
>  lib/librte_security/meson.build              |  1 -
>  lib/librte_security/rte_security.c           | 18 +++++++++---------
>  lib/librte_security/rte_security.h           | 27 +++++++++++++--------------
>  lib/librte_security/rte_security_driver.h    |  1 -
>  lib/librte_security/rte_security_version.map |  2 +-
>  7 files changed, 24 insertions(+), 28 deletions(-)
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 19353ac..bdd6747 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -347,7 +347,7 @@ F: lib/librte_cryptodev/
>  F: test/test/test_cryptodev*
>  F: examples/l2fwd-crypto/
> 
> -Security API - EXPERIMENTAL
> +Security API
>  M: Akhil Goyal <akhil.goyal@nxp.com>
>  M: Declan Doherty <declan.doherty@intel.com>
>  T: git://dpdk.org/next/dpdk-next-crypto
> diff --git a/lib/librte_security/Makefile b/lib/librte_security/Makefile
> index 8daebea..bd92343 100644
> --- a/lib/librte_security/Makefile
> +++ b/lib/librte_security/Makefile
> @@ -10,7 +10,6 @@ LIB = librte_security.a
>  LIBABIVER := 1
> 
>  # build flags
> -CFLAGS += -DALLOW_EXPERIMENTAL_API
>  CFLAGS += -O3
>  CFLAGS += $(WERROR_FLAGS)
>  LDLIBS += -lrte_eal -lrte_mempool
> diff --git a/lib/librte_security/meson.build b/lib/librte_security/meson.build
> index 4c85894..532953f 100644
> --- a/lib/librte_security/meson.build
> +++ b/lib/librte_security/meson.build
> @@ -1,7 +1,6 @@
>  # SPDX-License-Identifier: BSD-3-Clause
>  # Copyright(c) 2017 Intel Corporation
> 
> -allow_experimental_apis = true
>  sources = files('rte_security.c')
>  headers = files('rte_security.h', 'rte_security_driver.h')
>  deps += ['mempool', 'cryptodev']
> diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
> index c6355de..bc81ce1 100644
> --- a/lib/librte_security/rte_security.c
> +++ b/lib/librte_security/rte_security.c
> @@ -10,7 +10,7 @@
>  #include "rte_security_driver.h"
> 
>  struct rte_security_session *
> -__rte_experimental rte_security_session_create(struct rte_security_ctx *instance,
> +rte_security_session_create(struct rte_security_ctx *instance,
>  			    struct rte_security_session_conf *conf,
>  			    struct rte_mempool *mp)
>  {
> @@ -33,7 +33,7 @@ __rte_experimental rte_security_session_create(struct rte_security_ctx *instance
>  	return sess;
>  }
> 
> -int __rte_experimental
> +int
>  rte_security_session_update(struct rte_security_ctx *instance,
>  			    struct rte_security_session *sess,
>  			    struct rte_security_session_conf *conf)
> @@ -42,14 +42,14 @@ rte_security_session_update(struct rte_security_ctx *instance,
>  	return instance->ops->session_update(instance->device, sess, conf);
>  }
> 
> -unsigned int __rte_experimental
> +unsigned int
>  rte_security_session_get_size(struct rte_security_ctx *instance)
>  {
>  	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
>  	return instance->ops->session_get_size(instance->device);
>  }
> 
> -int __rte_experimental
> +int
>  rte_security_session_stats_get(struct rte_security_ctx *instance,
>  			       struct rte_security_session *sess,
>  			       struct rte_security_stats *stats)
> @@ -58,7 +58,7 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
>  	return instance->ops->session_stats_get(instance->device, sess, stats);
>  }
> 
> -int __rte_experimental
> +int
>  rte_security_session_destroy(struct rte_security_ctx *instance,
>  			     struct rte_security_session *sess)
>  {
> @@ -76,7 +76,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
>  	return ret;
>  }
> 
> -int __rte_experimental
> +int
>  rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>  			      struct rte_security_session *sess,
>  			      struct rte_mbuf *m, void *params)
> @@ -86,7 +86,7 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>  					       sess, m, params);
>  }
> 
> -void * __rte_experimental
> +void *
>  rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
>  {
>  	void *userdata = NULL;
> @@ -98,14 +98,14 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
>  	return userdata;
>  }
> 
> -const struct rte_security_capability * __rte_experimental
> +const struct rte_security_capability *
>  rte_security_capabilities_get(struct rte_security_ctx *instance)
>  {
>  	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
>  	return instance->ops->capabilities_get(instance->device);
>  }
> 
> -const struct rte_security_capability * __rte_experimental
> +const struct rte_security_capability *
>  rte_security_capability_get(struct rte_security_ctx *instance,
>  			    struct rte_security_capability_idx *idx)
>  {
> diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
> index 1431b4d..e07b132 100644
> --- a/lib/librte_security/rte_security.h
> +++ b/lib/librte_security/rte_security.h
> @@ -8,7 +8,6 @@
> 
>  /**
>   * @file rte_security.h
> - * @b EXPERIMENTAL: this API may change without prior notice
>   *
>   * RTE Security Common Definitions
>   *
> @@ -330,7 +329,7 @@ struct rte_security_session {
>   *  - On success, pointer to session
>   *  - On failure, NULL
>   */
> -struct rte_security_session * __rte_experimental
> +struct rte_security_session *
>  rte_security_session_create(struct rte_security_ctx *instance,
>  			    struct rte_security_session_conf *conf,
>  			    struct rte_mempool *mp);
> @@ -345,7 +344,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
>   *  - On success returns 0
>   *  - On failure return errno
>   */
> -int __rte_experimental
> +int
>  rte_security_session_update(struct rte_security_ctx *instance,
>  			    struct rte_security_session *sess,
>  			    struct rte_security_session_conf *conf);
> @@ -359,7 +358,7 @@ rte_security_session_update(struct rte_security_ctx *instance,
>   *   - Size of the private data, if successful
>   *   - 0 if device is invalid or does not support the operation.
>   */
> -unsigned int __rte_experimental
> +unsigned int
>  rte_security_session_get_size(struct rte_security_ctx *instance);
> 
>  /**
> @@ -374,7 +373,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance);
>   *  - -EINVAL if session is NULL.
>   *  - -EBUSY if not all device private data has been freed.
>   */
> -int __rte_experimental
> +int
>  rte_security_session_destroy(struct rte_security_ctx *instance,
>  			     struct rte_security_session *sess);
> 
> @@ -391,7 +390,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
>   *  - On success, zero.
>   *  - On failure, a negative value.
>   */
> -int __rte_experimental
> +int
>  rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>  			      struct rte_security_session *sess,
>  			      struct rte_mbuf *mb, void *params);
> @@ -413,7 +412,7 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>   *  - On success, userdata
>   *  - On failure, NULL
>   */
> -void * __rte_experimental
> +void *
>  rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
> 
>  /**
> @@ -422,7 +421,7 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
>   * @param	sym_op	crypto operation
>   * @param	sess	security session
>   */
> -static inline int __rte_experimental
> +static inline int
>  __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
>  			      struct rte_security_session *sess)
>  {
> @@ -431,13 +430,13 @@ __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
>  	return 0;
>  }
> 
> -static inline void * __rte_experimental
> +static inline void *
>  get_sec_session_private_data(const struct rte_security_session *sess)
>  {
>  	return sess->sess_private_data;
>  }
> 
> -static inline void __rte_experimental
> +static inline void
>  set_sec_session_private_data(struct rte_security_session *sess,
>  			     void *private_data)
>  {
> @@ -453,7 +452,7 @@ set_sec_session_private_data(struct rte_security_session *sess,
>   * @param	op	crypto operation
>   * @param	sess	security session
>   */
> -static inline int __rte_experimental
> +static inline int
>  rte_security_attach_session(struct rte_crypto_op *op,
>  			    struct rte_security_session *sess)
>  {
> @@ -500,7 +499,7 @@ struct rte_security_stats {
>   *  - On success return 0
>   *  - On failure errno
>   */
> -int __rte_experimental
> +int
>  rte_security_session_stats_get(struct rte_security_ctx *instance,
>  			       struct rte_security_session *sess,
>  			       struct rte_security_stats *stats);
> @@ -608,7 +607,7 @@ struct rte_security_capability_idx {
>   *   - Returns array of security capabilities.
>   *   - Return NULL if no capabilities available.
>   */
> -const struct rte_security_capability * __rte_experimental
> +const struct rte_security_capability *
>  rte_security_capabilities_get(struct rte_security_ctx *instance);
> 
>  /**
> @@ -622,7 +621,7 @@ rte_security_capabilities_get(struct rte_security_ctx *instance);
>   *     index criteria.
>   *   - Return NULL if the capability not matched on security instance.
>   */
> -const struct rte_security_capability * __rte_experimental
> +const struct rte_security_capability *
>  rte_security_capability_get(struct rte_security_ctx *instance,
>  			    struct rte_security_capability_idx *idx);
> 
> diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h
> index 42f42ff..1b561f8 100644
> --- a/lib/librte_security/rte_security_driver.h
> +++ b/lib/librte_security/rte_security_driver.h
> @@ -8,7 +8,6 @@
> 
>  /**
>   * @file rte_security_driver.h
> - * @b EXPERIMENTAL: this API may change without prior notice
>   *
>   * RTE Security Common Definitions
>   *
> diff --git a/lib/librte_security/rte_security_version.map b/lib/librte_security/rte_security_version.map
> index 5a1c8ae..a77ca4b 100644
> --- a/lib/librte_security/rte_security_version.map
> +++ b/lib/librte_security/rte_security_version.map
> @@ -1,4 +1,4 @@
> -EXPERIMENTAL {
> +DPDK_18.11 {
>  	global:
> 
>  	rte_security_attach_session;
> --
> 2.7.4

