| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <55FEFEBA.6020903@colorado.edu>
Date: Sun, 20 Sep 2015 12:45:14 -0600
From: Matthew Monaco <Matthew.Monaco@...orado.EDU>
To: Linux Netdev List <netdev@...r.kernel.org>
Cc: adam.niescierowicz@...tnet.pl
Subject: Re: sr-iov and bridges (mlx4)
On 09/20/2015 12:18 PM, Nieścierowicz Adam wrote:
> Hi Matthew,
> in near future i want to do exactly the same, if you make progress with
> SR-IOV+Bridge+OpenStack please leave here some advice.
>
I wrote a shell script which polls (~15s) each bridge /sys/class/net/brq*, and
for each bridge figures out the uplink (not named
/sys/class/net/brq*/brif/tap*). Then, for each port
/sys/class/net/<bridge>/brif/tap*, determine the VM mac address and add an fdb
entry if it doesn't already exist. In my environment, it seems the VM mac is the
tap mac s/^fe:/fa:/.
This is a little messier than the non-promsicuous bridge option, but I wasn't
able to get that working on CentOS7/kernel-ml-4.2/iproute-3.10. But either way,
this won't work well if you're trying to do nested virt, which thankfully I
don't need at this time.
If you're interested I can attach the script and systemd unit. Otherwise, I'll
be looking to try to get this handled properly by neutron-linuxbridge-agent.
Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists