Good afternoon all, and happy Thanksgiving as applicable. Sofar on IRC suggested i reach out to this ML with my inquiry regarding VFIO for the x540 ixgbe driver.
Our use case is to run a SecurityOnion instance in a VM atop a hardened physical node on 4.9 LTS. The relevant hardware is an Intel x540 dual port NIC, of which one port needs to produce a VF that has full promiscuous unicast access from the PF. A bunch of searching, reading, and parsing Linus' tree later, i figured out that the relevant functionality was only recently added to the kernel - after the merge window for our LTS (with which we're a bit stuck here since grsec doesn't publish their patches anymore). So i took a stab at backporting to our revision - https://github.com/sempervictus/linux-unofficial_grsec/tree/v4.9.63-even_more_unofficial_grsec%2Bixgbe_and_mtu-backport. However, even with the host running a slightly expanded version of the tree i linked, and the VF in trusted mode, set to promisc, it still only pulls the multicast/broadcast traffic. Even without the VM and potential interference from nwfilter, the VF simply doesnt show the traffic seen on the PF via tcpdump. I'm assuming that i'm doing something wrong here in my portage efforts, or missing some action in userspace needed to enable the 1.3 API functions. Could someone familiar with SRIOV/VFIO for ixgbe please take a look and lend a hand? I seem to have stumbled into a somewhat poorly documented/rapidly evolving set of functions on the Intel side of things (generally use Mellanox for this stuff in the OpenStack world), and am rather stumped at the moment. Thanks for all the Open Source stuff you guys do, and any assistance you may be able lend. -- Boris Lukashev Systems Architect Semper Victus ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ E1000-devel mailing list E1000-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/e1000-devel To learn more about Intel® Ethernet, visit http://communities.intel.com/community/wired
