devices to track dirty pages caused by DMA. IFC driver has enabled this
SW-assisted live migration mode.
+* **Added security checks to cryptodev symmetric session operations.**
+
+ Added a set of security checks to the access cryptodev symmetric session.
+ The checks include the session's user data read/write check and the
+ session private data referencing status check while freeing a session.
+
* **Updated the AESNI-MB PMD.**
* Add support for intel-ipsec-mb version 0.52.
* Add AES-GMAC algorithm support.
* Add Plain SHA1, SHA224, SHA256, SHA384, and SHA512 algorithms support.
+* **Added IPsec Library.**
+
+ Added an experimental library ``librte_ipsec`` to provide ESP tunnel and
+ transport support for IPv4 and IPv6 packets.
+
+ The library provides support for AES-CBC ciphering and AES-CBC with HMAC-SHA1
+ algorithm-chaining, and AES-GCM and NULL algorithms only at present. It is
+ planned to add more algorithms in future releases.
+
+ See :doc:`../prog_guide/ipsec_lib` for more information.
+
+* **Updated the ipsec-secgw sample application.**
+
+ The ``ipsec-secgw`` sample application has been updated to use the new
+ ``librte_ipsec`` library also added in this release.
+ The original functionality of ipsec-secgw is retained, a new command line
+ parameter ``-l`` has been added to ipsec-secgw to use the IPsec library,
+ instead of the existing IPsec code in the application.
+
+ The IPsec library does not support all the functionality of the existing
+ ipsec-secgw application, its is planned to add the outstanding functionality
+ in future releases.
+
+ See :doc:`../sample_app_ug/ipsec_secgw` for more information.
+
* **Enabled checksum support in the ISA-L compressdev driver.**
Added support for both adler and crc32 checksums in the ISA-L PMD.
``rte_malloc_get_socket_stats()`` are no longer safe to call concurrently with
``rte_malloc_heap_create()`` or ``rte_malloc_heap_destroy()`` function calls.
+* mbuf: ``RTE_MBUF_INDIRECT()``, which was deprecated in 18.05, was replaced
+ with ``RTE_MBUF_CLONED()`` and removed in 19.02.
+
* sched: As result of the new format of the mbuf sched field, the
functions ``rte_sched_port_pkt_write()`` and
``rte_sched_port_pkt_read_tree_path()`` got an additional parameter of
``rte_cryptodev_sym_session`` has been updated to contain more information
to ensure safely accessing the session and session private data.
+* security: New field ``uint64_t opaque_data`` is added into
+ ``rte_security_session`` structure. That would allow upper layer to easily
+ associate/de-associate some user defined data with the security session.
+
Shared Library Versions
-----------------------
librte_reorder.so.1
librte_ring.so.2
+ librte_sched.so.2
- librte_security.so.1
+ + librte_security.so.2
librte_table.so.3
librte_timer.so.1
librte_vhost.so.4
Also, make sure to start the actual text at the margin.
=========================================================
+* ``AVX-512`` support has been disabled for ``GCC`` builds when ``binutils 2.30``
+ is detected [1] because of a crash [2]. This can affect ``native`` machine type
+ build targets on the platforms that support ``AVX512F`` like ``Intel Skylake``
+ processors, and can cause a possible performance drop. The immediate workaround
+ is to use ``clang`` compiler on these platforms.
+ Initial workaround in DPDK v18.11 was to disable ``AVX-512`` support for ``GCC``
+ completely, but based on information on defect submitted to GCC community [3],
+ issue has been identified as ``binutils 2.30`` issue. Since currently only GCC
+ generates ``AVX-512`` instructions, the scope is limited to ``GCC`` and
+ ``binutils 2.30``
+
+ - [1]: Commit ("mk: fix scope of disabling AVX512F support")
+ - [2]: https://bugs.dpdk.org/show_bug.cgi?id=97
+ - [3]: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88096
+
Tested Platforms
----------------