Thank you very much for the review and Ack.

I’ll make sure to include version change notes under a notes section in future patch versions, as per the contribution guide.

Also noted about maintainers, I had added them in v1 but missed them in v2. I’ll make sure to always use `get-maintainer.sh` going forward.

Thanks again for the guidance and support.

Best regards,  
Khadem Ullah


On Thu, Jun 26, 2025, 18:33 Dariusz Sosnowski <dsosnowski@nvidia.com> wrote:
Thank you very much for changes and detailed descriptions.
It helped a lot during review.

Acked-by: Dariusz Sosnowski <dsosnowski@nvidia.com>

On Thu, Jun 26, 2025 at 09:07:02AM -0400, Khadem Ullah wrote:
> v2:
>  - Added missing check for AGE + CT conflict in flow_dv_query().
>  - Removed unnecessary null check from flow_aso_age_get_by_idx().
>  - Added Fixes tag for LTS tracking.
>  - Ensured .mailmap and Signed-off-by addresses match.

In case of any future contribution would you be able to put the changes
between versions in notes section of the patch?
You can find the details here: https://doc.dpdk.org/guides/contributing/patches.html#creating-patches

Also, in the future would you be able to send patches to all relevant
maintainers? We have a script, ./devtools/get-maintainer.sh,
which extracts the info from MAINTAINERS file.
You can find more info here: https://doc.dpdk.org/guides/contributing/patches.html#sending-patches

>
> This patch fixes a segmentation fault that occurs when querying the
> AGE action of a flow rule that uses indirect connection tracking (CT).
>
> Background:
> AGE and CT indices share a union in the mlx5 flow struct. When using CT
> without age, the age index is invalid. Querying AGE in this case leads
> to a crash due to reading an invalid pointer.
>
> Fix:
> Add a check in `flow_dv_query()` to prevent AGE queries on indirect CT
> actions. This is the correct fix rather than null-checking the pool.
>
> Steps to reproduce:
>  1. Create an indirect CT action:
>     flow indirect_action 0 create ingress action conntrack / end
>
>  2. Create a root rule with jump:
>     flow create 0 ingress pattern eth / ipv4 / tcp / end actions jump group 3 / end
>
>  3. Create a group 3 rule using the indirect action:
>     flow create 0 group 3 ingress pattern eth / ipv4 / tcp / end actions indirect 0 / jump group 5 / end
>
>  4. Create a group 5 rule matching CT state:
>     flow create 0 group 5 ingress pattern eth / ipv4 / tcp / conntrack is 1 / end actions queue index 5 / end
>
>  5. Querying the first rule causes segfault:
>     flow query 0 1 age
>
> Fixes: 2d084f69aa26 ("net/mlx5: add translation of connection tracking action")
> Cc: stable@dpdk.org
>
> Signed-off-by: Khadem Ullah <14pwcse1224@uetpeshawar.edu.pk>