[PATCH v3] net/ice: add MAC anti-spoof option

Bruce Richardson bruce.richardson at intel.com
Thu Dec 11 16:22:32 CET 2025

Previous message (by thread): [PATCH v3] net/ice: add MAC anti-spoof option
Next message (by thread): [PATCH v3] net/ice: add MAC anti-spoof option
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Dec 03, 2025 at 03:47:08PM +0100, Morten Brørup wrote:
> > From: Mandal, Anurag [mailto:anurag.mandal at intel.com]
> > Sent: Wednesday, 3 December 2025 15.36
> > 
> > Hi Morten Brørup,
> > 
> > From: Morten Brørup <mb at smartsharesystems.com>
> > Sent: 03 December 2025 17:11
> > > @@ -1761,13 +1763,39 @@ ice_setup_vsi(struct ice_pf *pf, enum
> > > ice_vsi_type type)
> > >  		/* Source Prune */
> > >  		if (ad->devargs.source_prune != 1) {
> > >  			/* Disable source prune to support VRRP
> > > -			 * when source-prune devarg is not set
> > > +			 * when source-prune devargs is not set
> > >  			 */
> > >  			vsi_ctx.info.sw_flags =
> > >  				ICE_AQ_VSI_SW_FLAG_LOCAL_LB;
> > > -			vsi_ctx.info.sw_flags |=
> > > +		} else { /* Enable Source Prune in Rx */
> > > +			vsi_ctx.info.sw_flags =
> > >  				ICE_AQ_VSI_SW_FLAG_SRC_PRUNE;
> > >  		}
> > 
> > This looks like a bug fix related to Source Prune?
> > 
> > Ans: Not exactly.
> > Initially, Source Prune was disabled, and MAC Anti-spoof check was
> > enabled by default. This was done by following:-
> > Source Prune is disabled by setting local loopback with
> > ICE_AQ_VSI_SW_FLAG_LOCAL_LB flag in the Rx direction.
> > ICE_AQ_VSI_SW_FLAG_SRC_PRUNE is added to prevent transmitted packets
> > from being looped back in some circumstances.
> > Now, MAC Anti-spoof check can be disabled by clearing both
> > ICE_AQ_VSI_SW_FLAG_SRC_PRUNE and
> > ICE_AQ_VSI_SEC_FLAG_ENA_MAC_ANTI_SPOOF flags and setting Tx loopback
> > with
> > ICE_AQ_VSI_SW_FLAG_ALLOW_LB flag in the Tx direction.
> > 
> > As we moved to making both source prune and mac anti-spoof check
> > disabled by default, I thought no point to set
> > ICE_AQ_VSI_SW_FLAG_SRC_PRUNE during source prune disable and then
> > clearing it to disable mac anti-spoof.
> 
> OK. Thank you for elaborating.
> 
> > 
> > Thank you.
> > 
> > Regards,
> > Anurag M
> 
> Note to maintainers:
> This devarg is like the Source Prune devarg.
> If we want to elevate these exotic features into proper Ethdev APIs, it should be done for both devargs in a separate patch.
> 
> Acked-by: Morten Brørup <mb at smartsharesystems.com>
> 
Applied to dpdk-next-net-intel.

Thanks,
/Bruce

Previous message (by thread): [PATCH v3] net/ice: add MAC anti-spoof option
Next message (by thread): [PATCH v3] net/ice: add MAC anti-spoof option
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list