Hey Alex, I see your point the anti-spoofing is doing filtering. :) However this sort of filter was built around anti-spoofing concept. So this was never envisioned to extend to DST MAC's.
I imagine the approach of using VLAN's and not include the DST MAC's you want to isolate won't work for you? Sorry, -Don Skidmore <donald.c.skidm...@intel.com> > -----Original Message----- > From: alex nln [mailto:alex...@yahoo.com] > Sent: Tuesday, December 16, 2014 4:13 PM > To: Skidmore, Donald C; e1000-devel@lists.sourceforge.net > Subject: Re: [E1000-devel] filtering on mac dst address > > Correct me if I wrong, Don > > but traffic from VF can be filtered in the NIC on transmit path based on src > MAC and VLAN tag, aka MAC and VLAN anti-spoofing, so I wonder if the > same filtering is possible based on dst MAC? > > > Thanks > > > > On Tuesday, December 16, 2014 7:28 PM, "Skidmore, Donald C" > <donald.c.skidm...@intel.com> wrote: > Filtering below the VF driver isn't possible since with SRIOV we are literally > giving the queue to the VF driver. So there isn't anything between the VF > driver and the hardware (this included the PF driver). So there isn't > anything > to filter this traffic. > > I'm only the owner of the ixgbe and ixgbevf drivers but I don't believe > anything would be different for 82576. > > Thanks, > -Don Skidmore <donald.c.skidm...@intel.com> > > > > -----Original Message----- > > From: alex nln [mailto:alex...@yahoo.com] > > Sent: Monday, December 15, 2014 10:11 PM > > To: Skidmore, Donald C; e1000-devel@lists.sourceforge.net > > Subject: Re: [E1000-devel] filtering on mac dst address > > > > > > > > VF is not trusted so I mean to drop the frame in the NIC based on > > destination MAC, after it left the VF and before it hit the edge > > switch, > > > > Thanks > > > > > > > > On Tuesday, December 16, 2014 1:47 AM, "Skidmore, Donald C" > > <donald.c.skidm...@intel.com> wrote: > > > > I'm a little confused on what you're asking for here. You want the VF > > driver to filter traffic it is transmitting to a certain queue or drop > > the packet all together? > > > > Thanks, > > -Don Skidmore <donald.c.skidm...@intel.com> > > > > > > > -----Original Message----- > > > From: alex nln [mailto:alex...@yahoo.com] > > > Sent: Monday, December 15, 2014 6:26 AM > > > To: e1000-devel@lists.sourceforge.net > > > Subject: [E1000-devel] filtering on mac dst address > > > > > > Hello, > > > > > > as far as I know it is not possible to filter traffic transmitted > > > from VF according to the *destination* mac address, right? > > > I just wanted to make sure that I did not miss anything. I refer to > > > 82599 controller. > > > > > > Does it work the same for other Intel controllers (e.g 82576)? > > > > > > Thanks ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ E1000-devel mailing list E1000-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/e1000-devel To learn more about Intel® Ethernet, visit http://communities.intel.com/community/wired
