From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by smtp.lore.kernel.org (Postfix) with ESMTP id D0C33C77B7A for ; Wed, 31 May 2023 09:26:41 +0000 (UTC) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 92AAE40ED7; Wed, 31 May 2023 11:26:40 +0200 (CEST) Received: from dkmailrelay1.smartsharesystems.com (smartserver.smartsharesystems.com [77.243.40.215]) by mails.dpdk.org (Postfix) with ESMTP id 6626F40A82; Wed, 31 May 2023 11:26:39 +0200 (CEST) Received: from smartserver.smartsharesystems.com (smartserver.smartsharesys.local [192.168.4.10]) by dkmailrelay1.smartsharesystems.com (Postfix) with ESMTP id 8B25E20644; Wed, 31 May 2023 11:26:37 +0200 (CEST) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: [PATCH 1/3] security: introduce out of place support for inline ingress X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Wed, 31 May 2023 11:26:35 +0200 Message-ID: <98CBD80474FA8B44BF855DF32C47DC35D87967@smartserver.smartshare.dk> In-Reply-To: <1887881.GKX7oQKdZx@thomas> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [PATCH 1/3] security: introduce out of place support for inline ingress Thread-Index: AdmS/d+v3GBF/oc5RTqs5VLFB++OkwAmC9LA References: <20230309085645.1630826-1-ndabilpuram@marvell.com> <1887881.GKX7oQKdZx@thomas> From: =?iso-8859-1?Q?Morten_Br=F8rup?= To: "Thomas Monjalon" , "Jerin Jacob" Cc: "Stephen Hemminger" , "Nithin Dabilpuram" , "Akhil Goyal" , , , X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org > From: Thomas Monjalon [mailto:thomas@monjalon.net] > Sent: Tuesday, 30 May 2023 15.52 >=20 > 30/05/2023 11:23, Jerin Jacob: > > > > > > > + */ > > > > > > > + uint32_t ingress_oop : 1; > > > > > > > + > > > > > > > /** Reserved bit fields for future extension > > > > > > > * > > > > > > > * User should ensure reserved_opts is cleared as it = may > change in > > > > > > > @@ -282,7 +293,7 @@ struct rte_security_ipsec_sa_options { > > > > > > > * > > > > > > > * Note: Reduce number of bits in reserved_opts for = every > new option. > > > > > > > */ > > > > > > > - uint32_t reserved_opts : 17; > > > > > > > + uint32_t reserved_opts : 16; > > > > > > > }; > > > > > > > > > > > > NAK > > > > > > Let me repeat the reserved bit rant. YAGNI > > > > > > > > > > > > Reserved space is not usable without ABI breakage unless the > existing > > > > > > code enforces that reserved space has to be zero. > > > > > > > > > > > > Just saying "User should ensure reserved_opts is cleared" is = not > enough. > > > > > > > > > > Yes. I think, we need to enforce to have _init functions for = the > > > > > structures which is using reserved filed. > > > > > > > > > > On the same note on YAGNI, I am wondering why NOT introduce > > > > > RTE_NEXT_ABI marco kind of scheme to compile out ABI breaking = changes. > > > > > By keeping RTE_NEXT_ABI disable by default, enable explicitly = if user > > > > > wants it to avoid waiting for one year any ABI breaking = changes. > > > > > There are a lot of "fixed appliance" customers (not OS = distribution > > > > > driven customer) they are willing to recompile DPDK for new = feature. > > > > > What we are loosing with this scheme? > > > > > > > > RTE_NEXT_ABI is described in the ABI policy. > > > > We are not doing it currently, but I think we could > > > > when it is not too much complicate in the code. > > > > > > > > The only problems I see are: > > > > - more #ifdef clutter > > > > - 2 binary versions to test > > > > - CI and checks must handle RTE_NEXT_ABI version > > > > > > I think, we have two buckets of ABI breakages via RTE_NEXT_ABI > > > > > > 1) Changes that introduces compilation failures like adding new > > > argument to API or change API name etc > > > 2) Structure size change which won't affect the compilation but = breaks > > > the ABI for shared library usage. > > > > > > I think, (1) is very distributive, and I don't see recently such > > > changes. I think, we should avoid (1) for non XX.11 releases.(or = two > > > or three-year cycles if we decide that path) > > > > > > The (2) comes are very common due to the fact HW features are > > > evolving. I think, to address the (2), we have two options > > > a) Have reserved fields and have _init() function to initialize = the > structures High probability that (a) is not going to work: There will not be enough = reserved fields, and/or they will be in the wrong places in the = structures. Also, (a) is really intrusive on existing applications: They MUST be = rewritten to call the _init() function instead of using pre-initialized = structures, or the library will behave unexpectedly. Extreme example, to = prove my point: A new field "allow_ingress" (don't drop all packets on = ingress) is introduced, and _init() sets it to true. If the application = doesn't call _init(), it will not receive any packets. Are _init() functions required on all structures, or only some? And how = about structures containing other structures? How does the application developer know which structures have _init() = functions, and which do not? We could also switch to C++, where the _init() function comes native in = the form of an object constructor. > > > b) Follow YAGNI style and introduce RTE_NEXT_ABI for structure = size > change. +1 for (b), because (a) is too problematic. > > > > > > The above concerns[1] can greatly reduce with option b OR option = a. > > > > > > [1] > > > 1) more #ifdef clutter > > > For option (a) this is not needed or option (b) the clutter will = be > > > limited, it will be around structure which add the new filed and > > > around the FULL block where new functions are added (not inside = the > > > functions) > > > > > > 2) 2 binary versions to test > > > For option (a) this is not needed, for option (b) it is limited as = for > > > new features only one needs to test another binary (rather than = NOT > > > adding a new feature). > > > > > > 3) CI and checks must handle RTE_NEXT_ABI version > > > > > > I think, it is cheap to add this, at least for compilation test. > > > > > > IMO, We need to change the API break release to 3 year kind of = time > > > frame to have very good end user experience > > > and allow ABI related change to get in every release and force > > > _rebuild_ shared objects in major LTS release. > > > > > > I think, in this major LTS version(23.11) if we can decide (a) vs = (b) > > > then we can align the code accordingly . e.s.p for (a) we need to = add > > > _init() functions. > > > > > > Thoughts? > > > > Not much input from mailing list. Can we discuss this next TB = meeting? > > Especially how to align with next LTS release on > > -YAGNI vs reserved fileds with init() Whichever decision is made on this, remember to also consider if it has = any consequences regarding older LTS versions and possibly backporting. > > -What it takes to Extend the API breaking release more than a year = as > > first step. Others might disagree, but in my personal opinion, DPDK is still = evolving much too rapidly to lock down its ABI/API for more than one = year. For reference, consider what has been changed within the last = three years, i.e. since DPDK 20.05, and if those changes could have been = done within the DPDK 20.05 ABI/API without requiring a substantial = additional effort, and while still providing clean and understandable = APIs (and not a bunch of weird hacks to shoehorn the new features into = the existing APIs). If you want continuity, use an LTS release. If we lock down the ABI/API = for multiple years at a time, what is the point of the LTS releases? PS: If we start using the RTE_NEXT_ABI concept more, we should remember = to promote the additions with each ABI/API breaking release. And we = should probably have a rule of thumb to choose between using = RTE_NEXT_ABI and using "experimental" marking. >=20 > Yes I agree it should be discussed interactively in techboard meeting. I'm unable to participate in today's techboard meeting, so I have = provided my opinions in this email. -Morten