| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 20 Sep 2015 14:01:25 +0300 From: Or Gerlitz <gerlitz.or@...il.com> To: Matthew Monaco <Matthew.Monaco@...orado.edu> Cc: Linux Netdev List <netdev@...r.kernel.org> Subject: Re: sr-iov and bridges (mlx4) On Sun, Sep 20, 2015 at 2:58 AM, Matthew Monaco <Matthew.Monaco@...orado.edu> wrote: [...] > In all cases, VMs with SR-IOV work fine, IP on the host works fine, outbound > DHCP from the virtio VMs work fine, but inbound frames are not making it back to > the VM. [...] > Is there a know limitation of mixing SR-IOV and bridges in general? Does the > SR-IOV switch specific to the mlx4 hardware not work well with linux bridges? ...? It would be a bit hard for bridge based promiscuous environment to work OOB for one of the functions (PF or VF) in SRIOV, this is generic issue, and not related to specific vendor. You need to use the bridge (8) tool (part of iproute2) and add the P.V VM MACs to the PF interface as "self" see some slides (21/22/23) from netdev 0.1 that deal with that https://netdev01.org/docs/netdev_tutorial_bridge_makita_150213.pdf Or. It also possible to mark one bridge port (the PF) as non-promiscuous, but I haven't played with that myself yet (slide 32), so can't just send you doing it... -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists