** Description changed: [Impact] - * An VM's VF cannot receive IPv6 multicast traffic - from other VMs' VFs in the same Mellanox adapter - _if_ its VF trust setting is not enabled, and on - Xenial currently iproute2 _cannot_ enable it. + * An VM's VF cannot receive IPv6 multicast traffic + from other VMs' VFs in the same Mellanox adapter + _if_ its VF trust setting is not enabled, and on + Xenial currently iproute2 _cannot_ enable it. - * This breaks IPv6 NDP (Neighbor Discovery Protocol) - in that scenario. + * This breaks IPv6 NDP (Neighbor Discovery Protocol) + in that scenario. - * This upload adds three iproute2 upstream commits - to enable/disable the VF setting, which resolves - that problem/limitation. + * This upload adds three iproute2 upstream commits + to enable/disable the VF setting, which resolves + that problem/limitation. [Test Case] - * Check 'ip link help' for the 'trust' option: + * Check 'ip link help' for the 'trust' option: - Before: + Before: - # ip link help 2>&1 | grep trust - <nothing> + # ip link help 2>&1 | grep trust + <nothing> - After: + After: - # ip link help 2>&1 | grep trust - [ trust { on | off} ] ] + # ip link help 2>&1 | grep trust + [ trust { on | off} ] ] - * Check 'ip link show dev PF' for 'trust on|off' field in VFs. + * Check 'ip link show dev PF' for 'trust on|off' field in VFs. - Before: (trust field _is not_ present) + Before: (trust field _is not_ present) - # ip link show dev ens1f0 - ... - vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto - vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto + # ip link show dev ens1f0 + ... + vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto + vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto - After: (trust field _is_ present) + After: (trust field _is_ present) - # ip link show dev ens1f0 - ... - vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off - vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off + # ip link show dev ens1f0 + ... + vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off + vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off - * Set the VF trust on/off and check it: + * Set the VF trust on/off and check it: - Set VF 0 trust on: + Set VF 0 trust on: - # ip link set ens1f0 vf 0 trust on - # ip link show dev ens1f0 | grep trust - vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust on - vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off + # ip link set ens1f0 vf 0 trust on + # ip link show dev ens1f0 | grep trust + vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust on + vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off - Set VF 0 trust off: + Set VF 0 trust off: - # ip link set ens1f0 vf 0 trust off - # ip link show dev ens1f0 | grep trust - vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off - vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off + # ip link set ens1f0 vf 0 trust off + # ip link show dev ens1f0 | grep trust + vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off + vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off [Regression Potential] - * Regression potential is low because the commits just add the - netlink attribute for the userspace-kernel interface and the - ways to set/clear it, and show the current value to the user. + * Regression potential is low because the commits just add the + netlink attribute for the userspace-kernel interface and the + ways to set/clear it, and show the current value to the user. - * Regressions could happen _if_ the user turns the setting on - (it's disabled by default) and there's a problem/bug likely - in _other_ component that depends on that setting (which is - something to fix on such component). + * Regressions could happen _if_ the user turns the setting on + (it's disabled by default) and there's a problem/bug likely + in _other_ component that depends on that setting (which is + something to fix on such component). [Other Info] - - * The users that reported this problem have verified - the test package with these changes, and confirmed - that it now works correctly for IPv6 NDP/multicast. + + * The users that reported this problem have verified + the test package with these changes, and confirmed + that it now works correctly for IPv6 NDP/multicast. + + * Upstream commits: + https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=dddf1b44126e + https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=fe9322781e63 + https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=b6d77d9ee312 + + * Only affect Xenial release : + + # rmadison iproute2 + iproute2 | 4.3.0-1ubuntu3.16.04.3 | xenial-updates + iproute2 | 4.15.0-2ubuntu1 | bionic + iproute2 | 4.18.0-1ubuntu2 | cosmic + iproute2 | 4.18.0-1ubuntu2 | disco + + # iproute2 upstream vcs + + $ git describe --contains dddf1b44126e + v4.4.0~67 + + $ git describe --contains b6d77d9ee312 + v4.5.0~47 + + $ git describe --contains fe9322781e63 + v4.6.0~32
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1800877 Title: iproute2/xenial: Add support for the VF Trust setting (fix IPv6 multicast under SR-IOV on Mellanox adapters) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1800877/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs