Skip to content

Instantly share code, notes, and snippets.

@FlorianHeigl

FlorianHeigl/liovswgogo.sh

Created April 29, 2026 22:33
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save FlorianHeigl/2d3dcb5e80dbe5c1b36c70cea320bae6 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save FlorianHeigl/2d3dcb5e80dbe5c1b36c70cea320bae6 to your computer and use it in GitHub Desktop.
Download ZIP
liquidio-II openvswitch kernel module and env init
Raw
liovswgogo.sh
modprobe liquidio fw_type=vsw
echo 50 > /sys/bus/pci/devices/0000:01:00.0/sriov_numvfs
echo 50 > /sys/bus/pci/devices/0000:01:00.1/sriov_numvfs
PF0=eth0
PF1=eth1
LIO_BOND_MGMT=lio-bond-mgmt
LIO_MACVLAN_PF0=lio-mcvlan0
LIO_MACVLAN_PF1=lio-mcvlan1
LIO_HOST_MGMT_IP4_ADDR="169.254.1.2"
LIO_MGMT_IP4_ADDR="169.254.1.1"
LIO_MGMT_IP4_MASK=16
ip link set $PF0 up
ip link set $PF1 up
ip link add $LIO_MACVLAN_PF0 link $PF0 type macvlan
ip link add $LIO_MACVLAN_PF1 link $PF1 type macvlan
ip link add $LIO_BOND_MGMT type bond
echo balance-rr > /sys/class/net/$LIO_BOND_MGMT/bonding/mode
ip link set $LIO_MACVLAN_PF0 master $LIO_BOND_MGMT
ip link set $LIO_MACVLAN_PF1 master $LIO_BOND_MGMT
ip addr add $LIO_HOST_MGMT_IP4_ADDR/$LIO_MGMT_IP4_MASK dev $LIO_BOND_MGMT
ip link set $LIO_BOND_MGMT up
@FlorianHeigl
Copy link
Copy Markdown
Author

FlorianHeigl commented Apr 29, 2026
edited
Loading

Notes

tl;dr

  • no link, no ping
  • wipes data

details

  • you can get the vsw firmware lio_23xx_vsw.bin from older kernel mods. it was removed due to a CVE. IMO you can fix that CVE by editing the embedded filesystem in the kernel module. IMHO it also doesn't effing matter.
  • the whole thing only works if you have actual link on at least one port
  • autoneg to 10gbit likely won't work
  • not all dac cables work even at 25g (even if you can query it from both ends)
  • 25g might give some error about FEC variables. it should autodetect that but it seems it doesn't. YMMV, set them if needed.
  • ssh pw must be bruteforced and then changed
  • use binwalk and cpio to get the passwd file(*)
  • unclear if OVS is externally reachable
  • unclear if OVS is properly initialized, I only see a single guid in ovs-vsctl show
  • loading the vsw firmware expects a clean eMMC. it will attempt to wipe/format it if needed. It'll use ext2 for some partitions so test this on a NIC where you don't have anything you care about
  • if you restart the card, the firmware appears to not be reloadaed by the driver
  • do not use up the maximum sriov_numvfs; IIRC you need one or two for the pf itself and it's not automatically reserved!
  • there are some boot errors in early boot stage where it still fails to mount something, those might affect state persistence

(*) I'll publish it once I know more. there was a CVE regarding the OVS or root password I think so it's something trivial

I'll update this when I made progress (waiting for more, different DAC cables to find what will link up). Testing with a Cisco Passive DAC next, and after that an active Cisco DAC. That's just like $100 for those two tries so... not cool.
I don't have loads of 25Gbit/s ports... I'm right here trying to make them more accessible, right?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment