lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 5 Jul 2016 18:13:42 +0530
From:	domingo montoya <reach.domingomontoya@...il.com>
To:	Saeed Mahameed <saeedm@....mellanox.co.il>
Cc:	Linux Netdev List <netdev@...r.kernel.org>
Subject: Re: mlx5 SRIOV VLAN support

Thanks so much Saeed for your help.

I am thinking VLAN is not working for me probably because I might have
disabled the code which calls esw_fdb_set_vport_promisc_rule thinking
it is needed only for sniffing capabilities in the PF driver.

I will try to re-enable this code and check if VLAN works properly.

On Tue, Jul 5, 2016 at 3:23 PM, Saeed Mahameed
<saeedm@....mellanox.co.il> wrote:
> On Tue, Jul 5, 2016 at 12:23 PM, domingo montoya
> <reach.domingomontoya@...il.com> wrote:
>> Thanks so much for the reply. Please find the logs.
>>
>>
> [...]
>> # ip link show enp1s0f0
>> 3: enp1s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state
>> UP mode DEFAULT qlen 1000
>>     link/ether e4:1d:2d:c9:c8:9a brd ff:ff:ff:ff:ff:ff
>>
>> # ethtool -k enp1s0f0
>> Features for enp1s0f0:
> [...]
>> rx-vlan-filter: on
>
> I was basically looking for this and it looks ok.

Okay. Thanks a lot!
>
>>
>>
>>
>>
>> On Tue, Jul 5, 2016 at 1:41 PM, Saeed Mahameed
>> <saeedm@....mellanox.co.il> wrote:
>>> On Tue, Jul 5, 2016 at 10:37 AM, domingo montoya
>>> <reach.domingomontoya@...il.com> wrote:
>>>> Hi,
>>>>
>>>> Is VLAN supported in SRIOV mode for mlx5?
>>>>
>>>
>>> For VGT mode vlan is supported by default same as bare-metal.
>>> For VST you need to use ip tool to configure VST vlan:  ip link set
>>> eth<X> vf 1 vlan 2 qos 2
>>>
>>> note: VGT mode will not work on VF if VST is configured on that VF.
>>
>> Can you please tell me how can I check if VST mode is enabled on the
>> VF from the VF driver.
>>
>
> from the VF driver you can't.
> you need to run ip link show on the PF interface of the SRIOV Hypervisor.

Sure. I'll check this.

>
>>
>>
>>>
>>>>
>>>> Can anyone please help me to:
>>>>
>>>> Enable VLAN guest tagging in mlx5 PF driver?
>>>>
>>>> Do I need to add any E-switch rules to do the same?
>>>>
>>>
>>> No,
>>> Nothing is required for VGT mode, just create the vlan on guest VF
>>> machine and work with it!
>>> E-Swtich is automatically/dynamically configured.
>>
>>
>> Is it something like when we create vlan on the guest VF, the VF
>> driver sends commands to the adapter fw and the adapter fw sends any
>> notification to the PF driver to configure Eswitch?
>>
>
> yes but for vlan lists we do nothing in PF driver e-switch
> notification since it e-switch allows all vlans by default.

Ok. It clarifies my understanding.

>
>>
>>>
>>>>
>>>> My requirement is something like this:
>>>>
>>>>
>>>> mlx5 VF driver<--------------->mlx5 PF
>>>> driver<------------------------->Network<-----------> mlx5 dedicated
>>>> driver(non-sriov)
>>>>
>>>>
>>>>
>>>> I would like to be able to send ICMP traffic between mlx5 VF driver
>>>> and mlx5 dedicated driver.
>>>>
>>>> My understanding is I should be able to do without adding any rules in
>>>> the E-switch on the PF driver as by default all traffic is allowed.
>>>>
>>>> Is this correct?
>>>>
>>>
>>> correct.
>>>
>>>>
>>>>
>>>> I tried but as this didn't work. I added ingress rules to allow VLAN
>>>> traffic and also egress rules to the E-switch ACL tables.
>>>>
>>>
>>> How did you do this ? changed the code ? by default (no VST/no spoof
>>> check) ACL tables should not be opened.
>>
>>
>> Yes. I changed the code. Okay. Now I understand that ACL tables are
>> only for VST or spoofcheck. Thanks!
>>
>
> did you change the code anywhere else ?

Yes. I disabled code under PROMISC_CHANGE thinking it was not
necessary unless I want sniffing capabilities in the PF driver.

Somehow after reading the code, I am thinking now that
esw_fdb_set_vport_promisc_rule might be needed for sending the VLAN
traffic. So I need to enable this code again.
Is my understanding correct?




>
>>>
>>>> But still i cannot see any traffic between mlx5 VF driver and mlx5
>>>> dedicated driver.
>>>>
>>>> I can see that the packets reach the CX4 adapter (mlx5 VF/mlx5 PF) but
>>>> they don't go out on the network.
>>>>
>>>> i tried configuring vlan using ip link add dev enp1s0f0 name
>>>> enp1s0f0.100 type vlan id 100 on both the mlx5 vf driver and mlx5
>>>> dedicated driver.
>>>>
>>>>
>>>
>>> Strange, should work. Please make sure VST mode is off on the VF.
>>> can you share some logs with us:
>>> on PF/VF and remote dedicated driver:
>>>
>>> ip link show <interface>
>>> ethtool -k <interface>
>>
>>
>> Sure. Wanted to check how to turn off the VST mode on the VF or make
>> sure it is off.  I have pasted the logs with this mail(at the
>> beginning).
>> I had one more doubt. If we need to disable VST mode on the VF from
>> the PF driver, using for e.g
>>
>> ip link set dev eth0 vf 2 4095,
>>
>>
>> will this command eventually call .ndo_set_vf_vlan and setup the
>> Eswitch ACL Ingress, Egress rules?
>>
>
> no, to disable you need to run 'ip link set dev eth0 vf 2 vlan 0 qos 0'
> BTW it should be disabled by default.

Okay. Thank you.
>
> to see if it disabled just run 'ip link show dev eth0' and see no vlan
> is configured on VF 2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