[dpdk-dev] [PATCH v4] ixgbe: Drop flow control frames from VFs

[Vlad Zolotarov]

On 10/23/15 11:32, Zhang, Helin wrote:
>
>> -----Original Message-----
>> From: Vlad Zolotarov [mailto:vladz at cloudius-systems.com]
>> Sent: Friday, October 23, 2015 4:27 PM
>> To: Zhang, Helin
>> Cc: Lu, Wenzhuo; dev at dpdk.org
>> Subject: Re: [dpdk-dev] [PATCH v4] ixgbe: Drop flow control frames from VFs
>>
>>
>>
>> On 10/23/15 10:14, Zhang, Helin wrote:
>>> From: Vladislav Zolotarov [mailto:vladz at cloudius-systems.com]
>>> Sent: Friday, October 23, 2015 2:57 PM
>>> To: Zhang, Helin
>>> Cc: Lu, Wenzhuo; dev at dpdk.org
>>> Subject: RE: [dpdk-dev] [PATCH v4] ixgbe: Drop flow control frames
>>> from VFs
>>>
>>>
>>> On Oct 23, 2015 9:30 AM, "Zhang, Helin" <helin.zhang at intel.com> wrote:
>>>>
>>>> From: Vladislav Zolotarov [mailto:vladz at cloudius-systems.com]
>>>> Sent: Friday, October 23, 2015 2:24 PM
>>>> To: Zhang, Helin
>>>> Cc: Lu, Wenzhuo; dev at dpdk.org
>>>> Subject: Re: [dpdk-dev] [PATCH v4] ixgbe: Drop flow control frames
>>>> from VFs
>>>>
>>>>
>>>> On Oct 23, 2015 9:02 AM, "Zhang, Helin" <helin.zhang at intel.com> wrote:
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Lu, Wenzhuo
>>>>>> Sent: Friday, October 23, 2015 1:52 PM
>>>>>> To: dev at dpdk.org
>>>>>> Cc: Zhang, Helin; Lu, Wenzhuo
>>>>>> Subject: [PATCH v4] ixgbe: Drop flow control frames from VFs
>>>>>>
>>>>>> This patch will drop flow control frames from being transmitted from VSIs.
>>>>>> With this patch in place a malicious VF cannot send flow control or
>>>>>> PFC packets out on the wire.
>>>> The whole idea of this (and similar i40e patches sent before) is really
>> confusing.
>>>> If u want to disable FC feature for VFs then go and disable the feature. Why
>> keep (not malicious) user think that he/she has enabled the feature while u
>> silently block it?
>>>> Helin: I don't think disabling FC is equal to filtering out any pause frames. How
>> about the software application constructs a pause frame and then tries to send it
>> out?
>>> But not disabling FC for the user and silently preventing it is bogus. First, the
>> conventional user should not be affected. I think this patch (and all its clones)
>> should be extended to, first, disable the FC Tx feature for the relevant devices
>> and only then adding any anti malicious filtering.
>>> Helin: Disabling FC will disable both PF and VF FC, I don't find out where can
>> disable VF FC only. Am I wrong?
>>
>> There are flow_ctrl_get/set callbacks in eth_dev_ops which are used for
>> configuring FC.
>> I see that they are not set for either ixgbevf or i40evf, so here we are all set for
>> these.
> Helin: The behaviors rely on the hardware capability, but not the SW.
> I meant I don't think it can support disabling VF FC. Please correct me in case I am wrong!

I see. After a shallow sweep on the x540 and xl710 specs it seems that u 
r right. However I was talking about the SW interface only and since it 
is not enabled for the devices in question my whole objection is removed.

thanks,
vlad

>
>
>>>>>> V2:
>>>>>> Reword the comments.
>>>>>>
>>>>>> V3:
>>>>>> Move the check of set_ethertype_anti_spoofing to the top of the function,
>> to
>>>>>> avoid occupying an ethertype_filter entity without using it.
>>>>>>
>>>>>> V4:
>>>>>> Remove the useless braces and return.
>>>>>>
>>>>>> Signed-off-by: Wenzhuo Lu <wenzhuo.lu at intel.com>
>>>>> Acked-by: Helin Zhang <helin.zhang at intel.com>
>>>>>