Re: [dpdk-dev] [PATCH] security: remove experimental tag

[Akhil Goyal]

Hi Konstantin,

On 11/13/2018 5:19 PM, Ananyev, Konstantin wrote:
> Hi Akhil,
>
>> -----Original Message-----
>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>> Sent: Tuesday, November 13, 2018 11:28 AM
>> To: dev@dpdk.org
>> Cc: thomas@monjalon.net; Ananyev, Konstantin <konstantin.ananyev@intel.com>; jerin.jacob@caviumnetworks.com;
>> anoob.joseph@caviumnetworks.com; Nicolau, Radu <radu.nicolau@intel.com>; Doherty, Declan <declan.doherty@intel.com>; Hemant
>> Agrawal <hemant.agrawal@nxp.com>; Akhil Goyal <akhil.goyal@nxp.com>
>> Subject: [PATCH] security: remove experimental tag
>>
>> rte_security has been experimental since DPDK 17.11 release.
>> Now the library has matured and expermental tag is removed in
>> this patch.
> I agree that it is present for a while in dpdk.org,
> but as I can see we still have unimplemented API here.
> Which makes me doubt that it is ok to remove experimental tag from it.
> Konstantin
3 vendors(Intel/Cavium/NXP) have tested their PMDs on security and made 
the changes that they need.
Which APIs are missing? I believe addition of protocols is not an issue 
even if we remove experimental tag.

-Akhil
>> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
>> ---
>>   MAINTAINERS                                  |  2 +-
>>   lib/librte_security/Makefile                 |  1 -
>>   lib/librte_security/meson.build              |  1 -
>>   lib/librte_security/rte_security.c           | 18 +++++++++---------
>>   lib/librte_security/rte_security.h           | 27 +++++++++++++--------------
>>   lib/librte_security/rte_security_driver.h    |  1 -
>>   lib/librte_security/rte_security_version.map |  2 +-
>>   7 files changed, 24 insertions(+), 28 deletions(-)
>>
>> diff --git a/MAINTAINERS b/MAINTAINERS
>> index 19353ac..bdd6747 100644
>> --- a/MAINTAINERS
>> +++ b/MAINTAINERS
>> @@ -347,7 +347,7 @@ F: lib/librte_cryptodev/
>>   F: test/test/test_cryptodev*
>>   F: examples/l2fwd-crypto/
>>
>> -Security API - EXPERIMENTAL
>> +Security API
>>   M: Akhil Goyal <akhil.goyal@nxp.com>
>>   M: Declan Doherty <declan.doherty@intel.com>
>>   T: git://dpdk.org/next/dpdk-next-crypto
>> diff --git a/lib/librte_security/Makefile b/lib/librte_security/Makefile
>> index 8daebea..bd92343 100644
>> --- a/lib/librte_security/Makefile
>> +++ b/lib/librte_security/Makefile
>> @@ -10,7 +10,6 @@ LIB = librte_security.a
>>   LIBABIVER := 1
>>
>>   # build flags
>> -CFLAGS += -DALLOW_EXPERIMENTAL_API
>>   CFLAGS += -O3
>>   CFLAGS += $(WERROR_FLAGS)
>>   LDLIBS += -lrte_eal -lrte_mempool
>> diff --git a/lib/librte_security/meson.build b/lib/librte_security/meson.build
>> index 4c85894..532953f 100644
>> --- a/lib/librte_security/meson.build
>> +++ b/lib/librte_security/meson.build
>> @@ -1,7 +1,6 @@
>>   # SPDX-License-Identifier: BSD-3-Clause
>>   # Copyright(c) 2017 Intel Corporation
>>
>> -allow_experimental_apis = true
>>   sources = files('rte_security.c')
>>   headers = files('rte_security.h', 'rte_security_driver.h')
>>   deps += ['mempool', 'cryptodev']
>> diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
>> index c6355de..bc81ce1 100644
>> --- a/lib/librte_security/rte_security.c
>> +++ b/lib/librte_security/rte_security.c
>> @@ -10,7 +10,7 @@
>>   #include "rte_security_driver.h"
>>
>>   struct rte_security_session *
>> -__rte_experimental rte_security_session_create(struct rte_security_ctx *instance,
>> +rte_security_session_create(struct rte_security_ctx *instance,
>>   			    struct rte_security_session_conf *conf,
>>   			    struct rte_mempool *mp)
>>   {
>> @@ -33,7 +33,7 @@ __rte_experimental rte_security_session_create(struct rte_security_ctx *instance
>>   	return sess;
>>   }
>>
>> -int __rte_experimental
>> +int
>>   rte_security_session_update(struct rte_security_ctx *instance,
>>   			    struct rte_security_session *sess,
>>   			    struct rte_security_session_conf *conf)
>> @@ -42,14 +42,14 @@ rte_security_session_update(struct rte_security_ctx *instance,
>>   	return instance->ops->session_update(instance->device, sess, conf);
>>   }
>>
>> -unsigned int __rte_experimental
>> +unsigned int
>>   rte_security_session_get_size(struct rte_security_ctx *instance)
>>   {
>>   	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
>>   	return instance->ops->session_get_size(instance->device);
>>   }
>>
>> -int __rte_experimental
>> +int
>>   rte_security_session_stats_get(struct rte_security_ctx *instance,
>>   			       struct rte_security_session *sess,
>>   			       struct rte_security_stats *stats)
>> @@ -58,7 +58,7 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
>>   	return instance->ops->session_stats_get(instance->device, sess, stats);
>>   }
>>
>> -int __rte_experimental
>> +int
>>   rte_security_session_destroy(struct rte_security_ctx *instance,
>>   			     struct rte_security_session *sess)
>>   {
>> @@ -76,7 +76,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
>>   	return ret;
>>   }
>>
>> -int __rte_experimental
>> +int
>>   rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>>   			      struct rte_security_session *sess,
>>   			      struct rte_mbuf *m, void *params)
>> @@ -86,7 +86,7 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>>   					       sess, m, params);
>>   }
>>
>> -void * __rte_experimental
>> +void *
>>   rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
>>   {
>>   	void *userdata = NULL;
>> @@ -98,14 +98,14 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
>>   	return userdata;
>>   }
>>
>> -const struct rte_security_capability * __rte_experimental
>> +const struct rte_security_capability *
>>   rte_security_capabilities_get(struct rte_security_ctx *instance)
>>   {
>>   	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
>>   	return instance->ops->capabilities_get(instance->device);
>>   }
>>
>> -const struct rte_security_capability * __rte_experimental
>> +const struct rte_security_capability *
>>   rte_security_capability_get(struct rte_security_ctx *instance,
>>   			    struct rte_security_capability_idx *idx)
>>   {
>> diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
>> index 1431b4d..e07b132 100644
>> --- a/lib/librte_security/rte_security.h
>> +++ b/lib/librte_security/rte_security.h
>> @@ -8,7 +8,6 @@
>>
>>   /**
>>    * @file rte_security.h
>> - * @b EXPERIMENTAL: this API may change without prior notice
>>    *
>>    * RTE Security Common Definitions
>>    *
>> @@ -330,7 +329,7 @@ struct rte_security_session {
>>    *  - On success, pointer to session
>>    *  - On failure, NULL
>>    */
>> -struct rte_security_session * __rte_experimental
>> +struct rte_security_session *
>>   rte_security_session_create(struct rte_security_ctx *instance,
>>   			    struct rte_security_session_conf *conf,
>>   			    struct rte_mempool *mp);
>> @@ -345,7 +344,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
>>    *  - On success returns 0
>>    *  - On failure return errno
>>    */
>> -int __rte_experimental
>> +int
>>   rte_security_session_update(struct rte_security_ctx *instance,
>>   			    struct rte_security_session *sess,
>>   			    struct rte_security_session_conf *conf);
>> @@ -359,7 +358,7 @@ rte_security_session_update(struct rte_security_ctx *instance,
>>    *   - Size of the private data, if successful
>>    *   - 0 if device is invalid or does not support the operation.
>>    */
>> -unsigned int __rte_experimental
>> +unsigned int
>>   rte_security_session_get_size(struct rte_security_ctx *instance);
>>
>>   /**
>> @@ -374,7 +373,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance);
>>    *  - -EINVAL if session is NULL.
>>    *  - -EBUSY if not all device private data has been freed.
>>    */
>> -int __rte_experimental
>> +int
>>   rte_security_session_destroy(struct rte_security_ctx *instance,
>>   			     struct rte_security_session *sess);
>>
>> @@ -391,7 +390,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
>>    *  - On success, zero.
>>    *  - On failure, a negative value.
>>    */
>> -int __rte_experimental
>> +int
>>   rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>>   			      struct rte_security_session *sess,
>>   			      struct rte_mbuf *mb, void *params);
>> @@ -413,7 +412,7 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>>    *  - On success, userdata
>>    *  - On failure, NULL
>>    */
>> -void * __rte_experimental
>> +void *
>>   rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
>>
>>   /**
>> @@ -422,7 +421,7 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
>>    * @param	sym_op	crypto operation
>>    * @param	sess	security session
>>    */
>> -static inline int __rte_experimental
>> +static inline int
>>   __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
>>   			      struct rte_security_session *sess)
>>   {
>> @@ -431,13 +430,13 @@ __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
>>   	return 0;
>>   }
>>
>> -static inline void * __rte_experimental
>> +static inline void *
>>   get_sec_session_private_data(const struct rte_security_session *sess)
>>   {
>>   	return sess->sess_private_data;
>>   }
>>
>> -static inline void __rte_experimental
>> +static inline void
>>   set_sec_session_private_data(struct rte_security_session *sess,
>>   			     void *private_data)
>>   {
>> @@ -453,7 +452,7 @@ set_sec_session_private_data(struct rte_security_session *sess,
>>    * @param	op	crypto operation
>>    * @param	sess	security session
>>    */
>> -static inline int __rte_experimental
>> +static inline int
>>   rte_security_attach_session(struct rte_crypto_op *op,
>>   			    struct rte_security_session *sess)
>>   {
>> @@ -500,7 +499,7 @@ struct rte_security_stats {
>>    *  - On success return 0
>>    *  - On failure errno
>>    */
>> -int __rte_experimental
>> +int
>>   rte_security_session_stats_get(struct rte_security_ctx *instance,
>>   			       struct rte_security_session *sess,
>>   			       struct rte_security_stats *stats);
>> @@ -608,7 +607,7 @@ struct rte_security_capability_idx {
>>    *   - Returns array of security capabilities.
>>    *   - Return NULL if no capabilities available.
>>    */
>> -const struct rte_security_capability * __rte_experimental
>> +const struct rte_security_capability *
>>   rte_security_capabilities_get(struct rte_security_ctx *instance);
>>
>>   /**
>> @@ -622,7 +621,7 @@ rte_security_capabilities_get(struct rte_security_ctx *instance);
>>    *     index criteria.
>>    *   - Return NULL if the capability not matched on security instance.
>>    */
>> -const struct rte_security_capability * __rte_experimental
>> +const struct rte_security_capability *
>>   rte_security_capability_get(struct rte_security_ctx *instance,
>>   			    struct rte_security_capability_idx *idx);
>>
>> diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h
>> index 42f42ff..1b561f8 100644
>> --- a/lib/librte_security/rte_security_driver.h
>> +++ b/lib/librte_security/rte_security_driver.h
>> @@ -8,7 +8,6 @@
>>
>>   /**
>>    * @file rte_security_driver.h
>> - * @b EXPERIMENTAL: this API may change without prior notice
>>    *
>>    * RTE Security Common Definitions
>>    *
>> diff --git a/lib/librte_security/rte_security_version.map b/lib/librte_security/rte_security_version.map
>> index 5a1c8ae..a77ca4b 100644
>> --- a/lib/librte_security/rte_security_version.map
>> +++ b/lib/librte_security/rte_security_version.map
>> @@ -1,4 +1,4 @@
>> -EXPERIMENTAL {
>> +DPDK_18.11 {
>>   	global:
>>
>>   	rte_security_attach_session;
>> --
>> 2.7.4

