lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZeJ3u2x3Ihs8WQJn@lzaremba-mobl.ger.corp.intel.com>
Date: Sat, 2 Mar 2024 01:50:03 +0100
From: Larysa Zaremba <larysa.zaremba@...el.com>
To: Jakub Kicinski <kuba@...nel.org>
CC: Jiri Pirko <jiri@...nulli.us>, <intel-wired-lan@...ts.osuosl.org>,
	<netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>, Mateusz Pacuszka
	<mateuszx.pacuszka@...el.com>, Tony Nguyen <anthony.l.nguyen@...el.com>,
	Lukasz Plachno <lukasz.plachno@...el.com>, Jakub Buchocki
	<jakubx.buchocki@...el.com>, Pawel Kaminski <pawel.kaminski@...el.com>,
	Przemek Kitszel <przemyslaw.kitszel@...el.com>, Michal Swiatkowski
	<michal.swiatkowski@...ux.intel.com>, Mateusz Polchlopek
	<mateusz.polchlopek@...el.com>, "David S. Miller" <davem@...emloft.net>, Eric
 Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>, "Pawel
 Chmielewski" <pawel.chmielewski@...el.com>, Jesse Brandeburg
	<jesse.brandeburg@...el.com>
Subject: Re: [PATCH iwl-net 0/5] ice: LLDP support for VFs

On Fri, Mar 01, 2024 at 09:08:36AM -0800, Jakub Kicinski wrote:
> On Thu, 29 Feb 2024 20:33:04 +0100 Larysa Zaremba wrote:
> > > This is an LLDP agent which runs as part of the NIC FW, AFAIU, not about
> > > forwarding or filtering.
> > > 
> > > They already have the priv flag, so best to reuse that. If not possible
> > > we can explore options, but as Larysa mentioned herself in the cover
> > > letter sysfs is probably low on the preference list :(
> > 
> > FW agent is disabled NIC-wide, so only PF should be able to set such flag.
> 
> Sorry, then I misread. If it's about which VF gets the LLDP traffic
> from the _wire_, then I'm with Jiri. It's a basic forwarding problem,
> isn't it? Match on EtherType and forward?
>

For RX: match on Ethertype and mirror, every trusted VF should be able to scan 
neighbors.

For TX this is more complicated and is done not through eswitch, but through 
modifying security options, so do not think this would work with tc. So private 
flags are the best option? Our requirements say only a single VSI can transmit 
LLDP.

> > The lazy part of me likes the private flag direction, because just
> > replacing sysfs entries with corresponding private flags would make
> > patch look better while not changing the implementation much.
> > 
> > I guess, treating it like a normal eswitch configuration would be
> > ideal, but it would not be purely generic, as there is an added level
> > of complexity because of FW Agent interactions.
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