summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/plugins/rdma/device.c17
-rw-r--r--src/plugins/rdma/rdma_doc.md19
2 files changed, 35 insertions, 1 deletions
diff --git a/src/plugins/rdma/device.c b/src/plugins/rdma/device.c
index 0fddc3a3a5d..62dff21b060 100644
--- a/src/plugins/rdma/device.c
+++ b/src/plugins/rdma/device.c
@@ -153,6 +153,20 @@ rdma_dev_set_ucast (rdma_device_t * rd)
return 0;
}
+static clib_error_t *
+rdma_mac_change (vnet_hw_interface_t * hw, const u8 * old, const u8 * new)
+{
+ rdma_main_t *rm = &rdma_main;
+ rdma_device_t *rd = vec_elt_at_index (rm->devices, hw->dev_instance);
+ mac_address_from_bytes (&rd->hwaddr, new);
+ if (!(rd->flags & RDMA_DEVICE_F_PROMISC) && rdma_dev_set_ucast (rd))
+ {
+ mac_address_from_bytes (&rd->hwaddr, old);
+ return clib_error_return_unix (0, "MAC update failed");
+ }
+ return 0;
+}
+
static u32
rdma_dev_change_mtu (rdma_device_t * rd)
{
@@ -735,7 +749,7 @@ static char *rdma_tx_func_error_strings[] = {
};
/* *INDENT-OFF* */
-VNET_DEVICE_CLASS (rdma_device_class,) =
+VNET_DEVICE_CLASS (rdma_device_class) =
{
.name = "RDMA interface",
.format_device = format_rdma_device,
@@ -744,6 +758,7 @@ VNET_DEVICE_CLASS (rdma_device_class,) =
.rx_redirect_to_node = rdma_set_interface_next_node,
.tx_function_n_errors = RDMA_TX_N_ERROR,
.tx_function_error_strings = rdma_tx_func_error_strings,
+ .mac_addr_change_function = rdma_mac_change,
};
/* *INDENT-ON* */
diff --git a/src/plugins/rdma/rdma_doc.md b/src/plugins/rdma/rdma_doc.md
index e41839eb595..3c79f9aefd3 100644
--- a/src/plugins/rdma/rdma_doc.md
+++ b/src/plugins/rdma/rdma_doc.md
@@ -49,3 +49,22 @@ It should work in containers as long as:
- the `ib_uverbs` module is loaded
- the device nodes `/dev/infiniband/uverbs[0-9]+` are usable from the
container (but see [security considerations](#Security considerations))
+
+### SR-IOV VFs support
+It should work on SR-IOV VFs the same way it does with PFs. Because of VFs
+security containment features, make sure the MAC address of the rdma VPP
+interface matches the MAC address assigned to the underlying VF.
+For example:
+```
+host# echo 1 > /sys/class/infiniband/mlx5_0/device/sriov_numvfs
+host# ip l set dev enp94s0f0 vf 0 mac 92:5d:f5:df:b1:6f spoof on trust off
+host# ip l set dev enp94s0f2 up
+vpp# create int rdma host-if enp94s0f2 name rdma-0
+vpp# set int mac address rdma-0 92:5d:f5:df:b1:6f
+```
+If you plan to use L2 features such as switching, make sure the underlying
+VF is configured in trusted mode and spoof-checking is disabled (of course, be
+aware of the [security considerations](#Security considerations)):
+```
+host# ip l set dev enp94s0f0 vf 0 spoof off trust on
+```