port: prevent disabling forced promiscuous and allmulti modes

When a port MAC filter table reaches its hardware limit or if the driver
does not support individual address filtering, the code falls back to
enabling promisc or allmulti mode to ensure all required traffic is
still received. However, other code paths that manage these modes were
unaware of this fallback mechanism and could inadvertently disable them,
breaking MAC address filtering.

Introduce two new interface state flags to track when promisc or
allmulti modes have been force-enabled due to MAC filter
overflow/unsupported. The port_promisc_set() and port_allmulti_set()
functions now check these forced states and refuse to modify the
hardware state when the mode is required for filtering.

Update the CLI to distinguish between user-requested and filter-forced
modes by displaying "promisc(forced)" or "allmulti(forced)" when
applicable.

Signed-off-by: Robin Jarry <[email protected]>

Author: rjarry

modules/infra/api/gr_infra.h

@@ -35,6 +35,8 @@ typedef enum : uint16_t {
 // Interface state flags
 typedef enum : uint16_t {
 	GR_IFACE_S_RUNNING = GR_BIT16(0),
+	GR_IFACE_S_PROMISC_FORCED = GR_BIT16(1),
+	GR_IFACE_S_ALLMULTI_FORCED = GR_BIT16(2),
 } gr_iface_state_t;
 
 // Interface reconfig attributes

modules/infra/cli/iface.c

@@ -124,9 +124,13 @@ static ssize_t iface_flags_format(char *buf, size_t len, const struct gr_iface *
 		SAFE_BUF(snprintf, len, "down");
 	if (iface->state & GR_IFACE_S_RUNNING)
 		SAFE_BUF(snprintf, len, " running");
-	if (iface->flags & GR_IFACE_F_PROMISC)
+	if (iface->state & GR_IFACE_S_PROMISC_FORCED)
+		SAFE_BUF(snprintf, len, " promisc(forced)");
+	else if (iface->flags & GR_IFACE_F_PROMISC)
 		SAFE_BUF(snprintf, len, " promisc");
-	if (iface->flags & GR_IFACE_F_ALLMULTI)
+	if (iface->state & GR_IFACE_S_ALLMULTI_FORCED)
+		SAFE_BUF(snprintf, len, " allmulti(forced)");
+	else if (iface->flags & GR_IFACE_F_ALLMULTI)
 		SAFE_BUF(snprintf, len, " allmulti");
 	if (iface->flags & GR_IFACE_F_PACKET_TRACE)
 		SAFE_BUF(snprintf, len, " tracing");

modules/infra/control/port.c

@@ -198,7 +198,9 @@ static int port_promisc_set(struct iface *iface, bool enabled) {
 	struct iface_info_port *p = iface_info_port(iface);
 	int ret;
 
-	if (enabled)
+	if (p->ucast_filter.flags & MAC_FILTER_F_ALL)
+		ret = 0; // promisc is forced to filter unicast addresses, leave it as-is
+	else if (enabled)
 		ret = rte_eth_promiscuous_enable(p->port_id);
 	else
 		ret = rte_eth_promiscuous_disable(p->port_id);
@@ -224,7 +226,9 @@ static int port_allmulti_set(struct iface *iface, bool enabled) {
 	struct iface_info_port *p = iface_info_port(iface);
 	int ret;
 
-	if (enabled)
+	if (p->mcast_filter.flags & MAC_FILTER_F_ALL)
+		ret = 0; // allmulti is forced to filter multicast addresses, leave it as-is
+	else if (enabled)
 		ret = rte_eth_allmulticast_enable(p->port_id);
 	else
 		ret = rte_eth_allmulticast_disable(p->port_id);
@@ -562,12 +566,16 @@ static int port_mac_add(struct iface *iface, const struct rte_ether_addr *mac) {
 
 		// promisc and allmulti enable is a noop if already enabled
 		if (multicast)
-			ret = rte_eth_allmulticast_enable(port->port_id);
+			ret = port_allmulti_set(iface, true);
 		else
-			ret = rte_eth_promiscuous_enable(port->port_id);
+			ret = port_promisc_set(iface, true);
 
-		if (ret == 0)
+		if (ret == 0) {
 			filter->flags |= MAC_FILTER_F_ALL;
+			iface->state |= multicast ?
+				GR_IFACE_S_ALLMULTI_FORCED :
+				GR_IFACE_S_PROMISC_FORCED;
+		}
 	}
 
 	if (ret < 0) {
@@ -638,10 +646,13 @@ static int port_mac_del(struct iface *iface, const struct rte_ether_addr *mac) {
 			return 0;
 		filter->flags = 0;
 		filter->hw_limit = 0;
-		if (multicast)
-			ret = rte_eth_allmulticast_disable(port->port_id);
-		else
-			ret = rte_eth_promiscuous_disable(port->port_id);
+		if (multicast) {
+			iface->state &= ~GR_IFACE_S_ALLMULTI_FORCED;
+			ret = port_allmulti_set(iface, false);
+		} else {
+			iface->state &= ~GR_IFACE_S_PROMISC_FORCED;
+			ret = port_promisc_set(iface, false);
+		}
 		if (ret < 0)
 			LOG(WARNING,
 			    "%s: %s disable: %s",