From: David S. Miller Date: Wed, 4 May 2016 18:04:49 +0000 (-0400) Subject: Merge branch 'mlx5-sriov-updates' X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=3f7496aa72d3411579f996eb3998d1441906e99d;p=linux-beck.git Merge branch 'mlx5-sriov-updates' Saeed Mahameed says: ==================== Mellanox 100G ethernet SRIOV Upgrades This series introduces new features and upgrades for mlx5 etherenet SRIOV, while the first patch provides a bug fixes for a compilation issue introduced buy the previous aRFS series for when CONFIG_RFS_ACCEL=y and CONFIG_MLX5_CORE_EN=n. Changes from V0: - 1st patch: Don't add a new Kconfig flag. Instead, compile out en_arfs.c \ contents when CONFIG_RFS_ACCEL=n SRIOV upgrades: - Use synchronize_irq instead of the vport events spin_lock - Fix memory leak in error flow - Added full VST support - Spoofcheck support - Trusted VF promiscuous and allmulti support VST and Spoofcheck in details: - Adding Low level firmware commands support for creating ACLs (Access Control Lists) Flow tables. ACLs are regular flow tables with the only exception that they are bound to a specific e-Switch vport (VF) and they can be one of two types > egress ACL: filters traffic going from e-Switch to VF. > ingress ACL: filters traffic going from VF to e-Switch. - Ingress/Egress ACLs (per vport) for VF VST mode filtering. - Ingress/Egress ACLs (per vport) for VF spoofcheck filtering. - Ingress/Egress ACLs (per vport) configuration: > Created only when at least one of (VST, spoofcheck) is configured. > if (!spoofchk && !vst) allow all traffic. i.e. no ACLs. > if (spoofchk && vst) allow only untagged traffic with smac=original mac \ sent from the VF. > if (spoofchk && !vst) allow only traffic with smac=original mac sent from \ the VF. > if (!spoofchk && vst) allow only untagged traffic. Trusted VF promiscuous and allmulti support in details: - Added two flow groups for allmulti and promisc VFs to the e-Switch FDB table > Allmulti group: One rule that forwards any mcast traffic coming from either uplink or VFs/PF vports. > Promisc group: One rule that forwards all unmatched traffic coming from \ uplink. - Add vport context change event handling for promisc and allmulti If VF is trusted respect the request and: > if allmulti request: add the vport to the allmulti group. and to all other L2 mcast address in the FDB table. > if promisc request: add the vport to the promisc group. > Note: A promisc VF can only see traffic that was not explicitly matched to or requested by any other VF. ==================== Signed-off-by: David S. Miller --- 3f7496aa72d3411579f996eb3998d1441906e99d