1 /*
2 * This file is part of the Chelsio T4/T5/T6 Ethernet driver for Linux.
3 *
4 * Copyright (c) 2017 Chelsio Communications, Inc. All rights reserved.
5 *
6 * This software is available to you under a choice of one of two
7 * licenses. You may choose to be licensed under the terms of the GNU
8 * General Public License (GPL) Version 2, available from the file
9 * COPYING in the main directory of this source tree, or the
10 * OpenIB.org BSD license below:
11 *
12 * Redistribution and use in source and binary forms, with or
13 * without modification, are permitted provided that the following
14 * conditions are met:
15 *
16 * - Redistributions of source code must retain the above
17 * copyright notice, this list of conditions and the following
18 * disclaimer.
19 *
20 * - Redistributions in binary form must reproduce the above
21 * copyright notice, this list of conditions and the following
22 * disclaimer in the documentation and/or other materials
23 * provided with the distribution.
24 *
25 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
26 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
27 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
28 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
29 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
30 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
31 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
32 * SOFTWARE.
33 */
34
35 #include <net/tc_act/tc_mirred.h>
36 #include <net/tc_act/tc_pedit.h>
37 #include <net/tc_act/tc_gact.h>
38 #include <net/tc_act/tc_vlan.h>
39
40 #include "cxgb4.h"
41 #include "cxgb4_filter.h"
42 #include "cxgb4_tc_flower.h"
43
44 #define STATS_CHECK_PERIOD (HZ / 2)
45
46 static struct ch_tc_pedit_fields pedits[] = {
47 PEDIT_FIELDS(ETH_, DMAC_31_0, 4, dmac, 0),
48 PEDIT_FIELDS(ETH_, DMAC_47_32, 2, dmac, 4),
49 PEDIT_FIELDS(ETH_, SMAC_15_0, 2, smac, 0),
50 PEDIT_FIELDS(ETH_, SMAC_47_16, 4, smac, 2),
51 PEDIT_FIELDS(IP4_, SRC, 4, nat_fip, 0),
52 PEDIT_FIELDS(IP4_, DST, 4, nat_lip, 0),
53 PEDIT_FIELDS(IP6_, SRC_31_0, 4, nat_fip, 0),
54 PEDIT_FIELDS(IP6_, SRC_63_32, 4, nat_fip, 4),
55 PEDIT_FIELDS(IP6_, SRC_95_64, 4, nat_fip, 8),
56 PEDIT_FIELDS(IP6_, SRC_127_96, 4, nat_fip, 12),
57 PEDIT_FIELDS(IP6_, DST_31_0, 4, nat_lip, 0),
58 PEDIT_FIELDS(IP6_, DST_63_32, 4, nat_lip, 4),
59 PEDIT_FIELDS(IP6_, DST_95_64, 4, nat_lip, 8),
60 PEDIT_FIELDS(IP6_, DST_127_96, 4, nat_lip, 12),
61 };
62
63 static const struct cxgb4_natmode_config cxgb4_natmode_config_array[] = {
64 /* Default supported NAT modes */
65 {
66 .chip = CHELSIO_T5,
67 .flags = CXGB4_ACTION_NATMODE_NONE,
68 .natmode = NAT_MODE_NONE,
69 },
70 {
71 .chip = CHELSIO_T5,
72 .flags = CXGB4_ACTION_NATMODE_DIP,
73 .natmode = NAT_MODE_DIP,
74 },
75 {
76 .chip = CHELSIO_T5,
77 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_DPORT,
78 .natmode = NAT_MODE_DIP_DP,
79 },
80 {
81 .chip = CHELSIO_T5,
82 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_DPORT |
83 CXGB4_ACTION_NATMODE_SIP,
84 .natmode = NAT_MODE_DIP_DP_SIP,
85 },
86 {
87 .chip = CHELSIO_T5,
88 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_DPORT |
89 CXGB4_ACTION_NATMODE_SPORT,
90 .natmode = NAT_MODE_DIP_DP_SP,
91 },
92 {
93 .chip = CHELSIO_T5,
94 .flags = CXGB4_ACTION_NATMODE_SIP | CXGB4_ACTION_NATMODE_SPORT,
