diff mbox

[dpdk-dev,v7,03/27] net/i40e: set VF MAC anti-spoofing from PF

Message ID 1483426488-117332-4-git-send-email-wenzhuo.lu@intel.com (mailing list archive)
State Superseded, archived
Delegated to: Ferruh Yigit
Headers

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel compilation success Compilation OK

Commit Message

Wenzhuo Lu Jan. 3, 2017, 6:54 a.m. UTC 
  Support enabling/disabling VF MAC anti-spoofing from
PF.
User can call the API on PF to enable/disable a specific
VF's MAC anti-spoofing.

Signed-off-by: Wenzhuo Lu <wenzhuo.lu@intel.com>
---
 drivers/net/i40e/i40e_ethdev.c            | 63 +++++++++++++++++++++++++++++++
 drivers/net/i40e/rte_pmd_i40e.h           | 19 ++++++++++
 drivers/net/i40e/rte_pmd_i40e_version.map |  1 +
 3 files changed, 83 insertions(+)

Comments

Jingjing Wu Jan. 5, 2017, 6:42 a.m. UTC | #1 
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Wenzhuo Lu
> Sent: Tuesday, January 3, 2017 2:54 PM
> To: dev@dpdk.org
> Cc: Lu, Wenzhuo <wenzhuo.lu@intel.com>
> Subject: [dpdk-dev] [PATCH v7 03/27] net/i40e: set VF MAC anti-spoofing from
> PF
> 
> Support enabling/disabling VF MAC anti-spoofing from PF.
> User can call the API on PF to enable/disable a specific VF's MAC anti-spoofing.
> 
> Signed-off-by: Wenzhuo Lu <wenzhuo.lu@intel.com>
> ---
>  drivers/net/i40e/i40e_ethdev.c            | 63
> +++++++++++++++++++++++++++++++
>  drivers/net/i40e/rte_pmd_i40e.h           | 19 ++++++++++
>  drivers/net/i40e/rte_pmd_i40e_version.map |  1 +
>  3 files changed, 83 insertions(+)
> 
> diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
> index fc7e987..68c07de 100644
> --- a/drivers/net/i40e/i40e_ethdev.c
> +++ b/drivers/net/i40e/i40e_ethdev.c
> @@ -9723,3 +9723,66 @@ static void i40e_set_default_mac_addr(struct
> rte_eth_dev *dev,
> 
>  	return 0;
>  }
> +
> +int
> +rte_pmd_i40e_set_vf_mac_anti_spoof(uint8_t port, uint16_t vf_id,
> +uint8_t on) {
> +	struct rte_eth_dev *dev;
> +	struct rte_eth_dev_info dev_info;
> +	struct i40e_pf *pf;
> +	struct i40e_vsi *vsi;
> +	struct i40e_hw *hw;
> +	struct i40e_vsi_context ctxt;
> +	int ret;
> +
> +	RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV);
> +
> +	dev = &rte_eth_devices[port];
> +	rte_eth_dev_info_get(port, &dev_info);
> +
Why need to call rte_eth_dev_info_get in driver?

> +	if (vf_id >= dev_info.max_vfs)
> +		return -EINVAL;
> +

Vf_id is already be checked by below, even I prefer :
if (vf_id > pf->vf_num - 1 || !pf->vfs)
to be
if (!pf->vfs  || vf_id > pf->vf_num - 1)
or if (!pf->vfs  || vf_id >= pf->vf_num)

> +	pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private);
> +
Wenzhuo Lu Jan. 5, 2017, 6:46 a.m. UTC | #2 
Hi Jingjing,


