RE: [Intel-wired-lan] [PATCH iwl-next v4 4/7] ice: update mac, vlan rules when toggling between VEB and VEPA

[Romanowski, Rafal]

> -----Original Message-----
> From: Intel-wired-lan <intel-wired-lan-bounces@xxxxxxxxxx> On Behalf Of Jakub
> Slepecki
> Sent: Wednesday, February 4, 2026 4:44 PM
> To: intel-wired-lan@xxxxxxxxxxxxxxxx
> Cc: linux-kernel@xxxxxxxxxxxxxxx; netdev@xxxxxxxxxxxxxxx; Kitszel, Przemyslaw
> <przemyslaw.kitszel@xxxxxxxxx>; Nguyen, Anthony L
> <anthony.l.nguyen@xxxxxxxxx>; michal.swiatkowski@xxxxxxxxxxxxxxx; Slepecki,
> Jakub <jakub.slepecki@xxxxxxxxx>; Loktionov, Aleksandr
> <aleksandr.loktionov@xxxxxxxxx>
> Subject: [Intel-wired-lan] [PATCH iwl-next v4 4/7] ice: update mac, vlan rules
> when toggling between VEB and VEPA
> 
> When changing into VEPA mode MAC rules are modified to forward all traffic to
> the wire instead of allowing some packets to go into the loopback.
> MAC,VLAN rules may and will also be used to forward loopback traffic in VEB, so
> when we switch to VEPA, we want them to behave similarly to MAC-only rules.
> 
> ice_vsi_update_bridge_mode() will now attempt a rollback of switch filters in
> case an update fails.  If the rollback also fails, we will now return the rollback
> error instead of the initial error.
> 
> Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov@xxxxxxxxx>
> Signed-off-by: Jakub Slepecki <jakub.slepecki@xxxxxxxxx>
> 
> ---
> Testing hints:
>   MAC,VLAN rules are created only if entire series is applied.
>   The easiest way to test that rules were adjusted is to run traffic
>   and observe what packets are sent to LAN.  VEPA is expected to behave
>   same as before the series.  VEB is expected to (a) behave like VEPA
>   if loopback traffic would cross VLANs, or (b) behave as before.
>   Traffic from/to external hosts is expected to remain unchanged.
> 
>   Refer to cover letter (0/7) for full network configuration.  To
>   change hwmode use:
> 
>       # bridge link set dev $pf hwmode {veb,vepa}
> 
> No changes in v4.
> 
> Changes in v3:
>   - Refer to reproduction in cover letter in current 4/7.
> 
> Changes in v2:
>   - Close open parenthesis in ice_vsi_update_bridge_mode() description.
>   - Explain returns in ice_vsi_update_bridge_mode().
> ---
>  drivers/net/ethernet/intel/ice/ice_main.c   | 48 +++++++++++++++++----
>  drivers/net/ethernet/intel/ice/ice_switch.c |  8 ++--
> drivers/net/ethernet/intel/ice/ice_switch.h |  3 +-
>  3 files changed, 46 insertions(+), 13 deletions(-)
> 
> diff --git a/drivers/net/ethernet/intel/ice/ice_main.c
> b/drivers/net/ethernet/intel/ice/ice_main.c
> index cb80b77d29fd..7b3ab69b8300 100644
> --- a/drivers/net/ethernet/intel/ice/ice_main.c
> +++ b/drivers/net/ethernet/intel/ice/ice_main.c
> @@ -8208,8 +8208,16 @@ static int ice_vsi_update_bridge_mode(struct ice_vsi


Tested-by: Rafal Romanowski <rafal.romanowski@xxxxxxxxx>