Re: [dpdk-dev] [PATCH] security: remove experimental tag

[Ananyev, Konstantin]

> 
> Hi Konstantin,
> 
> On 11/13/2018 5:19 PM, Ananyev, Konstantin wrote:
> > Hi Akhil,
> >
> >> -----Original Message-----
> >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> >> Sent: Tuesday, November 13, 2018 11:28 AM
> >> To: dev@dpdk.org
> >> Cc: thomas@monjalon.net; Ananyev, Konstantin <konstantin.ananyev@intel.com>; jerin.jacob@caviumnetworks.com;
> >> anoob.joseph@caviumnetworks.com; Nicolau, Radu <radu.nicolau@intel.com>; Doherty, Declan <declan.doherty@intel.com>; Hemant
> >> Agrawal <hemant.agrawal@nxp.com>; Akhil Goyal <akhil.goyal@nxp.com>
> >> Subject: [PATCH] security: remove experimental tag
> >>
> >> rte_security has been experimental since DPDK 17.11 release.
> >> Now the library has matured and expermental tag is removed in
> >> this patch.
> > I agree that it is present for a while in dpdk.org,
> > but as I can see we still have unimplemented API here.
> > Which makes me doubt that it is ok to remove experimental tag from it.
> > Konstantin
> 3 vendors(Intel/Cavium/NXP) have tested their PMDs on security and made
> the changes that they need.
> Which APIs are missing? 

What I am aware about:
a) rte_security_ops. get_userdata
b) RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL
c) rte_security_capability.ol_flags:
    RTE_SECURITY_PDCP_ORDERING_CAP
    RTE_SECURITY_PDCP_DUP_DETECT_CAP
    RTE_SECURITY_TX_HW_TRAILER_OFFLOAD
    RTE_SECURITY_RX_HW_TRAILER_OFFLOAD

>I believe addition of protocols is not an issue
> even if we remove experimental tag.

After another thought - it is probably unfair to keep whole lib
as experimental because few things are missing.
But I think things that are unimplemented (or related to them)
need to stay in 'experimental' state.
Konstantin

