From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 9F4DBC48BC4 for ; Tue, 20 Feb 2024 12:24:40 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 2C5A9402E6; Tue, 20 Feb 2024 12:24:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M_DCdivqOpPq; Tue, 20 Feb 2024 12:24:39 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.166.34; helo=ash.osuosl.org; envelope-from=intel-wired-lan-bounces@osuosl.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 78722401D9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=osuosl.org; s=default; t=1708431879; bh=o+4UZpRoG+pfAj7R4sV0GGBfc7VJ8gf/qpqQ0VZ8BzU=; h=Date:From:To:References:In-Reply-To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Cc:From; b=nD8gsdGVPtRkkIcAvj+UtSTEMRUDWB1rQ3tJATG0XE1I0wIj9MD94SeYCH08MD7Wc wo7q7ZfRQ4H7+2zfmfb+e0HvANvP9khaa7VNt6DwjwaFbyuORshYwtx486DCVtT+Xm vE5lSxYlvNbSBbAkH1ZHZyWlGWnM+gdAyrpVgBBGOxB568ieIS0+tzn+PMvG/mBusw Jt7NM6H39+QAOaMTiY2fLKpKPhEeqgcsdgCRy7T3P6wqG5lDMHurZeOkJf/3/JA8SA gVGwyI+ChRch2TCJEsfouNiphHrWEmZ8Pr6uUo3dFXR8aY8V1YCRmp2nwpcon13VSM +6MX8tBH6/5XA== Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp4.osuosl.org (Postfix) with ESMTP id 78722401D9; Tue, 20 Feb 2024 12:24:39 +0000 (UTC) Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id C92831BF3A7 for ; Tue, 20 Feb 2024 12:24:38 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id C2012401D9 for ; Tue, 20 Feb 2024 12:24:38 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bl39moX8gWtb for ; Tue, 20 Feb 2024 12:24:38 +0000 (UTC) Received-SPF: None (mailfrom) identity=mailfrom; client-ip=198.175.65.12; helo=mgamail.intel.com; envelope-from=michal.swiatkowski@linux.intel.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp4.osuosl.org 8673640164 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 8673640164 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.12]) by smtp4.osuosl.org (Postfix) with ESMTPS id 8673640164 for ; Tue, 20 Feb 2024 12:24:37 +0000 (UTC) X-IronPort-AV: E=McAfee;i="6600,9927,10989"; a="13942159" X-IronPort-AV: E=Sophos;i="6.06,172,1705392000"; d="scan'208";a="13942159" Received: from orviesa001.jf.intel.com ([10.64.159.141]) by orvoesa104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Feb 2024 04:24:36 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.06,172,1705392000"; d="scan'208";a="42258584" Received: from unknown (HELO mev-dev) ([10.237.112.144]) by smtpauth.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Feb 2024 04:24:33 -0800 Date: Tue, 20 Feb 2024 13:24:29 +0100 From: Michal Swiatkowski To: Paul Menzel Message-ID: References: <20240220105950.6814-1-michal.swiatkowski@linux.intel.com> <20240220105950.6814-2-michal.swiatkowski@linux.intel.com> <30416589-7340-4ad3-8749-bef1f82743cb@molgen.mpg.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <30416589-7340-4ad3-8749-bef1f82743cb@molgen.mpg.de> X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1708431878; x=1739967878; h=date:from:to:cc:subject:message-id:references: mime-version:content-transfer-encoding:in-reply-to; bh=dsiLJ11h741l5GbdJat1YmQ4KzPfYnGD2H8KwKTyIaQ=; b=CSShEnXFJnXoMydfyxRjojbbrr970RHkORPCMxxT7Fn8WN45UwLh7CH3 SXurGjAcaA2QOunCdbfHu70Se/5hQg+LTawSvRvAWwCmf16gGia7lrpM/ 2TfAilXlV6LMpcZLPVeKthcHnFoPCgAyd8jFFIm4QV+Zhb11eQcbsaSJU DHGd3liyGQxcMFv6s6hAbSzqDKLXb3k7bj2VmLxFXj/WXKqiaA45Lu5TW tGohGN9UiIGK07qs0nGq6EcHJTnOuhnJOIR8nezflD178EPgPMi8BwUNp d4acYBc6VMy+HyMPtypkdGk5mJ+LFqZkTwMFN2mkfK8+iVWBSyL3YU//Y A==; X-Mailman-Original-Authentication-Results: smtp4.osuosl.org; dmarc=none (p=none dis=none) header.from=linux.intel.com X-Mailman-Original-Authentication-Results: smtp4.osuosl.org; dkim=pass (2048-bit key, unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256 header.s=Intel header.b=CSShEnXF Subject: Re: [Intel-wired-lan] [iwl-next v1 1/2] ice: tc: check src_vsi in case of traffic from VF X-BeenThere: intel-wired-lan@osuosl.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Intel Wired Ethernet Linux Kernel Driver Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: wojciech.drewek@intel.com, marcin.szycik@intel.com, sridhar.samudrala@intel.com, Jedrzej Jagielski , intel-wired-lan@lists.osuosl.org, netdev@vger.kernel.org Errors-To: intel-wired-lan-bounces@osuosl.org Sender: "Intel-wired-lan" On Tue, Feb 20, 2024 at 12:23:11PM +0100, Paul Menzel wrote: > Dear Michal, > > > Thank you for the patch. > Thanks for the review. > Am 20.02.24 um 11:59 schrieb Michal Swiatkowski: > > In case of traffic going from the VF (so ingress for port representor) > > there should be a check for source VSI. It is needed for hardware to not > > match packets from different port with filters added on other port. > > … from different port*s* …? > Will fix it. > > It is only for "from VF" traffic, because other traffic direction > > doesn't have source VSI. > > Do you have a test case to reproduce this? > I can add tc fileter call in v2. In short, any redirect from VF0 to uplink should allow going packets only from VF0, but currently it is also matching traffic from other VFs (like VF1, VF2, etc.) > > Reviewed-by: Jedrzej Jagielski > > Reviewed-by: Sridhar Samudrala > > Signed-off-by: Michal Swiatkowski > > --- > > drivers/net/ethernet/intel/ice/ice_tc_lib.c | 8 ++++++++ > > 1 file changed, 8 insertions(+) > > > > diff --git a/drivers/net/ethernet/intel/ice/ice_tc_lib.c b/drivers/net/ethernet/intel/ice/ice_tc_lib.c > > index b890410a2bc0..49ed5fd7db10 100644 > > --- a/drivers/net/ethernet/intel/ice/ice_tc_lib.c > > +++ b/drivers/net/ethernet/intel/ice/ice_tc_lib.c > > @@ -28,6 +28,8 @@ ice_tc_count_lkups(u32 flags, struct ice_tc_flower_lyr_2_4_hdrs *headers, > > * - ICE_TC_FLWR_FIELD_VLAN_TPID (present if specified) > > * - Tunnel flag (present if tunnel) > > */ > > + if (fltr->direction == ICE_ESWITCH_FLTR_EGRESS) > > + lkups_cnt++; > > Why does the count variable need to be incremented? > AS you wrote belowe it is needed to add another lookup. > > if (flags & ICE_TC_FLWR_FIELD_TENANT_ID) > > lkups_cnt++; > > @@ -363,6 +365,11 @@ ice_tc_fill_rules(struct ice_hw *hw, u32 flags, > > /* Always add direction metadata */ > > ice_rule_add_direction_metadata(&list[ICE_TC_METADATA_LKUP_IDX]); > > + if (tc_fltr->direction == ICE_ESWITCH_FLTR_EGRESS) { > > + ice_rule_add_src_vsi_metadata(&list[i]); > > + i++; > > + } > > + > > rule_info->tun_type = ice_sw_type_from_tunnel(tc_fltr->tunnel_type); > > if (tc_fltr->tunnel_type != TNL_LAST) { > > i = ice_tc_fill_tunnel_outer(flags, tc_fltr, list, i); > > @@ -820,6 +827,7 @@ ice_eswitch_add_tc_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr) > > /* specify the cookie as filter_rule_id */ > > rule_info.fltr_rule_id = fltr->cookie; > > + rule_info.src_vsi = vsi->idx; > > Besides the comment above being redundant (as the code does exactly that), > the new line looks like to belong to the comment. Please excuse my > ignorance, but the commit message only talks about adding checks and not > overwriting the `src_vsi`. It’d be great, if you could elaborate. > I will rephrase commit message to mark that it is not checking in code, but matching in hardware, thanks. > > ret = ice_add_adv_rule(hw, list, lkups_cnt, &rule_info, &rule_added); > > if (ret == -EEXIST) { > > > Kind regards, > > Paul