95 .natmode = NAT_MODE_SIP_SP,
96 },
97 {
98 .chip = CHELSIO_T5,
99 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SIP |
100 CXGB4_ACTION_NATMODE_SPORT,
101 .natmode = NAT_MODE_DIP_SIP_SP,
102 },
103 {
104 .chip = CHELSIO_T5,
105 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SIP |
106 CXGB4_ACTION_NATMODE_DPORT |
107 CXGB4_ACTION_NATMODE_SPORT,
108 .natmode = NAT_MODE_ALL,
109 },
110 /* T6+ can ignore L4 ports when they're disabled. */
111 {
112 .chip = CHELSIO_T6,
113 .flags = CXGB4_ACTION_NATMODE_SIP,
114 .natmode = NAT_MODE_SIP_SP,
115 },
116 {
117 .chip = CHELSIO_T6,
118 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SPORT,
119 .natmode = NAT_MODE_DIP_DP_SP,
120 },
121 {
122 .chip = CHELSIO_T6,
123 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SIP,
124 .natmode = NAT_MODE_ALL,
125 },
126 };
127
cxgb4_action_natmode_tweak(struct ch_filter_specification * fs,u8 natmode_flags)128 static void cxgb4_action_natmode_tweak(struct ch_filter_specification *fs,
129 u8 natmode_flags)
130 {
131 u8 i = 0;
132
133 /* Translate the enabled NAT 4-tuple fields to one of the
134 * hardware supported NAT mode configurations. This ensures
135 * that we pick a valid combination, where the disabled fields
136 * do not get overwritten to 0.
137 */
138 for (i = 0; i < ARRAY_SIZE(cxgb4_natmode_config_array); i++) {
139 if (cxgb4_natmode_config_array[i].flags == natmode_flags) {
140 fs->nat_mode = cxgb4_natmode_config_array[i].natmode;
141 return;
142 }
143 }
144 }
145
allocate_flower_entry(void)146 static struct ch_tc_flower_entry *allocate_flower_entry(void)
147 {
148 struct ch_tc_flower_entry *new = kzalloc_obj(*new);
149 if (new)
150 spin_lock_init(&new->lock);
151 return new;
152 }
153
154 /* Must be called with either RTNL or rcu_read_lock */
ch_flower_lookup(struct adapter * adap,unsigned long flower_cookie)155 static struct ch_tc_flower_entry *ch_flower_lookup(struct adapter *adap,
156 unsigned long flower_cookie)
157 {
158 return rhashtable_lookup_fast(&adap->flower_tbl, &flower_cookie,
159 adap->flower_ht_params);
160 }
161
cxgb4_process_flow_match(struct net_device * dev,struct flow_rule * rule,u16 addr_type,struct ch_filter_specification * fs)162 static void cxgb4_process_flow_match(struct net_device *dev,
163 struct flow_rule *rule,
164 u16 addr_type,
165 struct ch_filter_specification *fs)
166 {
167
168 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) {
169 struct flow_match_basic match;
170 u16 ethtype_key, ethtype_mask;
171
172 flow_rule_match_basic(rule, &match);
173 ethtype_key = ntohs(match.key->n_proto);
174 ethtype_mask = ntohs(match.mask->n_proto);
175
176 if (ethtype_key == ETH_P_ALL) {
177 ethtype_key = 0;
178 ethtype_mask = 0;
179 }
180
181 if (ethtype_key == ETH_P_IPV6)
182 fs->type = 1;
183
184 fs->val.ethtype = ethtype_key;
185 fs->mask.ethtype = ethtype_mask;
186 fs->val.proto = match.key->ip_proto;
187 fs->mask.proto = match.mask->ip_proto;
188 }
189
190 if (addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS) {
191 struct flow_match_ipv4_addrs match;
192
193 flow_rule_match_ipv4_addrs(rule, &match);
194 fs->type = 0;
195 memcpy(&fs->val.lip[0], &match.key->dst, sizeof(match.key->dst));
196 memcpy(&fs->val.fip[0], &match.key->src, sizeof(match.key->src));
