From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wi0-f180.google.com (mail-wi0-f180.google.com [209.85.212.180]) by dpdk.org (Postfix) with ESMTP id 868A4C46A for ; Fri, 23 Oct 2015 11:00:15 +0200 (CEST) Received: by wicll6 with SMTP id ll6so21937048wic.0 for ; Fri, 23 Oct 2015 02:00:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-type :content-transfer-encoding; bh=9ekYlG8CIJeF23r5qxICZnCe9JbulzPWevYmhEk/jaA=; b=il+rMB1qf8dZeTjzQ7SWBK058EyKFBHTPlcVfbUCQQWUmxjOJFXnxaqTICSoqtgUD8 7QTQmdkf6UkB5/L8GpJsOIQclmDG1ESS+n4n8DXkCR2kQ6r/argEncDRGvxPGjaie2nf bG8luxjOUmfF3GoQh8mC4tfuR7y9AZMBofyx3Bc0iwyV7qpJQ2HNTEYqAPqe9SWnWtro JTDopRr1vbiB2xYutYhznNjtJd9poVdhzaVS5GX+hdlOnYG7H4fwdNzYfJWtG51273Uz zFUpBPo92CY2fnY6NdJNqz1B6LGDz/pJbbJbwokZ3IRWar26W19ROJajeipOs3NBhMup zHSQ== X-Gm-Message-State: ALoCoQlo1PC8uhbupADJ8LIvXFp8wJu7waQQFgK0BbhLsSqWE4U3ky6OiXn+Ggk1LHjYQnRhfF3J X-Received: by 10.180.36.51 with SMTP id n19mr3174601wij.31.1445590815309; Fri, 23 Oct 2015 02:00:15 -0700 (PDT) Received: from [10.0.0.2] (bzq-79-180-197-252.red.bezeqint.net. [79.180.197.252]) by smtp.googlemail.com with ESMTPSA id kr10sm21504852wjc.25.2015.10.23.02.00.14 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 23 Oct 2015 02:00:14 -0700 (PDT) To: "Zhang, Helin" References: <1444445798-23929-1-git-send-email-wenzhuo.lu@intel.com> <1445579545-2430-1-git-send-email-wenzhuo.lu@intel.com> <5629EF5A.6040401@cloudius-systems.com> From: Vlad Zolotarov Message-ID: <5629F71D.4090402@cloudius-systems.com> Date: Fri, 23 Oct 2015 12:00:13 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Cc: "dev@dpdk.org" Subject: Re: [dpdk-dev] [PATCH v4] ixgbe: Drop flow control frames from VFs X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Oct 2015 09:00:15 -0000 On 10/23/15 11:32, Zhang, Helin wrote: > >> -----Original Message----- >> From: Vlad Zolotarov [mailto:vladz@cloudius-systems.com] >> Sent: Friday, October 23, 2015 4:27 PM >> To: Zhang, Helin >> Cc: Lu, Wenzhuo; dev@dpdk.org >> Subject: Re: [dpdk-dev] [PATCH v4] ixgbe: Drop flow control frames from VFs >> >> >> >> On 10/23/15 10:14, Zhang, Helin wrote: >>> From: Vladislav Zolotarov [mailto:vladz@cloudius-systems.com] >>> Sent: Friday, October 23, 2015 2:57 PM >>> To: Zhang, Helin >>> Cc: Lu, Wenzhuo; dev@dpdk.org >>> Subject: RE: [dpdk-dev] [PATCH v4] ixgbe: Drop flow control frames >>> from VFs >>> >>> >>> On Oct 23, 2015 9:30 AM, "Zhang, Helin" wrote: >>>> >>>> From: Vladislav Zolotarov [mailto:vladz@cloudius-systems.com] >>>> Sent: Friday, October 23, 2015 2:24 PM >>>> To: Zhang, Helin >>>> Cc: Lu, Wenzhuo; dev@dpdk.org >>>> Subject: Re: [dpdk-dev] [PATCH v4] ixgbe: Drop flow control frames >>>> from VFs >>>> >>>> >>>> On Oct 23, 2015 9:02 AM, "Zhang, Helin" wrote: >>>>> >>>>>> -----Original Message----- >>>>>> From: Lu, Wenzhuo >>>>>> Sent: Friday, October 23, 2015 1:52 PM >>>>>> To: dev@dpdk.org >>>>>> Cc: Zhang, Helin; Lu, Wenzhuo >>>>>> Subject: [PATCH v4] ixgbe: Drop flow control frames from VFs >>>>>> >>>>>> This patch will drop flow control frames from being transmitted from VSIs. >>>>>> With this patch in place a malicious VF cannot send flow control or >>>>>> PFC packets out on the wire. >>>> The whole idea of this (and similar i40e patches sent before) is really >> confusing. >>>> If u want to disable FC feature for VFs then go and disable the feature. Why >> keep (not malicious) user think that he/she has enabled the feature while u >> silently block it? >>>> Helin: I don't think disabling FC is equal to filtering out any pause frames. How >> about the software application constructs a pause frame and then tries to send it >> out? >>> But not disabling FC for the user and silently preventing it is bogus. First, the >> conventional user should not be affected. I think this patch (and all its clones) >> should be extended to, first, disable the FC Tx feature for the relevant devices >> and only then adding any anti malicious filtering. >>> Helin: Disabling FC will disable both PF and VF FC, I don't find out where can >> disable VF FC only. Am I wrong? >> >> There are flow_ctrl_get/set callbacks in eth_dev_ops which are used for >> configuring FC. >> I see that they are not set for either ixgbevf or i40evf, so here we are all set for >> these. > Helin: The behaviors rely on the hardware capability, but not the SW. > I meant I don't think it can support disabling VF FC. Please correct me in case I am wrong! I see. After a shallow sweep on the x540 and xl710 specs it seems that u r right. However I was talking about the SW interface only and since it is not enabled for the devices in question my whole objection is removed. thanks, vlad > > >>>>>> V2: >>>>>> Reword the comments. >>>>>> >>>>>> V3: >>>>>> Move the check of set_ethertype_anti_spoofing to the top of the function, >> to >>>>>> avoid occupying an ethertype_filter entity without using it. >>>>>> >>>>>> V4: >>>>>> Remove the useless braces and return. >>>>>> >>>>>> Signed-off-by: Wenzhuo Lu >>>>> Acked-by: Helin Zhang >>>>>