> -----Original Message-----
> From: Wu, Jingjing
> Sent: Thursday, January 5, 2017 2:42 PM
> To: Lu, Wenzhuo; dev@dpdk.org
> Cc: Lu, Wenzhuo
> Subject: RE: [dpdk-dev] [PATCH v7 03/27] net/i40e: set VF MAC anti-spoofing
> from PF
> 
> 
> 
> > -----Original Message-----
> > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Wenzhuo Lu
> > Sent: Tuesday, January 3, 2017 2:54 PM
> > To: dev@dpdk.org
> > Cc: Lu, Wenzhuo <wenzhuo.lu@intel.com>
> > Subject: [dpdk-dev] [PATCH v7 03/27] net/i40e: set VF MAC
> > anti-spoofing from PF
> >
> > Support enabling/disabling VF MAC anti-spoofing from PF.
> > User can call the API on PF to enable/disable a specific VF's MAC anti-
> spoofing.
> >
> > Signed-off-by: Wenzhuo Lu <wenzhuo.lu@intel.com>
> > ---
> >  drivers/net/i40e/i40e_ethdev.c            | 63
> > +++++++++++++++++++++++++++++++
> >  drivers/net/i40e/rte_pmd_i40e.h           | 19 ++++++++++
> >  drivers/net/i40e/rte_pmd_i40e_version.map |  1 +
> >  3 files changed, 83 insertions(+)
> >
> > diff --git a/drivers/net/i40e/i40e_ethdev.c
> > b/drivers/net/i40e/i40e_ethdev.c index fc7e987..68c07de 100644
> > --- a/drivers/net/i40e/i40e_ethdev.c
> > +++ b/drivers/net/i40e/i40e_ethdev.c
> > @@ -9723,3 +9723,66 @@ static void i40e_set_default_mac_addr(struct
> > rte_eth_dev *dev,
> >
> >  	return 0;
> >  }
> > +
> > +int
> > +rte_pmd_i40e_set_vf_mac_anti_spoof(uint8_t port, uint16_t vf_id,
> > +uint8_t on) {
> > +	struct rte_eth_dev *dev;
> > +	struct rte_eth_dev_info dev_info;
> > +	struct i40e_pf *pf;
> > +	struct i40e_vsi *vsi;
> > +	struct i40e_hw *hw;
> > +	struct i40e_vsi_context ctxt;
> > +	int ret;
> > +
> > +	RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV);
> > +
> > +	dev = &rte_eth_devices[port];
> > +	rte_eth_dev_info_get(port, &dev_info);
> > +
> Why need to call rte_eth_dev_info_get in driver?
> 
> > +	if (vf_id >= dev_info.max_vfs)
> > +		return -EINVAL;
> > +
> 
> Vf_id is already be checked by below, even I prefer :
> if (vf_id > pf->vf_num - 1 || !pf->vfs)
> to be
> if (!pf->vfs  || vf_id > pf->vf_num - 1) or if (!pf->vfs  || vf_id >= pf->vf_num)
Agree, I'll remove the max_vfs check.

> 
> > +	pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private);
> > +
Jingjing Wu Jan. 6, 2017, 12:33 a.m. UTC | #3 
> +
> +	vsi->info.valid_sections =
> cpu_to_le16(I40E_AQ_VSI_PROP_SECURITY_VALID);
> +	if (on)
> +		vsi->info.sec_flags |=
> I40E_AQ_VSI_SEC_FLAG_ENABLE_MAC_CHK;
> +	else
> +		vsi->info.sec_flags &=
> ~I40E_AQ_VSI_SEC_FLAG_ENABLE_MAC_CHK;
> +
> +	memset(&ctxt, 0, sizeof(ctxt));
> +	(void)rte_memcpy(&ctxt.info, &vsi->info, sizeof(vsi->info));
> +	ctxt.seid = vsi->seid;
> +
> +	hw = I40E_VSI_TO_HW(vsi);
> +	ret = i40e_aq_update_vsi_params(hw, &ctxt, NULL);
> +	if (ret != I40E_SUCCESS)
> +		PMD_DRV_LOG(ERR, "Failed to update VSI params");

If fails, will you revert the info in vsi struct?

> +
> +	return ret;

Please return eth dev lib error code, but not I40E_XXX
Wenzhuo Lu Jan. 6, 2017, 8:54 a.m. UTC | #4 
Hi Jingjing,

> -----Original Message-----
> From: Wu, Jingjing
> Sent: Friday, January 6, 2017 8:33 AM
> To: Lu, Wenzhuo; dev@dpdk.org
> Cc: Lu, Wenzhuo
> Subject: RE: [dpdk-dev] [PATCH v7 03/27] net/i40e: set VF MAC anti-spoofing
> from PF
> 
> > +
> > +	vsi->info.valid_sections =
> > cpu_to_le16(I40E_AQ_VSI_PROP_SECURITY_VALID);
> > +	if (on)
> > +		vsi->info.sec_flags |=
> > I40E_AQ_VSI_SEC_FLAG_ENABLE_MAC_CHK;
> > +	else
> > +		vsi->info.sec_flags &=
> > ~I40E_AQ_VSI_SEC_FLAG_ENABLE_MAC_CHK;
> > +
> > +	memset(&ctxt, 0, sizeof(ctxt));
> > +	(void)rte_memcpy(&ctxt.info, &vsi->info, sizeof(vsi->info));
> > +	ctxt.seid = vsi->seid;
> > +
> > +	hw = I40E_VSI_TO_HW(vsi);
> > +	ret = i40e_aq_update_vsi_params(hw, &ctxt, NULL);
> > +	if (ret != I40E_SUCCESS)
> > +		PMD_DRV_LOG(ERR, "Failed to update VSI params");
> 
> If fails, will you revert the info in vsi struct?
Will not. Just leverage the existing behavior. I think it has some good side as user should not try it again and again if not success.

> 
> > +
> > +	return ret;
> 
> Please return eth dev lib error code, but not I40E_XXX
Yes, will change it.
diff mbox

Patch

diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
index fc7e987..68c07de 100644
--- a/drivers/net/i40e/i40e_ethdev.c
+++ b/drivers/net/i40e/i40e_ethdev.c
@@ -9723,3 +9723,66 @@  static void i40e_set_default_mac_addr(struct rte_eth_dev *dev,
 
 	return 0;
 }
+
+int
+rte_pmd_i40e_set_vf_mac_anti_spoof(uint8_t port, uint16_t vf_id, uint8_t on)
+{
+	struct rte_eth_dev *dev;
+	struct rte_eth_dev_info dev_info;
+	struct i40e_pf *pf;
+	struct i40e_vsi *vsi;
+	struct i40e_hw *hw;
+	struct i40e_vsi_context ctxt;
+	int ret;
+
+	RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV);
+
+	dev = &rte_eth_devices[port];
+	rte_eth_dev_info_get(port, &dev_info);
+
+	if (vf_id >= dev_info.max_vfs)
+		return -EINVAL;
+
+	pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private);
+
+	if (vf_id > pf->vf_num - 1 || !pf->vfs) {
+		PMD_DRV_LOG(ERR, "Invalid argument.");
+		return -EINVAL;
+	}
+
+	vsi = pf->vfs[vf_id].vsi;
+	if (!vsi)
+		return -EINVAL;
+
+	/* Check if it has been already on or off */
+	if (vsi->info.valid_sections &
+		rte_cpu_to_le_16(I40E_AQ_VSI_PROP_SECURITY_VALID)) {
+		if (on) {
+			if ((vsi->info.sec_flags &
+			     I40E_AQ_VSI_SEC_FLAG_ENABLE_MAC_CHK) ==
+			    I40E_AQ_VSI_SEC_FLAG_ENABLE_MAC_CHK)
+				return 0; /* already on */
+		} else {
+			if ((vsi->info.sec_flags &
+			     I40E_AQ_VSI_SEC_FLAG_ENABLE_MAC_CHK) == 0)
+				return 0; /* already off */
+		}
+	}
+
+	vsi->info.valid_sections = cpu_to_le16(I40E_AQ_VSI_PROP_SECURITY_VALID);
+	if (on)
+		vsi->info.sec_flags |= I40E_AQ_VSI_SEC_FLAG_ENABLE_MAC_CHK;
+	else
+		vsi->info.sec_flags &= ~I40E_AQ_VSI_SEC_FLAG_ENABLE_MAC_CHK;
+
+	memset(&ctxt, 0, sizeof(ctxt));
+	(void)rte_memcpy(&ctxt.info, &vsi->info, sizeof(vsi->info));
+	ctxt.seid = vsi->seid;
+
+	hw = I40E_VSI_TO_HW(vsi);
+	ret = i40e_aq_update_vsi_params(hw, &ctxt, NULL);
+	if (ret != I40E_SUCCESS)
+		PMD_DRV_LOG(ERR, "Failed to update VSI params");
+
+	return ret;
+}
diff --git a/drivers/net/i40e/rte_pmd_i40e.h b/drivers/net/i40e/rte_pmd_i40e.h
index eb7a72b..52319cf 100644
--- a/drivers/net/i40e/rte_pmd_i40e.h
+++ b/drivers/net/i40e/rte_pmd_i40e.h
@@ -76,4 +76,23 @@  struct rte_pmd_i40e_mb_event_param {
  */
 int rte_pmd_i40e_ping_vfs(uint8_t port, uint16_t vf);
 
+/**
+ * Enable/Disable VF MAC anti spoofing.
+ *
+ * @param port
+ *    The port identifier of the Ethernet device.
+ * @param vf
+ *    VF on which to set MAC anti spoofing.
+ * @param on
+ *    1 - Enable VFs MAC anti spoofing.
+ *    0 - Disable VFs MAC anti spoofing.
+ * @return
+ *   - (0) if successful.
+ *   - (-ENODEV) if *port* invalid.
+ *   - (-EINVAL) if bad parameter.
+ */
+int rte_pmd_i40e_set_vf_mac_anti_spoof(uint8_t port,
+				       uint16_t vf_id,
+				       uint8_t on);
+
 #endif /* _PMD_I40E_H_ */
diff --git a/drivers/net/i40e/rte_pmd_i40e_version.map b/drivers/net/i40e/rte_pmd_i40e_version.map
index 3c6a192..0581209 100644
--- a/drivers/net/i40e/rte_pmd_i40e_version.map
+++ b/drivers/net/i40e/rte_pmd_i40e_version.map
@@ -7,5 +7,6 @@  DPDK_17.02 {
 	global:
 
 	rte_pmd_i40e_ping_vfs;
+	rte_pmd_i40e_set_vf_mac_anti_spoof;
 
 } DPDK_2.0;