Re: [dpdk-dev] [PATCH] security: remove experimental tag

[Akhil Goyal <akhil.goyal@nxp.com>]

Hi Konstantin,

On 11/13/2018 5:19 PM, Ananyev, Konstantin wrote:
> Hi Akhil,
>
>> -----Original Message-----
>> From: Akhil Goyal [mailto:akhil.goyal@nxp.com]
>> Sent: Tuesday, November 13, 2018 11:28 AM
>> To: dev@dpdk.org
>> Cc: thomas@monjalon.net; Ananyev, Konstantin <konstantin.ananyev@intel.com>; jerin.jacob@caviumnetworks.com;
>> anoob.joseph@caviumnetworks.com; Nicolau, Radu <radu.nicolau@intel.com>; Doherty, Declan <declan.doherty@intel.com>; Hemant
>> Agrawal <hemant.agrawal@nxp.com>; Akhil Goyal <akhil.goyal@nxp.com>
>> Subject: [PATCH] security: remove experimental tag
>>
>> rte_security has been experimental since DPDK 17.11 release.
>> Now the library has matured and expermental tag is removed in
>> this patch.
> I agree that it is present for a while in dpdk.org,
> but as I can see we still have unimplemented API here.
> Which makes me doubt that it is ok to remove experimental tag from it.
> Konstantin
3 vendors(Intel/Cavium/NXP) have tested their PMDs on security and made 
the changes that they need.
Which APIs are missing? I believe addition of protocols is not an issue 
even if we remove experimental tag.

-Akhil
>> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
>> ---
>>   MAINTAINERS                                  |  2 +-
>>   lib/librte_security/Makefile                 |  1 -
>>   lib/librte_security/meson.build              |  1 -
>>   lib/librte_security/rte_security.c           | 18 +++++++++---------
>>   lib/librte_security/rte_security.h           | 27 +++++++++++++--------------
>>   lib/librte_security/rte_security_driver.h    |  1 -
>>   lib/librte_security/rte_security_version.map |  2 +-
>>   7 files changed, 24 insertions(+), 28 deletions(-)
>>
>> diff --git a/MAINTAINERS b/MAINTAINERS
>> index 19353ac..bdd6747 100644
>> --- a/MAINTAINERS
>> +++ b/MAINTAINERS
>> @@ -347,7 +347,7 @@ F: lib/librte_cryptodev/
>>   F: test/test/test_cryptodev*
>>   F: examples/l2fwd-crypto/
>>
>> -Security API - EXPERIMENTAL
>> +Security API
>>   M: Akhil Goyal <akhil.goyal@nxp.com>
>>   M: Declan Doherty <declan.doherty@intel.com>
>>   T: git://dpdk.org/next/dpdk-next-crypto
>> diff --git a/lib/librte_security/Makefile b/lib/librte_security/Makefile
>> index 8daebea..bd92343 100644
>> --- a/lib/librte_security/Makefile
>> +++ b/lib/librte_security/Makefile
>> @@ -10,7 +10,6 @@ LIB = librte_security.a
>>   LIBABIVER := 1
>>
>>   # build flags
>> -CFLAGS += -DALLOW_EXPERIMENTAL_API
>>   CFLAGS += -O3
>>   CFLAGS += $(WERROR_FLAGS)
>>   LDLIBS += -lrte_eal -lrte_mempool
>> diff --git a/lib/librte_security/meson.build b/lib/librte_security/meson.build
>> index 4c85894..532953f 100644
>> --- a/lib/librte_security/meson.build
>> +++ b/lib/librte_security/meson.build
>> @@ -1,7 +1,6 @@
>>   # SPDX-License-Identifier: BSD-3-Clause
>>   # Copyright(c) 2017 Intel Corporation
>>
>> -allow_experimental_apis = true
>>   sources = files('rte_security.c')
>>   headers = files('rte_security.h', 'rte_security_driver.h')
>>   deps += ['mempool', 'cryptodev']
>> diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
>> index c6355de..bc81ce1 100644
>> --- a/lib/librte_security/rte_security.c
>> +++ b/lib/librte_security/rte_security.c
>> @@ -10,7 +10,7 @@
>>   #include "rte_security_driver.h"
>>
>>   struct rte_security_session *
>> -__rte_experimental rte_security_session_create(struct rte_security_ctx *instance,
>> +rte_security_session_create(struct rte_security_ctx *instance,
>>   			    struct rte_security_session_conf *conf,
>>   			    struct rte_mempool *mp)
>>   {
>> @@ -33,7 +33,7 @@ __rte_experimental rte_security_session_create(struct rte_security_ctx *instance
