RE: [Intel-wired-lan] [PATCH iwl-next v4 3/6] ice: receive LLDP on trusted VFs
From: Romanowski, Rafal
Date: Tue Mar 11 2025 - 06:25:48 EST
> -----Original Message-----
> From: Intel-wired-lan <intel-wired-lan-bounces@xxxxxxxxxx> On Behalf Of
> Simon Horman
> Sent: Thursday, February 20, 2025 3:58 PM
> To: Zaremba, Larysa <larysa.zaremba@xxxxxxxxx>
> Cc: Nguyen, Anthony L <anthony.l.nguyen@xxxxxxxxx>; intel-wired-
> lan@xxxxxxxxxxxxxxxx; Kitszel, Przemyslaw <przemyslaw.kitszel@xxxxxxxxx>;
> Andrew Lunn <andrew+netdev@xxxxxxx>; David S. Miller
> <davem@xxxxxxxxxxxxx>; Eric Dumazet <edumazet@xxxxxxxxxx>; Jakub
> Kicinski <kuba@xxxxxxxxxx>; Paolo Abeni <pabeni@xxxxxxxxxx>;
> netdev@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; Michal Swiatkowski
> <michal.swiatkowski@xxxxxxxxxxxxxxx>; Pacuszka, MateuszX
> <mateuszx.pacuszka@xxxxxxxxx>
> Subject: Re: [Intel-wired-lan] [PATCH iwl-next v4 3/6] ice: receive LLDP on
> trusted VFs
>
> On Fri, Feb 14, 2025 at 09:50:37AM +0100, Larysa Zaremba wrote:
> > From: Mateusz Pacuszka <mateuszx.pacuszka@xxxxxxxxx>
> >
> > When a trusted VF tries to configure an LLDP multicast address,
> > configure a rule that would mirror the traffic to this VF, untrusted
> > VFs are not allowed to receive LLDP at all, so the request to add LLDP
> > MAC address will always fail for them.
> >
> > Add a forwarding LLDP filter to a trusted VF when it tries to add an
> > LLDP multicast MAC address. The MAC address has to be added after
> > enabling trust (through restarting the LLDP service).
> >
> > Signed-off-by: Mateusz Pacuszka <mateuszx.pacuszka@xxxxxxxxx>
> > Co-developed-by: Larysa Zaremba <larysa.zaremba@xxxxxxxxx>
> > Signed-off-by: Larysa Zaremba <larysa.zaremba@xxxxxxxxx>
> > Reviewed-by: Michal Swiatkowski <michal.swiatkowski@xxxxxxxxxxxxxxx>
>
> Reviewed-by: Simon Horman <horms@xxxxxxxxxx>
Tested-by: Rafal Romanowski <rafal.romanowski@xxxxxxxxx>