lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <EF50CC0C76A53A44BAD798C58E0A157E271E74C6@ORSMSX103.amr.corp.intel.com>
Date:	Tue, 13 Oct 2015 16:12:26 +0000
From:	"Singh, Krishneil K" <krishneil.k.singh@...el.com>
To:	Hiroshi Shimamoto <h-shimamoto@...jp.nec.com>,
	Or Gerlitz <gerlitz.or@...il.com>,
	Alexander Duyck <alexander.duyck@...il.com>,
	"Skidmore, Donald C" <donald.c.skidmore@...el.com>,
	"Rose, Gregory V" <gregory.v.rose@...el.com>,
	"Kirsher, Jeffrey T" <jeffrey.t.kirsher@...el.com>,
	"intel-wired-lan@...ts.osuosl.org" <intel-wired-lan@...ts.osuosl.org>,
	"nhorman@...hat.com" <nhorman@...hat.com>,
	"jogreene@...hat.com" <jogreene@...hat.com>,
	"Linux Netdev List" <netdev@...r.kernel.org>,
	"Choi, Sy Jong" <sy.jong.choi@...el.com>,
	Rony Efraim <ronye@...lanox.com>,
	Edward Cree <ecree@...arflare.com>,
	David Miller <davem@...emloft.net>,
	"sassmann@...hat.com" <sassmann@...hat.com>
Subject: RE: [Intel-wired-lan] [PATCH v8 3/3] ixgbe,	ixgbevf: Add new mbox
 API xcast mode


-----Original Message-----
From: Intel-wired-lan [mailto:intel-wired-lan-bounces@...ts.osuosl.org] On Behalf Of Hiroshi Shimamoto
Sent: Thursday, August 27, 2015 11:59 PM
To: Or Gerlitz <gerlitz.or@...il.com>; Alexander Duyck <alexander.duyck@...il.com>; Skidmore, Donald C <donald.c.skidmore@...el.com>; Rose, Gregory V <gregory.v.rose@...el.com>; Kirsher, Jeffrey T <jeffrey.t.kirsher@...el.com>; intel-wired-lan@...ts.osuosl.org; nhorman@...hat.com; jogreene@...hat.com; Linux Netdev List <netdev@...r.kernel.org>; Choi, Sy Jong <sy.jong.choi@...el.com>; Rony Efraim <ronye@...lanox.com>; Edward Cree <ecree@...arflare.com>; David Miller <davem@...emloft.net>; sassmann@...hat.com
Subject: [Intel-wired-lan] [PATCH v8 3/3] ixgbe, ixgbevf: Add new mbox API xcast mode

From: Hiroshi Shimamoto <h-shimamoto@...jp.nec.com>

The limitation of the number of multicast address for VF is not enough for the large scale server with SR-IOV feature. IPv6 requires the multicast MAC address for each IP address to handle the Neighbor Solicitation message. We couldn't assign over 30 IPv6 addresses to a single VF.

This patch introduces the new mailbox API, IXGBE_VF_UPDATE_XCAST_MODE, to update multicast mode of VF. This adds 3 modes;
  - NONE     only L2 exact match addresses or Flow Director enabled
  - MULTI    BAM and ROMPE set
  - ALLMULTI BAM, ROMPE and MPE set

If a guest VF user wants over 30 MAC multicast addresses, set IFF_ALLMULTI to request PF to update xcast mode to enable VF multicast promiscuous mode.

On the other hand, enabling VF multicast promiscuous mode may affect security and performance in the network of the NIC. Only trusted VF can enable multicast promiscuous mode. The behavior of untrusted VF is the same as previous version.

Signed-off-by: Hiroshi Shimamoto <h-shimamoto@...jp.nec.com>
---
 
Tested-by: Krishneil Singh <Krishneil.k.singh@...el.com>


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