1. DPDK Release 21.11

1.1. New Features

  • Enabled new devargs parser.

    • Enabled devargs syntax bus=X,paramX=x/class=Y,paramY=y/driver=Z,paramZ=z
    • Added bus-level parsing of the devargs syntax.
    • Kept compatibility with the legacy syntax as parsing fallback.
  • Added new RSS offload types for IPv4/L4 checksum in RSS flow.

    Added macros ETH_RSS_IPV4_CHKSUM and ETH_RSS_L4_CHKSUM, now IPv4 and TCP/UDP/SCTP header checksum field can be used as input set for RSS.

  • Updated Broadcom bnxt PMD.

    • Added flow offload support for Thor.
    • Implement support for tunnel offload.
    • Updated HWRM API to version 1.10.2.44
  • Updated Intel iavf driver.

    • Added Intel iavf support on Windows.
  • Updated Intel ice driver.

    • Added 1PPS out support by a devargs.
  • Updated Marvell cnxk ethdev driver.

    • Added rte_flow support for dual VLAN insert and strip actions.
  • Updated Marvell cnxk crypto PMD.

    • Added AES-CBC SHA1-HMAC support in lookaside protocol (IPsec) for CN10K.
    • Added Transport mode support in lookaside protocol (IPsec) for CN10K.
    • Added UDP encapsulation support in lookaside protocol (IPsec) for CN10K.
    • Added support for lookaside protocol (IPsec) offload for CN9K.
  • Added support for event crypto adapter on Marvell CN10K and CN9K.

    • Added event crypto adapter OP_FORWARD mode support.
  • Updated NXP dpaa_sec crypto PMD.

    • Added DES-CBC, AES-XCBC-MAC, AES-CMAC and non-HMAC algo support.
    • Added PDCP short MAC-I support.
  • Updated NXP dpaa2_sec crypto PMD.

    • Added PDCP short MAC-I support.
  • Added multi-process support for testpmd.

    Added command-line options to specify total number of processes and current process ID. Each process owns subset of Rx and Tx queues.

  • Updated test-crypto-perf application with new cases.

    • Added support for asymmetric crypto throughput performance measurement. Only modex is supported for now.
  • Added lookaside protocol (IPsec) tests in dpdk-test.

    • Added known vector tests (AES-GCM 128, 192, 256).
    • Added tests to verify error reporting with ICV corruption.
    • Added tests to verify IV generation.
    • Added tests to verify UDP encapsulation.
    • Added tests to validate packets soft expiry.
    • Added tests to validate packets hard expiry.
    • Added tests to verify tunnel header verification in IPsec inbound.

1.2. Removed Items

  • eal: Removed the deprecated function rte_get_master_lcore() and the iterator macro RTE_LCORE_FOREACH_SLAVE.
  • eal: The old api arguments that were deprecated for blacklist/whitelist are removed. Users must use the new block/allow list arguments.

1.3. API Changes

  • kvargs: The experimental function rte_kvargs_strcmp() has been removed. Its usages have been replaced by a new function rte_kvargs_get_with_value().
  • cryptodev: The API rte_cryptodev_pmd_is_valid_dev is modified to rte_cryptodev_is_valid_dev as it can be used by the application as well as PMD to check whether the device is valid or not.
  • cryptodev: The rte_cryptodev_pmd.* files are renamed as cryptodev_pmd.* as it is for drivers only and should be private to DPDK, and not installed for app use.
  • cryptodev: A reserved byte from structure rte_crypto_op was renamed to aux_flags to indicate warnings and other information from the crypto/security operation. This field will be used to communicate events such as soft expiry with IPsec in lookaside mode.

1.4. ABI Changes

  • security: rte_security_set_pkt_metadata and rte_security_get_userdata routines used by inline outbound and inline inbound security processing were made inline and enhanced to do simple 64-bit set/get for PMDs that do not have much processing in PMD specific callbacks but just 64-bit set/get. This avoids a per packet function pointer jump overhead for such PMDs.
  • security: A new option iv_gen_disable was added in structure rte_security_ipsec_sa_options to disable IV generation inside PMD, so that application can provide its own IV and test known test vectors.
  • security: A new option tunnel_hdr_verify was added in structure rte_security_ipsec_sa_options to indicate whether outer header verification need to be done as part of inbound IPsec processing.
  • security: A new structure rte_security_ipsec_lifetime was added to replace esn_soft_limit in IPsec configuration structure rte_security_ipsec_xform to allow applications to configure SA soft and hard expiry limits. Limits can be either in number of packets or bytes.

1.5. Known Issues

1.6. Tested Platforms