> 
> -Akhil
> >> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> >> ---
> >>   MAINTAINERS                                  |  2 +-
> >>   lib/librte_security/Makefile                 |  1 -
> >>   lib/librte_security/meson.build              |  1 -
> >>   lib/librte_security/rte_security.c           | 18 +++++++++---------
> >>   lib/librte_security/rte_security.h           | 27 +++++++++++++--------------
> >>   lib/librte_security/rte_security_driver.h    |  1 -
> >>   lib/librte_security/rte_security_version.map |  2 +-
> >>   7 files changed, 24 insertions(+), 28 deletions(-)
> >>
> >> diff --git a/MAINTAINERS b/MAINTAINERS
> >> index 19353ac..bdd6747 100644
> >> --- a/MAINTAINERS
> >> +++ b/MAINTAINERS
> >> @@ -347,7 +347,7 @@ F: lib/librte_cryptodev/
> >>   F: test/test/test_cryptodev*
> >>   F: examples/l2fwd-crypto/
> >>
> >> -Security API - EXPERIMENTAL
> >> +Security API
> >>   M: Akhil Goyal <akhil.goyal@nxp.com>
> >>   M: Declan Doherty <declan.doherty@intel.com>
> >>   T: git://dpdk.org/next/dpdk-next-crypto
> >> diff --git a/lib/librte_security/Makefile b/lib/librte_security/Makefile
> >> index 8daebea..bd92343 100644
> >> --- a/lib/librte_security/Makefile
> >> +++ b/lib/librte_security/Makefile
> >> @@ -10,7 +10,6 @@ LIB = librte_security.a
> >>   LIBABIVER := 1
> >>
> >>   # build flags
> >> -CFLAGS += -DALLOW_EXPERIMENTAL_API
> >>   CFLAGS += -O3
> >>   CFLAGS += $(WERROR_FLAGS)
> >>   LDLIBS += -lrte_eal -lrte_mempool
> >> diff --git a/lib/librte_security/meson.build b/lib/librte_security/meson.build
> >> index 4c85894..532953f 100644
> >> --- a/lib/librte_security/meson.build
> >> +++ b/lib/librte_security/meson.build
> >> @@ -1,7 +1,6 @@
> >>   # SPDX-License-Identifier: BSD-3-Clause
> >>   # Copyright(c) 2017 Intel Corporation
> >>
> >> -allow_experimental_apis = true
> >>   sources = files('rte_security.c')
> >>   headers = files('rte_security.h', 'rte_security_driver.h')
> >>   deps += ['mempool', 'cryptodev']
> >> diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
> >> index c6355de..bc81ce1 100644
> >> --- a/lib/librte_security/rte_security.c
> >> +++ b/lib/librte_security/rte_security.c
> >> @@ -10,7 +10,7 @@
> >>   #include "rte_security_driver.h"
> >>
> >>   struct rte_security_session *
> >> -__rte_experimental rte_security_session_create(struct rte_security_ctx *instance,
> >> +rte_security_session_create(struct rte_security_ctx *instance,
> >>   			    struct rte_security_session_conf *conf,
> >>   			    struct rte_mempool *mp)
> >>   {
> >> @@ -33,7 +33,7 @@ __rte_experimental rte_security_session_create(struct rte_security_ctx *instance
> >>   	return sess;
> >>   }
> >>
> >> -int __rte_experimental
> >> +int
> >>   rte_security_session_update(struct rte_security_ctx *instance,
> >>   			    struct rte_security_session *sess,
> >>   			    struct rte_security_session_conf *conf)
> >> @@ -42,14 +42,14 @@ rte_security_session_update(struct rte_security_ctx *instance,
> >>   	return instance->ops->session_update(instance->device, sess, conf);
> >>   }
> >>
> >> -unsigned int __rte_experimental
> >> +unsigned int
> >>   rte_security_session_get_size(struct rte_security_ctx *instance)
> >>   {
> >>   	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
> >>   	return instance->ops->session_get_size(instance->device);
> >>   }
> >>
> >> -int __rte_experimental
> >> +int
> >>   rte_security_session_stats_get(struct rte_security_ctx *instance,
> >>   			       struct rte_security_session *sess,
> >>   			       struct rte_security_stats *stats)
> >> @@ -58,7 +58,7 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
> >>   	return instance->ops->session_stats_get(instance->device, sess, stats);
> >>   }
> >>
> >> -int __rte_experimental
> >> +int
> >>   rte_security_session_destroy(struct rte_security_ctx *instance,
> >>   			     struct rte_security_session *sess)
> >>   {
> >> @@ -76,7 +76,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
> >>   	return ret;
> >>   }
> >>
> >> -int __rte_experimental
> >> +int
> >>   rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
> >>   			      struct rte_security_session *sess,
> >>   			      struct rte_mbuf *m, void *params)
> >> @@ -86,7 +86,7 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
> >>   					       sess, m, params);
> >>   }
> >>
> >> -void * __rte_experimental
> >> +void *
> >>   rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
> >>   {
> >>   	void *userdata = NULL;
> >> @@ -98,14 +98,14 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
> >>   	return userdata;
> >>   }
> >>
> >> -const struct rte_security_capability * __rte_experimental
> >> +const struct rte_security_capability *
> >>   rte_security_capabilities_get(struct rte_security_ctx *instance)
> >>   {
> >>   	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
> >>   	return instance->ops->capabilities_get(instance->device);
> >>   }
> >>
> >> -const struct rte_security_capability * __rte_experimental
> >> +const struct rte_security_capability *
> >>   rte_security_capability_get(struct rte_security_ctx *instance,
> >>   			    struct rte_security_capability_idx *idx)
> >>   {
> >> diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
> >> index 1431b4d..e07b132 100644
> >> --- a/lib/librte_security/rte_security.h
> >> +++ b/lib/librte_security/rte_security.h
> >> @@ -8,7 +8,6 @@
> >>
> >>   /**
> >>    * @file rte_security.h
> >> - * @b EXPERIMENTAL: this API may change without prior notice
> >>    *
> >>    * RTE Security Common Definitions
> >>    *
> >> @@ -330,7 +329,7 @@ struct rte_security_session {
> >>    *  - On success, pointer to session
> >>    *  - On failure, NULL
> >>    */
> >> -struct rte_security_session * __rte_experimental
> >> +struct rte_security_session *
> >>   rte_security_session_create(struct rte_security_ctx *instance,
> >>   			    struct rte_security_session_conf *conf,
> >>   			    struct rte_mempool *mp);
> >> @@ -345,7 +344,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
> >>    *  - On success returns 0
> >>    *  - On failure return errno
> >>    */
> >> -int __rte_experimental
> >> +int
> >>   rte_security_session_update(struct rte_security_ctx *instance,
> >>   			    struct rte_security_session *sess,
> >>   			    struct rte_security_session_conf *conf);
> >> @@ -359,7 +358,7 @@ rte_security_session_update(struct rte_security_ctx *instance,
> >>    *   - Size of the private data, if successful
> >>    *   - 0 if device is invalid or does not support the operation.
> >>    */
> >> -unsigned int __rte_experimental
> >> +unsigned int
> >>   rte_security_session_get_size(struct rte_security_ctx *instance);
> >>
> >>   /**
> >> @@ -374,7 +373,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance);
> >>    *  - -EINVAL if session is NULL.
> >>    *  - -EBUSY if not all device private data has been freed.
> >>    */
> >> -int __rte_experimental
> >> +int
> >>   rte_security_session_destroy(struct rte_security_ctx *instance,
> >>   			     struct rte_security_session *sess);
> >>
> >> @@ -391,7 +390,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
> >>    *  - On success, zero.
> >>    *  - On failure, a negative value.
> >>    */
> >> -int __rte_experimental
> >> +int
> >>   rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
> >>   			      struct rte_security_session *sess,
> >>   			      struct rte_mbuf *mb, void *params);
> >> @@ -413,7 +412,7 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
> >>    *  - On success, userdata
> >>    *  - On failure, NULL
> >>    */
> >> -void * __rte_experimental
> >> +void *
> >>   rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
> >>
> >>   /**
> >> @@ -422,7 +421,7 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
> >>    * @param	sym_op	crypto operation
> >>    * @param	sess	security session
> >>    */
> >> -static inline int __rte_experimental
> >> +static inline int
> >>   __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
> >>   			      struct rte_security_session *sess)
> >>   {
> >> @@ -431,13 +430,13 @@ __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
> >>   	return 0;
> >>   }
> >>
> >> -static inline void * __rte_experimental
> >> +static inline void *
> >>   get_sec_session_private_data(const struct rte_security_session *sess)
> >>   {
> >>   	return sess->sess_private_data;
> >>   }
> >>
> >> -static inline void __rte_experimental
> >> +static inline void
> >>   set_sec_session_private_data(struct rte_security_session *sess,
> >>   			     void *private_data)
> >>   {
> >> @@ -453,7 +452,7 @@ set_sec_session_private_data(struct rte_security_session *sess,
> >>    * @param	op	crypto operation
> >>    * @param	sess	security session
> >>    */
> >> -static inline int __rte_experimental
> >> +static inline int
> >>   rte_security_attach_session(struct rte_crypto_op *op,
> >>   			    struct rte_security_session *sess)
> >>   {
> >> @@ -500,7 +499,7 @@ struct rte_security_stats {
> >>    *  - On success return 0
> >>    *  - On failure errno
> >>    */
> >> -int __rte_experimental
> >> +int
> >>   rte_security_session_stats_get(struct rte_security_ctx *instance,
> >>   			       struct rte_security_session *sess,
> >>   			       struct rte_security_stats *stats);
> >> @@ -608,7 +607,7 @@ struct rte_security_capability_idx {
> >>    *   - Returns array of security capabilities.
> >>    *   - Return NULL if no capabilities available.
> >>    */
> >> -const struct rte_security_capability * __rte_experimental
> >> +const struct rte_security_capability *
> >>   rte_security_capabilities_get(struct rte_security_ctx *instance);
> >>
> >>   /**
> >> @@ -622,7 +621,7 @@ rte_security_capabilities_get(struct rte_security_ctx *instance);
> >>    *     index criteria.
> >>    *   - Return NULL if the capability not matched on security instance.
> >>    */
> >> -const struct rte_security_capability * __rte_experimental
> >> +const struct rte_security_capability *
> >>   rte_security_capability_get(struct rte_security_ctx *instance,
> >>   			    struct rte_security_capability_idx *idx);
> >>
> >> diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h
> >> index 42f42ff..1b561f8 100644
> >> --- a/lib/librte_security/rte_security_driver.h
> >> +++ b/lib/librte_security/rte_security_driver.h
> >> @@ -8,7 +8,6 @@
> >>
> >>   /**
> >>    * @file rte_security_driver.h
> >> - * @b EXPERIMENTAL: this API may change without prior notice
> >>    *
> >>    * RTE Security Common Definitions
> >>    *
> >> diff --git a/lib/librte_security/rte_security_version.map b/lib/librte_security/rte_security_version.map
> >> index 5a1c8ae..a77ca4b 100644
> >> --- a/lib/librte_security/rte_security_version.map
> >> +++ b/lib/librte_security/rte_security_version.map
> >> @@ -1,4 +1,4 @@
> >> -EXPERIMENTAL {
> >> +DPDK_18.11 {
> >>   	global:
> >>
> >>   	rte_security_attach_session;
> >> --
> >> 2.7.4

Re: [dpdk-dev] [PATCH] security: remove experimental tag

[Akhil Goyal]

> 
> Hi Konstantin,
> 
> On 11/13/2018 5:19 PM, Ananyev, Konstantin wrote:
> > Hi Akhil,
> >
> >> -----Original Message-----
> >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> >> Sent: Tuesday, November 13, 2018 11:28 AM
> >> To: dev@dpdk.org
> >> Cc: thomas@monjalon.net; Ananyev, Konstantin 
> >> <konstantin.ananyev@intel.com>; jerin.jacob@caviumnetworks.com; 
> >> anoob.joseph@caviumnetworks.com; Nicolau, Radu 
> >> <radu.nicolau@intel.com>; Doherty, Declan 
> >> <declan.doherty@intel.com>; Hemant Agrawal 
> >> <hemant.agrawal@nxp.com>; Akhil Goyal <akhil.goyal@nxp.com>
> >> Subject: [PATCH] security: remove experimental tag
> >>
> >> rte_security has been experimental since DPDK 17.11 release.
> >> Now the library has matured and expermental tag is removed in this 
> >> patch.
> > I agree that it is present for a while in dpdk.org, but as I can see 
> > we still have unimplemented API here.
> > Which makes me doubt that it is ok to remove experimental tag from it.
> > Konstantin
> 3 vendors(Intel/Cavium/NXP) have tested their PMDs on security and 
> made the changes that they need.
> Which APIs are missing? 

What I am aware about:
a) rte_security_ops. get_userdata
[Akhil] I believe Cavium added some patches in ipsec-secgw app for its usage and I believe they do have implementation for that. Also I cannot see any changes in rte_security for its support in PMDs.

b) RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL

[Akhil] Cavium supports it.

c) rte_security_capability.ol_flags:
    RTE_SECURITY_PDCP_ORDERING_CAP
    RTE_SECURITY_PDCP_DUP_DETECT_CAP

[Akhil] PDCP is not currently supported by any of the vendors except NXP and NXP do not support these capabilities.
For this also, I don’t see any change in the library. It would be only PMD which needs to support it.

    RTE_SECURITY_TX_HW_TRAILER_OFFLOAD
    RTE_SECURITY_RX_HW_TRAILER_OFFLOAD

[Akhil] Same here, these are all PMD capabilities which do not require any change in rte_security.

>I believe addition of protocols is not an issue  even if we remove 
>experimental tag.

After another thought - it is probably unfair to keep whole lib as experimental because few things are missing.
But I think things that are unimplemented (or related to them) need to stay in 'experimental' state.

[Akhil] I do not foresee any changes in library, so I believe experimental is not required. Please correct me if this is incorrect understanding.