>>   	return sess;
>>   }
>>
>> -int __rte_experimental
>> +int
>>   rte_security_session_update(struct rte_security_ctx *instance,
>>   			    struct rte_security_session *sess,
>>   			    struct rte_security_session_conf *conf)
>> @@ -42,14 +42,14 @@ rte_security_session_update(struct rte_security_ctx *instance,
>>   	return instance->ops->session_update(instance->device, sess, conf);
>>   }
>>
>> -unsigned int __rte_experimental
>> +unsigned int
>>   rte_security_session_get_size(struct rte_security_ctx *instance)
>>   {
>>   	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->session_get_size, 0);
>>   	return instance->ops->session_get_size(instance->device);
>>   }
>>
>> -int __rte_experimental
>> +int
>>   rte_security_session_stats_get(struct rte_security_ctx *instance,
>>   			       struct rte_security_session *sess,
>>   			       struct rte_security_stats *stats)
>> @@ -58,7 +58,7 @@ rte_security_session_stats_get(struct rte_security_ctx *instance,
>>   	return instance->ops->session_stats_get(instance->device, sess, stats);
>>   }
>>
>> -int __rte_experimental
>> +int
>>   rte_security_session_destroy(struct rte_security_ctx *instance,
>>   			     struct rte_security_session *sess)
>>   {
>> @@ -76,7 +76,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
>>   	return ret;
>>   }
>>
>> -int __rte_experimental
>> +int
>>   rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>>   			      struct rte_security_session *sess,
>>   			      struct rte_mbuf *m, void *params)
>> @@ -86,7 +86,7 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>>   					       sess, m, params);
>>   }
>>
>> -void * __rte_experimental
>> +void *
>>   rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
>>   {
>>   	void *userdata = NULL;
>> @@ -98,14 +98,14 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
>>   	return userdata;
>>   }
>>
>> -const struct rte_security_capability * __rte_experimental
>> +const struct rte_security_capability *
>>   rte_security_capabilities_get(struct rte_security_ctx *instance)
>>   {
>>   	RTE_FUNC_PTR_OR_ERR_RET(*instance->ops->capabilities_get, NULL);
>>   	return instance->ops->capabilities_get(instance->device);
>>   }
>>
>> -const struct rte_security_capability * __rte_experimental
>> +const struct rte_security_capability *
>>   rte_security_capability_get(struct rte_security_ctx *instance,
>>   			    struct rte_security_capability_idx *idx)
>>   {
>> diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
>> index 1431b4d..e07b132 100644
>> --- a/lib/librte_security/rte_security.h
>> +++ b/lib/librte_security/rte_security.h
>> @@ -8,7 +8,6 @@
>>
>>   /**
>>    * @file rte_security.h
>> - * @b EXPERIMENTAL: this API may change without prior notice
>>    *
>>    * RTE Security Common Definitions
>>    *
>> @@ -330,7 +329,7 @@ struct rte_security_session {
>>    *  - On success, pointer to session
>>    *  - On failure, NULL
>>    */
>> -struct rte_security_session * __rte_experimental
>> +struct rte_security_session *
>>   rte_security_session_create(struct rte_security_ctx *instance,
>>   			    struct rte_security_session_conf *conf,
>>   			    struct rte_mempool *mp);
>> @@ -345,7 +344,7 @@ rte_security_session_create(struct rte_security_ctx *instance,
>>    *  - On success returns 0
>>    *  - On failure return errno
>>    */
>> -int __rte_experimental
>> +int
>>   rte_security_session_update(struct rte_security_ctx *instance,
>>   			    struct rte_security_session *sess,
>>   			    struct rte_security_session_conf *conf);
>> @@ -359,7 +358,7 @@ rte_security_session_update(struct rte_security_ctx *instance,
>>    *   - Size of the private data, if successful
>>    *   - 0 if device is invalid or does not support the operation.
