[dpdk-dev,v7,04/27] net/i40e: set VF VLAN anti-spoofing from PF
Checks
Commit Message
Support enabling/disabling VF VLAN anti-spoofing from
PF.
User can call the API on PF to enable/disable a specific
VF's VLAN anti-spoofing.
Signed-off-by: Wenzhuo Lu <wenzhuo.lu@intel.com>
---
drivers/net/i40e/i40e_ethdev.c | 116 +++++++++++++++++++++++++++++-
drivers/net/i40e/i40e_ethdev.h | 1 +
drivers/net/i40e/rte_pmd_i40e.h | 19 +++++
drivers/net/i40e/rte_pmd_i40e_version.map | 1 +
4 files changed, 135 insertions(+), 2 deletions(-)
Comments
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Wenzhuo Lu
> Sent: Tuesday, January 3, 2017 2:54 PM
> To: dev@dpdk.org
> Cc: Lu, Wenzhuo <wenzhuo.lu@intel.com>
> Subject: [dpdk-dev] [PATCH v7 04/27] net/i40e: set VF VLAN anti-spoofing from
> PF
>
> Support enabling/disabling VF VLAN anti-spoofing from PF.
> User can call the API on PF to enable/disable a specific VF's VLAN anti-spoofing.
>
> Signed-off-by: Wenzhuo Lu <wenzhuo.lu@intel.com>
> ---
> drivers/net/i40e/i40e_ethdev.c | 116
> +++++++++++++++++++++++++++++-
> drivers/net/i40e/i40e_ethdev.h | 1 +
> drivers/net/i40e/rte_pmd_i40e.h | 19 +++++
> drivers/net/i40e/rte_pmd_i40e_version.map | 1 +
> 4 files changed, 135 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/i40e/i40e_ethdev.c b/drivers/net/i40e/i40e_ethdev.c
> index 68c07de..bcc59b2 100644
> --- a/drivers/net/i40e/i40e_ethdev.c
> +++ b/drivers/net/i40e/i40e_ethdev.c
> @@ -4418,6 +4418,7 @@ struct i40e_vsi *
> vsi->max_macaddrs = I40E_NUM_MACADDR_MAX;
> vsi->parent_vsi = uplink_vsi ? uplink_vsi : pf->main_vsi;
> vsi->user_param = user_param;
> + vsi->vlan_anti_spoof_on = 0;
> /* Allocate queues */
> switch (vsi->type) {
> case I40E_VSI_MAIN :
> @@ -5761,17 +5762,35 @@ struct i40e_vsi *
> uint16_t vlan_id, bool on)
> {
> uint32_t vid_idx, vid_bit;
> + struct i40e_hw *hw = I40E_VSI_TO_HW(vsi);
> + struct i40e_aqc_add_remove_vlan_element_data vlan_data = {0};
> + int ret;
>
> if (vlan_id > ETH_VLAN_ID_MAX)
> return;
>
> vid_idx = I40E_VFTA_IDX(vlan_id);
> vid_bit = I40E_VFTA_BIT(vlan_id);
> + vlan_data.vlan_tag = rte_cpu_to_le_16(vlan_id);
>
> - if (on)
> + if (on) {
> + if (vsi->vlan_anti_spoof_on) {
> + ret = i40e_aq_add_vlan(hw, vsi->seid,
> + &vlan_data, 1, NULL);
> + if (ret != I40E_SUCCESS)
> + PMD_DRV_LOG(ERR, "Failed to add vlan filter");
> + }
> vsi->vfta[vid_idx] |= vid_bit;
> - else
> + } else {
> + if (vsi->vlan_anti_spoof_on) {
> + ret = i40e_aq_remove_vlan(hw, vsi->seid,
> + &vlan_data, 1, NULL);
> + if (ret != I40E_SUCCESS)
> + PMD_DRV_LOG(ERR,
> + "Failed to remove vlan filter");
> + }
> vsi->vfta[vid_idx] &= ~vid_bit;
> + }
> }
>
The function i40e_set_vlan_filter is used to store the vlan info
in vsi structure. I think it will be better to move the hardware vlan filter handling
to i40e_vsi_add_vlan who called the i40e_set_vlan_filter function to let the
code more easy to maintain.
Thanks
Jingjing
Hi Jingjing,
> -----Original Message-----
> From: Wu, Jingjing
> Sent: Thursday, January 5, 2017 4:52 PM
> To: Lu, Wenzhuo; dev@dpdk.org
> Cc: Lu, Wenzhuo
> Subject: RE: [dpdk-dev] [PATCH v7 04/27] net/i40e: set VF VLAN anti-spoofing
> from PF
>
>
>
> > -----Original Message-----
> > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Wenzhuo Lu
> > Sent: Tuesday, January 3, 2017 2:54 PM
> > To: dev@dpdk.org
> > Cc: Lu, Wenzhuo <wenzhuo.lu@intel.com>
> > Subject: [dpdk-dev] [PATCH v7 04/27] net/i40e: set VF VLAN
> > anti-spoofing from PF
> >
> > Support enabling/disabling VF VLAN anti-spoofing from PF.
> > User can call the API on PF to enable/disable a specific VF's VLAN anti-
> spoofing.
> >
> > Signed-off-by: Wenzhuo Lu <wenzhuo.lu@intel.com>
> > ---
> > drivers/net/i40e/i40e_ethdev.c | 116
> > +++++++++++++++++++++++++++++-
> > drivers/net/i40e/i40e_ethdev.h | 1 +
> > drivers/net/i40e/rte_pmd_i40e.h | 19 +++++
> > drivers/net/i40e/rte_pmd_i40e_version.map | 1 +
> > 4 files changed, 135 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/net/i40e/i40e_ethdev.c
> > b/drivers/net/i40e/i40e_ethdev.c index 68c07de..bcc59b2 100644
> > --- a/drivers/net/i40e/i40e_ethdev.c
> > +++ b/drivers/net/i40e/i40e_ethdev.c
> > @@ -4418,6 +4418,7 @@ struct i40e_vsi *
> > vsi->max_macaddrs = I40E_NUM_MACADDR_MAX;
> > vsi->parent_vsi = uplink_vsi ? uplink_vsi : pf->main_vsi;
> > vsi->user_param = user_param;
> > + vsi->vlan_anti_spoof_on = 0;
> > /* Allocate queues */
> > switch (vsi->type) {
> > case I40E_VSI_MAIN :
> > @@ -5761,17 +5762,35 @@ struct i40e_vsi *
> > uint16_t vlan_id, bool on)
> > {
> > uint32_t vid_idx, vid_bit;
> > + struct i40e_hw *hw = I40E_VSI_TO_HW(vsi);
> > + struct i40e_aqc_add_remove_vlan_element_data vlan_data = {0};
> > + int ret;
> >
> > if (vlan_id > ETH_VLAN_ID_MAX)
> > return;
> >
> > vid_idx = I40E_VFTA_IDX(vlan_id);
> > vid_bit = I40E_VFTA_BIT(vlan_id);
> > + vlan_data.vlan_tag = rte_cpu_to_le_16(vlan_id);
> >
> > - if (on)
> > + if (on) {
> > + if (vsi->vlan_anti_spoof_on) {
> > + ret = i40e_aq_add_vlan(hw, vsi->seid,
> > + &vlan_data, 1, NULL);
> > + if (ret != I40E_SUCCESS)
> > + PMD_DRV_LOG(ERR, "Failed to add vlan
> filter");
> > + }
> > vsi->vfta[vid_idx] |= vid_bit;
> > - else
> > + } else {
> > + if (vsi->vlan_anti_spoof_on) {
> > + ret = i40e_aq_remove_vlan(hw, vsi->seid,
> > + &vlan_data, 1, NULL);
> > + if (ret != I40E_SUCCESS)
> > + PMD_DRV_LOG(ERR,
> > + "Failed to remove vlan filter");
> > + }
> > vsi->vfta[vid_idx] &= ~vid_bit;
> > + }
> > }
> >
> The function i40e_set_vlan_filter is used to store the vlan info in vsi structure. I
> think it will be better to move the hardware vlan filter handling to
> i40e_vsi_add_vlan who called the i40e_set_vlan_filter function to let the code
> more easy to maintain.
