Hi Stephen,

-----Original Message-----
From: Stephen Hemminger [mailto:stephen@networkplumber.org]
Sent: Thursday, February 25, 2016 1:04 AM
To: Lu, Wenzhuo
Cc: dev@dpdk.org
Subject: Re: [dpdk-dev] [PATCH] doc: Malicious Driver Detection not supported
by ixgbe

On Wed, 24 Feb 2016 13:33:04 +0800
Wenzhuo Lu [off-list ref] wrote:

quoted

+  On Intel x550 series NICs, HW supports a feature called MDD
+ (Malcicious  Driver Detection).
+  MDD is used to check the behavior of the VF driver. It means when
+ transmitting  packets, the VF must use the advanced context descriptor and

set it correctly.

quoted

+  And VF must set the CC (Check Context) bit either.

This is hard sentence to read, why not reword as:

The Intel x550 series NIC's support1 a feature called MDD (Malcicious Driver
Detection) which checks the behavior of the VF driver.
If this feature is enabled, the VF must use the advanced context descriptor
correctly and set the CC (Check Context) bit.

Thanks for the suggestion. I'll try to make it better :)

quoted

+  DPDK PF doesn't support MDD. We may hit problem in this scenario
+ kernel PF +  DPDK VF. If user enables MDD in kernel PF, DPDK VF will
+ not work. Because  kernel PF thinks the VF is malicious. But
+ actually it's not. The only reason  is the VF doesn't act as MDD required.
+  There's significant performance impact to support MDD. DPDK should
+ check if  the advanced context descriptor should be set and set it.
+ And DPDK has to ask  the info about the header length from the upper
+ layer, because parsing the  packet itself is not acceptale. So, it's too

expensive to support MDD.

quoted

+  When using kernel PF + DPDK VF on x550, please make sure using the
+ kernel  driver that disables MDD or can disable MDD. (Some kernel
+ driver can use  this CLI 'insmod ixgbe.ko MDD=0,0' to disable MDD.
+ Some kernel driver disable  it by default.)
+