| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Oct 2015 16:12:26 +0000 From: "Singh, Krishneil K" <krishneil.k.singh@...el.com> To: Hiroshi Shimamoto <h-shimamoto@...jp.nec.com>, Or Gerlitz <gerlitz.or@...il.com>, Alexander Duyck <alexander.duyck@...il.com>, "Skidmore, Donald C" <donald.c.skidmore@...el.com>, "Rose, Gregory V" <gregory.v.rose@...el.com>, "Kirsher, Jeffrey T" <jeffrey.t.kirsher@...el.com>, "intel-wired-lan@...ts.osuosl.org" <intel-wired-lan@...ts.osuosl.org>, "nhorman@...hat.com" <nhorman@...hat.com>, "jogreene@...hat.com" <jogreene@...hat.com>, "Linux Netdev List" <netdev@...r.kernel.org>, "Choi, Sy Jong" <sy.jong.choi@...el.com>, Rony Efraim <ronye@...lanox.com>, Edward Cree <ecree@...arflare.com>, David Miller <davem@...emloft.net>, "sassmann@...hat.com" <sassmann@...hat.com> Subject: RE: [Intel-wired-lan] [PATCH v8 3/3] ixgbe, ixgbevf: Add new mbox API xcast mode -----Original Message----- From: Intel-wired-lan [mailto:intel-wired-lan-bounces@...ts.osuosl.org] On Behalf Of Hiroshi Shimamoto Sent: Thursday, August 27, 2015 11:59 PM To: Or Gerlitz <gerlitz.or@...il.com>; Alexander Duyck <alexander.duyck@...il.com>; Skidmore, Donald C <donald.c.skidmore@...el.com>; Rose, Gregory V <gregory.v.rose@...el.com>; Kirsher, Jeffrey T <jeffrey.t.kirsher@...el.com>; intel-wired-lan@...ts.osuosl.org; nhorman@...hat.com; jogreene@...hat.com; Linux Netdev List <netdev@...r.kernel.org>; Choi, Sy Jong <sy.jong.choi@...el.com>; Rony Efraim <ronye@...lanox.com>; Edward Cree <ecree@...arflare.com>; David Miller <davem@...emloft.net>; sassmann@...hat.com Subject: [Intel-wired-lan] [PATCH v8 3/3] ixgbe, ixgbevf: Add new mbox API xcast mode From: Hiroshi Shimamoto <h-shimamoto@...jp.nec.com> The limitation of the number of multicast address for VF is not enough for the large scale server with SR-IOV feature. IPv6 requires the multicast MAC address for each IP address to handle the Neighbor Solicitation message. We couldn't assign over 30 IPv6 addresses to a single VF. This patch introduces the new mailbox API, IXGBE_VF_UPDATE_XCAST_MODE, to update multicast mode of VF. This adds 3 modes; - NONE only L2 exact match addresses or Flow Director enabled - MULTI BAM and ROMPE set - ALLMULTI BAM, ROMPE and MPE set If a guest VF user wants over 30 MAC multicast addresses, set IFF_ALLMULTI to request PF to update xcast mode to enable VF multicast promiscuous mode. On the other hand, enabling VF multicast promiscuous mode may affect security and performance in the network of the NIC. Only trusted VF can enable multicast promiscuous mode. The behavior of untrusted VF is the same as previous version. Signed-off-by: Hiroshi Shimamoto <h-shimamoto@...jp.nec.com> --- Tested-by: Krishneil Singh <Krishneil.k.singh@...el.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists