lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 11 Jun 2014 07:37:12 -0700
From:	Jeff Kirsher <jeffrey.t.kirsher@...el.com>
To:	Or Gerlitz <or.gerlitz@...il.com>
Cc:	David Miller <davem@...emloft.net>,
	Mitch Williams <mitch.a.williams@...el.com>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
	"gospo@...hat.com" <gospo@...hat.com>,
	"sassmann@...hat.com" <sassmann@...hat.com>,
	Jesse Brandeburg <jesse.brandeburg@...el.com>
Subject: Re: [net-next 06/13] i40e: implement anti-spoofing for VFs

On Wed, 2014-06-11 at 15:43 +0300, Or Gerlitz wrote:
> On Wed, Jun 11, 2014 at 3:13 PM, Jeff Kirsher
> <jeffrey.t.kirsher@...el.com> wrote:
> > On Mon, 2014-06-09 at 22:49 +0300, Or Gerlitz wrote:
> >> On Mon, Jun 9, 2014 at 11:49 AM, Jeff Kirsher
> >> <jeffrey.t.kirsher@...el.com> wrote:
> >> > From: Mitch Williams <mitch.a.williams@...el.com>
> >> >
> >> > Our hardware supports VF antispoofing for both MAC addresses and VLANs.
> >> > Enable this feature by default for all VFs
> >>
> >> What do you expect the HW to do when spoof check is enabled (by
> >> default) but the admin didn't configure a MAC address for the VF
> >> through the PF? that is the VF is allowed to use what ever MAC they
> >> want to?
> >>
> >> > and implement the netdev op to control it from the command line.
> >
> > Here is the answer I got:
> > If the VF mac address is set within the VM and it is accepted by the PF,
> 
> When the admin doesn't configure MAC address for the VM, what logic is
> applied by the PF to decide whether or not to accept a VF MAC set by the VM?

If the PF has not set the MAC address, it will check for a valid MAC
address that is neither broadcast or all zeros.

Look at the add_addr message handler i40e_vc_add_mac_addr_msg() or more
specifically i40e_check_vf_permission(). 

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