Konstantin

> 
> -Akhil

Re: [dpdk-dev] [PATCH] security: remove experimental tag

[Ananyev, Konstantin]

> > >> -----Original Message-----
> > >> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> > >> Sent: Tuesday, November 13, 2018 11:28 AM
> > >> To: dev@dpdk.org
> > >> Cc: thomas@monjalon.net; Ananyev, Konstantin
> > >> <konstantin.ananyev@intel.com>; jerin.jacob@caviumnetworks.com;
> > >> anoob.joseph@caviumnetworks.com; Nicolau, Radu
> > >> <radu.nicolau@intel.com>; Doherty, Declan
> > >> <declan.doherty@intel.com>; Hemant Agrawal
> > >> <hemant.agrawal@nxp.com>; Akhil Goyal <akhil.goyal@nxp.com>
> > >> Subject: [PATCH] security: remove experimental tag
> > >>
> > >> rte_security has been experimental since DPDK 17.11 release.
> > >> Now the library has matured and expermental tag is removed in this
> > >> patch.
> > > I agree that it is present for a while in dpdk.org, but as I can see
> > > we still have unimplemented API here.
> > > Which makes me doubt that it is ok to remove experimental tag from it.
> > > Konstantin
> > 3 vendors(Intel/Cavium/NXP) have tested their PMDs on security and
> > made the changes that they need.
> > Which APIs are missing?
> 
> What I am aware about:
> a) rte_security_ops. get_userdata
> [Akhil] I believe Cavium added some patches in ipsec-secgw app for its usage and I believe they do have implementation for that.

ipsec-secgw has some code that refers it, but at present moment there is no PMD in dpdk.org that supports it
(at least I can't find any).

> Also I
> cannot see any changes in rte_security for its support in PMDs.

Might be, but wouldn't you expect function to be at least implemented
to call it 'mature'?

> 
> b) RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL
> 
> [Akhil] Cavium supports it.

Might be, but again it is not in dpdk.org right now
(AFAIK it is planned for 19.02).

> 
> c) rte_security_capability.ol_flags:
>     RTE_SECURITY_PDCP_ORDERING_CAP
>     RTE_SECURITY_PDCP_DUP_DETECT_CAP
> 
> [Akhil] PDCP is not currently supported by any of the vendors except NXP and NXP do not support these capabilities.
> For this also, I don’t see any change in the library. It would be only PMD which needs to support it.
> 
>     RTE_SECURITY_TX_HW_TRAILER_OFFLOAD
>     RTE_SECURITY_RX_HW_TRAILER_OFFLOAD
> 
> [Akhil] Same here, these are all PMD capabilities which do not require any change in rte_security.

Without real implementation, how can we be certain about it?
Might be while implementing feature X we would realize that something else is needed.
Another question - what users who build their products on top of rte_security
have to do?
Should they include support for all these unimplemented capabilities into their
code or not?
Considering the fact, that right now there is no way for them to test/try it.

> 
> >I believe addition of protocols is not an issue  even if we remove
> >experimental tag.
> 
> After another thought - it is probably unfair to keep whole lib as experimental because few things are missing.
> But I think things that are unimplemented (or related to them) need to stay in 'experimental' state.
> 
> [Akhil] I do not foresee any changes in library, so I believe experimental is not required. Please correct me if this is incorrect understanding.

The only change I am personally plan to do in 19.02 -
add opaque userdata field into rte_security_session:
struct rte_security_session {
 	void *sess_private_data;
 	/**< Private session material */
+	uint64_t userdata;
+	/**< Opaque user defined data */
 };

Might be in future extra changes would be needed to pass ipsec
sqn/replay_window data between HW/SW.
Not aware about any other changes.
Though these future changes is not my main concern.
After all we have a defined process for making changes into non-experimental API.
I just don't see how we can consider API that has un-implemented parts as a 'mature'.
Probably we have different views on what experimental/mature API means.
From my perspective to name it a 'mature' it needs to at least to be implemented and
tested (proved working),  plus stable enough(not major changes coming).
Konstantin

Re: [dpdk-dev] [PATCH] security: remove experimental tag

[Hemant Agrawal]

On 11/13/2018 9:06 PM, Ananyev, Konstantin wrote:
>
>>>>> -----Original Message-----
>>>>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>>>>> Sent: Tuesday, November 13, 2018 11:28 AM
>>>>> To: dev@dpdk.org
>>>>> Cc: thomas@monjalon.net; Ananyev, Konstantin
>>>>> <konstantin.ananyev@intel.com>; jerin.jacob@caviumnetworks.com;
>>>>> anoob.joseph@caviumnetworks.com; Nicolau, Radu
>>>>> <radu.nicolau@intel.com>; Doherty, Declan
>>>>> <declan.doherty@intel.com>; Hemant Agrawal
>>>>> <hemant.agrawal@nxp.com>; Akhil Goyal <akhil.goyal@nxp.com>
>>>>> Subject: [PATCH] security: remove experimental tag
>>>>>
>>>>> rte_security has been experimental since DPDK 17.11 release.
>>>>> Now the library has matured and expermental tag is removed in this
>>>>> patch.
>>>> I agree that it is present for a while in dpdk.org, but as I can see
>>>> we still have unimplemented API here.
>>>> Which makes me doubt that it is ok to remove experimental tag from it.
>>>> Konstantin
>>> 3 vendors(Intel/Cavium/NXP) have tested their PMDs on security and
>>> made the changes that they need.
>>> Which APIs are missing?
>> What I am aware about:
>> a) rte_security_ops. get_userdata
>> [Akhil] I believe Cavium added some patches in ipsec-secgw app for its usage and I believe they do have implementation for that.
> ipsec-secgw has some code that refers it, but at present moment there is no PMD in dpdk.org that supports it
> (at least I can't find any).
>
>> Also I
>> cannot see any changes in rte_security for its support in PMDs.
> Might be, but wouldn't you expect function to be at least implemented
> to call it 'mature'?
>
>> b) RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL
>>
>> [Akhil] Cavium supports it.
> Might be, but again it is not in dpdk.org right now
> (AFAIK it is planned for 19.02).
>
>> c) rte_security_capability.ol_flags:
>>      RTE_SECURITY_PDCP_ORDERING_CAP
>>      RTE_SECURITY_PDCP_DUP_DETECT_CAP
>>
>> [Akhil] PDCP is not currently supported by any of the vendors except NXP and NXP do not support these capabilities.
>> For this also, I don’t see any change in the library. It would be only PMD which needs to support it.
>>
>>      RTE_SECURITY_TX_HW_TRAILER_OFFLOAD
>>      RTE_SECURITY_RX_HW_TRAILER_OFFLOAD
>>
>> [Akhil] Same here, these are all PMD capabilities which do not require any change in rte_security.
> Without real implementation, how can we be certain about it?
> Might be while implementing feature X we would realize that something else is needed.
> Another question - what users who build their products on top of rte_security
> have to do?
> Should they include support for all these unimplemented capabilities into their
> code or not?
> Considering the fact, that right now there is no way for them to test/try it.
>
>>> I believe addition of protocols is not an issue  even if we remove
>>> experimental tag.
>> After another thought - it is probably unfair to keep whole lib as experimental because few things are missing.
>> But I think things that are unimplemented (or related to them) need to stay in 'experimental' state.
>>
>> [Akhil] I do not foresee any changes in library, so I believe experimental is not required. Please correct me if this is incorrect understanding.
> The only change I am personally plan to do in 19.02 -
> add opaque userdata field into rte_security_session:
> struct rte_security_session {
>   	void *sess_private_data;
>   	/**< Private session material */
> +	uint64_t userdata;
> +	/**< Opaque user defined data */
>   };
>
> Might be in future extra changes would be needed to pass ipsec
> sqn/replay_window data between HW/SW.
> Not aware about any other changes.
> Though these future changes is not my main concern.
> After all we have a defined process for making changes into non-experimental API.
> I just don't see how we can consider API that has un-implemented parts as a 'mature'.
> Probably we have different views on what experimental/mature API means.
>  From my perspective to name it a 'mature' it needs to at least to be implemented and
> tested (proved working),  plus stable enough(not major changes coming).

NXP want to start pushing the IPSEC offload etc to VPP and other 
projects, but it needs to come out of experimental first.

Other projects will not adapt to it till it come out of experimental tag.

It can be a different kind of debate and problem.  When we proposed the 
original APIs, we only provided APIs supported by NXP. However other 
vendors jumped in and suggested them to make them more generic. But 
these vendors are yet to implement them. e.g. We have not yet seen 
Mellanox providing their rte_security driver yet, but they contributed 
few of the APIs.  Now should we wait indefinately to get implementation 
of those APIs.

Note that in some cases segregating them in experimental and 
non-experimental is not feasible.

The similar case is with PDCP,  the original APIs we proposed was 
supported by NXP driver. However when Cavium reviewed it and provided 
suggestions, we ended up adding few extra things for their completeness. 
Now, NXP don't support/implement them and others vendors are not yet 
implementing them.

so, will it never come out of experimental?

I think except few APIs, we shall make it non-experimental and if any 
one need any changes, they need to come with standard route.


