ice: Disable sniffing VF traffic on PF · tjh.dev/kernel@64439f8

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

ice: Disable sniffing VF traffic on PF

Delete code that add default Tx rule on PF. With this rule PF can see
Tx VF traffic that should go outside. For traffic from VF to another
VF default Tx rule on PF doesn't apply because of lower priority than
VF mac rule.

With this change on PF in promisc mode we can see only Rx traffic that
doesn't match any other rule (mac etc.). We can't see Tx traffic from
other VSI.

Signed-off-by: Michal Swiatkowski <michal.swiatkowski@intel.com>
Signed-off-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>

authored by

Michal Swiatkowski and committed by

Jeff Kirsher 7 years ago 64439f8f 06905270

+2 -22

1 changed file

expand all

drivers

net

ethernet

intel

ice

ice_main.c

+2 -22

drivers/net/ethernet/intel/ice/ice_main.c

··· 317 317 test_bit(ICE_VSI_FLAG_PROMISC_CHANGED, vsi->flags)) { 318 318 clear_bit(ICE_VSI_FLAG_PROMISC_CHANGED, vsi->flags); 319 319 if (vsi->current_netdev_flags & IFF_PROMISC) { 320 - /* Apply Tx filter rule to get traffic from VMs */ 321 - status = ice_cfg_dflt_vsi(hw, vsi->idx, true, 322 - ICE_FLTR_TX); 323 - if (status) { 324 - netdev_err(netdev, "Error setting default VSI %i tx rule\n", 325 - vsi->vsi_num); 326 - vsi->current_netdev_flags &= ~IFF_PROMISC; 327 - err = -EIO; 328 - goto out_promisc; 329 - } 330 320 /* Apply Rx filter rule to get traffic from wire */ 331 321 status = ice_cfg_dflt_vsi(hw, vsi->idx, true, 332 322 ICE_FLTR_RX); 333 323 if (status) { 334 - netdev_err(netdev, "Error setting default VSI %i rx rule\n", 324 + netdev_err(netdev, "Error setting default VSI %i Rx rule\n", 335 325 vsi->vsi_num); 336 326 vsi->current_netdev_flags &= ~IFF_PROMISC; 337 327 err = -EIO; 338 328 goto out_promisc; 339 329 } 340 330 } else { 341 - /* Clear Tx filter rule to stop traffic from VMs */ 342 - status = ice_cfg_dflt_vsi(hw, vsi->idx, false, 343 - ICE_FLTR_TX); 344 - if (status) { 345 - netdev_err(netdev, "Error clearing default VSI %i tx rule\n", 346 - vsi->vsi_num); 347 - vsi->current_netdev_flags |= IFF_PROMISC; 348 - err = -EIO; 349 - goto out_promisc; 350 - } 351 331 /* Clear Rx filter to remove traffic from wire */ 352 332 status = ice_cfg_dflt_vsi(hw, vsi->idx, false, 353 333 ICE_FLTR_RX); 354 334 if (status) { 355 - netdev_err(netdev, "Error clearing default VSI %i rx rule\n", 335 + netdev_err(netdev, "Error clearing default VSI %i Rx rule\n", 356 336 vsi->vsi_num); 357 337 vsi->current_netdev_flags |= IFF_PROMISC; 358 338 err = -EIO;