197 memcpy(&fs->mask.lip[0], &match.mask->dst, sizeof(match.mask->dst));
198 memcpy(&fs->mask.fip[0], &match.mask->src, sizeof(match.mask->src));
199
200 /* also initialize nat_lip/fip to same values */
201 memcpy(&fs->nat_lip[0], &match.key->dst, sizeof(match.key->dst));
202 memcpy(&fs->nat_fip[0], &match.key->src, sizeof(match.key->src));
203 }
204
205 if (addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS) {
206 struct flow_match_ipv6_addrs match;
207
208 flow_rule_match_ipv6_addrs(rule, &match);
209 fs->type = 1;
210 memcpy(&fs->val.lip[0], match.key->dst.s6_addr,
211 sizeof(match.key->dst));
212 memcpy(&fs->val.fip[0], match.key->src.s6_addr,
213 sizeof(match.key->src));
214 memcpy(&fs->mask.lip[0], match.mask->dst.s6_addr,
215 sizeof(match.mask->dst));
216 memcpy(&fs->mask.fip[0], match.mask->src.s6_addr,
217 sizeof(match.mask->src));
218
219 /* also initialize nat_lip/fip to same values */
220 memcpy(&fs->nat_lip[0], match.key->dst.s6_addr,
221 sizeof(match.key->dst));
222 memcpy(&fs->nat_fip[0], match.key->src.s6_addr,
223 sizeof(match.key->src));
224 }
225
226 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS)) {
227 struct flow_match_ports match;
228
229 flow_rule_match_ports(rule, &match);
230 fs->val.lport = be16_to_cpu(match.key->dst);
231 fs->mask.lport = be16_to_cpu(match.mask->dst);
232 fs->val.fport = be16_to_cpu(match.key->src);
233 fs->mask.fport = be16_to_cpu(match.mask->src);
234
235 /* also initialize nat_lport/fport to same values */
236 fs->nat_lport = fs->val.lport;
237 fs->nat_fport = fs->val.fport;
238 }
239
240 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IP)) {
241 struct flow_match_ip match;
242
243 flow_rule_match_ip(rule, &match);
244 fs->val.tos = match.key->tos;
245 fs->mask.tos = match.mask->tos;
246 }
247
248 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_KEYID)) {
249 struct flow_match_enc_keyid match;
250
251 flow_rule_match_enc_keyid(rule, &match);
252 fs->val.vni = be32_to_cpu(match.key->keyid);
253 fs->mask.vni = be32_to_cpu(match.mask->keyid);
254 if (fs->mask.vni) {
255 fs->val.encap_vld = 1;
256 fs->mask.encap_vld = 1;
257 }
258 }
259
260 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_VLAN)) {
261 struct flow_match_vlan match;
262 u16 vlan_tci, vlan_tci_mask;
263
264 flow_rule_match_vlan(rule, &match);
265 vlan_tci = match.key->vlan_id | (match.key->vlan_priority <<
266 VLAN_PRIO_SHIFT);
267 vlan_tci_mask = match.mask->vlan_id | (match.mask->vlan_priority <<
268 VLAN_PRIO_SHIFT);
269 fs->val.ivlan = vlan_tci;
270 fs->mask.ivlan = vlan_tci_mask;
271
272 fs->val.ivlan_vld = 1;
273 fs->mask.ivlan_vld = 1;
274
275 /* Chelsio adapters use ivlan_vld bit to match vlan packets
276 * as 802.1Q. Also, when vlan tag is present in packets,
277 * ethtype match is used then to match on ethtype of inner
278 * header ie. the header following the vlan header.
279 * So, set the ivlan_vld based on ethtype info supplied by
280 * TC for vlan packets if its 802.1Q. And then reset the
281 * ethtype value else, hw will try to match the supplied
282 * ethtype value with ethtype of inner header.
283 */
284 if (fs->val.ethtype == ETH_P_8021Q) {
285 fs->val.ethtype = 0;
286 fs->mask.ethtype = 0;
287 }
288 }
289
290 /* Match only packets coming from the ingress port where this
291 * filter will be created.
