On Wed, 2010-09-22 at 15:58 -0700, Robert Love wrote: > > This means that we need to compare the FC Frame's > destination FCID against the embedded FCID in the > destination MAC address. This patch checks the lower > 24 bits of the destination MAC address against > destination FCID in the Fibre Channel frame. > > For MAC validation the first line of defense is the > hardware MAC filtering. Each VN_Port will have a > unicast MAC addresses added to the hardware's > filtering table. The Ethernet driver should drop any > MACs not destined for a programmed MAC.
If the NIC is in promiscous mode for some reason, the driver may not drop these packets, right? > This patch > adds a second line of defense that very specfically > compares an element in the FC frame against an element > in the Ethernet header, which is appropriate for the > FCoE layer. In which case, this check may not be sufficient. Am I missing something? > > Many alternative approaches were considered, including > a LLD callback from libfc. The second most reasonable > approach seemed to be walking the list of NPIV ports > and check each of their MAC addresses against the > destination MAC address of the received frame. The > problem with this approach was that it is likely that > performance would suffer with the more NPIV ports added > to the system since every received frame would need to > walk this list, comparing each entry's MAC. > _______________________________________________ devel mailing list [email protected] http://www.open-fcoe.org/mailman/listinfo/devel
