Intel® Ethernet Adapters and Devices User Guide
Malicious Driver Detection (MDD) for VFs
Some Intel Ethernet devices use Malicious Driver Detection (MDD) to detect malicious traffic from the VF and disable Tx/Rx queues or drop the offending packet until a VF driver reset occurs. You can view MDD messages in the PF’s event log.
If the device supports automatic VF resets and the driver detects an MDD event on the receive path, the PF will automatically reset the VF and reenable queues. If automatic VF resets are disabled, the PF will not automatically reset the VF when it detects MDD events. See the table below for supported MDD features.
If the PF driver logs MDD events from the VF, confirm that the correct VF driver is installed.
To restore functionality, you can manually reload the VF or VM or, if supported by the device, enable automatic VF resets.
The following table shows MDD capabilities by device family:
Intel Ethernet 800 Series
Intel Ethernet 700 Series
Intel Ethernet 500 Series
Intel I350 Gigabit Network Connection
Feature | 800 Series | 700 Series | 500 Series | I350 |
---|---|---|---|---|
Automatically resets the VF and reenables queues after MDD events | If enabled | If enabled | Yes | Yes |
Can disable automatic VF reset after MDD events | Yes | Yes | No | No |
MDD Auto Reset VFs
Automatically resets the virtual machine immediately after the adapter detects a Malicious Driver Detection (MDD) event on the receive path.
To change this setting in Intel PROSet:
This setting is found on the Advanced tab of the device’s Device Manager property sheet or in the Adapter Settings panel in Intel PROSet ACU.
To change this setting in Windows PowerShell, use the
Set-IntelNetAdapterSetting -Name "<adapter_name>" -DisplayName "MDD Auto Reset VFs" -DisplayValue "Enabled"
Possible values for this setting are:
Enabled
Disabled