Thanks for the suggestion. I'll split it to 2 functions, one for storing, the other for HW setting.
>
>
> Thanks
> Jingjing
@@ -4418,6 +4418,7 @@ struct i40e_vsi *
vsi->max_macaddrs = I40E_NUM_MACADDR_MAX;
vsi->parent_vsi = uplink_vsi ? uplink_vsi : pf->main_vsi;
vsi->user_param = user_param;
+ vsi->vlan_anti_spoof_on = 0;
/* Allocate queues */
switch (vsi->type) {
case I40E_VSI_MAIN :
@@ -5761,17 +5762,35 @@ struct i40e_vsi *
uint16_t vlan_id, bool on)
{
uint32_t vid_idx, vid_bit;
+ struct i40e_hw *hw = I40E_VSI_TO_HW(vsi);
+ struct i40e_aqc_add_remove_vlan_element_data vlan_data = {0};
+ int ret;
if (vlan_id > ETH_VLAN_ID_MAX)
return;
vid_idx = I40E_VFTA_IDX(vlan_id);
vid_bit = I40E_VFTA_BIT(vlan_id);
+ vlan_data.vlan_tag = rte_cpu_to_le_16(vlan_id);
- if (on)
+ if (on) {
+ if (vsi->vlan_anti_spoof_on) {
+ ret = i40e_aq_add_vlan(hw, vsi->seid,
+ &vlan_data, 1, NULL);
+ if (ret != I40E_SUCCESS)
+ PMD_DRV_LOG(ERR, "Failed to add vlan filter");
+ }
vsi->vfta[vid_idx] |= vid_bit;
- else
+ } else {
+ if (vsi->vlan_anti_spoof_on) {
+ ret = i40e_aq_remove_vlan(hw, vsi->seid,
+ &vlan_data, 1, NULL);
+ if (ret != I40E_SUCCESS)
+ PMD_DRV_LOG(ERR,
+ "Failed to remove vlan filter");
+ }
vsi->vfta[vid_idx] &= ~vid_bit;
+ }
}
/**
@@ -9786,3 +9805,96 @@ static void i40e_set_default_mac_addr(struct rte_eth_dev *dev,
return ret;
}
+
+static int
+i40e_add_rm_all_vlan_filter(struct i40e_vsi *vsi, uint8_t add)
+{
+ uint32_t j, k;
+ uint16_t vlan_id;
+ struct i40e_hw *hw = I40E_VSI_TO_HW(vsi);
+ struct i40e_aqc_add_remove_vlan_element_data vlan_data = {0};
+ int ret;
+
+ for (j = 0; j < I40E_VFTA_SIZE; j++) {
+ if (!vsi->vfta[j])
+ continue;
+
+ for (k = 0; k < I40E_UINT32_BIT_SIZE; k++) {
+ if (!(vsi->vfta[j] & (1 << k)))
+ continue;
+
+ vlan_id = j * I40E_UINT32_BIT_SIZE + k;
+ vlan_data.vlan_tag = rte_cpu_to_le_16(vlan_id);
+ if (add)
+ ret = i40e_aq_add_vlan(hw, vsi->seid,
+ &vlan_data, 1, NULL);
+ else
+ ret = i40e_aq_remove_vlan(hw, vsi->seid,
+ &vlan_data, 1, NULL);
+ if (ret != I40E_SUCCESS) {
+ PMD_DRV_LOG(ERR,
+ "Failed to add/rm vlan filter");
+ return ret;
+ }
+ }
+ }
+
+ return I40E_SUCCESS;
+}
+
+int
+rte_pmd_i40e_set_vf_vlan_anti_spoof(uint8_t port, uint16_t vf_id, uint8_t on)
+{
+ struct rte_eth_dev *dev;
+ struct rte_eth_dev_info dev_info;
+ struct i40e_pf *pf;
