One more note, tunneled network + PF _could_ be safe IFF the operator has configured tenant isolation on their top-of-rack switches. Because of this, I'm not 100% sure we should block it. And maybe just add that explanation/warning onto the config help for [pci]passthrough_whitelist.
One more note, tunneled network + PF _could_ be safe IFF the operator has configured tenant isolation on their top-of-rack switches. Because of this, I'm not 100% sure we should block it. And maybe just add that explanation/warning onto the config help for [pci]passthroug h_whitelist.