On Fri, 2015-03-06 at 06:04 +0000, Hiroshi Shimamoto wrote: > > From: Hiroshi Shimamoto <h-shimam...@ct.jp.nec.com> > > > > Disable hardware VLAN filtering if netdev->features VLAN flag is > dropped. > > > > In SR-IOV case, there is a use case which needs to disable VLAN > filter. > > For example, we need to make a network function with VF in > virtualized > > environment. That network function may be a software switch, a > router > > or etc. It means that that network function will be an end point > which > > terminates many VLANs. > > > > In the current implementation, VLAN filtering always be turned on > and > > VF can receive only 63 VLANs. It means that only 63 VLANs can be > terminated > > in one NIC. > > > > With this patch, if the user turns VLAN filtering off on the host, > VF > > can receive every VLAN packet. > > > > This VLAN filtering can be turned on or off when SR-IOV is disabled, > if not > > the operation is rejected. > > Hi, > > any comment about this? > I added a warning message and prevent operation during SR-IOV is > enabled.
Yes, the warning message you added says nothing of the huge security hole this exposes. We need a message the correctly expresses the dangers in turning this off. Also it does not appear that you addressed Ben Hutchings concerns, as I asked. Correct me if I am wrong and you did address Ben's concerns.
signature.asc
Description: This is a digitally signed message part
