ixgbe: add flow control ethertype to the anti-spoofing filter

Orabug: 23177316

This patch makes sure that flow control packets initiated by the VF are
dropped and reported as spoofed.

Flow control packets can be used to limit the throughput or as DOS
attack when generated from a VF. Flow control is not supported per VF
hence any pause frames generated from a VF are considered malicious.

Also cleaned up indentation and some redundant comments.

Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com>
Tested-by: Krishneil Singh <krishneil.k.singh@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
(cherry picked from commit f079fa005aae08ee0e1bc32699874ff4f02e11c1)
Signed-off-by: Brian Maly <brian.maly@oracle.com>

diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
index 7334296be3f0feaef4a176220000d4203c15372a..36716cbbf0acdc10c316d3892af9911f047edfa2 100644 (file)
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
@@ -3724,14 +3724,20 @@ static void ixgbe_configure_virtualization(struct ixgbe_adapter *adapter)
        hw->mac.ops.set_mac_anti_spoofing(hw, (adapter->num_vfs != 0),
                                          adapter->num_vfs);
 
-       /* Ensure LLDP is set for Ethertype Antispoofing if we will be
+       /* Ensure LLDP and FC is set for Ethertype Antispoofing if we will be
         * calling set_ethertype_anti_spoofing for each VF in loop below
         */
-       if (hw->mac.ops.set_ethertype_anti_spoofing)
+       if (hw->mac.ops.set_ethertype_anti_spoofing) {
                IXGBE_WRITE_REG(hw, IXGBE_ETQF(IXGBE_ETQF_FILTER_LLDP),
-                               (IXGBE_ETQF_FILTER_EN    | /* enable filter */
-                                IXGBE_ETQF_TX_ANTISPOOF | /* tx antispoof */
-                                IXGBE_ETH_P_LLDP));       /* LLDP eth type */
+                               (IXGBE_ETQF_FILTER_EN    |
+                                IXGBE_ETQF_TX_ANTISPOOF |
+                                IXGBE_ETH_P_LLDP));
+
+               IXGBE_WRITE_REG(hw, IXGBE_ETQF(IXGBE_ETQF_FILTER_FC),
+                               (IXGBE_ETQF_FILTER_EN |
+                                IXGBE_ETQF_TX_ANTISPOOF |
+                                ETH_P_PAUSE));
+       }
 
        /* For VFs that have spoof checking turned off */
        for (i = 0; i < adapter->num_vfs; i++) {

diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h b/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h
index 939c90c4ff3917871b583c2584733554a92ebdfb..995f03107eacd03511dab6aa8e342a6c474375e1 100644 (file)
--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h
+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h
@@ -1752,6 +1752,9 @@ enum {
  *    FCoE (0x8906):         Filter 2
  *    1588 (0x88f7):         Filter 3
  *    FIP  (0x8914):         Filter 4
+ *    LLDP (0x88CC):         Filter 5
+ *    LACP (0x8809):         Filter 6
+ *    FC   (0x8808):         Filter 7
  */
 #define IXGBE_ETQF_FILTER_EAPOL          0
 #define IXGBE_ETQF_FILTER_FCOE           2
@@ -1759,6 +1762,7 @@ enum {
 #define IXGBE_ETQF_FILTER_FIP            4
 #define IXGBE_ETQF_FILTER_LLDP          5
 #define IXGBE_ETQF_FILTER_LACP          6
+#define IXGBE_ETQF_FILTER_FC            7
 
 /* VLAN Control Bit Masks */
 #define IXGBE_VLNCTRL_VET       0x0000FFFF  /* bits 0-15 */