mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-08-05 16:54:27 +00:00
c87c938f62
VFs by default are able to see all tagged traffic regardless of trust and VLAN filters configured. Add new private flag vf-vlan-pruning that allows changing of default VF behavior for tagged traffic. When the flag is turned on untrusted VF will only be able to receive untagged traffic or traffic with VLAN tags it has created interfaces for The flag is off by default and can only be changed if there are no VFs spawned on the PF. This flag will only be effective when no PVID is set on VF and VF is not trusted. Add new function that computes the correct VLAN ID for VF VLAN filters based on trust, PVID, vf-vlan-prune-disable flag and current VLAN ID. Testing Hints: Test 1: vf-vlan-pruning == off ============================== 1. Set the private flag > ethtool --set-priv-flag eth0 vf-vlan-pruning off (default setting) 2. Use scapy to send any VLAN tagged traffic and make sure the VF receives all VLAN tagged traffic that matches its destination MAC filters (unicast, multicast, and broadcast). Test 2: vf-vlan-pruning == on ============================== 1. Set the private flag > ethtool --set-priv-flag eth0 vf-vlan-pruning on 2. Use scapy to send any VLAN tagged traffic and make sure the VF does not receive any VLAN tagged traffic that matches its destination MAC filters (unicast, multicast, and broadcast). 3. Add a VLAN filter on the VF netdev > ip link add link eth0v0 name vlan10 type vlan id 10 4. Bring the VLAN netdev up > ip link set vlan10 up 4. Use scapy to send traffic with VLAN 10, VLAN 11 (anything not VLAN 10), and untagged traffic. Make sure the VF only receives VLAN 10 and untagged traffic when the link partner is sending. Test 3: vf-vlan-pruning == off && VF is in a port VLAN ============================== 1. Set the private flag > ethtool --set-priv-flag eth0 vf-vlan-pruning off (default setting) 2. Create a VF > echo 1 > sriov_numvfs 3. Put the VF in a port VLAN > ip link set eth0 vf 0 vlan 10 4. Use scapy to send traffic with VLAN 10 and VLAN 11 (anything not VLAN 10) and make sure the VF only receives untagged traffic when the link partner is sending VLAN 10 tagged traffic as the VLAN tag is expected to be stripped by HW for port VLANs and not visible to the VF. Test 4: Change vf-vlan-pruning while VFs are created ============================== echo 0 > sriov_numvfs ethtool --set-priv-flag eth0 vf-vlan-pruning off echo 1 > sriov_numvfs ethtool --set-priv-flag eth0 vf-vlan-pruning on (expect failure) Signed-off-by: Sylwester Dziedziuch <sylwesterx.dziedziuch@intel.com> Signed-off-by: Przemyslaw Patynowski <przemyslawx.patynowski@intel.com> Signed-off-by: Mateusz Palczewski <mateusz.palczewski@intel.com> Tested-by: Konrad Jankowski <konrad0.jankowski@intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com> |
||
|---|---|---|
| .. | ||
| appletalk | ||
| arcnet | ||
| bonding | ||
| caif | ||
| can | ||
| dsa | ||
| ethernet | ||
| fddi | ||
| fjes | ||
| hamradio | ||
| hippi | ||
| hyperv | ||
| ieee802154 | ||
| ipa | ||
| ipvlan | ||
| mctp | ||
| mdio | ||
| netdevsim | ||
| pcs | ||
| phy | ||
| plip | ||
| ppp | ||
| slip | ||
| team | ||
| usb | ||
| vmxnet3 | ||
| vxlan | ||
| wan | ||
| wireguard | ||
| wireless | ||
| wwan | ||
| xen-netback | ||
| amt.c | ||
| bareudp.c | ||
| dummy.c | ||
| eql.c | ||
| geneve.c | ||
| gtp.c | ||
| ifb.c | ||
| Kconfig | ||
| LICENSE.SRC | ||
| loopback.c | ||
| macsec.c | ||
| macvlan.c | ||
| macvtap.c | ||
| Makefile | ||
| mdio.c | ||
| mhi_net.c | ||
| mii.c | ||
| net_failover.c | ||
| netconsole.c | ||
| nlmon.c | ||
| ntb_netdev.c | ||
| rionet.c | ||
| sb1000.c | ||
| Space.c | ||
| sungem_phy.c | ||
| tap.c | ||
| thunderbolt.c | ||
| tun.c | ||
| veth.c | ||
| virtio_net.c | ||
| vrf.c | ||
| vsockmon.c | ||
| xen-netfront.c | ||