Malicious Driver Detection
Some Intel® Ethernet devices use Malicious Driver Detection (MDD) to detect malicious traffic from the VF, and disable Tx/Rx queues or drop the offending packet until a VF driver reset occurs.
The E810 offers various extended message levels that are enabled using ethtool. One such example is tx_err. This level allows for additional Tx MDD-related output. Similarly rx_err can be enabled for Rx MDD-related output.
Enabling and viewing this output is useful when using a DPDK VF with a Linux kernel PF, that is, an iavf DPDK PMD and a kernel ice driver. If using a DPDK PF driver (such as, an ice PMD), view the DPDK application logs for MDD event notifications.
Message levels are set using ethtool. To enable tx_err messaging, use the following command:
ethtool -s ens5f0 msglvl tx_err on The output will print to dmesg. For example:
[ +9.188014] ice 0000:86:00.0: Malicious Driver Detection event 7 on TX queue 113 PF# 0 VF# 0
[ +0.000006] ice 0000:86:00.0: Malicious Driver Detection event TX_TCLAN detected on PF
[ +0.000003] ice 0000:86:00.0: Malicious Driver Detection event TX_TCLAN detected on VF 0
[ +0.000003] ice 0000:86:00.0: 1 Tx Malicious Driver Detection events detected on PF 0 VF 0 MAC 3a:14:8e:da:b0:98. Devlink health reporting can be used to view additional MDD information:
devlink health dump show pci/0000:86:00.1 reporter mdd A capability new to the E810 is the ability to enable and disable automatic VF resets upon MDD detection. Refer to the kernel driver ice README, section Malicious Driver Detection (MDD) for VFs, for more details on this feature.