lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200910070016.GT2997@nanopsycho.orion>
Date:   Thu, 10 Sep 2020 09:00:16 +0200
From:   Jiri Pirko <jiri@...nulli.us>
To:     Thomas Falcon <tlfalcon@...ux.ibm.com>
Cc:     Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org,
        jiri@...dia.com
Subject: Re: Exposing device ACL setting through devlink

Tue, Sep 08, 2020 at 08:27:13PM CEST, tlfalcon@...ux.ibm.com wrote:
>On 9/4/20 5:37 PM, Jakub Kicinski wrote:
>> On Fri, 4 Sep 2020 10:31:41 +0200 Jiri Pirko wrote:
>> > Thu, Sep 03, 2020 at 07:59:45PM CEST, tlfalcon@...ux.ibm.com wrote:
>> > > Hello, I am trying to expose MAC/VLAN ACL and pvid settings for IBM
>> > > VNIC devices to administrators through devlink (originally through
>> > > sysfs files, but that was rejected in favor of devlink). Could you
>> > > give any tips on how you might go about doing this?
>> > Tom, I believe you need to provide more info about what exactly do you
>> > need to setup. But from what you wrote, it seems like you are looking
>> > for bridge/tc offload. The infra is already in place and drivers are
>> > implementing it. See mlxsw for example.
>> I think Tom's use case is effectively exposing the the VF which VLANs
>> and what MAC addrs it can use. Plus it's pvid. See:
>> 
>> https://www.spinics.net/lists/netdev/msg679750.html
>
>Thanks, Jakub,
>
>Right now, the use-case is to expose the allowed VLAN's and MAC addresses and
>the VF's PVID. Other use-cases may be explored later on though.

Who is configuring those?

What does mean "allowed MAC address"? Does it mean a MAC address that VF
can use to send packet as a source MAC?

What does mean "allowed VLAN"? VF is sending vlan tagged frames and only
some VIDs are allowed.

Pardon my ignorance, this may be routine in the nic world. However I
find the desc very vague. Please explain in details, then we can try to
find fitting solution.

Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