| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 Aug 2016 10:02:57 +0000
From: Yuval Mintz <Yuval.Mintz@...gic.com>
To: Hariprasad Shenai <hariprasad@...lsio.com>
CC: netdev <netdev@...r.kernel.org>,
David Miller <davem@...emloft.net>,
"leedom@...lsio.com" <leedom@...lsio.com>,
"nirranjan@...lsio.com" <nirranjan@...lsio.com>
Subject: RE: [PATCH net-next 1/2] cxgb4/cxgb4vf: Add support for
ndo_set_vf_vlan
> > Are you preventing VGT configuration once VST is configured?
> > If not, what to prevent VM user from configuring vlan interfaces on
> > top of the VF, even if VST is configured?
> Again this misses documentation, what if VLAN interface is already configured in
> VM before VST is configured.
> Before there were callbacks to add/remove vlan interface, now that is removed
> how to achieve it?
> OR
> am I missing something?
I can only offer what our drivers [bnx2x, qed*] are doing -
- VST is achieved by FW adding the vlan tag [unknowingly to VF] on egress traffic,
and silently stripping the vlan tag from the incoming traffic [so VF driver never
sees the tag].
- Once VST is enabled, device [well, actually PF driver] would reject any further
requests for configuring VGT.
- Once VST is configured, device would silently drop any vlan-tagged egress
Traffic sent by VF, and would classify incoming traffic for that VF only if it's
tagged with the VGT vlan-id.
This has the effect of making existing vlan-interface over the VF completely
dysfunctional [as all transmissions from them would be dropped and they'll
never see any additional incoming traffic].
Powered by blists - more mailing lists