Last Modified: Nov 29, 2025
Affected Product(s):
BIG_IP_NEXT(CNF) CNF
Known Affected Versions:
1.3.0, 1.3.1, 1.3.2, 1.3.3
Fixed In:
1.4.0
Opened: Oct 12, 2024 Severity: 3-Major
• Intel E810 PF triggers MDD and disables the VF queue when the application tries to send packets with more than 8 fragments. • The dmesg/kern.log file on the host contains the following message for the VF: kernel: ice <PCI coordinates of VF>: 1 Tx Malicious Driver Detection events detected on PF 1 VF 24 MAC <MAC address>.
Traffic flow across a specific TMM queue drops as the E810 PF disables the associated VF queue. In the tmm/ndal_tx_stats stats, the sent counter associated with the corresponding queue stops incrementing and the drop_full_dq counter starts incrementing.
• Intel E810 VF used for the data-plane traffic. • TCP Segmentation Offload (TSO) disabled. • Large receive offload (LRO) disabled.
Once the VF queue is in disable state, reset the TMM application to reset the VF queues.
1. TSO (TCP Segmentation Offload) is disabled as a default. 2. Maximum fragments per packet value is set to 8, as per Intel E810 specification. Any packets receiving greater than 8 fragments will undergo packet compaction, which will reduce the fragment count to below 8 and avoids an MDD event. 3. A new counter pkt_compact is added to ndal_tx_stats to determine the number of packets compacted on egress. 4. After packet compaction, if the number of fragments still remains greater than 8, the packet is dropped with drop_too_many_frags counter in tmm/ndal_tx_stats incremented, and not sent out on egress avoiding the occurrence of an MDD event.