Julian, We have talked about this a lot internal to the architecture and development teams previously so please don't think that we haven't thought about this. We have. That said I'll have to talk with the teams about this again. While I understand your point it's is still a risk for us and you need to understand that. I'll talk to the teams next week and reply to this thread after we talked about it.
Cheers, John > -----Original Message----- > From: Julian Stecklina [mailto:[email protected]] > Sent: Friday, August 06, 2010 5:47 AM > To: [email protected] > Subject: Re: [E1000-devel] igbvf doesn't support promiscuous mode? > > "Ronciak, John" <[email protected]> writes: > > > If you want to do this in your product you are by no means prevented > > from doing so. I've been saying this all along. > > Removing promiscuous mode support from the PF driver and enabling it in > the VF driver cannot do harm by misconfiguration. In a scenario where > VFs are driven inside VMs and the hypervisor is mainline Linux, it > cannot be accidentally enabled. > > If a hypervisor vendor chooses to implement promiscuous mode support in > his PF driver, he obviously has to think about policy. Think of it as a > checkbox in the GUI saying "Give this VM the ability to monitor _all_ > network traffic (bad things may happen)". Of course, he can get the > default wrong, but there is always _some_ way to shoot yourself in the > foot. The difference compared to the situation now is that the > hypervisor vendor does not have to tell his customers to use a special > kernel with his patches, which of course is not compatible to some > other vendor's patches. The customer can use whatever he likes. > Everybody wins. > > My suggestion in a nutshell: > > - Establish a common protocol for promiscuous mode support by pushing > the respective changes to igbvf into Linux. > > - Don't implement it in igb. > > Regards, Julian > > > ----------------------------------------------------------------------- > ------- > This SF.net email is sponsored by > > Make an app they can't live without > Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM- > dev2dev _______________________________________________ > E1000-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/e1000-devel > To learn more about Intel® Ethernet, visit > http://communities.intel.com/community/wired ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ E1000-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/e1000-devel To learn more about Intel® Ethernet, visit http://communities.intel.com/community/wired
