return 0;
}
+static clib_error_t *
+rdma_mac_change (vnet_hw_interface_t * hw, const u8 * old, const u8 * new)
+{
+ rdma_main_t *rm = &rdma_main;
+ rdma_device_t *rd = vec_elt_at_index (rm->devices, hw->dev_instance);
+ mac_address_from_bytes (&rd->hwaddr, new);
+ if (!(rd->flags & RDMA_DEVICE_F_PROMISC) && rdma_dev_set_ucast (rd))
+ {
+ mac_address_from_bytes (&rd->hwaddr, old);
+ return clib_error_return_unix (0, "MAC update failed");
+ }
+ return 0;
+}
+
static u32
rdma_dev_change_mtu (rdma_device_t * rd)
{
};
/* *INDENT-OFF* */
-VNET_DEVICE_CLASS (rdma_device_class,) =
+VNET_DEVICE_CLASS (rdma_device_class) =
{
.name = "RDMA interface",
.format_device = format_rdma_device,
.rx_redirect_to_node = rdma_set_interface_next_node,
.tx_function_n_errors = RDMA_TX_N_ERROR,
.tx_function_error_strings = rdma_tx_func_error_strings,
+ .mac_addr_change_function = rdma_mac_change,
};
/* *INDENT-ON* */
- the `ib_uverbs` module is loaded
- the device nodes `/dev/infiniband/uverbs[0-9]+` are usable from the
container (but see [security considerations](#Security considerations))
+
+### SR-IOV VFs support
+It should work on SR-IOV VFs the same way it does with PFs. Because of VFs
+security containment features, make sure the MAC address of the rdma VPP
+interface matches the MAC address assigned to the underlying VF.
+For example:
+```
+host# echo 1 > /sys/class/infiniband/mlx5_0/device/sriov_numvfs
+host# ip l set dev enp94s0f0 vf 0 mac 92:5d:f5:df:b1:6f spoof on trust off
+host# ip l set dev enp94s0f2 up
+vpp# create int rdma host-if enp94s0f2 name rdma-0
+vpp# set int mac address rdma-0 92:5d:f5:df:b1:6f
+```
+If you plan to use L2 features such as switching, make sure the underlying
+VF is configured in trusted mode and spoof-checking is disabled (of course, be
+aware of the [security considerations](#Security considerations)):
+```
+host# ip l set dev enp94s0f0 vf 0 spoof off trust on
+```