lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 11 Sep 2011 22:03:25 +0300
From:	"Michael S. Tsirkin" <mst@...hat.com>
To:	Roopa Prabhu <roprabhu@...co.com>
Cc:	Sridhar Samudrala <sri@...ibm.com>, netdev@...r.kernel.org,
	dragos.tatulea@...il.com, arnd@...db.de, dwang2@...co.com,
	benve@...co.com, kaber@...sh.net, davem@...emloft.net,
	eric.dumazet@...il.com, mchan@...adcom.com, kvm@...r.kernel.org
Subject: Re: [net-next-2.6 PATCH 0/3 RFC] macvlan: MAC Address filtering
 support for passthru mode

On Sun, Sep 11, 2011 at 06:18:01AM -0700, Roopa Prabhu wrote:
> 
> 
> 
> On 9/11/11 2:44 AM, "Michael S. Tsirkin" <mst@...hat.com> wrote:
> 
> >> 
> >> AFAIK, though it might maintain a single filter table space in hw, hw does
> >> know which filter belongs to which VF. And the OS driver does not need to do
> >> anything special. The VF driver exposes a VF netdev. And any uc/mc addresses
> >> registered with a VF netdev are registered with the hw by the driver. And hw
> >> will filter and send only pkts that the VF has expressed interest in.
> >> 
> >> No special filter partitioning in hw is required.
> >> 
> >> Thanks,
> >> Roopa
> > 
> > Yes, but what I mean is, if the size of the single filter table
> > is limited, we need to decide how many addresses is
> > each guest allowed. If we let one guest ask for
> > as many as it wants, it can lock others out.
> 
> Yes true. In these cases ie when the number of unicast addresses being
> registered is more than it can handle, The VF driver will put the VF  in
> promiscuous mode (Or at least its supposed to do. I think all drivers do
> that).
> 
> 
> Thanks,
> Roopa

Right, so that works at least but likely performs worse
than a hardware filter. So we better allocate it in
some fair way, as a minimum. Maybe a way for
the admin to control that allocation is useful.

-- 
MST
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