On 8/19/2024 3:14 AM, Michal Swiatkowski wrote:
> The filters set that will reproduce the problem:
> $ tc filter add dev $VF0_PR ingress protocol arp prio 0 flower \
> skip_sw dst_mac ff:ff:ff:ff:ff:ff action mirred egress \
> redirect dev $PF0
> $ tc filter add dev $VF0_PR ingress protocol arp prio 0 flower \
> skip_sw dst_mac ff:ff:ff:ff:ff:ff src_mac 52:54:00:00:00:10 \
> action mirred egress mirror dev $VF1_PR
>
> Expected behaviour is to set all broadcast from VF0 to the LAN. If the
> src_mac match the value from filters, send packet to LAN and to VF1.
>
> In this case both LAN_EN and LB_EN flags in switch is set in case of
> packet matching both filters. As dst VSI for the only LAN enable bit is
> PF VSI, the packet is being seen on PF. To fix this change dst VSI to
> the source VSI. It will block receiving any packet even when LB_EN is
> set by switch, because local loopback is clear on VF VSI during normal
> operation.
>
> Side note: if the second filters action is redirect instead of mirror
> LAN_EN is clear, because switch is AND-ing LAN_EN from each matched
> filters and OR-ing LB_EN.
>
> Reviewed-by: Przemek Kitszel <[email protected]>
> Fixes: 73b483b79029 ("ice: Manage act flags for switchdev offloads")
> Signed-off-by: Michal Swiatkowski <[email protected]>
Reviewed-by: Jacob Keller <[email protected]>