292 */
293 fs->val.iport = netdev2pinfo(dev)->port_id;
294 fs->mask.iport = ~0;
295 }
296
cxgb4_validate_flow_match(struct netlink_ext_ack * extack,struct flow_rule * rule)297 static int cxgb4_validate_flow_match(struct netlink_ext_ack *extack,
298 struct flow_rule *rule)
299 {
300 struct flow_dissector *dissector = rule->match.dissector;
301 u16 ethtype_mask = 0;
302 u16 ethtype_key = 0;
303
304 if (dissector->used_keys &
305 ~(BIT_ULL(FLOW_DISSECTOR_KEY_CONTROL) |
306 BIT_ULL(FLOW_DISSECTOR_KEY_BASIC) |
307 BIT_ULL(FLOW_DISSECTOR_KEY_IPV4_ADDRS) |
308 BIT_ULL(FLOW_DISSECTOR_KEY_IPV6_ADDRS) |
309 BIT_ULL(FLOW_DISSECTOR_KEY_PORTS) |
310 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_KEYID) |
311 BIT_ULL(FLOW_DISSECTOR_KEY_VLAN) |
312 BIT_ULL(FLOW_DISSECTOR_KEY_IP))) {
313 NL_SET_ERR_MSG_FMT_MOD(extack,
314 "Unsupported key used: 0x%llx",
315 dissector->used_keys);
316 return -EOPNOTSUPP;
317 }
318
319 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) {
320 struct flow_match_basic match;
321
322 flow_rule_match_basic(rule, &match);
323 ethtype_key = ntohs(match.key->n_proto);
324 ethtype_mask = ntohs(match.mask->n_proto);
325 }
326
327 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IP)) {
328 u16 eth_ip_type = ethtype_key & ethtype_mask;
329 struct flow_match_ip match;
330
331 if (eth_ip_type != ETH_P_IP && eth_ip_type != ETH_P_IPV6) {
332 NL_SET_ERR_MSG_MOD(extack,
333 "IP Key supported only with IPv4/v6");
334 return -EINVAL;
335 }
336
337 flow_rule_match_ip(rule, &match);
338 if (match.mask->ttl) {
339 NL_SET_ERR_MSG_MOD(extack,
340 "ttl match unsupported for offload");
341 return -EOPNOTSUPP;
342 }
343 }
344
345 return 0;
346 }
347
offload_pedit(struct ch_filter_specification * fs,u32 val,u32 mask,u8 field)348 static void offload_pedit(struct ch_filter_specification *fs, u32 val, u32 mask,
349 u8 field)
350 {
351 u32 set_val = val & ~mask;
352 u32 offset = 0;
353 u8 size = 1;
354 int i;
355
356 for (i = 0; i < ARRAY_SIZE(pedits); i++) {
357 if (pedits[i].field == field) {
358 offset = pedits[i].offset;
359 size = pedits[i].size;
360 break;
361 }
362 }
363 memcpy((u8 *)fs + offset, &set_val, size);
364 }
365
process_pedit_field(struct ch_filter_specification * fs,u32 val,u32 mask,u32 offset,u8 htype,u8 * natmode_flags)366 static void process_pedit_field(struct ch_filter_specification *fs, u32 val,
367 u32 mask, u32 offset, u8 htype,
368 u8 *natmode_flags)
369 {
370 switch (htype) {
371 case FLOW_ACT_MANGLE_HDR_TYPE_ETH:
372 switch (offset) {
373 case PEDIT_ETH_DMAC_31_0:
374 fs->newdmac = 1;
375 offload_pedit(fs, val, mask, ETH_DMAC_31_0);
376 break;
377 case PEDIT_ETH_DMAC_47_32_SMAC_15_0:
378 if (~mask & PEDIT_ETH_DMAC_MASK)
379 offload_pedit(fs, val, mask, ETH_DMAC_47_32);
380 else
381 offload_pedit(fs, val >> 16, mask >> 16,
382 ETH_SMAC_15_0);
383 break;
384 case PEDIT_ETH_SMAC_47_16:
385 fs->newsmac = 1;
386 offload_pedit(fs, val, mask, ETH_SMAC_47_16);
387 }
388 break;
389 case FLOW_ACT_MANGLE_HDR_TYPE_IP4:
390 switch (offset) {
391 case PEDIT_IP4_SRC:
392 offload_pedit(fs, val, mask, IP4_SRC);
393 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP;
394 break;
395 case PEDIT_IP4_DST:
396 offload_pedit(fs, val, mask, IP4_DST);
397 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP;
398 }
399 break;
400 case FLOW_ACT_MANGLE_HDR_TYPE_IP6:
401 switch (offset) {
402 case PEDIT_IP6_SRC_31_0:
403 offload_pedit(fs, val, mask, IP6_SRC_31_0);
404 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP;
405 break;
406 case PEDIT_IP6_SRC_63_32:
407 offload_pedit(fs, val, mask, IP6_SRC_63_32);
408 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP;
409 break;
410 case PEDIT_IP6_SRC_95_64:
411 offload_pedit(fs, val, mask, IP6_SRC_95_64);
412 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP;
413 break;
414 case PEDIT_IP6_SRC_127_96:
415 offload_pedit(fs, val, mask, IP6_SRC_127_96);
416 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP;
417 break;
418 case PEDIT_IP6_DST_31_0:
419 offload_pedit(fs, val, mask, IP6_DST_31_0);
420 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP;
421 break;
422 case PEDIT_IP6_DST_63_32:
423 offload_pedit(fs, val, mask, IP6_DST_63_32);
424 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP;
425 break;
426 case PEDIT_IP6_DST_95_64:
427 offload_pedit(fs, val, mask, IP6_DST_95_64);
428 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP;
429 break;
430 case PEDIT_IP6_DST_127_96:
431 offload_pedit(fs, val, mask, IP6_DST_127_96);
432 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP;
433 }
434 break;
435 case FLOW_ACT_MANGLE_HDR_TYPE_TCP:
436 switch (offset) {
437 case PEDIT_TCP_SPORT_DPORT:
438 if (~mask & PEDIT_TCP_UDP_SPORT_MASK) {
439 fs->nat_fport = val;
440 *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT;
441 } else {
442 fs->nat_lport = val >> 16;
443 *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT;
444 }
445 }
446 break;
447 case FLOW_ACT_MANGLE_HDR_TYPE_UDP:
448 switch (offset) {
449 case PEDIT_UDP_SPORT_DPORT:
450 if (~mask & PEDIT_TCP_UDP_SPORT_MASK) {
451 fs->nat_fport = val;
452 *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT;
453 } else {
454 fs->nat_lport = val >> 16;
455 *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT;
456 }
457 }
458 break;
459 }
460 }
461
cxgb4_action_natmode_validate(struct adapter * adap,u8 natmode_flags,struct netlink_ext_ack * extack)462 static int cxgb4_action_natmode_validate(struct adapter *adap, u8 natmode_flags,
463 struct netlink_ext_ack *extack)
464 {
465 u8 i = 0;
466
467 /* Extract the NAT mode to enable based on what 4-tuple fields
468 * are enabled to be overwritten. This ensures that the
469 * disabled fields don't get overwritten to 0.
470 */
471 for (i = 0; i < ARRAY_SIZE(cxgb4_natmode_config_array); i++) {
472 const struct cxgb4_natmode_config *c;
473
474 c = &cxgb4_natmode_config_array[i];
475 if (CHELSIO_CHIP_VERSION(adap->params.chip) >= c->chip &&
476 natmode_flags == c->flags)
477 return 0;
478 }
479 NL_SET_ERR_MSG_MOD(extack, "Unsupported NAT mode 4-tuple combination");
480 return -EOPNOTSUPP;
481 }
482
cxgb4_process_flow_actions(struct net_device * in,struct flow_action * actions,struct ch_filter_specification * fs)483 void cxgb4_process_flow_actions(struct net_device *in,
484 struct flow_action *actions,
485 struct ch_filter_specification *fs)
486 {
487 struct flow_action_entry *act;
488 u8 natmode_flags = 0;
489 int i;
490
491 flow_action_for_each(i, act, actions) {
492 switch (act->id) {
493 case FLOW_ACTION_ACCEPT:
494 fs->action = FILTER_PASS;
495 break;
496 case FLOW_ACTION_DROP:
497 fs->action = FILTER_DROP;
498 break;
499 case FLOW_ACTION_MIRRED:
500 case FLOW_ACTION_REDIRECT: {
501 struct net_device *out = act->dev;
502 struct port_info *pi = netdev_priv(out);
503
504 fs->action = FILTER_SWITCH;
505 fs->eport = pi->port_id;
506 }
507 break;
508 case FLOW_ACTION_VLAN_POP:
509 case FLOW_ACTION_VLAN_PUSH:
510 case FLOW_ACTION_VLAN_MANGLE: {
511 u8 prio = act->vlan.prio;
512 u16 vid = act->vlan.vid;
513 u16 vlan_tci = (prio << VLAN_PRIO_SHIFT) | vid;
514 switch (act->id) {
515 case FLOW_ACTION_VLAN_POP:
516 fs->newvlan |= VLAN_REMOVE;
517 break;
518 case FLOW_ACTION_VLAN_PUSH:
519 fs->newvlan |= VLAN_INSERT;
520 fs->vlan = vlan_tci;
521 break;
522 case FLOW_ACTION_VLAN_MANGLE:
523 fs->newvlan |= VLAN_REWRITE;
524 fs->vlan = vlan_tci;
525 break;
526 default:
527 break;
528 }
529 }
530 break;
531 case FLOW_ACTION_MANGLE: {
532 u32 mask, val, offset;
533 u8 htype;
534
535 htype = act->mangle.htype;
536 mask = act->mangle.mask;
537 val = act->mangle.val;
538 offset = act->mangle.offset;
539
540 process_pedit_field(fs, val, mask, offset, htype,
541 &natmode_flags);
542 }
543 break;
544 case FLOW_ACTION_QUEUE:
545 fs->action = FILTER_PASS;
546 fs->dirsteer = 1;
547 fs->iq = act->queue.index;
548 break;
549 default:
550 break;
551 }
552 }
553 if (natmode_flags)
554 cxgb4_action_natmode_tweak(fs, natmode_flags);
555
556 }
557
valid_l4_mask(u32 mask)558 static bool valid_l4_mask(u32 mask)
559 {
560 u16 hi, lo;
561
562 /* Either the upper 16-bits (SPORT) OR the lower
563 * 16-bits (DPORT) can be set, but NOT BOTH.
564 */
565 hi = (mask >> 16) & 0xFFFF;
566 lo = mask & 0xFFFF;
567
568 return hi && lo ? false : true;
569 }
570
valid_pedit_action(struct netlink_ext_ack * extack,const struct flow_action_entry * act,u8 * natmode_flags)571 static bool valid_pedit_action(struct netlink_ext_ack *extack,
572 const struct flow_action_entry *act,
573 u8 *natmode_flags)
574 {
575 u32 mask, offset;
576 u8 htype;
577
578 htype = act->mangle.htype;
579 mask = act->mangle.mask;
580 offset = act->mangle.offset;
581
582 switch (htype) {
583 case FLOW_ACT_MANGLE_HDR_TYPE_ETH:
584 switch (offset) {
585 case PEDIT_ETH_DMAC_31_0:
586 case PEDIT_ETH_DMAC_47_32_SMAC_15_0:
587 case PEDIT_ETH_SMAC_47_16:
588 break;
589 default:
590 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit field");
591 return false;
592 }
593 break;
594 case FLOW_ACT_MANGLE_HDR_TYPE_IP4:
595 switch (offset) {
596 case PEDIT_IP4_SRC:
597 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP;
598 break;
599 case PEDIT_IP4_DST:
600 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP;
601 break;
602 default:
603 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit field");
604 return false;
605 }
606 break;
607 case FLOW_ACT_MANGLE_HDR_TYPE_IP6:
608 switch (offset) {
609 case PEDIT_IP6_SRC_31_0:
610 case PEDIT_IP6_SRC_63_32:
611 case PEDIT_IP6_SRC_95_64:
612 case PEDIT_IP6_SRC_127_96:
613 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP;
614 break;
615 case PEDIT_IP6_DST_31_0:
616 case PEDIT_IP6_DST_63_32:
617 case PEDIT_IP6_DST_95_64:
618 case PEDIT_IP6_DST_127_96:
619 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP;
620 break;
621 default:
622 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit field");
623 return false;
624 }
625 break;
626 case FLOW_ACT_MANGLE_HDR_TYPE_TCP:
627 switch (offset) {
628 case PEDIT_TCP_SPORT_DPORT:
629 if (!valid_l4_mask(~mask)) {
630 NL_SET_ERR_MSG_MOD(extack,
631 "Unsupported mask for TCP L4 ports");
632 return false;
633 }
634 if (~mask & PEDIT_TCP_UDP_SPORT_MASK)
