On Fri, Nov 1, 2019 at 6:03 AM Thomas Monjalon <tho...@monjalon.net> wrote: > > 30/10/2019 10:15, Jerin Jacob: > > On Wed, Oct 30, 2019 at 2:26 PM Thomas Monjalon <tho...@monjalon.net> wrote: > > > > > > 30/10/2019 05:08, Jerin Jacob: > > > > On Wed, Oct 30, 2019 at 12:21 AM Thomas Monjalon <tho...@monjalon.net> > > > > wrote: > > > > > > > > > > In a virtual environment, the network controller may have to configure > > > > > some SR-IOV VF parameters for security reasons. > > > > > > > > Just to understand, Could you explain more details/examples for > > > > security reasons? > > > > > > Examples are setting the MAC address or the promiscuous mode. > > > These settings should be decided by the hypervisor, > > > and not freely set by the VM. > > > > What is hypervisor here, rte_flow based DPDK application over using > > port representor? > > Yes, something like that. An example is OpenStack/OVS.
So it is more of an orchestration primitive. Not the security primitive as mentioned above, Because in case the kernel will approve the data set from the guest. Right?
