[PATCH v3] net/ice: add MAC anti-spoof option

Mandal, Anurag anurag.mandal at intel.com
Wed Dec 3 15:36:26 CET 2025

Previous message (by thread): [PATCH v3] net/ice: add MAC anti-spoof option
Next message (by thread): [PATCH v3] net/ice: add MAC anti-spoof option
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Morten Brørup,

From: Morten Brørup <mb at smartsharesystems.com> 
Sent: 03 December 2025 17:11
> @@ -1761,13 +1763,39 @@ ice_setup_vsi(struct ice_pf *pf, enum 
> ice_vsi_type type)
>  		/* Source Prune */
>  		if (ad->devargs.source_prune != 1) {
>  			/* Disable source prune to support VRRP
> -			 * when source-prune devarg is not set
> +			 * when source-prune devargs is not set
>  			 */
>  			vsi_ctx.info.sw_flags =
>  				ICE_AQ_VSI_SW_FLAG_LOCAL_LB;
> -			vsi_ctx.info.sw_flags |=
> +		} else { /* Enable Source Prune in Rx */
> +			vsi_ctx.info.sw_flags =
>  				ICE_AQ_VSI_SW_FLAG_SRC_PRUNE;
>  		}

This looks like a bug fix related to Source Prune?

Ans: Not exactly. 
Initially, Source Prune was disabled, and MAC Anti-spoof check was enabled by default. This was done by following:-
Source Prune is disabled by setting local loopback with ICE_AQ_VSI_SW_FLAG_LOCAL_LB flag in the Rx direction.
ICE_AQ_VSI_SW_FLAG_SRC_PRUNE is added to prevent transmitted packets from being looped back in some circumstances.
Now, MAC Anti-spoof check can be disabled by clearing both ICE_AQ_VSI_SW_FLAG_SRC_PRUNE and
ICE_AQ_VSI_SEC_FLAG_ENA_MAC_ANTI_SPOOF flags and setting Tx loopback with
ICE_AQ_VSI_SW_FLAG_ALLOW_LB flag in the Tx direction.

As we moved to making both source prune and mac anti-spoof check disabled by default, I thought no point to set ICE_AQ_VSI_SW_FLAG_SRC_PRUNE during source prune disable and then clearing it to disable mac anti-spoof. 

Thank you.

Regards,
Anurag M

-----Original Message-----
From: Morten Brørup <mb at smartsharesystems.com> 
Sent: 03 December 2025 17:11
To: Mandal, Anurag <anurag.mandal at intel.com>; dev at dpdk.org
Cc: Richardson, Bruce <bruce.richardson at intel.com>; Burakov, Anatoly <anatoly.burakov at intel.com>
Subject: RE: [PATCH v3] net/ice: add MAC anti-spoof option

> @@ -1761,13 +1763,39 @@ ice_setup_vsi(struct ice_pf *pf, enum 
> ice_vsi_type type)
>  		/* Source Prune */
>  		if (ad->devargs.source_prune != 1) {
>  			/* Disable source prune to support VRRP
> -			 * when source-prune devarg is not set
> +			 * when source-prune devargs is not set
>  			 */
>  			vsi_ctx.info.sw_flags =
>  				ICE_AQ_VSI_SW_FLAG_LOCAL_LB;
> -			vsi_ctx.info.sw_flags |=
> +		} else { /* Enable Source Prune in Rx */
> +			vsi_ctx.info.sw_flags =
>  				ICE_AQ_VSI_SW_FLAG_SRC_PRUNE;
>  		}

This looks like a bug fix related to Source Prune?

Previous message (by thread): [PATCH v3] net/ice: add MAC anti-spoof option
Next message (by thread): [PATCH v3] net/ice: add MAC anti-spoof option
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list