lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 22 Aug 2016 16:09:04 +0300
From:   Mohamad Haj Yahia <mohamadhajyahia.mellanox@...il.com>
To:     domingo montoya <reach.domingomontoya@...il.com>
Cc:     Linux Netdev List <netdev@...r.kernel.org>
Subject: Re: mlx5 VST and VGT mode at the same time

On Thu, Aug 18, 2016 at 12:41 PM, domingo montoya
<reach.domingomontoya@...il.com> wrote:
> Hi All,
>
> Is there any way we can support both VST and VGT modes at the same time in mlx5?
>
> For e.g,
>
> If i send untagged packets from the VF, they should be tagged with the
> VST vlan and the vlan be stripped for received packets.
>
> If i send tagged packets from the VF, they should be send as it and no
> tag inserted for these and also the vlan tag not stripped for received
> packets.
>
> Any way we can achieve this?
>
>
> I understand that in the latest code these features are mutually exclusive.
>
> But if we have a requirement like this, any ideas on how to go about
> implementing the same.
>
> Few observations:
>
> After going through the code, I figured out that for VST mode, we run
> MODIFY_ESW_VPORT_CONTEXT and as part of this set the flag to strip the
> vlan from the received packets. In case of VGT mode, because of this
> command, the tags set by the VF driver also get stripped.
>
>
>
> Thanks a lot!
>
>
> Best Regards,
> Domingo

Hi Domingo,

Unfortunately there is a HW limitation that prevent VGT working
besides VST on the same VF.
Since the stripping feature is global attribute for all the VF
incoming vlans, if we enable both modes you will see that the VGT
traffic vlan also stripped and thus it will arrive to the VF as
untagged.
Because of this limitation we blocked the outgoing vlan tagged traffic
from a VF that is in VST mode and also dropped incoming vlan tagged
packets targeting that VF with a different vlan than the VF vlan-id.
The VGT and VST mutual exclusive enforcement is done by VF ACL ingress
and egress flow tables.

Thanks,
Mohamad

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