[EXT] Re: [PATCH v2 8/8] crypto/ipsec_mb: set and use session ID

[De Lara Guarch, Pablo]

> -----Original Message-----
> From: Thomas Monjalon <thomas at monjalon.net>
> Sent: Tuesday, June 20, 2023 3:42 PM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch at intel.com>; Fangming Fang
> <Fangming.Fang at arm.com>; Power, Ciara <ciara.power at intel.com>;
> Honnappa Nagarahalli <Honnappa.Nagarahalli at arm.com>; Ji, Kai
> <kai.ji at intel.com>; Ruifeng Wang <Ruifeng.Wang at arm.com>; Mcnamara,
> John <john.mcnamara at intel.com>; Akhil Goyal <gakhil at marvell.com>
> Cc: dev at dpdk.org; david.marchand at redhat.com; Jerin Jacob Kollanukkaran
> <jerinj at marvell.com>; Ashwin Sekhar T K <asekhar at marvell.com>
> Subject: Re: [EXT] Re: [PATCH v2 8/8] crypto/ipsec_mb: set and use session ID
> 
> 16/06/2023 11:38, Akhil Goyal:
> > > > > > >
> > > > > > > For info, this does not compile with
> > > > > > > https://urldefense.proofpoint.com/v2/url?u=https-
> > > 3A__git.gitlab.arm.com_arm-2Dreference-2Dsolutions_ipsec-
> > >
> 2Dmb&d=DwIFAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=DnL7Si2wl_PRwpZ9TWey
> 3e
> > > u68gBzn7DkPwuqhd6WNyo&m=g7xU0Pucoh3ZqU7RUlw8mhb-
> > > zlRr9t6XI0UCQi5vEjEfcovdH8kkXIJ_O-_c5zeg&s=J-l3-
> > > qBNnT5HJ7OGeu5iECPxB1jrpQ5iA01_AOC2Bac&e=
> > > > > > > because Arm did not merge Intel's code correctly, and
> > > > > > > imb_set_session() is missing while version is 1.4.0-dev.
> > > > > > >
> > > > > > > Anyway I hate this situation having 2 repos for the same thing.
> > > > > > > Please merge Arm code in the original repository from Intel.
> > > > > > >
> > > > > > Is it possible to make Arm repo as main repo and modify DPDK
> > > > > > documentation, if Intel not agreeing to include Arm code?
> > > > > > Currently the Arm repo use case is broken.
> > > > > > If it is not resolved soon, we can submit a patch to revert
> > > > > > the patch which is breaking compilation. This need to be fixed by
> RC2.
> > > > >
> > > > > It would be better if the original repo can merge Arm changes.
> > > > > We will keep regular sync with original repo in the current
> > > > > situation, the next sync will be carried out earlier in Q3.
> > > >
> > > > Yes, it is better to keep original repo. But if Intel is not
> > > > agreeing to it, We may need to find some alternate way to fix it.
> > > > We need a sync as soon as possible, as with current Arm repo, DPDK
> > > > compilation is broken.
> > > >
> > > > For now, we cannot merge anything in ipsec_mb driver till we fix
> > > > the compilation With Arm repo - either by Arm repo sync or by
> > > > reverting the patches.
> > >
> > > DPDK is supposed to use stable versions of the library (e.g.
> > > releases), not top of main branch.
> > > As described in README
> > > https://github.com/intel/intel-ipsec-mb#4-package-content , tip of the
> main is NOT a release software version.
> > > In case of ARM library clone, it is not clear what the latest stable version is.
> > > As the Intel library version is bumped in the first stages of
> > > development for the next release, it is advisable to avoid updating
> > > this version in ARM library, until a new Intel intel-ipsec-mb version is
> released.
> > > For now, the simplest solution is to revert the ARM library version
> > > to 1.3 (changing IMB_VERSION_NUM and IMB_VERSION_STR), until the
> ARM
> > > repo is synced to Intel 1.4.0 (which has just been released).
> > >
> > Hi Pablo,
> >
> > The point of discussion here is to have a common repo for both Intel and
> Arm.
> > We would have less control if there are 2 repos for same stuff.
> > The point is if Intel is not willing to take Arm changes in the repo
> > (preferred solution), Why not update documentation to make Arm one as
> > default which is a super set of Intel and Arm repo? This will avoid problems
> going forward.
> 
> Pablo, how can we reconcile both projects in one repository please?
> 

Unfortunately, it is not straight forward to just reconcile both projects.
 
The main issue is that we currently only have 1-2 developers working on the library so we don't have enough bandwidth to review, test and merge patches. Also we FIPS certify each release, which is required by some of our customers. This is expensive and time consuming and we want to minimize the test surface covered by the certification.
 
We think the current method can work, as long as ARM's library gets synced with Intel's library *just after* each release, so that the version number corresponds to the available API.
I understand this is probably not ideal, but this is the best we can manage with our current resources and FIPS constraints.