From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 56D60D2F7 for ; Wed, 3 May 2023 15:42:51 +0000 (UTC) Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E0A645BAE for ; Wed, 3 May 2023 08:42:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1683128569; x=1714664569; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=KVBqXsjkWRIKinHgPA9ERiaTrD9xuscS08sMf2MVSFE=; b=k4+B/YAXkDuN/JOgR2301feMuwMjWGHTfp2yD2lBQOEWwrU41Sgtqera k9E4PPIxUxm5HlxzJ4dmNlJ/BHWRjOenJXDGlogSg5J74f0+V6vVLRlXZ qwPtmpFNBKlRXTKOqIAtp/aFY1w1IZNeyxbxXZn10dmclVsVgsNPlQdys gRfqC21TP8PZIpnCGLYNj0AaaXuS/1CuSjvebkR8iY83mMAgvPCj6R/uP CIhcDyb78l9sF/Ws84Sp/ODZf7HG9l+RNCKgHBP/mem6L+fNwXeVGiFNo WABKM2+nW4r797lXaswRHoK2IDFGD4pVa3XRAmmgoqg5mHJ9ZlATwbADo Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10699"; a="328313492" X-IronPort-AV: E=Sophos;i="5.99,247,1677571200"; d="scan'208";a="328313492" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 May 2023 08:42:49 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10699"; a="761529421" X-IronPort-AV: E=Sophos;i="5.99,247,1677571200"; d="scan'208";a="761529421" Received: from anguy11-upstream.jf.intel.com ([10.166.9.133]) by fmsmga008.fm.intel.com with ESMTP; 03 May 2023 08:42:49 -0700 From: Tony Nguyen To: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com, edumazet@google.com, netdev@vger.kernel.org Cc: Michal Swiatkowski , anthony.l.nguyen@intel.com, Sujai Buvaneswaran , George Kuruvinakunnel , Simon Horman Subject: [PATCH net] ice: block LAN in case of VF to VF offload Date: Wed, 3 May 2023 08:39:35 -0700 Message-Id: <20230503153935.2372898-1-anthony.l.nguyen@intel.com> X-Mailer: git-send-email 2.38.1 Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_PASS,SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net From: Michal Swiatkowski VF to VF traffic shouldn't go outside. To enforce it, set only the loopback enable bit in case of all ingress type rules added via the tc tool. Fixes: 0d08a441fb1a ("ice: ndo_setup_tc implementation for PF") Reported-by: Sujai Buvaneswaran Signed-off-by: Michal Swiatkowski Tested-by: George Kuruvinakunnel Reviewed-by: Simon Horman Signed-off-by: Tony Nguyen --- drivers/net/ethernet/intel/ice/ice_tc_lib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/intel/ice/ice_tc_lib.c b/drivers/net/ethernet/intel/ice/ice_tc_lib.c index 76f29a5bf8d7..d1a31f236d26 100644 --- a/drivers/net/ethernet/intel/ice/ice_tc_lib.c +++ b/drivers/net/ethernet/intel/ice/ice_tc_lib.c @@ -693,17 +693,18 @@ ice_eswitch_add_tc_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr) * results into order of switch rule evaluation. */ rule_info.priority = 7; + rule_info.flags_info.act_valid = true; if (fltr->direction == ICE_ESWITCH_FLTR_INGRESS) { rule_info.sw_act.flag |= ICE_FLTR_RX; rule_info.sw_act.src = hw->pf_id; rule_info.rx = true; + rule_info.flags_info.act = ICE_SINGLE_ACT_LB_ENABLE; } else { rule_info.sw_act.flag |= ICE_FLTR_TX; rule_info.sw_act.src = vsi->idx; rule_info.rx = false; rule_info.flags_info.act = ICE_SINGLE_ACT_LAN_ENABLE; - rule_info.flags_info.act_valid = true; } /* specify the cookie as filter_rule_id */ -- 2.38.1