2018-10-31 16:36:33 |
Mauricio Faria de Oliveira |
bug |
|
|
added bug |
2018-10-31 16:39:31 |
Mauricio Faria de Oliveira |
attachment added |
|
iproute2_xenial_vf-trust.debdiff https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1800877/+attachment/5207579/+files/iproute2_xenial_vf-trust.debdiff |
|
2018-10-31 16:40:14 |
Mauricio Faria de Oliveira |
bug |
|
|
added subscriber STS Sponsors |
2018-11-01 00:12:09 |
Eric Desrochers |
nominated for series |
|
Ubuntu Xenial |
|
2018-11-01 00:12:09 |
Eric Desrochers |
bug task added |
|
iproute2 (Ubuntu Xenial) |
|
2018-11-01 00:12:15 |
Eric Desrochers |
iproute2 (Ubuntu): status |
New |
Fix Released |
|
2018-11-01 00:12:19 |
Eric Desrochers |
iproute2 (Ubuntu Xenial): status |
New |
In Progress |
|
2018-11-01 00:12:21 |
Eric Desrochers |
iproute2 (Ubuntu Xenial): importance |
Undecided |
Medium |
|
2018-11-01 00:12:52 |
Eric Desrochers |
iproute2 (Ubuntu Xenial): assignee |
|
Mauricio Faria de Oliveira (mfo) |
|
2018-11-01 00:45:04 |
Eric Desrochers |
tags |
|
sts |
|
2018-11-01 00:50:44 |
Eric Desrochers |
description |
[Impact]
* An VM's VF cannot receive IPv6 multicast traffic
from other VMs' VFs in the same Mellanox adapter
_if_ its VF trust setting is not enabled, and on
Xenial currently iproute2 _cannot_ enable it.
* This breaks IPv6 NDP (Neighbor Discovery Protocol)
in that scenario.
* This upload adds three iproute2 upstream commits
to enable/disable the VF setting, which resolves
that problem/limitation.
[Test Case]
* Check 'ip link help' for the 'trust' option:
Before:
# ip link help 2>&1 | grep trust
<nothing>
After:
# ip link help 2>&1 | grep trust
[ trust { on | off} ] ]
* Check 'ip link show dev PF' for 'trust on|off' field in VFs.
Before: (trust field _is not_ present)
# ip link show dev ens1f0
...
vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto
vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto
After: (trust field _is_ present)
# ip link show dev ens1f0
...
vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
* Set the VF trust on/off and check it:
Set VF 0 trust on:
# ip link set ens1f0 vf 0 trust on
# ip link show dev ens1f0 | grep trust
vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust on
vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
Set VF 0 trust off:
# ip link set ens1f0 vf 0 trust off
# ip link show dev ens1f0 | grep trust
vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
[Regression Potential]
* Regression potential is low because the commits just add the
netlink attribute for the userspace-kernel interface and the
ways to set/clear it, and show the current value to the user.
* Regressions could happen _if_ the user turns the setting on
(it's disabled by default) and there's a problem/bug likely
in _other_ component that depends on that setting (which is
something to fix on such component).
[Other Info]
* The users that reported this problem have verified
the test package with these changes, and confirmed
that it now works correctly for IPv6 NDP/multicast. |
[Impact]
* An VM's VF cannot receive IPv6 multicast traffic
from other VMs' VFs in the same Mellanox adapter
_if_ its VF trust setting is not enabled, and on
Xenial currently iproute2 _cannot_ enable it.
* This breaks IPv6 NDP (Neighbor Discovery Protocol)
in that scenario.
* This upload adds three iproute2 upstream commits
to enable/disable the VF setting, which resolves
that problem/limitation.
[Test Case]
* Check 'ip link help' for the 'trust' option:
Before:
# ip link help 2>&1 | grep trust
<nothing>
After:
# ip link help 2>&1 | grep trust
[ trust { on | off} ] ]
* Check 'ip link show dev PF' for 'trust on|off' field in VFs.
Before: (trust field _is not_ present)
# ip link show dev ens1f0
...
vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto
vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto
After: (trust field _is_ present)
# ip link show dev ens1f0
...
vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
* Set the VF trust on/off and check it:
Set VF 0 trust on:
# ip link set ens1f0 vf 0 trust on
# ip link show dev ens1f0 | grep trust
vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust on
vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
Set VF 0 trust off:
# ip link set ens1f0 vf 0 trust off
# ip link show dev ens1f0 | grep trust
vf 0 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
vf 1 MAC 00:00:00:00:00:00, spoof checking on, link-state auto, trust off
[Regression Potential]
* Regression potential is low because the commits just add the
netlink attribute for the userspace-kernel interface and the
ways to set/clear it, and show the current value to the user.
* Regressions could happen _if_ the user turns the setting on
(it's disabled by default) and there's a problem/bug likely
in _other_ component that depends on that setting (which is
something to fix on such component).
[Other Info]
* The users that reported this problem have verified
the test package with these changes, and confirmed
that it now works correctly for IPv6 NDP/multicast.
* Upstream commits:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=dddf1b44126e
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=fe9322781e63
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=b6d77d9ee312
* Only affect Xenial release :
# rmadison iproute2
iproute2 | 4.3.0-1ubuntu3.16.04.3 | xenial-updates
iproute2 | 4.15.0-2ubuntu1 | bionic
iproute2 | 4.18.0-1ubuntu2 | cosmic
iproute2 | 4.18.0-1ubuntu2 | disco
# iproute2 upstream vcs
$ git describe --contains dddf1b44126e
v4.4.0~67
$ git describe --contains b6d77d9ee312
v4.5.0~47
$ git describe --contains fe9322781e63
v4.6.0~32 |
|
2018-11-01 15:47:11 |
Mauricio Faria de Oliveira |
attachment removed |
iproute2_xenial_vf-trust.debdiff https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1800877/+attachment/5207579/+files/iproute2_xenial_vf-trust.debdiff |
|
|
2018-11-01 15:48:46 |
Mauricio Faria de Oliveira |
attachment added |
|
iproute2_xenial_vf-trust_v2.debdiff https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1800877/+attachment/5207902/+files/iproute2_xenial_vf-trust_v2.debdiff |
|
2018-11-02 14:51:17 |
Mauricio Faria de Oliveira |
attachment removed |
iproute2_xenial_vf-trust_v2.debdiff https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1800877/+attachment/5207902/+files/iproute2_xenial_vf-trust_v2.debdiff |
|
|
2018-11-02 14:53:06 |
Mauricio Faria de Oliveira |
attachment added |
|
iproute2_xenial_vf-trust_v3.debdiff https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1800877/+attachment/5208317/+files/iproute2_xenial_vf-trust_v3.debdiff |
|
2018-11-05 13:22:46 |
Eric Desrochers |
bug |
|
|
added subscriber Eric Desrochers |
2018-11-05 13:22:49 |
Eric Desrochers |
removed subscriber STS Sponsors |
|
|
|
2018-11-06 18:41:10 |
Brian Murray |
iproute2 (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
2018-11-06 18:41:12 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2018-11-06 18:41:15 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
2018-11-06 18:41:19 |
Brian Murray |
tags |
sts |
sts verification-needed verification-needed-xenial |
|
2018-11-07 12:22:22 |
Mauricio Faria de Oliveira |
tags |
sts verification-needed verification-needed-xenial |
sts verification-done verification-done-xenial |
|
2018-11-19 14:13:43 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2018-11-19 14:13:41 |
Launchpad Janitor |
iproute2 (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|