From: Hiroshi Shimamoto
Add IFLA_VF_TRUST message to trust the VF.
PF can accept some privileged operation from the trusted VF.
For example, ixgbe PF doesn't allow to enable VF promiscuous mode until
the VF is trusted because it may hurt performance.
To trust VF.
# ip link set dev eth0
From: Hiroshi Shimamoto
Add IFLA_VF_TRUST message to trust the VF.
PF can accept some privileged operation from the trusted VF.
For example, ixgbe PF doesn't allow to enable VF promiscuous mode until
the VF is trusted because it may hurt performance.
To trust VF.
# ip link set dev eth0
From: Hiroshi Shimamoto
The limitation of the number of multicast address for VF is not enough
for the large scale server with SR-IOV feature. IPv6 requires the multicast
MAC address for each IP address to handle the Neighbor Solicitation
message. We couldn't assign over 30 IPv6 addresses
From: Hiroshi Shimamoto
Implements the new netdev op to trust VF in ixgbe.
The administrator can turn on and off VF trusted by ip command which
supports trust message.
# ip link set dev eth0 vf 1 trust on
or
# ip link set dev eth0 vf 1 trust off
Send a ping to reset VF on changing the status
From: Hiroshi Shimamoto
Add netlink directives and ndo entry to trust VF user.
This controls the special permission of VF user.
The administrator will dedicatedly trust VF user to use some features
which impacts security and/or performance.
The administrator never turn it on unless VF user is
From: Hiroshi Shimamoto
There is a limitation in the number of multicast L2 addresses in ixgbe
and ixgbevf driver. The number of multicast addresses in VF is 30 in the
current implementation. That means that we can use up to 30 IPv6
addresses only. On the other hand there is a functionality to
From: Hiroshi Shimamoto
The limitation of the number of multicast address for VF is not enough
for the large scale server with SR-IOV feature. IPv6 requires the multicast
MAC address for each IP address to handle the Neighbor Solicitation
message. We couldn't assign over 30 IPv6 addresses
From: Hiroshi Shimamoto
Implements the new netdev op to trust VF in ixgbe.
The administrator can turn on and off VF trusted by ip command which
supports trust message.
# ip link set dev eth0 vf 1 trust on
or
# ip link set dev eth0 vf 1 trust off
Send a ping to reset VF on changing the status
From: Hiroshi Shimamoto
Add netlink directives and ndo entry to trust VF user.
This controls the special permission of VF user.
The administrator will dedicatedly trust VF user to use some features
which impacts security and/or performance.
The administrator never turn it on unless VF user is
> Subject: Re: [Intel-wired-lan] [PATCH v6 3/3] ixgbe, ixgbevf: Add new mbox
> API to enable MC promiscuous mode
>
> On 06/17/2015 04:45 AM, Hiroshi Shimamoto wrote:
> > From: Hiroshi Shimamoto
> >
> > The limitation of the number of multicast address for VF i
> Subject: Re: [Intel-wired-lan] [PATCH v6 1/3] if_link: Add control trust VF
>
> On 06/17/2015 04:41 AM, Hiroshi Shimamoto wrote:
> > From: Hiroshi Shimamoto
> >
> > Add netlink directives and ndo entry to trust VF user.
> >
> > This controls the
From: Hiroshi Shimamoto
Add netlink directives and ndo entry to trust VF user.
This controls the special permission of VF user.
The administrator will dedicatedly trust VF user to use some features
which impacts security and/or performance.
The administrator never turn it on unless VF user is
From: Hiroshi Shimamoto
The limitation of the number of multicast address for VF is not enough
for the large scale server with SR-IOV feature.
IPv6 requires the multicast MAC address for each IP address to handle
the Neighbor Solicitation message.
We couldn't assign over 30 IPv6 addresses
From: Hiroshi Shimamoto
Implements the new netdev op to trust VF in ixgbe.
The administrator can turn on and off VF trusted by ip command which
supports trust message.
# ip link set dev eth0 vf 1 trust on
or
# ip link set dev eth0 vf 1 trust off
Send a ping to reset VF on changing the status
From: Hiroshi Shimamoto
Send a ping to reset VF on changing the status of trusting.
