From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-yk0-f181.google.com (mail-yk0-f181.google.com [209.85.160.181]) by dpdk.org (Postfix) with ESMTP id 08591C3C6 for ; Fri, 23 Oct 2015 08:57:29 +0200 (CEST) Received: by ykaz22 with SMTP id z22so110079057yka.2 for ; Thu, 22 Oct 2015 23:57:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=LgQ9obZhJD4BS7lH5LTuWOYkQiEZB9F36zDyauHHJg0=; b=CpQkOZb4daByC4eGXbzvXAClpwC23lRiMgUkOXKsx/GRAmAvrEXp1icRKef0VM7003 w7XALLFWCToX8thYuZFqwuD9oXxGELumBRoG5EPVz2ssu0Vj6v1S4D/9s6r3tadAq1qA mF2L/WJ6zTC0KGc9GTZpQLYPABailtQY5bf8lHx3njtttcj9Uz0ttkRWnKgAAm0M4V3I 4BwlRJFczIYcGlr8peR1DsLMJ/r/MbZE6Qh+JysQL1iiVVBSbUXdVBUPvjY2TMxlqYor Kzg3++x1qm+BwEROPjaJ+nEqHX9KAtP16X6Loy9ZTkSI8c8PWTimDw83+ARmEQw/vvWH ZcqQ== X-Gm-Message-State: ALoCoQkstbnb06ZnsKbebu/CTeCYVajkE/vMtdppEqjdBU+hJa6cbOo/AX3bZKkNw8Q/9h/2Kzjo MIME-Version: 1.0 X-Received: by 10.140.235.212 with SMTP id g203mr24649134qhc.47.1445583448474; Thu, 22 Oct 2015 23:57:28 -0700 (PDT) Received: by 10.233.221.2 with HTTP; Thu, 22 Oct 2015 23:57:28 -0700 (PDT) Received: by 10.233.221.2 with HTTP; Thu, 22 Oct 2015 23:57:28 -0700 (PDT) In-Reply-To: References: <1444445798-23929-1-git-send-email-wenzhuo.lu@intel.com> <1445579545-2430-1-git-send-email-wenzhuo.lu@intel.com> Date: Fri, 23 Oct 2015 09:57:28 +0300 Message-ID: From: Vladislav Zolotarov To: Helin Zhang Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Cc: dev@dpdk.org Subject: Re: [dpdk-dev] [PATCH v4] ixgbe: Drop flow control frames from VFs X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Oct 2015 06:57:29 -0000 On Oct 23, 2015 9:30 AM, "Zhang, Helin" wrote: > > > > From: Vladislav Zolotarov [mailto:vladz@cloudius-systems.com] > Sent: Friday, October 23, 2015 2:24 PM > To: Zhang, Helin > Cc: Lu, Wenzhuo; dev@dpdk.org > Subject: Re: [dpdk-dev] [PATCH v4] ixgbe: Drop flow control frames from VFs > > > On Oct 23, 2015 9:02 AM, "Zhang, Helin" wrote: > > > > > > > > > -----Original Message----- > > > From: Lu, Wenzhuo > > > Sent: Friday, October 23, 2015 1:52 PM > > > To: dev@dpdk.org > > > Cc: Zhang, Helin; Lu, Wenzhuo > > > Subject: [PATCH v4] ixgbe: Drop flow control frames from VFs > > > > > > This patch will drop flow control frames from being transmitted from VSIs. > > > With this patch in place a malicious VF cannot send flow control or PFC packets > > > out on the wire. > The whole idea of this (and similar i40e patches sent before) is really confusing. > If u want to disable FC feature for VFs then go and disable the feature. Why keep (not malicious) user think that he/she has enabled the feature while u silently block it? > > Helin: I don't think disabling FC is equal to filtering out any pause frames. How about the software application constructs a pause frame and then tries to send it out? But not disabling FC for the user and silently preventing it is bogus. First, the conventional user should not be affected. I think this patch (and all its clones) should be extended to, first, disable the FC Tx feature for the relevant devices and only then adding any anti malicious filtering. > > > > > > > V2: > > > Reword the comments. > > > > > > V3: > > > Move the check of set_ethertype_anti_spoofing to the top of the function, to > > > avoid occupying an ethertype_filter entity without using it. > > > > > > V4: > > > Remove the useless braces and return. > > > > > > Signed-off-by: Wenzhuo Lu > > Acked-by: Helin Zhang > >