>>    */
>> -unsigned int __rte_experimental
>> +unsigned int
>>   rte_security_session_get_size(struct rte_security_ctx *instance);
>>
>>   /**
>> @@ -374,7 +373,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance);
>>    *  - -EINVAL if session is NULL.
>>    *  - -EBUSY if not all device private data has been freed.
>>    */
>> -int __rte_experimental
>> +int
>>   rte_security_session_destroy(struct rte_security_ctx *instance,
>>   			     struct rte_security_session *sess);
>>
>> @@ -391,7 +390,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
>>    *  - On success, zero.
>>    *  - On failure, a negative value.
>>    */
>> -int __rte_experimental
>> +int
>>   rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>>   			      struct rte_security_session *sess,
>>   			      struct rte_mbuf *mb, void *params);
>> @@ -413,7 +412,7 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
>>    *  - On success, userdata
>>    *  - On failure, NULL
>>    */
>> -void * __rte_experimental
>> +void *
>>   rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
>>
>>   /**
>> @@ -422,7 +421,7 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
>>    * @param	sym_op	crypto operation
>>    * @param	sess	security session
>>    */
>> -static inline int __rte_experimental
>> +static inline int
>>   __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
>>   			      struct rte_security_session *sess)
>>   {
>> @@ -431,13 +430,13 @@ __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
>>   	return 0;
>>   }
>>
>> -static inline void * __rte_experimental
>> +static inline void *
>>   get_sec_session_private_data(const struct rte_security_session *sess)
>>   {
>>   	return sess->sess_private_data;
>>   }
>>
>> -static inline void __rte_experimental
>> +static inline void
>>   set_sec_session_private_data(struct rte_security_session *sess,
>>   			     void *private_data)
>>   {
>> @@ -453,7 +452,7 @@ set_sec_session_private_data(struct rte_security_session *sess,
>>    * @param	op	crypto operation
>>    * @param	sess	security session
>>    */
>> -static inline int __rte_experimental
>> +static inline int
>>   rte_security_attach_session(struct rte_crypto_op *op,
>>   			    struct rte_security_session *sess)
>>   {
>> @@ -500,7 +499,7 @@ struct rte_security_stats {
>>    *  - On success return 0
>>    *  - On failure errno
>>    */
>> -int __rte_experimental
>> +int
>>   rte_security_session_stats_get(struct rte_security_ctx *instance,
>>   			       struct rte_security_session *sess,
>>   			       struct rte_security_stats *stats);
>> @@ -608,7 +607,7 @@ struct rte_security_capability_idx {
>>    *   - Returns array of security capabilities.
>>    *   - Return NULL if no capabilities available.
>>    */
>> -const struct rte_security_capability * __rte_experimental
>> +const struct rte_security_capability *
>>   rte_security_capabilities_get(struct rte_security_ctx *instance);
>>
>>   /**
>> @@ -622,7 +621,7 @@ rte_security_capabilities_get(struct rte_security_ctx *instance);
>>    *     index criteria.
>>    *   - Return NULL if the capability not matched on security instance.
>>    */
>> -const struct rte_security_capability * __rte_experimental
>> +const struct rte_security_capability *
>>   rte_security_capability_get(struct rte_security_ctx *instance,
>>   			    struct rte_security_capability_idx *idx);
>>
>> diff --git a/lib/librte_security/rte_security_driver.h b/lib/librte_security/rte_security_driver.h
>> index 42f42ff..1b561f8 100644
>> --- a/lib/librte_security/rte_security_driver.h
>> +++ b/lib/librte_security/rte_security_driver.h
>> @@ -8,7 +8,6 @@
>>
>>   /**
>>    * @file rte_security_driver.h
>> - * @b EXPERIMENTAL: this API may change without prior notice
>>    *
>>    * RTE Security Common Definitions
>>    *
>> diff --git a/lib/librte_security/rte_security_version.map b/lib/librte_security/rte_security_version.map
>> index 5a1c8ae..a77ca4b 100644
>> --- a/lib/librte_security/rte_security_version.map
>> +++ b/lib/librte_security/rte_security_version.map
>> @@ -1,4 +1,4 @@
>> -EXPERIMENTAL {
>> +DPDK_18.11 {
>>   	global:
>>
>>   	rte_security_attach_session;
>> --
>> 2.7.4