> Konstantin

Re: [dpdk-dev] [PATCH] security: remove experimental tag

[Ananyev, Konstantin]

> 
> On 11/13/2018 9:06 PM, Ananyev, Konstantin wrote:
> >
> >>>>> -----Original Message-----
> >>>>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
> >>>>> Sent: Tuesday, November 13, 2018 11:28 AM
> >>>>> To: dev@dpdk.org
> >>>>> Cc: thomas@monjalon.net; Ananyev, Konstantin
> >>>>> <konstantin.ananyev@intel.com>; jerin.jacob@caviumnetworks.com;
> >>>>> anoob.joseph@caviumnetworks.com; Nicolau, Radu
> >>>>> <radu.nicolau@intel.com>; Doherty, Declan
> >>>>> <declan.doherty@intel.com>; Hemant Agrawal
> >>>>> <hemant.agrawal@nxp.com>; Akhil Goyal <akhil.goyal@nxp.com>
> >>>>> Subject: [PATCH] security: remove experimental tag
> >>>>>
> >>>>> rte_security has been experimental since DPDK 17.11 release.
> >>>>> Now the library has matured and expermental tag is removed in this
> >>>>> patch.
> >>>> I agree that it is present for a while in dpdk.org, but as I can see
> >>>> we still have unimplemented API here.
> >>>> Which makes me doubt that it is ok to remove experimental tag from it.
> >>>> Konstantin
> >>> 3 vendors(Intel/Cavium/NXP) have tested their PMDs on security and
> >>> made the changes that they need.
> >>> Which APIs are missing?
> >> What I am aware about:
> >> a) rte_security_ops. get_userdata
> >> [Akhil] I believe Cavium added some patches in ipsec-secgw app for its usage and I believe they do have implementation for that.
> > ipsec-secgw has some code that refers it, but at present moment there is no PMD in dpdk.org that supports it
> > (at least I can't find any).
> >
> >> Also I
> >> cannot see any changes in rte_security for its support in PMDs.
> > Might be, but wouldn't you expect function to be at least implemented
> > to call it 'mature'?
> >
> >> b) RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL
> >>
> >> [Akhil] Cavium supports it.
> > Might be, but again it is not in dpdk.org right now
> > (AFAIK it is planned for 19.02).
> >
> >> c) rte_security_capability.ol_flags:
> >>      RTE_SECURITY_PDCP_ORDERING_CAP
> >>      RTE_SECURITY_PDCP_DUP_DETECT_CAP
> >>
> >> [Akhil] PDCP is not currently supported by any of the vendors except NXP and NXP do not support these capabilities.
> >> For this also, I don’t see any change in the library. It would be only PMD which needs to support it.
> >>
> >>      RTE_SECURITY_TX_HW_TRAILER_OFFLOAD
> >>      RTE_SECURITY_RX_HW_TRAILER_OFFLOAD
> >>
> >> [Akhil] Same here, these are all PMD capabilities which do not require any change in rte_security.
> > Without real implementation, how can we be certain about it?
> > Might be while implementing feature X we would realize that something else is needed.
> > Another question - what users who build their products on top of rte_security
> > have to do?
> > Should they include support for all these unimplemented capabilities into their
> > code or not?
> > Considering the fact, that right now there is no way for them to test/try it.
> >
> >>> I believe addition of protocols is not an issue  even if we remove
> >>> experimental tag.
> >> After another thought - it is probably unfair to keep whole lib as experimental because few things are missing.
> >> But I think things that are unimplemented (or related to them) need to stay in 'experimental' state.
> >>
> >> [Akhil] I do not foresee any changes in library, so I believe experimental is not required. Please correct me if this is incorrect
> understanding.
> > The only change I am personally plan to do in 19.02 -
> > add opaque userdata field into rte_security_session:
> > struct rte_security_session {
> >   	void *sess_private_data;
> >   	/**< Private session material */
> > +	uint64_t userdata;
> > +	/**< Opaque user defined data */
> >   };
> >
> > Might be in future extra changes would be needed to pass ipsec
> > sqn/replay_window data between HW/SW.
> > Not aware about any other changes.
> > Though these future changes is not my main concern.
> > After all we have a defined process for making changes into non-experimental API.
> > I just don't see how we can consider API that has un-implemented parts as a 'mature'.
> > Probably we have different views on what experimental/mature API means.
> >  From my perspective to name it a 'mature' it needs to at least to be implemented and
> > tested (proved working),  plus stable enough(not major changes coming).
> 
> NXP want to start pushing the IPSEC offload etc to VPP and other
> projects, but it needs to come out of experimental first.
> 
> Other projects will not adapt to it till it come out of experimental tag.
> 
> It can be a different kind of debate and problem.  When we proposed the
> original APIs, we only provided APIs supported by NXP. However other
> vendors jumped in and suggested them to make them more generic. But
> these vendors are yet to implement them. e.g. We have not yet seen
> Mellanox providing their rte_security driver yet, but they contributed
> few of the APIs.  Now should we wait indefinately to get implementation
> of those APIs.
> 
> Note that in some cases segregating them in experimental and
> non-experimental is not feasible.
> 
> The similar case is with PDCP,  the original APIs we proposed was
> supported by NXP driver. However when Cavium reviewed it and provided
> suggestions, we ended up adding few extra things for their completeness.
> Now, NXP don't support/implement them and others vendors are not yet
> implementing them.
> 
> so, will it never come out of experimental?

Probably the only way to avoid such situation in future -
don't accept API without actual implementation.

> 
> I think except few APIs, we shall make it non-experimental and if any
> one need any changes, they need to come with standard route.

Ok, no objections from my side to that.
Konstantin

Re: [dpdk-dev] [PATCH] security: remove experimental tag

[Joseph, Anoob]

