> From: Mandal, Anurag [mailto:[email protected]] > Sent: Monday, 17 November 2025 06.22 > > Hi Morten Brørup, > > Thanks for your mail and review. PFB my answers. > > " This is the same story as with Source Prune. > Please disable source-prune filtering by default, and provide an option > to enable it. > Also, suggest shortening the devargs name to simply "anti-spoof", like > "source-prune"; they both operate on MAC basis." > > [Ans]: Source prune is disabled by default and option to enable the > same has been already committed:[ > https://github.com/DPDK/dpdk/commit/980c840a646a2c8ae49a291c17baf20a74f > 36086].
Sorry, there was a typo... I meant to write: Please disable anti-spoof filtering by default, and provide an option to enable it. Like source-prune. > I also wanted to shorten the name to "anti-spoof" but I found something > called " vsi->vlan_anti_spoof_on" in the same file. > Hence, to distinguish between them, used "mac-anti-spoof". OK. Then "mac-anti-spoof" is a good choice. Is support for "vlan-anti-spoof" in the pipeline? What are your thoughts about the generic Ethdev APIs I suggested, instead of driver specific devargs? > > Thank you. > > Regards, > Anurag M > > -----Original Message----- > From: Morten Brørup <[email protected]> > Sent: 16 November 2025 13:14 > To: Mandal, Anurag <[email protected]>; [email protected]; Richardson, > Bruce <[email protected]>; Burakov, Anatoly > <[email protected]>; [email protected]; > [email protected] > Subject: RE: [PATCH v2] net/ice: add MAC anti-spoof option > > +TO: Ethdev maintainers, regarding new Ethdev APIs > > > From: Anurag Mandal [mailto:[email protected]] > > Sent: Sunday, 16 November 2025 04.58 > > > > VRRP advertisement packets are dropped as TX-errors upon transmission > > from a vsi of ice PF due to MAC anti-spoof check which is enabled by > > default. > > There is no way to disable this check in the Tx direction to avoid > > these packets being dropped. > > > > This patch introduces devargs "mac-anti-spoof" to allow user to > > disable MAC anti-spoof check. Disable MAC Anti-spoof check in the Tx > > direction to avoid getting dropped as TX-errors upon packet > > transmission when their source MAC address matches one of the MAC > > addresses assigned to that same NIC port. > > > > Signed-off-by: Anurag Mandal <[email protected]> > > --- > > This is the same story as with Source Prune. > Please disable source-prune filtering by default, and provide an option > to enable it. > Also, suggest shortening the devargs name to simply "anti-spoof", like > "source-prune"; they both operate on MAC basis. > > Let's make something generic instead, to replace those silly devargs. > We have individual Ethdev APIs to enable/disable various Rx filtering, > e.g. "promiscuous", "all multicast". > Obviously, we don't want to introduce new APIs for every semi-exotic > filter any NIC may offer, like "source prune" and "anti spoof", but we > could introduce a set of generic Ethdev APIs to support filters such as > these, using a bitfield enum. E.g.: > > /* Enable one or more filters. */ > int rte_ethdev_filter_enable(uin16_t port_id, uint64_t filter); > > /* Disable one or more filters. */ > int rte_ethdev_filter_disable(uin16_t port_id, uint64_t filter); > > /* Get bit field of filters enabled. */ > int64_t rte_ethdev_filter_get(uin16_t port_id); > > /* Get bit field of filters supported by device. */ int64_t > rte_ethdev_filter_capa(uin16_t port_id); /**/ > > /** Destination MAC must match NIC's MAC address. > * (This is the inverse of Promiscuous.) > * Default enabled. > */ > #define RTE_ETH_FILTER_RX_NON_PROMISC RTE_BIT64(0) > /** Multicast Hash. > * (This is the inverse of All Multicast.) > * Default enabled. > */ > #define RTE_ETH_FILTER_RX_MULTICAST RTE_BIT64(1) > /** Source Prune. > * [Insert description here.] > */ > #define RTE_ETH_FILTER_RX_SOURCE_PRUNE RTE_BIT64(2) > /* Add new Rx filters here, in increasing order. */ > /* Add new Tx filters here, in decreasing order. */ > /** Anti-Spoof. > * [Insert description here.] > */ > #define RTE_ETH_FILTER_RX_SOURCE_PRUNE RTE_BIT64(62) > /** Used for error return values which are negative. */ > #define RTE_ETH_FILTER_ERROR RTE_BIT64(63)
