On 10/23/15 11:32, Zhang, Helin wrote: > >> -----Original Message----- >> From: Vlad Zolotarov [mailto:vladz at cloudius-systems.com] >> Sent: Friday, October 23, 2015 4:27 PM >> To: Zhang, Helin >> Cc: Lu, Wenzhuo; dev at dpdk.org >> Subject: Re: [dpdk-dev] [PATCH v4] ixgbe: Drop flow control frames from VFs >> >> >> >> On 10/23/15 10:14, Zhang, Helin wrote: >>> From: Vladislav Zolotarov [mailto:vladz at cloudius-systems.com] >>> Sent: Friday, October 23, 2015 2:57 PM >>> To: Zhang, Helin >>> Cc: Lu, Wenzhuo; dev at dpdk.org >>> Subject: RE: [dpdk-dev] [PATCH v4] ixgbe: Drop flow control frames >>> from VFs >>> >>> >>> On Oct 23, 2015 9:30 AM, "Zhang, Helin" <helin.zhang at intel.com> wrote: >>>> >>>> From: Vladislav Zolotarov [mailto:vladz at cloudius-systems.com] >>>> Sent: Friday, October 23, 2015 2:24 PM >>>> To: Zhang, Helin >>>> Cc: Lu, Wenzhuo; dev at dpdk.org >>>> Subject: Re: [dpdk-dev] [PATCH v4] ixgbe: Drop flow control frames >>>> from VFs >>>> >>>> >>>> On Oct 23, 2015 9:02 AM, "Zhang, Helin" <helin.zhang at intel.com> wrote: >>>>> >>>>>> -----Original Message----- >>>>>> From: Lu, Wenzhuo >>>>>> Sent: Friday, October 23, 2015 1:52 PM >>>>>> To: dev at dpdk.org >>>>>> Cc: Zhang, Helin; Lu, Wenzhuo >>>>>> Subject: [PATCH v4] ixgbe: Drop flow control frames from VFs >>>>>> >>>>>> This patch will drop flow control frames from being transmitted from >>>>>> VSIs. >>>>>> With this patch in place a malicious VF cannot send flow control or >>>>>> PFC packets out on the wire. >>>> The whole idea of this (and similar i40e patches sent before) is really >> confusing. >>>> If u want to disable FC feature for VFs then go and disable the feature. >>>> Why >> keep (not malicious) user think that he/she has enabled the feature while u >> silently block it? >>>> Helin: I don't think disabling FC is equal to filtering out any pause >>>> frames. How >> about the software application constructs a pause frame and then tries to >> send it >> out? >>> But not disabling FC for the user and silently preventing it is bogus. >>> First, the >> conventional user should not be affected. I think this patch (and all its >> clones) >> should be extended to, first, disable the FC Tx feature for the relevant >> devices >> and only then adding any anti malicious filtering. >>> Helin: Disabling FC will disable both PF and VF FC, I don't find out where >>> can >> disable VF FC only. Am I wrong? >> >> There are flow_ctrl_get/set callbacks in eth_dev_ops which are used for >> configuring FC. >> I see that they are not set for either ixgbevf or i40evf, so here we are all >> set for >> these. > Helin: The behaviors rely on the hardware capability, but not the SW. > I meant I don't think it can support disabling VF FC. Please correct me in > case I am wrong!
I see. After a shallow sweep on the x540 and xl710 specs it seems that u r right. However I was talking about the SW interface only and since it is not enabled for the devices in question my whole objection is removed. thanks, vlad > > >>>>>> V2: >>>>>> Reword the comments. >>>>>> >>>>>> V3: >>>>>> Move the check of set_ethertype_anti_spoofing to the top of the function, >> to >>>>>> avoid occupying an ethertype_filter entity without using it. >>>>>> >>>>>> V4: >>>>>> Remove the useless braces and return. >>>>>> >>>>>> Signed-off-by: Wenzhuo Lu <wenzhuo.lu at intel.com> >>>>> Acked-by: Helin Zhang <helin.zhang at intel.com> >>>>>