Acked-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>

> -----Original Message-----
> From: Akhil Goyal <akhil.goyal@nxp.com>
> Sent: 13 November 2018 16:58
> To: dev@dpdk.org
> Cc: thomas@monjalon.net; konstantin.ananyev@intel.com; Jacob, Jerin
> <Jerin.JacobKollanukkaran@cavium.com>; Joseph, Anoob
> <Anoob.Joseph@cavium.com>; radu.nicolau@intel.com;
> declan.doherty@intel.com; Hemant Agrawal <hemant.agrawal@nxp.com>;
> Akhil Goyal <akhil.goyal@nxp.com>
> Subject: [PATCH] security: remove experimental tag
> 
> External Email
> 
> rte_security has been experimental since DPDK 17.11 release.
> Now the library has matured and expermental tag is removed in this patch.
> 
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> ---
>  MAINTAINERS                                  |  2 +-
>  lib/librte_security/Makefile                 |  1 -
>  lib/librte_security/meson.build              |  1 -
>  lib/librte_security/rte_security.c           | 18 +++++++++---------
>  lib/librte_security/rte_security.h           | 27 +++++++++++++--------------
>  lib/librte_security/rte_security_driver.h    |  1 -
>  lib/librte_security/rte_security_version.map |  2 +-
>  7 files changed, 24 insertions(+), 28 deletions(-)
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 19353ac..bdd6747 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -347,7 +347,7 @@ F: lib/librte_cryptodev/
>  F: test/test/test_cryptodev*
>  F: examples/l2fwd-crypto/
> 
> -Security API - EXPERIMENTAL
> +Security API
>  M: Akhil Goyal <akhil.goyal@nxp.com>
>  M: Declan Doherty <declan.doherty@intel.com>
>  T: git://dpdk.org/next/dpdk-next-crypto
> diff --git a/lib/librte_security/Makefile b/lib/librte_security/Makefile index
> 8daebea..bd92343 100644
> --- a/lib/librte_security/Makefile
> +++ b/lib/librte_security/Makefile
> @@ -10,7 +10,6 @@ LIB = librte_security.a  LIBABIVER := 1
> 
>  # build flags
> -CFLAGS += -DALLOW_EXPERIMENTAL_API
>  CFLAGS += -O3
>  CFLAGS += $(WERROR_FLAGS)
>  LDLIBS += -lrte_eal -lrte_mempool
> diff --git a/lib/librte_security/meson.build b/lib/librte_security/meson.build
> index 4c85894..532953f 100644
> --- a/lib/librte_security/meson.build
> +++ b/lib/librte_security/meson.build
> @@ -1,7 +1,6 @@
>  # SPDX-License-Identifier: BSD-3-Clause  # Copyright(c) 2017 Intel Corporation
> 
> -allow_experimental_apis = true
>  sources = files('rte_security.c')
>  headers = files('rte_security.h', 'rte_security_driver.h')  deps += ['mempool',
> 'cryptodev'] diff --git a/lib/librte_security/rte_security.c
> b/lib/librte_security/rte_security.c
> index c6355de..bc81ce1 100644
> --- a/lib/librte_security/rte_security.c
> +++ b/lib/librte_security/rte_security.c
> @@ -10,7 +10,7 @@
>  #include "rte_security_driver.h"
> 
>  struct rte_security_session *
> -__rte_experimental rte_security_session_create(struct rte_security_ctx
> *instance,
> +rte_security_session_create(struct rte_security_ctx *instance,
>                             struct rte_security_session_conf *conf,
>                             struct rte_mempool *mp)  { @@ -33,7 +33,7 @@
> __rte_experimental rte_security_session_create(struct rte_security_ctx
> *instance
>         return sess;
>  }
> 
> -int __rte_experimental
> +int
>  rte_security_session_update(struct rte_security_ctx *instance,
>                             struct rte_security_session *sess,
>                             struct rte_security_session_conf *conf) @@ -42,14 +42,14 @@
> rte_security_session_update(struct rte_security_ctx *instance,
>         return instance->ops->session_update(instance->device, sess, conf);  }
> 
> -unsigned int __rte_experimental
> +unsigned int
>  rte_security_session_get_size(struct rte_security_ctx *instance)  {
>         RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
>         return instance->ops->session_get_size(instance->device);
>  }
> 
> -int __rte_experimental
> +int
>  rte_security_session_stats_get(struct rte_security_ctx *instance,
>                                struct rte_security_session *sess,
>                                struct rte_security_stats *stats) @@ -58,7 +58,7 @@
> rte_security_session_stats_get(struct rte_security_ctx *instance,
>         return instance->ops->session_stats_get(instance->device, sess, stats);  }
> 
> -int __rte_experimental
> +int
>  rte_security_session_destroy(struct rte_security_ctx *instance,
>                              struct rte_security_session *sess)  { @@ -76,7 +76,7 @@
> rte_security_session_destroy(struct rte_security_ctx *instance,
>         return ret;
>  }
> 
> -int __rte_experimental
> +int
>  rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>                               struct rte_security_session *sess,
>                               struct rte_mbuf *m, void *params) @@ -86,7 +86,7 @@
> rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>                                                sess, m, params);  }
> 
> -void * __rte_experimental
> +void *
>  rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)  {
>         void *userdata = NULL;
> @@ -98,14 +98,14 @@ rte_security_get_userdata(struct rte_security_ctx
> *instance, uint64_t md)
>         return userdata;
>  }
> 
> -const struct rte_security_capability * __rte_experimental
> +const struct rte_security_capability *
>  rte_security_capabilities_get(struct rte_security_ctx *instance)  {
>         RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
>         return instance->ops->capabilities_get(instance->device);
>  }
> 
> -const struct rte_security_capability * __rte_experimental
> +const struct rte_security_capability *
>  rte_security_capability_get(struct rte_security_ctx *instance,
>                             struct rte_security_capability_idx *idx)  { diff --git
> a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
> index 1431b4d..e07b132 100644
> --- a/lib/librte_security/rte_security.h
> +++ b/lib/librte_security/rte_security.h
> @@ -8,7 +8,6 @@
> 
>  /**
>   * @file rte_security.h
> - * @b EXPERIMENTAL: this API may change without prior notice
>   *
>   * RTE Security Common Definitions
>   *
> @@ -330,7 +329,7 @@ struct rte_security_session {
>   *  - On success, pointer to session
>   *  - On failure, NULL
>   */
> -struct rte_security_session * __rte_experimental
> +struct rte_security_session *
>  rte_security_session_create(struct rte_security_ctx *instance,
>                             struct rte_security_session_conf *conf,
>                             struct rte_mempool *mp); @@ -345,7 +344,7 @@
> rte_security_session_create(struct rte_security_ctx *instance,
>   *  - On success returns 0
>   *  - On failure return errno
>   */
> -int __rte_experimental
> +int
>  rte_security_session_update(struct rte_security_ctx *instance,
>                             struct rte_security_session *sess,
>                             struct rte_security_session_conf *conf); @@ -359,7 +358,7 @@
> rte_security_session_update(struct rte_security_ctx *instance,
>   *   - Size of the private data, if successful
>   *   - 0 if device is invalid or does not support the operation.
>   */
> -unsigned int __rte_experimental
> +unsigned int
>  rte_security_session_get_size(struct rte_security_ctx *instance);
> 
>  /**
> @@ -374,7 +373,7 @@ rte_security_session_get_size(struct rte_security_ctx
> *instance);
>   *  - -EINVAL if session is NULL.
>   *  - -EBUSY if not all device private data has been freed.
>   */
> -int __rte_experimental
> +int
>  rte_security_session_destroy(struct rte_security_ctx *instance,
>                              struct rte_security_session *sess);
> 
> @@ -391,7 +390,7 @@ rte_security_session_destroy(struct rte_security_ctx
> *instance,
>   *  - On success, zero.
>   *  - On failure, a negative value.
>   */
> -int __rte_experimental
> +int
>  rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>                               struct rte_security_session *sess,
>                               struct rte_mbuf *mb, void *params); @@ -413,7 +412,7 @@
> rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>   *  - On success, userdata
>   *  - On failure, NULL
>   */
> -void * __rte_experimental
> +void *
>  rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
> 
>  /**
> @@ -422,7 +421,7 @@ rte_security_get_userdata(struct rte_security_ctx
> *instance, uint64_t md);
>   * @param      sym_op  crypto operation
>   * @param      sess    security session
>   */
> -static inline int __rte_experimental
> +static inline int
>  __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
>                               struct rte_security_session *sess)  { @@ -431,13 +430,13 @@
> __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
>         return 0;
>  }
> 
> -static inline void * __rte_experimental
> +static inline void *
>  get_sec_session_private_data(const struct rte_security_session *sess)  {
>         return sess->sess_private_data;
>  }
> 
> -static inline void __rte_experimental
> +static inline void
>  set_sec_session_private_data(struct rte_security_session *sess,
>                              void *private_data)  { @@ -453,7 +452,7 @@
> set_sec_session_private_data(struct rte_security_session *sess,
>   * @param      op      crypto operation
>   * @param      sess    security session
>   */
> -static inline int __rte_experimental
> +static inline int
>  rte_security_attach_session(struct rte_crypto_op *op,
>                             struct rte_security_session *sess)  { @@ -500,7 +499,7 @@
> struct rte_security_stats {
>   *  - On success return 0
>   *  - On failure errno
>   */
> -int __rte_experimental
> +int
>  rte_security_session_stats_get(struct rte_security_ctx *instance,
>                                struct rte_security_session *sess,
>                                struct rte_security_stats *stats); @@ -608,7 +607,7 @@ struct
> rte_security_capability_idx {
>   *   - Returns array of security capabilities.
>   *   - Return NULL if no capabilities available.
>   */
> -const struct rte_security_capability * __rte_experimental
> +const struct rte_security_capability *
>  rte_security_capabilities_get(struct rte_security_ctx *instance);
> 
>  /**
> @@ -622,7 +621,7 @@ rte_security_capabilities_get(struct rte_security_ctx
> *instance);
>   *     index criteria.
>   *   - Return NULL if the capability not matched on security instance.
>   */
> -const struct rte_security_capability * __rte_experimental
> +const struct rte_security_capability *
>  rte_security_capability_get(struct rte_security_ctx *instance,
>                             struct rte_security_capability_idx *idx);
> 
> diff --git a/lib/librte_security/rte_security_driver.h
> b/lib/librte_security/rte_security_driver.h
> index 42f42ff..1b561f8 100644
> --- a/lib/librte_security/rte_security_driver.h
> +++ b/lib/librte_security/rte_security_driver.h
> @@ -8,7 +8,6 @@
> 
>  /**
>   * @file rte_security_driver.h
> - * @b EXPERIMENTAL: this API may change without prior notice
>   *
>   * RTE Security Common Definitions
>   *
> diff --git a/lib/librte_security/rte_security_version.map
> b/lib/librte_security/rte_security_version.map
> index 5a1c8ae..a77ca4b 100644
> --- a/lib/librte_security/rte_security_version.map
> +++ b/lib/librte_security/rte_security_version.map
> @@ -1,4 +1,4 @@
> -EXPERIMENTAL {
> +DPDK_18.11 {
>         global:
> 
>         rte_security_attach_session;
> --
> 2.7.4

Re: [dpdk-dev] [PATCH] security: remove experimental tag

[Hemant Agrawal]

Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>

On 11/13/2018 4:58 PM, Akhil Goyal wrote:
> rte_security has been experimental since DPDK 17.11 release.
> Now the library has matured and expermental tag is removed in
> this patch.
>
>

Re: [dpdk-dev] [PATCH] security: remove experimental tag

[Boris Pismenny]

