Hi Stephen,
> -----Original Message----- > From: Stephen Hemminger [mailto:stephen at networkplumber.org] > Sent: Thursday, February 25, 2016 1:04 AM > To: Lu, Wenzhuo > Cc: dev at dpdk.org > Subject: Re: [dpdk-dev] [PATCH] doc: Malicious Driver Detection not supported > by ixgbe > > On Wed, 24 Feb 2016 13:33:04 +0800 > Wenzhuo Lu <wenzhuo.lu at intel.com> wrote: > > > + On Intel x550 series NICs, HW supports a feature called MDD > > + (Malcicious Driver Detection). > > + MDD is used to check the behavior of the VF driver. It means when > > + transmitting packets, the VF must use the advanced context descriptor and > set it correctly. > > + And VF must set the CC (Check Context) bit either. > > This is hard sentence to read, why not reword as: > > The Intel x550 series NIC's support1 a feature called MDD (Malcicious Driver > Detection) which checks the behavior of the VF driver. > If this feature is enabled, the VF must use the advanced context descriptor > correctly and set the CC (Check Context) bit. Thanks for the suggestion. I'll try to make it better :) > > > > + DPDK PF doesn't support MDD. We may hit problem in this scenario > > + kernel PF + DPDK VF. If user enables MDD in kernel PF, DPDK VF will > > + not work. Because kernel PF thinks the VF is malicious. But > > + actually it's not. The only reason is the VF doesn't act as MDD required. > > + There's significant performance impact to support MDD. DPDK should > > + check if the advanced context descriptor should be set and set it. > > + And DPDK has to ask the info about the header length from the upper > > + layer, because parsing the packet itself is not acceptale. So, it's too > expensive to support MDD. > > + When using kernel PF + DPDK VF on x550, please make sure using the > > + kernel driver that disables MDD or can disable MDD. (Some kernel > > + driver can use this CLI 'insmod ixgbe.ko MDD=0,0' to disable MDD. > > + Some kernel driver disable it by default.) > > +