VF driver will reconfigure its features on reset.
Signed-off-by: Hiroshi Shimamoto
---
drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 25 +
1 file changed, 17 insertions(+), 8
From: Hiroshi Shimamoto
Make PF returns error against VF multicast promiscuous mode request from
untrusted VF, and VF handles that error.
To reconfigure, PF send reset to VF when trust status is changed.
This patchset is against the latest Jeff's tree which contains my VF
multicast promis
From: Hiroshi Shimamoto
Make PF returns an error to VF multicast promiscuous mode if the VF is not
trusted. On VF, check the result from PF and fallback to previous behavior
that only 30 addresses are registered.
Signed-off-by: Hiroshi Shimamoto
---
drivers/net/ethernet/intel/ixgbe
From: Hiroshi Shimamoto
Add ixgbevf_request_mc_promisc_vf which is for request VF multicast
promiscuous mode, and move the codes from ixgbevf_update_mc_addr_list_vf.
Signed-off-by: Hiroshi Shimamoto
---
drivers/net/ethernet/intel/ixgbevf/vf.c | 29 +++--
1 file changed
> > -Original Message-
> > From: Rose, Gregory V
> > Sent: Tuesday, May 26, 2015 7:01 PM
> > To: Hiroshi Shimamoto; Skidmore, Donald C; Kirsher, Jeffrey T; intel-wired-
> > l...@lists.osuosl.org
> > Cc: nhor...@redhat.com; jogre...@redhat.com; Linux
> Subject: Re: [Intel-wired-lan] [PATCH v5] ixgbe: Add module parameter to
> disable VLAN filter
>
> On 05/26/2015 06:11 PM, Hiroshi Shimamoto wrote:
> >> On 05/21/2015 06:10 AM, Hiroshi Shimamoto wrote:
> >>> From: Hiroshi Shimamoto
>
> On 05/21/2015 06:10 AM, Hiroshi Shimamoto wrote:
> > From: Hiroshi Shimamoto
> >
> > Introduce module parameter "disable_hw_vlan_filter" to disable HW VLAN
> > filter on ixgbe module load.
> >
> > From the hardware limitation, there are only 64
> > -Original Message-
> > From: Skidmore, Donald C
> > Sent: Tuesday, May 26, 2015 10:46 AM
> > To: Hiroshi Shimamoto; Rose, Gregory V; Kirsher, Jeffrey T; intel-wired-
> > l...@lists.osuosl.org
> > Cc: nhor...@redhat.com; jogre...@redhat.com; Linux
> > -Original Message-
> > From: Rose, Gregory V
> > Sent: Friday, May 22, 2015 8:08 AM
> > To: Hiroshi Shimamoto; Skidmore, Donald C; Kirsher, Jeffrey T; intel-wired-
> > l...@lists.osuosl.org
> > Cc: nhor...@redhat.com; jogre...@redhat.com; Linux
> > -Original Message-
> > From: Hiroshi Shimamoto [mailto:h-shimam...@ct.jp.nec.com]
> > Sent: Wednesday, May 20, 2015 9:13 PM
> > To: Skidmore, Donald C; Kirsher, Jeffrey T; intel-wired-...@lists.osuosl.org
> > Cc: Or Gerlitz; David Miller; Linux N
> Subject: Re: [PATCH v5] ixgbe: Add module parameter to disable VLAN filter
>
> From: Hiroshi Shimamoto
> Date: Thu, 21 May 2015 13:10:49 +
>
> > diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
> > b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
From: Hiroshi Shimamoto
Introduce module parameter "disable_hw_vlan_filter" to disable HW VLAN
filter on ixgbe module load.
>From the hardware limitation, there are only 64 VLAN entries for HW VLAN
filter, and it leads to limit the number of VLANs up to 64 among PF and
VFs. For SDN
> > -Original Message-
> > From: Hiroshi Shimamoto [mailto:h-shimam...@ct.jp.nec.com]
> > Sent: Tuesday, May 19, 2015 5:06 PM
> > To: Kirsher, Jeffrey T; intel-wired-...@lists.osuosl.org
> > Cc: Skidmore, Donald C; Or Gerlitz; David Miller; Linux Netdev List;
27 matches
Mail list logo
