lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 4 Dec 2016 08:58:42 +0530 From: domingo montoya <reach.domingomontoya@...il.com> To: Mohamad Haj Yahia <mohamadhajyahia.mellanox@...il.com> Cc: Linux Netdev List <netdev@...r.kernel.org> Subject: Re: mlx5 VST and VGT mode at the same time Thanks a lot Mohamad. This is really helpful. On Mon, Aug 22, 2016 at 6:39 PM, Mohamad Haj Yahia <mohamadhajyahia.mellanox@...il.com> wrote: > On Thu, Aug 18, 2016 at 12:41 PM, domingo montoya > <reach.domingomontoya@...il.com> wrote: >> Hi All, >> >> Is there any way we can support both VST and VGT modes at the same time in mlx5? >> >> For e.g, >> >> If i send untagged packets from the VF, they should be tagged with the >> VST vlan and the vlan be stripped for received packets. >> >> If i send tagged packets from the VF, they should be send as it and no >> tag inserted for these and also the vlan tag not stripped for received >> packets. >> >> Any way we can achieve this? >> >> >> I understand that in the latest code these features are mutually exclusive. >> >> But if we have a requirement like this, any ideas on how to go about >> implementing the same. >> >> Few observations: >> >> After going through the code, I figured out that for VST mode, we run >> MODIFY_ESW_VPORT_CONTEXT and as part of this set the flag to strip the >> vlan from the received packets. In case of VGT mode, because of this >> command, the tags set by the VF driver also get stripped. >> >> >> >> Thanks a lot! >> >> >> Best Regards, >> Domingo > > Hi Domingo, > > Unfortunately there is a HW limitation that prevent VGT working > besides VST on the same VF. > Since the stripping feature is global attribute for all the VF > incoming vlans, if we enable both modes you will see that the VGT > traffic vlan also stripped and thus it will arrive to the VF as > untagged. > Because of this limitation we blocked the outgoing vlan tagged traffic > from a VF that is in VST mode and also dropped incoming vlan tagged > packets targeting that VF with a different vlan than the VF vlan-id. > The VGT and VST mutual exclusive enforcement is done by VF ACL ingress > and egress flow tables. > > Thanks, > Mohamad
Powered by blists - more mailing lists