diff options
author | David S. Miller <davem@davemloft.net> | 2016-05-04 21:04:49 +0300 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2016-05-04 21:04:49 +0300 |
commit | 3f7496aa72d3411579f996eb3998d1441906e99d (patch) | |
tree | 0e1b42ca6fa9b263db4d97e84b86c45cf1f0893f /net/ipv4/gre_demux.c | |
parent | 27540247c595b0244b96d4f65c8a09db3f2c1aa8 (diff) | |
parent | 1edc57e2b3d3bf8672bb1553dbd541cc94f54937 (diff) | |
download | linux-3f7496aa72d3411579f996eb3998d1441906e99d.tar.xz |
Merge branch 'mlx5-sriov-updates'
Saeed Mahameed says:
====================
Mellanox 100G ethernet SRIOV Upgrades
This series introduces new features and upgrades for mlx5 etherenet SRIOV,
while the first patch provides a bug fixes for a compilation issue introduced
buy the previous aRFS series for when CONFIG_RFS_ACCEL=y and CONFIG_MLX5_CORE_EN=n.
Changes from V0:
- 1st patch: Don't add a new Kconfig flag. Instead, compile out en_arfs.c \
contents when CONFIG_RFS_ACCEL=n
SRIOV upgrades:
- Use synchronize_irq instead of the vport events spin_lock
- Fix memory leak in error flow
- Added full VST support
- Spoofcheck support
- Trusted VF promiscuous and allmulti support
VST and Spoofcheck in details:
- Adding Low level firmware commands support for creating ACLs
(Access Control Lists) Flow tables. ACLs are regular flow tables with
the only exception that they are bound to a specific e-Switch vport (VF)
and they can be one of two types
> egress ACL: filters traffic going from e-Switch to VF.
> ingress ACL: filters traffic going from VF to e-Switch.
- Ingress/Egress ACLs (per vport) for VF VST mode filtering.
- Ingress/Egress ACLs (per vport) for VF spoofcheck filtering.
- Ingress/Egress ACLs (per vport) configuration:
> Created only when at least one of (VST, spoofcheck) is configured.
> if (!spoofchk && !vst) allow all traffic. i.e. no ACLs.
> if (spoofchk && vst) allow only untagged traffic with smac=original mac \
sent from the VF.
> if (spoofchk && !vst) allow only traffic with smac=original mac sent from \
the VF. > if (!spoofchk && vst) allow only untagged traffic.
Trusted VF promiscuous and allmulti support in details:
- Added two flow groups for allmulti and promisc VFs to the e-Switch FDB table
> Allmulti group: One rule that forwards any mcast traffic coming from
either uplink or VFs/PF vports.
> Promisc group: One rule that forwards all unmatched traffic coming from \
uplink.
- Add vport context change event handling for promisc and allmulti
If VF is trusted respect the request and:
> if allmulti request: add the vport to the allmulti group.
and to all other L2 mcast address in the FDB table.
> if promisc request: add the vport to the promisc group.
> Note: A promisc VF can only see traffic that was not explicitly matched to
or requested by any other VF.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/gre_demux.c')
0 files changed, 0 insertions, 0 deletions