> On Wed, 2015-02-25 at 00:51 +0000, Hiroshi Shimamoto wrote: > > > Subject: Re: [E1000-devel] [PATCH] ixgbe: make VLAN filter > > conditional in SR-IOV case > > > > > > On Thu, 2014-11-13 at 08:28 +0000, Hiroshi Shimamoto wrote: > > > > From: Hiroshi Shimamoto <h-shimam...@ct.jp.nec.com> > > > > > > > > Disable hardware VLAN filtering if netdev->features VLAN flag is > > > > dropped. > > > > > > > > In SR-IOV case, there is a use case which needs to disable VLAN > > > > filter. > > > > For example, we need to make a network function with VF in > > virtualized > > > > environment. That network function may be a software switch, a > > router > > > > or etc. It means that that network function will be an end point > > which > > > > terminates many VLANs. > > > > > > > > In the current implementation, VLAN filtering always be turned on > > and > > > > VF can receive only 63 VLANs. It means that only 63 VLANs can be > > used > > > > and it's not enough at all for building a virtual router. > > > > > > > > With this patch, if the user turns VLAN filtering off on the host, > > VF > > > > can receive every VLAN packet. > > > > The behavior is changed only if VLAN filtering is turned off by > > > > ethtool. > > > > > > > > Signed-off-by: Hiroshi Shimamoto <h-shimam...@ct.jp.nec.com> > > > > CC: Choi, Sy Jong <sy.jong.c...@intel.com> > > > > --- > > > > drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 10 ++++++++++ > > > > drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 4 ++++ > > > > 2 files changed, 14 insertions(+) > > > > > > Thanks Hiroshi, I will add your patch to my queue. > > > > How about this patch? > > It hasn't been in your tree,. > > Is there any issue? > > This patch was dropped for two reasons. First was Ben Hutchings issues > with the patch needed to be addressed. Second, was due to a possible > security hole which is why VLAN filtering was not disabled in SRIOV > mode, where isolation is lost between VMs. > > If you want to continue going forward with this change, a warning > message should be added, at least, warning the user of the possible > security issues.
okay, I understand. I will submit a patch which has warning message. thanks, Hiroshi ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ E1000-devel mailing list E1000-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/e1000-devel To learn more about Intel® Ethernet, visit http://communities.intel.com/community/wired
