** Description changed:
[Impact]
- * An VM's VF cannot receive IPv6 multicast traffic
- from other VMs' VFs in the same Mellanox adapter
- _if_ its VF trust setting is not enabled, and on
- Xenial currently iproute2 _cannot_ enable it.
+ * An VM's VF cannot receive IPv6 multicast traffic
+ from other VMs' VFs in the same Mellanox adapter
+ _if_ its VF trust setting is not enabled, and on
+ Xenial currently iproute2 _cannot_ enable it.
- * This breaks IPv6 NDP (Neighbor Discovery Protocol)
- in that scenario.
+ * This breaks IPv6 NDP (Neighbor Discovery Protocol)
+ in that scenario.
- * This upload adds three iproute2 upstream commits
- to enable/disable the VF setting, which resolves
- that problem/limitation.
+ * This upload adds three iproute2 upstream commits
+ to enable/disable the VF setting, which resolves
+ that problem/limitation.
[Test Case]
- * Check 'ip link help' for the 'trust' option:
+ * Check 'ip link help' for the 'trust' option:
- Before:
+ Before:
- # ip link help 2>&1 | grep trust
- <nothing>
+ # ip link help 2>&1 | grep trust
+ <nothing>
- After:
+ After:
- # ip link help 2>&1 | grep trust
- [ trust { on | off} ] ]
+ # ip link help 2>&1 | grep trust
+ [ trust { on | off} ] ]
- * Check 'ip link show dev PF' for 'trust on|off' field in VFs.
+ * Check 'ip link show dev PF' for 'trust on|off' field in VFs.
- Before: (trust field _is not_ present)
+ Before: (trust field _is not_ present)
- # ip link show dev ens1f0
- ...
- vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto
- vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto
+ # ip link show dev ens1f0
+ ...
+ vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto
+ vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto
- After: (trust field _is_ present)
+ After: (trust field _is_ present)
- # ip link show dev ens1f0
- ...
- vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
- vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
+ # ip link show dev ens1f0
+ ...
+ vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
+ vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
- * Set the VF trust on/off and check it:
+ * Set the VF trust on/off and check it:
- Set VF 0 trust on:
+ Set VF 0 trust on:
- # ip link set ens1f0 vf 0 trust on
- # ip link show dev ens1f0 | grep trust
- vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust on
- vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
+ # ip link set ens1f0 vf 0 trust on
+ # ip link show dev ens1f0 | grep trust
+ vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust on
+ vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
- Set VF 0 trust off:
+ Set VF 0 trust off:
- # ip link set ens1f0 vf 0 trust off
- # ip link show dev ens1f0 | grep trust
- vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
- vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
+ # ip link set ens1f0 vf 0 trust off
+ # ip link show dev ens1f0 | grep trust
+ vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
+ vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
[Regression Potential]
- * Regression potential is low because the commits just add the
- netlink attribute for the userspace-kernel interface and the
- ways to set/clear it, and show the current value to the user.
+ * Regression potential is low because the commits just add the
+ netlink attribute for the userspace-kernel interface and the
+ ways to set/clear it, and show the current value to the user.
- * Regressions could happen _if_ the user turns the setting on
- (it's disabled by default) and there's a problem/bug likely
- in _other_ component that depends on that setting (which is
- something to fix on such component).
+ * Regressions could happen _if_ the user turns the setting on
+ (it's disabled by default) and there's a problem/bug likely
+ in _other_ component that depends on that setting (which is
+ something to fix on such component).
[Other Info]
-
- * The users that reported this problem have verified
- the test package with these changes, and confirmed
- that it now works correctly for IPv6 NDP/multicast.
+
+ * The users that reported this problem have verified
+ the test package with these changes, and confirmed
+ that it now works correctly for IPv6 NDP/multicast.
+
+ * Upstream commits:
+
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=dddf1b44126e
+
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=fe9322781e63
+
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=b6d77d9ee312
+
+ * Only affect Xenial release :
+
+ # rmadison iproute2
+ iproute2 | 4.3.0-1ubuntu3.16.04.3 | xenial-updates
+ iproute2 | 4.15.0-2ubuntu1 | bionic
+ iproute2 | 4.18.0-1ubuntu2 | cosmic
+ iproute2 | 4.18.0-1ubuntu2 | disco
+
+ # iproute2 upstream vcs
+
+ $ git describe --contains dddf1b44126e
+ v4.4.0~67
+
+ $ git describe --contains b6d77d9ee312
+ v4.5.0~47
+
+ $ git describe --contains fe9322781e63
+ v4.6.0~32
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1800877
Title:
iproute2/xenial: Add support for the VF Trust setting (fix IPv6
multicast under SR-IOV on Mellanox adapters)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1800877/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
