From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lf0-f43.google.com (mail-lf0-f43.google.com [209.85.215.43]) by dpdk.org (Postfix) with ESMTP id 732AC4F9A for ; Tue, 8 May 2018 15:16:54 +0200 (CEST) Received: by mail-lf0-f43.google.com with SMTP id q2-v6so613495lfc.12 for ; Tue, 08 May 2018 06:16:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=EWn8i+Dj9rEv2G58gCGbCshQTnan/Kb+bBwCxBDof6g=; b=eZdCzu8noA/UiVQSQvLhtxLigFIENOqu+Ypf3NmefBgXLa6iig7XN3RcNrwSNlVxIE iSXWbzPzpahbgCb/DPI6h1NYI/SQEmJpwNQWbm19X+dqBc1kGhjp6viG1GHywIjdfFMa iF0YojGKC5MW3KdIHG2q8g2ZuVM/Zw5xTta3uLM5RDgf5hbTZekLipEY2Unkpylw5Hwb jydfN8yVVs5QcehO+O6MipeWaoaVEGBQtbNFoRq2sDqTkziQWKWCvmBIGfgW8r5c5HR7 l5R7P43zQph8ZJj2lNpxQJ7gQ6KSIdi03cOWbRw7wXopdxqtc+REEpJIsZZKFBKX6SxZ 22bg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=EWn8i+Dj9rEv2G58gCGbCshQTnan/Kb+bBwCxBDof6g=; b=jExGzG1zBnnw7+n7xvqMV/bwqmO/cZvCdaL6bzyS5GJzdyrVT/TmV8Ysj8nF/GWffy pJmuESxgCK2j1p3Orh+ZngI9Ni1hUWcsNXtQDDdK4KhSBILmUr/VpG6NmGuGHsYqiZt0 URkBJZ1EWH5qbMjZx5pVzcfHZidGTkG4g1Y6NCHq38SGQXHbbNC37XqZ126hIJ7LqKv4 OTmhjenCt6HAwMcA28UjiR2tEeCnlqUNPH+aPqvjXLgdg8aKBZRzZcruJeY2Aaglg1/x nbLZ3lnEFicl9I9Wuh+0ZUtMY3Xwz3+uRat0w3DWHnN8ljigTF/UMBgzG2AUR5Azwa6i MFXQ== X-Gm-Message-State: ALQs6tBX3WY4IlevxzRo7gRD/hugG5oTGSSUd9Bu59UsY6XnBKgij6Wc t2SpmHsQ8mvXPJeFlznEZa3Y2e/d1Nt8RIAdZtMD/g== X-Google-Smtp-Source: AB8JxZpPHASDwnyFiZ9vH3YTNWdnW/svDFjC+zCwFfgtmp8y2BwYJLkR2Fcg65uEFqRSsXc9ntU19IeIcms7SraS6Uc= X-Received: by 2002:a2e:8595:: with SMTP id b21-v6mr26868418lji.131.1525785413872; Tue, 08 May 2018 06:16:53 -0700 (PDT) MIME-Version: 1.0 Received: by 10.46.131.199 with HTTP; Tue, 8 May 2018 06:16:53 -0700 (PDT) From: Edison So Date: Tue, 8 May 2018 09:16:53 -0400 Message-ID: To: dev@dpdk.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: [dpdk-dev] SR-IOV - Spoofed packets detected on Intel Corporation 82599EB 2-port 10G NIC Card X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 May 2018 13:16:54 -0000 Hello, I have a question about disabling anti-MAC spoofing feature on Intel 82599EB 2-port 10G NIC Card. Below is the description of the issue. *DPDK Version* 17.02 *Background* 1. I installed ESXi 6.5 on a Dell PowerEdge R630 with a 2-port 82599EB 10G NIC. 2. I installed two CentOS 7 VMWare VMs with DPDK. *DPDK Verification* On each VM running DPDK, I checked: ./dpdk-devbind.py --status Network devices using DPDK-compatible driver =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D *0000:0b:00.0 '82599 Ethernet Controller Virtual Function' drv=3Digb_uio unused=3D* Network devices using kernel driver =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D 0000:13:00.0 'VMXNET3 Ethernet Controller' if=3Deno33559296 drv=3Dvmxnet3 unused=3Digb_uio *Active* Other network devices =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Crypto devices using DPDK-compatible driver =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Crypto devices using kernel driver =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D Other crypto devices =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D On the VM, I used testpmd to disable MAC anti-spoofing and got an error: testpmd> set vf mac antispoof 0 0 off function not implemented testpmd> *SR-IOV Configuration on ESXi for each VM* 1. I am using SR-IOV on the NIC ports. On each of the VM, I created a new network adapter on the first VM as follows with *one* Virtual Function. A. Network Adapter 1: *10G port group 1* =C2=A7 Adapter Type: *SR-IOV passthrough* =C2=A7 Physical function: *82599EB 10-Gigabit SFI/SFP+ Network Connection = - 0000:82:00.0* =C2=A7 MAC Address: *Automatic* =C2=A7 Guest OS MTU Change: *Disallow* 2. On top of the creation of the new adapter, I also reserved some memory as required by SR-IOV. 3. I did the same on the second VM. B. Network Adapter 1: *10G port group 2* =C2=A7 Adapter Type: *SR-IOV passthrough* =C2=A7 Physical function: *82599EB 10-Gigabit SFI/SFP+ Network Connection = - 0000:82:00.1* =C2=A7 MAC Address: *Automatic* =C2=A7 Guest OS MTU Change: *Disallow* 4. Of course, each 10G port group is linked to a standard virtual group which in turn is linked to a 82599EB 10G port (Uplink Port) *Traffic Generation* 1. I have a PCAP file which has packets with different MAC addresses than the DPDK interface on the first VM. 2. I generated a constant traffic from the first VM to the second VM using the PCAP file and none was received on the second VM. 3. I sshed to the ESXI host and ran *dmesg* and got the following error messages repeatedly: *2018-05-04T23:39:00.679Z cpu31:66145)<4>ixgbe 0000:82:00.0: vmnic4: 512 Spoofed packets detected* 4. I googled this error and somewhat have concluded that this error may have something to do with the *MAC Spoofing* feature on the 82599EB 10G NIC card. How do I disable it? 5. The 82599EB 10G NIC card using *esxcli* (on ESXi host) displays the following information: [root@vm:/vmfs/volumes/5acbc358-de2034d6-5472-90e2bac73ffc/VM1] *esxcli network nic get -n vmnic4* Advertised Auto Negotiation: true Advertised Link Modes: 1000BaseT/Full, 10000BaseT/Full Auto Negotiation: true Cable Type: FIBRE Current Message Level: 7 Driver Info: Bus Info: 0000:82:00.0 Driver: ixgbe Firmware Version: 0x61bd0001 Version: 3.7.13.7.14iov-NAPI Link Detected: true Link Status: Up Name: vmnic4 PHYAddress: 0 Pause Autonegotiate: true Pause RX: true Pause TX: true Supported Ports: FIBRE Supports Auto Negotiation: true Supports Pause: true Supports Wakeon: false Transceiver: external Virtual Address: 00:50:56:55:91:0c Wakeon: None *Questions* 1. Is MAC anti-spoofing supported in DPDK version 17.02? If not, which version supports MAC anti-spoofing? If supported, how can I disable it? 2. How do I determine the port id and vf id? Your help is greatly appreciated.