From: Thomas Falcon <tlfalcon@linux.ibm.com>
To: Jiri Pirko <jiri@resnulli.us>
Cc: Jakub Kicinski <kuba@kernel.org>,
netdev@vger.kernel.org, jiri@nvidia.com
Subject: Re: Exposing device ACL setting through devlink
Date: Thu, 17 Sep 2020 15:31:10 -0500 [thread overview]
Message-ID: <f4d3923c-958c-c0b4-6aa3-f2500d4967e9@linux.ibm.com> (raw)
In-Reply-To: <20200910070016.GT2997@nanopsycho.orion>
On 9/10/20 2:00 AM, Jiri Pirko wrote:
> Tue, Sep 08, 2020 at 08:27:13PM CEST, tlfalcon@linux.ibm.com wrote:
>> On 9/4/20 5:37 PM, Jakub Kicinski wrote:
>>> On Fri, 4 Sep 2020 10:31:41 +0200 Jiri Pirko wrote:
>>>> Thu, Sep 03, 2020 at 07:59:45PM CEST, tlfalcon@linux.ibm.com wrote:
>>>>> Hello, I am trying to expose MAC/VLAN ACL and pvid settings for IBM
>>>>> VNIC devices to administrators through devlink (originally through
>>>>> sysfs files, but that was rejected in favor of devlink). Could you
>>>>> give any tips on how you might go about doing this?
>>>> Tom, I believe you need to provide more info about what exactly do you
>>>> need to setup. But from what you wrote, it seems like you are looking
>>>> for bridge/tc offload. The infra is already in place and drivers are
>>>> implementing it. See mlxsw for example.
>>> I think Tom's use case is effectively exposing the the VF which VLANs
>>> and what MAC addrs it can use. Plus it's pvid. See:
>>>
>>> https://www.spinics.net/lists/netdev/msg679750.html
>> Thanks, Jakub,
>>
>> Right now, the use-case is to expose the allowed VLAN's and MAC addresses and
>> the VF's PVID. Other use-cases may be explored later on though.
> Who is configuring those?
>
> What does mean "allowed MAC address"? Does it mean a MAC address that VF
> can use to send packet as a source MAC?
>
> What does mean "allowed VLAN"? VF is sending vlan tagged frames and only
> some VIDs are allowed.
>
> Pardon my ignorance, this may be routine in the nic world. However I
> find the desc very vague. Please explain in details, then we can try to
> find fitting solution.
>
> Thanks!
These MAC or VLAN ACL settings are configured on the Power Hypervisor.
The rules for a VF can be to allow or deny all MAC addresses or VLAN
ID's or to allow a specified list of MAC address and VLAN ID's. The
interface allows or denies frames based on whether the ID in the VLAN
tag or the source MAC address is included in the list of allowed VLAN
ID's or MAC addresses specified during creation of the VF.
Thanks for your help,
Tom
next prev parent reply other threads:[~2020-09-17 21:17 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-03 17:59 Exposing device ACL setting through devlink Thomas Falcon
2020-09-04 8:31 ` Jiri Pirko
2020-09-04 22:37 ` Jakub Kicinski
2020-09-08 18:27 ` Thomas Falcon
2020-09-10 7:00 ` Jiri Pirko
2020-09-17 20:31 ` Thomas Falcon [this message]
2020-09-18 7:20 ` Jiri Pirko
2020-09-18 23:20 ` Thomas Falcon
2020-09-20 15:21 ` Jiri Pirko
2020-09-21 17:51 ` Thomas Falcon
2020-09-21 20:37 ` Jakub Kicinski
2020-09-23 17:01 ` Thomas Falcon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f4d3923c-958c-c0b4-6aa3-f2500d4967e9@linux.ibm.com \
--to=tlfalcon@linux.ibm.com \
--cc=jiri@nvidia.com \
--cc=jiri@resnulli.us \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox