lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Sun, 20 Sep 2015 12:45:14 -0600
From:	Matthew Monaco <Matthew.Monaco@...orado.EDU>
To:	Linux Netdev List <netdev@...r.kernel.org>
Cc:	adam.niescierowicz@...tnet.pl
Subject: Re: sr-iov and bridges (mlx4)

On 09/20/2015 12:18 PM, Nieścierowicz Adam wrote:
> Hi Matthew,
> in near future i want to do exactly the same, if you make progress with
> SR-IOV+Bridge+OpenStack please leave here some advice.
> 

I wrote a shell script which polls (~15s) each bridge /sys/class/net/brq*, and
for each bridge figures out the uplink (not named
/sys/class/net/brq*/brif/tap*). Then, for each port
/sys/class/net/<bridge>/brif/tap*, determine the VM mac address and add an fdb
entry if it doesn't already exist. In my environment, it seems the VM mac is the
tap mac s/^fe:/fa:/.

This is a little messier than the non-promsicuous bridge option, but I wasn't
able to get that working on CentOS7/kernel-ml-4.2/iproute-3.10. But either way,
this won't work well if you're trying to do nested virt, which thankfully I
don't need at this time.

If you're interested I can attach the script and systemd unit. Otherwise, I'll
be looking to try to get this handled properly by neutron-linuxbridge-agent.


Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