+ struct i40e_vsi *vsi;
+ struct i40e_hw *hw;
+ struct i40e_vsi_context ctxt;
+ int ret;
+
+ RTE_ETH_VALID_PORTID_OR_ERR_RET(port, -ENODEV);
+
+ dev = &rte_eth_devices[port];
+ rte_eth_dev_info_get(port, &dev_info);
+
+ if (vf_id >= dev_info.max_vfs)
+ return -EINVAL;
+
+ pf = I40E_DEV_PRIVATE_TO_PF(dev->data->dev_private);
+
+ if (vf_id > pf->vf_num - 1 || !pf->vfs) {
+ PMD_DRV_LOG(ERR, "Invalid argument.");
+ return -EINVAL;
+ }
+
+ vsi = pf->vfs[vf_id].vsi;
+ if (!vsi)
+ return -EINVAL;
+
+ /* Check if it has been already on or off */
+ if (vsi->vlan_anti_spoof_on == on)
+ return 0; /* already on or off */
+
+ vsi->vlan_anti_spoof_on = on;
+ ret = i40e_add_rm_all_vlan_filter(vsi, on);
+ if (ret)
+ return ret;
+
+ vsi->info.valid_sections = cpu_to_le16(I40E_AQ_VSI_PROP_SECURITY_VALID);
+ if (on)
+ vsi->info.sec_flags |= I40E_AQ_VSI_SEC_FLAG_ENABLE_VLAN_CHK;
+ else
+ vsi->info.sec_flags &= ~I40E_AQ_VSI_SEC_FLAG_ENABLE_VLAN_CHK;
+
+ memset(&ctxt, 0, sizeof(ctxt));
+ (void)rte_memcpy(&ctxt.info, &vsi->info, sizeof(vsi->info));
+ ctxt.seid = vsi->seid;
+
+ hw = I40E_VSI_TO_HW(vsi);
+ ret = i40e_aq_update_vsi_params(hw, &ctxt, NULL);
+ if (ret != I40E_SUCCESS)
+ PMD_DRV_LOG(ERR, "Failed to update VSI params");
+
+ return ret;
+}
@@ -300,6 +300,7 @@ struct i40e_vsi {
uint16_t msix_intr; /* The MSIX interrupt binds to VSI */
uint16_t nb_msix; /* The max number of msix vector */
uint8_t enabled_tc; /* The traffic class enabled */
+ uint8_t vlan_anti_spoof_on; /* The VLAN anti-spoofing enabled */
struct i40e_bw_info bw_info; /* VSI bandwidth information */
};
@@ -95,4 +95,23 @@ int rte_pmd_i40e_set_vf_mac_anti_spoof(uint8_t port,
uint16_t vf_id,
uint8_t on);
+/**
+ * Enable/Disable VF VLAN anti spoofing.
+ *
+ * @param port
+ * The port identifier of the Ethernet device.
+ * @param vf
+ * VF on which to set VLAN anti spoofing.
+ * @param on
+ * 1 - Enable VFs VLAN anti spoofing.
+ * 0 - Disable VFs VLAN anti spoofing.
+ * @return
+ * - (0) if successful.
+ * - (-ENODEV) if *port* invalid.
+ * - (-EINVAL) if bad parameter.
+ */
+int rte_pmd_i40e_set_vf_vlan_anti_spoof(uint8_t port,
+ uint16_t vf_id,
+ uint8_t on);
+
#endif /* _PMD_I40E_H_ */
@@ -8,5 +8,6 @@ DPDK_17.02 {
rte_pmd_i40e_ping_vfs;
rte_pmd_i40e_set_vf_mac_anti_spoof;
+ rte_pmd_i40e_set_vf_vlan_anti_spoof;
} DPDK_2.0;