[PATCH v3] net/ice: add MAC anti-spoof option

[Morten Brørup]

> From: Mandal, Anurag [mailto:anurag.mandal at intel.com]
> Sent: Wednesday, 3 December 2025 15.36
> 
> Hi Morten Brørup,
> 
> From: Morten Brørup <mb at smartsharesystems.com>
> Sent: 03 December 2025 17:11
> > @@ -1761,13 +1763,39 @@ ice_setup_vsi(struct ice_pf *pf, enum
> > ice_vsi_type type)
> >  		/* Source Prune */
> >  		if (ad->devargs.source_prune != 1) {
> >  			/* Disable source prune to support VRRP
> > -			 * when source-prune devarg is not set
> > +			 * when source-prune devargs is not set
> >  			 */
> >  			vsi_ctx.info.sw_flags =
> >  				ICE_AQ_VSI_SW_FLAG_LOCAL_LB;
> > -			vsi_ctx.info.sw_flags |=
> > +		} else { /* Enable Source Prune in Rx */
> > +			vsi_ctx.info.sw_flags =
> >  				ICE_AQ_VSI_SW_FLAG_SRC_PRUNE;
> >  		}
> 
> This looks like a bug fix related to Source Prune?
> 
> Ans: Not exactly.
> Initially, Source Prune was disabled, and MAC Anti-spoof check was
> enabled by default. This was done by following:-
> Source Prune is disabled by setting local loopback with
> ICE_AQ_VSI_SW_FLAG_LOCAL_LB flag in the Rx direction.
> ICE_AQ_VSI_SW_FLAG_SRC_PRUNE is added to prevent transmitted packets
> from being looped back in some circumstances.
> Now, MAC Anti-spoof check can be disabled by clearing both
> ICE_AQ_VSI_SW_FLAG_SRC_PRUNE and
> ICE_AQ_VSI_SEC_FLAG_ENA_MAC_ANTI_SPOOF flags and setting Tx loopback
> with
> ICE_AQ_VSI_SW_FLAG_ALLOW_LB flag in the Tx direction.
> 
> As we moved to making both source prune and mac anti-spoof check
> disabled by default, I thought no point to set
> ICE_AQ_VSI_SW_FLAG_SRC_PRUNE during source prune disable and then
> clearing it to disable mac anti-spoof.

OK. Thank you for elaborating.

> 
> Thank you.
> 
> Regards,
> Anurag M

Note to maintainers:
This devarg is like the Source Prune devarg.
If we want to elevate these exotic features into proper Ethdev APIs, it should be done for both devargs in a separate patch.

Acked-by: Morten Brørup <mb at smartsharesystems.com>