{"id":806210,"url":"http://patchwork.ozlabs.org/api/1.0/covers/806210/?format=json","project":{"id":7,"url":"http://patchwork.ozlabs.org/api/1.0/projects/7/?format=json","name":"Linux network development","link_name":"netdev","list_id":"netdev.vger.kernel.org","list_email":"netdev@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null},"msgid":"<20170827110618.20599-1-saeedm@mellanox.com>","date":"2017-08-27T11:06:14","name":"[net-next,0/4] SRIOV VF VGT+ and violation counters support","submitter":{"id":65299,"url":"http://patchwork.ozlabs.org/api/1.0/people/65299/?format=json","name":"Saeed Mahameed","email":"saeedm@mellanox.com"},"series":[{"id":10,"url":"http://patchwork.ozlabs.org/api/1.0/series/10/?format=json","date":"2017-08-27T11:06:14","name":"SRIOV VF VGT+ and violation counters support","version":1,"mbox":"http://patchwork.ozlabs.org/series/10/mbox/"}],"headers":{"Return-Path":"<netdev-owner@vger.kernel.org>","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xgCCT3TzCz9s7v\n\tfor <patchwork-incoming@ozlabs.org>;\n\tSun, 27 Aug 2017 21:21:41 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751172AbdH0LVa (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tSun, 27 Aug 2017 07:21:30 -0400","from mail-il-dmz.mellanox.com ([193.47.165.129]:37292 \"EHLO\n\tmellanox.co.il\" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org\n\twith ESMTP id S1751116AbdH0LV3 (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Sun, 27 Aug 2017 07:21:29 -0400","from Internal Mail-Server by MTLPINE2 (envelope-from\n\tsaeedm@mellanox.com)\n\twith ESMTPS (AES256-SHA encrypted); 27 Aug 2017 14:21:24 +0300","from sws.mtl.labs.mlnx (reg-l-vrt-045-015.mtl.labs.mlnx\n\t[10.135.45.15])\n\tby labmailer.mlnx (8.13.8/8.13.8) with ESMTP id v7RBLOYA028221;\n\tSun, 27 Aug 2017 14:21:24 +0300"],"From":"Saeed Mahameed <saeedm@mellanox.com>","To":"\"David S. Miller\" <davem@davemloft.net>","Cc":"netdev@vger.kernel.org, Eugenia Emantayev <eugenia@mellanox.com>,\n\tSaeed Mahameed <saeedm@mellanox.com>","Subject":"[PATCH net-next 0/4] SRIOV VF VGT+ and violation counters support","Date":"Sun, 27 Aug 2017 14:06:14 +0300","Message-Id":"<20170827110618.20599-1-saeedm@mellanox.com>","X-Mailer":"git-send-email 2.13.0","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netdev.vger.kernel.org>","X-Mailing-List":"netdev@vger.kernel.org"},"content":"Hi Dave\n\nThis series provides two security SRIOV related features (VGT+ and VF violation counters).\n\nVGT+ is a security feature that gives the administrator the ability of controlling\nthe allowed VGT vlan IDs list that can be transmitted/received from/to the VF.\nThe allowed VGT vlan IDs list is called \"trunk\".\n\nAdmin can add/remove a range of allowed vlan-ids via iptool:\nip link set { DEVICE } [ vf NUM [ trunk { add | rem } START-VLAN-ID [ END-VLAN-ID ] [ proto VLAN-PROTO ] ] ]\n\nExample:\nAfter this series of configuration :\n1) ip link set eth3 vf 0 trunk add 10 100 (allow vlan-id 10-100, default tpid 0x8100)\n2) ip link set eth3 vf 0 trunk add 105 proto 802.1q (allow vlan-id 105 tpid 0x8100)\n3) ip link set eth3 vf 0 trunk add 105 proto 802.1ad (allow vlan-id 105 tpid 0x88a8)\n4) ip link set eth3 vf 0 trunk rem 90 (block vlan-id 90)\n5) ip link set eth3 vf 0 trunk rem 50 60 (block vlan-ids 50-60)\n\nVF 0 can only communicate on vlan-ids: 10-49,61-89,91-100,105 with tpid 0x8100 and vlan-id 105 with tpid 0x88a8.\n\nFor this purpose following net_device callbacks were added:\nint (*ndo_add_vf_vlan_trunk_range)(struct net_device *dev, int vf, u16 start_vid, u16 end_vid, __be16 proto);\nint (*ndo_del_vf_vlan_trunk_range)(struct net_device *dev, int vf, u16 start_vid, u16 end_vid, __be16 proto);\n\nThis feature is implemented and demonstrated in mlx5 via ACL steering tables and vlan rules attached to the VF's\ncorresponding E-Switch vport.\n\nI addition to VGT+ we introduce new set of counter to VF statistics, to collect counters for traffic violating\nVF ACL rules (such as VGT+ violation), for that we extend the current ifla_vf_stats to include rx_dropped/tx_dropped\nto be reported per VF.\n\nExample:\n> ip link set eth3 vf 0 trunk add 10 100\nVF 0 transmits 2412 packets on a vlan id not in [10,100] range will be dropped and reported in hypervisor\nvia:\n> ip -s link show dev enp5s0f0\"\n      6: enp5s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000\n        [...]\n\tvf 0 MAC 00:00:ca:fe:ca:fe, vlan 5, spoof checking off, link-state auto, trust off, query_rss off\n        RX: bytes  packets  mcast   bcast   dropped\n        1666       29       14         32      0\n        TX: bytes  packets   dropped\n        2880       44       2412\n\nThanks,\nSaeed.\n\nEugenia Emantayev (2):\n  net/core: Add violation counters to VF statisctics\n  net/mlx5e: E-switch, Add steering drop counters\n\nMohamad Haj Yahia (2):\n  net: Add SRIOV VGT+ support\n  net/mlx5: Add SRIOV VGT+ support\n\n drivers/net/ethernet/mellanox/mlx5/core/en_main.c  |  28 +\n drivers/net/ethernet/mellanox/mlx5/core/eswitch.c  | 589 +++++++++++++++++----\n drivers/net/ethernet/mellanox/mlx5/core/eswitch.h  |  31 +-\n drivers/net/ethernet/mellanox/mlx5/core/fs_core.h  |   2 +\n .../net/ethernet/mellanox/mlx5/core/fs_counters.c  |   6 +\n drivers/net/ethernet/mellanox/mlx5/core/vport.c    |  19 +-\n include/linux/if_link.h                            |   4 +\n include/linux/mlx5/vport.h                         |   6 +-\n include/linux/netdevice.h                          |  12 +\n include/uapi/linux/if_link.h                       |  22 +\n net/core/rtnetlink.c                               | 119 +++--\n 11 files changed, 681 insertions(+), 157 deletions(-)"}