Verification successful on xenial-proposed. Updated verification tags. Steps =====
Setup 1) Enable xenial-proposed and install the iproute2 package: --- $ echo 'deb http://archive.ubuntu.com/ubuntu xenial-proposed main restricted' | sudo tee /etc/apt/sources.list.d/xenial-proposed.list deb http://archive.ubuntu.com/ubuntu xenial-proposed main restricted $ sudo apt-get update $ apt-cache madison iproute2 | grep xenial-proposed iproute2 | 4.3.0-1ubuntu3.16.04.4 | http://archive.ubuntu.com/ubuntu xenial-proposed/main amd64 Packages $ sudo apt-get install -y iproute2 $ dpkg -s iproute2 | grep Version Version: 4.3.0-1ubuntu3.16.04.4 Setup 2) Configure 2 VFs in the ixgbe driver: --- # lspci -s 08:00 08:00.0 Ethernet controller: Intel Corporation 82599 10 Gigabit TN Network Connection (rev 01) 08:00.1 Ethernet controller: Intel Corporation 82599 10 Gigabit TN Network Connection (rev 01) # echo 2 > /sys/bus/pci/devices/0000\:08\:00.0/sriov_numvfs # dmesg | grep Virtual [ 817.815245] ixgbevf: Intel(R) 10 Gigabit PCI Express Virtual Function Network Driver - version 2.12.1-k [ 818.825923] ixgbevf 0000:08:10.0: Intel(R) 82599 Virtual Function [ 818.837931] ixgbevf 0000:08:10.2: Intel(R) 82599 Virtual Function # lspci -s 08:10 08:10.0 Ethernet controller: Intel Corporation 82599 Ethernet Controller Virtual Function (rev 01) 08:10.2 Ethernet controller: Intel Corporation 82599 Ethernet Controller Virtual Function (rev 01) Verification 1) Check for 'trust' in 'ip link help': --- # ip link help 2>&1 | grep trust [ trust { on | off} ] ] Verification 2) Check for 'trust' in 'ip link show' --- # ip link show dev eth0 6: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 68:05:ca:28:ff:9a brd ff:ff:ff:ff:ff:ff vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off vf 1 MAC aa:fd:21:3f:93:1b, spoof checking on, link-state auto, trust off Verification 3) Set 'trust' on/off in the VFs --- Trust setting is off by default: # ip link show dev eth0 | grep trust vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off vf 1 MAC aa:fd:21:3f:93:1b, spoof checking on, link-state auto, trust off Enable trust setting on vf0: # ip link set eth0 vf 0 trust on # ip link show dev eth0 | grep trust vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust on vf 1 MAC aa:fd:21:3f:93:1b, spoof checking on, link-state auto, trust off Enable trust setting on vf1: # ip link set eth0 vf 1 trust on # ip link show dev eth0 | grep trust vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust on vf 1 MAC aa:fd:21:3f:93:1b, spoof checking on, link-state auto, trust on Disable trust setting on vf0: # ip link set eth0 vf 0 trust off # ip link show dev eth0 | grep trust vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off vf 1 MAC aa:fd:21:3f:93:1b, spoof checking on, link-state auto, trust on Disable trust setting on vf1: # ip link set eth0 vf 1 trust off # ip link show dev eth0 | grep trust vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off vf 1 MAC aa:fd:21:3f:93:1b, spoof checking on, link-state auto, trust off ** Tags removed: verification-needed verification-needed-xenial ** Tags added: verification-done verification-done-xenial -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iproute2 in Ubuntu. https://bugs.launchpad.net/bugs/1800877 Title: iproute2/xenial: Add support for the VF Trust setting (fix IPv6 multicast under SR-IOV on Mellanox adapters) Status in iproute2 package in Ubuntu: Fix Released Status in iproute2 source package in Xenial: Fix Committed Bug description: [Impact] * An VM's VF cannot receive IPv6 multicast traffic from other VMs' VFs in the same Mellanox adapter _if_ its VF trust setting is not enabled, and on Xenial currently iproute2 _cannot_ enable it. * This breaks IPv6 NDP (Neighbor Discovery Protocol) in that scenario. * This upload adds three iproute2 upstream commits to enable/disable the VF setting, which resolves that problem/limitation. [Test Case] * Check 'ip link help' for the 'trust' option: Before: # ip link help 2>&1 | grep trust <nothing> After: # ip link help 2>&1 | grep trust [ trust { on | off} ] ] * Check 'ip link show dev PF' for 'trust on|off' field in VFs. Before: (trust field _is not_ present) # ip link show dev ens1f0 ... vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto After: (trust field _is_ present) # ip link show dev ens1f0 ... vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off * Set the VF trust on/off and check it: Set VF 0 trust on: # ip link set ens1f0 vf 0 trust on # ip link show dev ens1f0 | grep trust vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust on vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off Set VF 0 trust off: # ip link set ens1f0 vf 0 trust off # ip link show dev ens1f0 | grep trust vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off [Regression Potential] * Regression potential is low because the commits just add the netlink attribute for the userspace-kernel interface and the ways to set/clear it, and show the current value to the user. * Regressions could happen _if_ the user turns the setting on (it's disabled by default) and there's a problem/bug likely in _other_ component that depends on that setting (which is something to fix on such component). [Other Info] * The users that reported this problem have verified the test package with these changes, and confirmed that it now works correctly for IPv6 NDP/multicast. * Upstream commits: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=dddf1b44126e https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=fe9322781e63 https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=b6d77d9ee312 * Only affect Xenial release : # rmadison iproute2 iproute2 | 4.3.0-1ubuntu3.16.04.3 | xenial-updates iproute2 | 4.15.0-2ubuntu1 | bionic iproute2 | 4.18.0-1ubuntu2 | cosmic iproute2 | 4.18.0-1ubuntu2 | disco # iproute2 upstream vcs $ git describe --contains dddf1b44126e v4.4.0~67 $ git describe --contains b6d77d9ee312 v4.5.0~47 $ git describe --contains fe9322781e63 v4.6.0~32 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1800877/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
