[PATCH 2/2] net/cxgbe: restrict rte flow rules to ingress port

Abdulrahman Alshawi ashawi at wirefilter.com
Mon Apr 27 18:42:52 CEST 2026

Previous message (by thread): [PATCH 1/2] net/cxgbe: fix Rx handling for packed responses
Next message (by thread): [PATCH 2/2] net/cxgbe: restrict rte flow rules to ingress port
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 
 Chelsio filters are programmed in adapter-wide LE/TCAM tables shared by all ports. rte_flow rules, however, are created on a specific ethdev and are expected to apply to traffic arriving on that port.   The PMD already supports ingress-port matching in the hardware filter spec. The iport field is validated, used for hash-region selection when tp.port_shift is available, and emitted in the firmware filter work request. But the rte_flow parser never sets fs.val.iport/fs.mask.iport for normal per-port rules.   As a result, a rule created on one port is installed as an adapter-wide match and can steer traffic received on sibling ports of the same adapter.   In practice this causes cross-port steering. For example, a rule like     vlan 100 -> queue 3   created on port 0 can also match VLAN 100 traffic arriving on port 1 and redirect it into port 0's queue 3.   Fix this by stamping the creating ethdev's physical ingress port into the filter spec before filter placement is decided.   Only do this when the active filter mode includes the port field (tp.port_shift >= 0). If port matching is not available in the current filter mode, keep the existing adapter-wide behavior.   Reproduce (two ports of the same adapter bound to DPDK):     dpdk-testpmd -l 1-9 -a 0000:18:00.4 -a 0000:18:00.5 \           -- --rxq=4 --txq=4 --forward-mode=rxonly -i   testpmd> flow create 0 ingress pattern eth \            / vlan tci is 100 / end actions queue index 3 / end   testpmd> start   Without this patch, VLAN 100 traffic received on port 1 can be steered by the rule created on port 0. With the patch, the rule only matches traffic arriving on port 0.   Signed-off-by: Abdulrahman Alshawi <ashawi at wirefilter.com> ---  .mailmap                       |  1 +  drivers/net/cxgbe/cxgbe_flow.c | 19 +++++++++++++++++++  2 files changed, 20 insertions(+)   diff --git a/.mailmap b/.mailmap index 0e0d83e1c6..a6bcbd5756 100644 --- a/.mailmap +++ b/.mailmap @@ -4,6 +4,7 @@ Aaro Koskinen <aaro.koskinen at nsn.com>  Aaron Campbell <aaron at arbor.net>  Aaron Conole <aconole at redhat.com>  Abdullah Ömer Yamaç <omer.yamac at ceng.metu.edu.tr> <aomeryamac at gmail.com> +Abdulrahman Alshawi <ashawi at wirefilter.com>  Abdullah Sevincer <abdullah.sevincer at intel.com>  Abed Kamaluddin <akamaluddin at marvell.com>  Abhijit Gangurde <abhijit.gangurde at amd.com> diff --git a/drivers/net/cxgbe/cxgbe_flow.c b/drivers/net/cxgbe/cxgbe_flow.c index 14b9b49792..dd0634131e 100644 --- a/drivers/net/cxgbe/cxgbe_flow.c +++ b/drivers/net/cxgbe/cxgbe_flow.c @@ -172,6 +172,24 @@ cxgbe_fill_filter_region(struct adapter *adap,   fs->cap = 1; /* use hash region */  }   +static void +cxgbe_scope_flow_to_port(struct rte_flow *flow) +{ + struct adapter *adap = ethdev2adap(flow->dev); + struct port_info *pi = ethdev2pinfo(flow->dev); + + /* + * Chelsio filters are programmed in adapter-global tables. DPDK + * ingress rte_flow rules are created on a specific ethdev, so include + * the physical ingress port when the active filter mode supports it. + */ + if (adap->params.tp.port_shift < 0) +  return; + + flow->fs.val.iport = pi->port_id; + flow->fs.mask.iport = (1U << IPORT_BITWIDTH) - 1; +} +  static int  ch_rte_parsetype_eth(const void *dmask, const struct rte_flow_item *item,        struct ch_filter_specification *fs, @@ -986,6 +1004,7 @@ cxgbe_rtef_parse_items(struct rte_flow *flow,   }     cxgbe_tweak_filter_spec(adap, &flow->fs); + cxgbe_scope_flow_to_port(flow);   cxgbe_fill_filter_region(adap, &flow->fs);     return 0; --  2.39.5  
 
  
 
 
 

-----Original Message-----

From: Abdulrahman <ashawi at wirefilter.com>
To: dev <dev at dpdk.org>
Cc: bharat <bharat at chelsio.com>; stable <stable at dpdk.org>
Date: Monday, 27 April 2026 7:30 PM +03
Subject: [PATCH 0/2] net/cxgbe: fix packed Rx handling and flow port scoping

 
 
 
 

This series fixes two correctness issues in the cxgbe PMD that can cause
traffic loss on Chelsio T6 adapters, especially when rte_flow QUEUE
rules concentrate ingress on a small set of RX queues. 

Patch 1 fixes packed Rx response handling. The current PMD assumes every
response descriptor starts a new Free List buffer by requiring
F_RSPD_NEWBUF on each response. That assumption does not always hold for
packed ingress responses. Under sustained small-packet traffic to a
single ingress queue, the FL/IQ state goes out of sync and the affected
Rx path stops making forward progress. 

Patch 2 scopes rte_flow rules to the ingress port they were created on.
Chelsio filters are programmed in adapter-wide tables, and the PMD
already supports the iport field in the hardware filter spec. However,
the flow parser never fills it for normal per-port rules, so a rule
created on one port can also match traffic arriving on sibling ports of
the same adapter. 

Both issues reproduce with stock testpmd on T62100-LP-CR. The per-patch
commit messages include the details and reproducers. 

Abdulrahman Alshawi (2):
net/cxgbe: fix Rx handling for packed responses
net/cxgbe: restrict rte_flow rules to ingress port 

.mailmap | 1 +
drivers/net/cxgbe/base/adapter.h | 1 +
drivers/net/cxgbe/cxgbe_flow.c | 19 +++++
drivers/net/cxgbe/sge.c | 122 ++++++++++++++++++++++++-------
4 files changed, 118 insertions(+), 25 deletions(-) 

--
2.39.5   
     
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mails.dpdk.org/archives/stable/attachments/20260427/8eed440d/attachment.htm>

Previous message (by thread): [PATCH 1/2] net/cxgbe: fix Rx handling for packed responses
Next message (by thread): [PATCH 2/2] net/cxgbe: restrict rte flow rules to ingress port
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list