diff options
-rw-r--r-- | src/plugins/rdma/device.c | 17 | ||||
-rw-r--r-- | src/plugins/rdma/rdma_doc.md | 19 |
2 files changed, 35 insertions, 1 deletions
diff --git a/src/plugins/rdma/device.c b/src/plugins/rdma/device.c index 0fddc3a3a5d..62dff21b060 100644 --- a/src/plugins/rdma/device.c +++ b/src/plugins/rdma/device.c @@ -153,6 +153,20 @@ rdma_dev_set_ucast (rdma_device_t * rd) return 0; } +static clib_error_t * +rdma_mac_change (vnet_hw_interface_t * hw, const u8 * old, const u8 * new) +{ + rdma_main_t *rm = &rdma_main; + rdma_device_t *rd = vec_elt_at_index (rm->devices, hw->dev_instance); + mac_address_from_bytes (&rd->hwaddr, new); + if (!(rd->flags & RDMA_DEVICE_F_PROMISC) && rdma_dev_set_ucast (rd)) + { + mac_address_from_bytes (&rd->hwaddr, old); + return clib_error_return_unix (0, "MAC update failed"); + } + return 0; +} + static u32 rdma_dev_change_mtu (rdma_device_t * rd) { @@ -735,7 +749,7 @@ static char *rdma_tx_func_error_strings[] = { }; /* *INDENT-OFF* */ -VNET_DEVICE_CLASS (rdma_device_class,) = +VNET_DEVICE_CLASS (rdma_device_class) = { .name = "RDMA interface", .format_device = format_rdma_device, @@ -744,6 +758,7 @@ VNET_DEVICE_CLASS (rdma_device_class,) = .rx_redirect_to_node = rdma_set_interface_next_node, .tx_function_n_errors = RDMA_TX_N_ERROR, .tx_function_error_strings = rdma_tx_func_error_strings, + .mac_addr_change_function = rdma_mac_change, }; /* *INDENT-ON* */ diff --git a/src/plugins/rdma/rdma_doc.md b/src/plugins/rdma/rdma_doc.md index e41839eb595..3c79f9aefd3 100644 --- a/src/plugins/rdma/rdma_doc.md +++ b/src/plugins/rdma/rdma_doc.md @@ -49,3 +49,22 @@ It should work in containers as long as: - the `ib_uverbs` module is loaded - the device nodes `/dev/infiniband/uverbs[0-9]+` are usable from the container (but see [security considerations](#Security considerations)) + +### SR-IOV VFs support +It should work on SR-IOV VFs the same way it does with PFs. Because of VFs +security containment features, make sure the MAC address of the rdma VPP +interface matches the MAC address assigned to the underlying VF. +For example: +``` +host# echo 1 > /sys/class/infiniband/mlx5_0/device/sriov_numvfs +host# ip l set dev enp94s0f0 vf 0 mac 92:5d:f5:df:b1:6f spoof on trust off +host# ip l set dev enp94s0f2 up +vpp# create int rdma host-if enp94s0f2 name rdma-0 +vpp# set int mac address rdma-0 92:5d:f5:df:b1:6f +``` +If you plan to use L2 features such as switching, make sure the underlying +VF is configured in trusted mode and spoof-checking is disabled (of course, be +aware of the [security considerations](#Security considerations)): +``` +host# ip l set dev enp94s0f0 vf 0 spoof off trust on +``` |