[PATCH v2] net/mlx5: add validation for indirect actions

[Rayane Boussanni]

This patch implements missing validation logic for RSS and Connection
Tracking (ConnTrack) indirect actions in the Hardware Steering (HWS)
flow engine.

Previously, these actions were accepted without being validated
against hardware capabilities, which could lead to unexpected behavior
when applying flow rules. The specialist validation functions
(mlx5_hw_validate_action_rss and mlx5_hw_validate_action_conntrack)
already existed but were not wired up to the indirect action handler.

The signature of flow_hw_validate_action_indirect was updated to
include the actions template attributes (attr), allowing it to pass
the necessary traffic direction context (ingress/egress/transfer)
to the underlying validation specialists.

Signed-off-by: Rayane Boussanni <rboussanni at gmail.com>
---
 drivers/net/mlx5/mlx5_flow_hw.c | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/drivers/net/mlx5/mlx5_flow_hw.c b/drivers/net/mlx5/mlx5_flow_hw.c
index bca5b2769e..ec1cdbe1fa 100644
--- a/drivers/net/mlx5/mlx5_flow_hw.c
+++ b/drivers/net/mlx5/mlx5_flow_hw.c
@@ -346,6 +346,21 @@ mlx5_flow_ct_init(struct rte_eth_dev *dev,
 		  uint32_t nb_conn_tracks,
 		  uint16_t nb_queue);
 
+static int
+mlx5_hw_validate_action_rss(struct rte_eth_dev *dev,
+			    const struct rte_flow_action *action,
+			    const struct rte_flow_action *mask,
+			    const struct rte_flow_actions_template_attr *attr,
+			    uint64_t action_flags,
+			    struct rte_flow_error *error);
+static int
+mlx5_hw_validate_action_conntrack(struct rte_eth_dev *dev,
+				  const struct rte_flow_action *action,
+				  const struct rte_flow_action *mask,
+				  const struct rte_flow_actions_template_attr *attr,
+				  uint64_t action_flags,
+				  struct rte_flow_error *error);
+
 static __rte_always_inline uint32_t flow_hw_tx_tag_regc_mask(struct rte_eth_dev *dev);
 static __rte_always_inline uint32_t flow_hw_tx_tag_regc_value(struct rte_eth_dev *dev);
 
@@ -6604,6 +6619,8 @@ flow_hw_validate_action_meter_mark(struct rte_eth_dev *dev,
  *   Pointer to the indirect action.
  * @param[in] mask
  *   Pointer to the indirect action mask.
+ * @param[in] attr
+ *   Pointer to the action template attributes.
  * @param[in, out] action_flags
  *   Holds the actions detected until now.
  * @param[in, out] fixed_cnt
@@ -6618,6 +6635,7 @@ static int
 flow_hw_validate_action_indirect(struct rte_eth_dev *dev,
 				 const struct rte_flow_action *action,
 				 const struct rte_flow_action *mask,
+				 const struct rte_flow_actions_template_attr *attr,
 				 uint64_t *action_flags, bool *fixed_cnt,
 				 struct rte_flow_error *error)
 {
@@ -6637,11 +6655,17 @@ flow_hw_validate_action_indirect(struct rte_eth_dev *dev,
 		*action_flags |= MLX5_FLOW_ACTION_METER;
 		break;
 	case RTE_FLOW_ACTION_TYPE_RSS:
-		/* TODO: Validation logic (same as flow_hw_actions_validate) */
+		ret = mlx5_hw_validate_action_rss(dev, action, mask, attr,
+						  *action_flags, error);
+		if (ret < 0)
+			return ret;
 		*action_flags |= MLX5_FLOW_ACTION_RSS;
 		break;
 	case RTE_FLOW_ACTION_TYPE_CONNTRACK:
-		/* TODO: Validation logic (same as flow_hw_actions_validate) */
+		ret = mlx5_hw_validate_action_conntrack(dev, action, mask, attr,
+							*action_flags, error);
+		if (ret < 0)
+			return ret;
 		*action_flags |= MLX5_FLOW_ACTION_CT;
 		break;
 	case RTE_FLOW_ACTION_TYPE_COUNT:
@@ -7352,6 +7376,7 @@ mlx5_flow_hw_actions_validate(struct rte_eth_dev *dev,
 		case RTE_FLOW_ACTION_TYPE_INDIRECT:
 			ret = flow_hw_validate_action_indirect(dev, action,
 							       mask,
+							       attr,
 							       &action_flags,
 							       &fixed_cnt,
 							       error);
-- 
2.34.1