From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <vladz@cloudius-systems.com>
Received: from mail-wi0-f180.google.com (mail-wi0-f180.google.com
 [209.85.212.180]) by dpdk.org (Postfix) with ESMTP id 5F51258E4
 for <dev@dpdk.org>; Fri, 23 Oct 2015 10:27:08 +0200 (CEST)
Received: by wicfv8 with SMTP id fv8so21255651wic.0
 for <dev@dpdk.org>; Fri, 23 Oct 2015 01:27:08 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:subject:to:references:cc:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-type
 :content-transfer-encoding;
 bh=ZqyKI6DHAd2b2CBZqOLHoZJxM04CZgN3wOx0D5aP4qA=;
 b=cf36XRFjPYd0xkoBoS5qg09Z+VzaVcTydl+pA53Rpa9WCwrjWAdByNd14V1tzoga8V
 OZ8TqvXjWihEVCfpyf5lRyvgAEr7VG2ouqfAIEf+t9f4CSquSGe7W8bfAR32gomtNUH9
 JtibBAxiWW0urFpc73x+tl0a0iByhYaSsAC+W6ywBlGmS8MRg8APH/4KjewNQDc1FUBK
 7HzBGXPKQfJkswGNT0+q4Z9IBtt0aYHeA0JZLz6jSIYlBRoosmgWAsOM3KuN7VLLsCB5
 m1HqTpHN6daZ5RIRLRrtPW3MVy2Qs1nI3UkUlqB9wThe8L746t7vD3RD4kOBc/bI3vBR
 7u4w==
X-Gm-Message-State: ALoCoQlWcNJwpOM43AAx7Y6N4PNf9G/j1p9RPj6j2QqNBodB8eKJU30AE9/dODav6Tftge0qvyuu
X-Received: by 10.194.92.170 with SMTP id cn10mr3463503wjb.12.1445588828167;
 Fri, 23 Oct 2015 01:27:08 -0700 (PDT)
Received: from [10.0.0.2] (bzq-79-180-197-252.red.bezeqint.net.
 [79.180.197.252]) by smtp.googlemail.com with ESMTPSA id
 kr10sm21348936wjc.25.2015.10.23.01.27.07
 (version=TLSv1/SSLv3 cipher=OTHER);
 Fri, 23 Oct 2015 01:27:07 -0700 (PDT)
To: "Zhang, Helin" <helin.zhang@intel.com>
References: <1444445798-23929-1-git-send-email-wenzhuo.lu@intel.com>
 <1445579545-2430-1-git-send-email-wenzhuo.lu@intel.com>
 <F35DEAC7BCE34641BA9FAC6BCA4A12E70A91C5F9@SHSMSX104.ccr.corp.intel.com>
 <CAOYyTHY6hAjcd7z678Mz-mBQ27gRw=VhLS-gnxQ4puxsWnNytg@mail.gmail.com>
 <F35DEAC7BCE34641BA9FAC6BCA4A12E70A91C665@SHSMSX104.ccr.corp.intel.com>
 <CAOYyTHbV07PrzrRLw9S5pFYM9C+aCxKFQnLr0HpirBfKixup1w@mail.gmail.com>
 <F35DEAC7BCE34641BA9FAC6BCA4A12E70A91C6E3@SHSMSX104.ccr.corp.intel.com>
From: Vlad Zolotarov <vladz@cloudius-systems.com>
Message-ID: <5629EF5A.6040401@cloudius-systems.com>
Date: Fri, 23 Oct 2015 11:27:06 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <F35DEAC7BCE34641BA9FAC6BCA4A12E70A91C6E3@SHSMSX104.ccr.corp.intel.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "dev@dpdk.org" <dev@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH v4] ixgbe: Drop flow control frames from VFs
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Oct 2015 08:27:08 -0000



On 10/23/15 10:14, Zhang, Helin wrote:
>
> From: Vladislav Zolotarov [mailto:vladz@cloudius-systems.com]
> Sent: Friday, October 23, 2015 2:57 PM
> To: Zhang, Helin
> Cc: Lu, Wenzhuo; dev@dpdk.org
> Subject: RE: [dpdk-dev] [PATCH v4] ixgbe: Drop flow control frames from VFs
>
>
> On Oct 23, 2015 9:30 AM, "Zhang, Helin" <helin.zhang@intel.com> wrote:
>>
>>
>> From: Vladislav Zolotarov [mailto:vladz@cloudius-systems.com]
>> Sent: Friday, October 23, 2015 2:24 PM
>> To: Zhang, Helin
>> Cc: Lu, Wenzhuo; dev@dpdk.org
>> Subject: Re: [dpdk-dev] [PATCH v4] ixgbe: Drop flow control frames from VFs
>>
>>
>> On Oct 23, 2015 9:02 AM, "Zhang, Helin" <helin.zhang@intel.com> wrote:
>>>
>>>
>>>> -----Original Message-----
>>>> From: Lu, Wenzhuo
>>>> Sent: Friday, October 23, 2015 1:52 PM
>>>> To: dev@dpdk.org
>>>> Cc: Zhang, Helin; Lu, Wenzhuo
>>>> Subject: [PATCH v4] ixgbe: Drop flow control frames from VFs
>>>>
>>>> This patch will drop flow control frames from being transmitted from VSIs.
>>>> With this patch in place a malicious VF cannot send flow control or PFC packets
>>>> out on the wire.
>> The whole idea of this (and similar i40e patches sent before) is really confusing.
>> If u want to disable FC feature for VFs then go and disable the feature. Why keep (not malicious) user think that he/she has enabled the feature while u silently block it?
>>
>> Helin: I don't think disabling FC is equal to filtering out any pause frames. How about the software application constructs a pause frame and then tries to send it out?
> But not disabling FC for the user and silently preventing it is bogus. First, the conventional user should not be affected. I think this patch (and all its clones) should be extended to, first, disable the FC Tx feature for the relevant devices and only then adding any anti malicious filtering.
>   
> Helin: Disabling FC will disable both PF and VF FC, I don't find out where can disable VF FC only. Am I wrong?

There are flow_ctrl_get/set callbacks in eth_dev_ops which are used for 
configuring FC.
I see that they are not set for either ixgbevf or i40evf, so here we are 
all set for these.

>
>>>> V2:
>>>> Reword the comments.
>>>>
>>>> V3:
>>>> Move the check of set_ethertype_anti_spoofing to the top of the function, to
>>>> avoid occupying an ethertype_filter entity without using it.
>>>>
>>>> V4:
>>>> Remove the useless braces and return.
>>>>
>>>> Signed-off-by: Wenzhuo Lu <wenzhuo.lu@intel.com>
>>> Acked-by: Helin Zhang <helin.zhang@intel.com>
>>>