Acked-By: Boris Pismenny <borisp@mellanox.com>

> -----Original Message-----
> From: dev <dev-bounces@dpdk.org> On Behalf Of Akhil Goyal
> Sent: Tuesday, November 13, 2018 3:28 AM
> To: dev@dpdk.org
> Cc: Thomas Monjalon <thomas@monjalon.net>;
> konstantin.ananyev@intel.com; jerin.jacob@caviumnetworks.com;
> anoob.joseph@caviumnetworks.com; radu.nicolau@intel.com;
> declan.doherty@intel.com; Hemant Agrawal <hemant.agrawal@nxp.com>;
> Akhil Goyal <akhil.goyal@nxp.com>
> Subject: [dpdk-dev] [PATCH] security: remove experimental tag
> 
> rte_security has been experimental since DPDK 17.11 release.
> Now the library has matured and expermental tag is removed in this patch.
> 
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> ---
>  MAINTAINERS                                  |  2 +-
>  lib/librte_security/Makefile                 |  1 -
>  lib/librte_security/meson.build              |  1 -
>  lib/librte_security/rte_security.c           | 18 +++++++++---------
>  lib/librte_security/rte_security.h           | 27 +++++++++++++--------------
>  lib/librte_security/rte_security_driver.h    |  1 -
>  lib/librte_security/rte_security_version.map |  2 +-
>  7 files changed, 24 insertions(+), 28 deletions(-)
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 19353ac..bdd6747 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -347,7 +347,7 @@ F: lib/librte_cryptodev/
>  F: test/test/test_cryptodev*
>  F: examples/l2fwd-crypto/
> 
> -Security API - EXPERIMENTAL
> +Security API
>  M: Akhil Goyal <akhil.goyal@nxp.com>
>  M: Declan Doherty <declan.doherty@intel.com>
>  T: git://dpdk.org/next/dpdk-next-crypto
> diff --git a/lib/librte_security/Makefile b/lib/librte_security/Makefile index
> 8daebea..bd92343 100644
> --- a/lib/librte_security/Makefile
> +++ b/lib/librte_security/Makefile
> @@ -10,7 +10,6 @@ LIB = librte_security.a  LIBABIVER := 1
> 
>  # build flags
> -CFLAGS += -DALLOW_EXPERIMENTAL_API
>  CFLAGS += -O3
>  CFLAGS += $(WERROR_FLAGS)
>  LDLIBS += -lrte_eal -lrte_mempool
> diff --git a/lib/librte_security/meson.build b/lib/librte_security/meson.build
> index 4c85894..532953f 100644
> --- a/lib/librte_security/meson.build
> +++ b/lib/librte_security/meson.build
> @@ -1,7 +1,6 @@
>  # SPDX-License-Identifier: BSD-3-Clause  # Copyright(c) 2017 Intel
> Corporation
> 
> -allow_experimental_apis = true
>  sources = files('rte_security.c')
>  headers = files('rte_security.h', 'rte_security_driver.h')  deps += ['mempool',
> 'cryptodev'] diff --git a/lib/librte_security/rte_security.c
> b/lib/librte_security/rte_security.c
> index c6355de..bc81ce1 100644
> --- a/lib/librte_security/rte_security.c
> +++ b/lib/librte_security/rte_security.c
> @@ -10,7 +10,7 @@
>  #include "rte_security_driver.h"
> 
>  struct rte_security_session *
> -__rte_experimental rte_security_session_create(struct rte_security_ctx
> *instance,
> +rte_security_session_create(struct rte_security_ctx *instance,
>  			    struct rte_security_session_conf *conf,
>  			    struct rte_mempool *mp)
>  {
> @@ -33,7 +33,7 @@ __rte_experimental rte_security_session_create(struct
> rte_security_ctx *instance
>  	return sess;
>  }
> 
> -int __rte_experimental
> +int
>  rte_security_session_update(struct rte_security_ctx *instance,
>  			    struct rte_security_session *sess,
>  			    struct rte_security_session_conf *conf) @@ -42,14
> +42,14 @@ rte_security_session_update(struct rte_security_ctx *instance,
>  	return instance->ops->session_update(instance->device, sess,
> conf);  }
> 
> -unsigned int __rte_experimental
> +unsigned int
>  rte_security_session_get_size(struct rte_security_ctx *instance)  {
>  	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
>  	return instance->ops->session_get_size(instance->device);
>  }
> 
> -int __rte_experimental
> +int
>  rte_security_session_stats_get(struct rte_security_ctx *instance,
>  			       struct rte_security_session *sess,
>  			       struct rte_security_stats *stats) @@ -58,7 +58,7
> @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
>  	return instance->ops->session_stats_get(instance->device, sess,
> stats);  }
> 
> -int __rte_experimental
> +int
>  rte_security_session_destroy(struct rte_security_ctx *instance,
>  			     struct rte_security_session *sess)  { @@ -76,7
> +76,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
>  	return ret;
>  }
> 
> -int __rte_experimental
> +int
>  rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>  			      struct rte_security_session *sess,
>  			      struct rte_mbuf *m, void *params) @@ -86,7
> +86,7 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>  					       sess, m, params);
>  }
> 
> -void * __rte_experimental
> +void *
>  rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)  {
>  	void *userdata = NULL;
> @@ -98,14 +98,14 @@ rte_security_get_userdata(struct rte_security_ctx
> *instance, uint64_t md)
>  	return userdata;
>  }
> 
> -const struct rte_security_capability * __rte_experimental
> +const struct rte_security_capability *
>  rte_security_capabilities_get(struct rte_security_ctx *instance)  {
>  	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get,
> NULL);
>  	return instance->ops->capabilities_get(instance->device);
>  }
> 
> -const struct rte_security_capability * __rte_experimental
> +const struct rte_security_capability *
>  rte_security_capability_get(struct rte_security_ctx *instance,
>  			    struct rte_security_capability_idx *idx)  { diff --git
> a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
> index 1431b4d..e07b132 100644
> --- a/lib/librte_security/rte_security.h
> +++ b/lib/librte_security/rte_security.h
> @@ -8,7 +8,6 @@
> 
>  /**
>   * @file rte_security.h
> - * @b EXPERIMENTAL: this API may change without prior notice
>   *
>   * RTE Security Common Definitions
>   *
> @@ -330,7 +329,7 @@ struct rte_security_session {
>   *  - On success, pointer to session
>   *  - On failure, NULL
>   */
> -struct rte_security_session * __rte_experimental
> +struct rte_security_session *
>  rte_security_session_create(struct rte_security_ctx *instance,
>  			    struct rte_security_session_conf *conf,
>  			    struct rte_mempool *mp);
> @@ -345,7 +344,7 @@ rte_security_session_create(struct rte_security_ctx
> *instance,
>   *  - On success returns 0
>   *  - On failure return errno
>   */
> -int __rte_experimental
> +int
>  rte_security_session_update(struct rte_security_ctx *instance,
>  			    struct rte_security_session *sess,
>  			    struct rte_security_session_conf *conf); @@ -
> 359,7 +358,7 @@ rte_security_session_update(struct rte_security_ctx
> *instance,
>   *   - Size of the private data, if successful
>   *   - 0 if device is invalid or does not support the operation.
>   */
> -unsigned int __rte_experimental
> +unsigned int
>  rte_security_session_get_size(struct rte_security_ctx *instance);
> 
>  /**
> @@ -374,7 +373,7 @@ rte_security_session_get_size(struct rte_security_ctx
> *instance);
>   *  - -EINVAL if session is NULL.
>   *  - -EBUSY if not all device private data has been freed.
>   */
> -int __rte_experimental
> +int
>  rte_security_session_destroy(struct rte_security_ctx *instance,
>  			     struct rte_security_session *sess);
> 
> @@ -391,7 +390,7 @@ rte_security_session_destroy(struct rte_security_ctx
> *instance,
>   *  - On success, zero.
>   *  - On failure, a negative value.
>   */
> -int __rte_experimental
> +int
>  rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>  			      struct rte_security_session *sess,
>  			      struct rte_mbuf *mb, void *params); @@ -413,7
> +412,7 @@ rte_security_set_pkt_metadata(struct rte_security_ctx
> *instance,
>   *  - On success, userdata
>   *  - On failure, NULL
>   */
> -void * __rte_experimental
> +void *
>  rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
> 
>  /**
> @@ -422,7 +421,7 @@ rte_security_get_userdata(struct rte_security_ctx
> *instance, uint64_t md);
>   * @param	sym_op	crypto operation
>   * @param	sess	security session
>   */
> -static inline int __rte_experimental
> +static inline int
>  __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
>  			      struct rte_security_session *sess)  { @@ -431,13
> +430,13 @@ __rte_security_attach_session(struct rte_crypto_sym_op
> *sym_op,
>  	return 0;
>  }
> 
> -static inline void * __rte_experimental
> +static inline void *
>  get_sec_session_private_data(const struct rte_security_session *sess)  {
>  	return sess->sess_private_data;
>  }
> 
> -static inline void __rte_experimental
> +static inline void
>  set_sec_session_private_data(struct rte_security_session *sess,
>  			     void *private_data)
>  {
> @@ -453,7 +452,7 @@ set_sec_session_private_data(struct
> rte_security_session *sess,
>   * @param	op	crypto operation
>   * @param	sess	security session
>   */
> -static inline int __rte_experimental
> +static inline int
>  rte_security_attach_session(struct rte_crypto_op *op,
>  			    struct rte_security_session *sess)  { @@ -500,7
> +499,7 @@ struct rte_security_stats {
>   *  - On success return 0
>   *  - On failure errno
>   */
> -int __rte_experimental
> +int
>  rte_security_session_stats_get(struct rte_security_ctx *instance,
>  			       struct rte_security_session *sess,
>  			       struct rte_security_stats *stats); @@ -608,7
> +607,7 @@ struct rte_security_capability_idx {
>   *   - Returns array of security capabilities.
>   *   - Return NULL if no capabilities available.
>   */
> -const struct rte_security_capability * __rte_experimental
> +const struct rte_security_capability *
>  rte_security_capabilities_get(struct rte_security_ctx *instance);
> 
>  /**
> @@ -622,7 +621,7 @@ rte_security_capabilities_get(struct rte_security_ctx
> *instance);
>   *     index criteria.
>   *   - Return NULL if the capability not matched on security instance.
>   */
> -const struct rte_security_capability * __rte_experimental
> +const struct rte_security_capability *
>  rte_security_capability_get(struct rte_security_ctx *instance,
>  			    struct rte_security_capability_idx *idx);
> 
> diff --git a/lib/librte_security/rte_security_driver.h
> b/lib/librte_security/rte_security_driver.h
> index 42f42ff..1b561f8 100644
> --- a/lib/librte_security/rte_security_driver.h
> +++ b/lib/librte_security/rte_security_driver.h
> @@ -8,7 +8,6 @@
> 
>  /**
>   * @file rte_security_driver.h
> - * @b EXPERIMENTAL: this API may change without prior notice
>   *
>   * RTE Security Common Definitions
>   *
> diff --git a/lib/librte_security/rte_security_version.map
> b/lib/librte_security/rte_security_version.map
> index 5a1c8ae..a77ca4b 100644
> --- a/lib/librte_security/rte_security_version.map
> +++ b/lib/librte_security/rte_security_version.map
> @@ -1,4 +1,4 @@
> -EXPERIMENTAL {
> +DPDK_18.11 {
>  	global:
> 
>  	rte_security_attach_session;
> --
> 2.7.4

Re: [dpdk-dev] [PATCH] security: remove experimental tag

[Thomas Monjalon]

13/11/2018 12:28, Akhil Goyal:
> rte_security has been experimental since DPDK 17.11 release.
> Now the library has matured and expermental tag is removed in
> this patch.
> 
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>

Acked-by: Anoob Joseph <anoob.joseph@caviumnetworks.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Boris Pismenny <borisp@mellanox.com>

Applied