635 *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT;
636 else
637 *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT;
638 break;
639 default:
640 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit field");
641 return false;
642 }
643 break;
644 case FLOW_ACT_MANGLE_HDR_TYPE_UDP:
645 switch (offset) {
646 case PEDIT_UDP_SPORT_DPORT:
647 if (!valid_l4_mask(~mask)) {
648 NL_SET_ERR_MSG_MOD(extack,
649 "Unsupported mask for UDP L4 ports");
650 return false;
651 }
652 if (~mask & PEDIT_TCP_UDP_SPORT_MASK)
653 *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT;
654 else
655 *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT;
656 break;
657 default:
658 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit field");
659 return false;
660 }
661 break;
662 default:
663 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit type");
664 return false;
665 }
666 return true;
667 }
668
cxgb4_validate_flow_actions(struct net_device * dev,struct flow_action * actions,struct netlink_ext_ack * extack,u8 matchall_filter)669 int cxgb4_validate_flow_actions(struct net_device *dev,
670 struct flow_action *actions,
671 struct netlink_ext_ack *extack,
672 u8 matchall_filter)
673 {
674 struct adapter *adap = netdev2adap(dev);
675 struct flow_action_entry *act;
676 bool act_redir = false;
677 bool act_pedit = false;
678 bool act_vlan = false;
679 u8 natmode_flags = 0;
680 int i;
681
682 if (!flow_action_basic_hw_stats_check(actions, extack))
683 return -EOPNOTSUPP;
684
685 flow_action_for_each(i, act, actions) {
686 switch (act->id) {
687 case FLOW_ACTION_ACCEPT:
688 case FLOW_ACTION_DROP:
689 /* Do nothing */
690 break;
691 case FLOW_ACTION_MIRRED:
692 case FLOW_ACTION_REDIRECT: {
693 struct net_device *n_dev, *target_dev;
694 bool found = false;
695 unsigned int i;
696
697 if (act->id == FLOW_ACTION_MIRRED &&
698 !matchall_filter) {
699 NL_SET_ERR_MSG_MOD(extack,
700 "Egress mirror action is only supported for tc-matchall");
701 return -EOPNOTSUPP;
702 }
703
704 target_dev = act->dev;
705 for_each_port(adap, i) {
706 n_dev = adap->port[i];
707 if (target_dev == n_dev) {
708 found = true;
709 break;
710 }
711 }
712
713 /* If interface doesn't belong to our hw, then
714 * the provided output port is not valid
715 */
716 if (!found) {
717 NL_SET_ERR_MSG_MOD(extack, "Out port invalid");
718 return -EINVAL;
719 }
720 act_redir = true;
721 }
722 break;
723 case FLOW_ACTION_VLAN_POP:
724 case FLOW_ACTION_VLAN_PUSH:
725 case FLOW_ACTION_VLAN_MANGLE: {
726 u16 proto = be16_to_cpu(act->vlan.proto);
727
728 switch (act->id) {
729 case FLOW_ACTION_VLAN_POP:
730 break;
731 case FLOW_ACTION_VLAN_PUSH:
732 case FLOW_ACTION_VLAN_MANGLE:
733 if (proto != ETH_P_8021Q) {
734 NL_SET_ERR_MSG_MOD(extack,
735 "Unsupported vlan proto");
736 return -EOPNOTSUPP;
737 }
738 break;
739 default:
740 NL_SET_ERR_MSG_MOD(extack,
741 "Unsupported vlan action");
742 return -EOPNOTSUPP;
743 }
744 act_vlan = true;
745 }
746 break;
747 case FLOW_ACTION_MANGLE: {
748 bool pedit_valid = valid_pedit_action(extack, act,
749 &natmode_flags);
750
751 if (!pedit_valid)
752 return -EOPNOTSUPP;
753 act_pedit = true;
754 }
755 break;
756 case FLOW_ACTION_QUEUE:
757 /* Do nothing. cxgb4_set_filter will validate */
758 break;
759 default:
760 NL_SET_ERR_MSG_MOD(extack, "Unsupported action");
761 return -EOPNOTSUPP;
762 }
763 }
764
765 if ((act_pedit || act_vlan) && !act_redir) {
766 NL_SET_ERR_MSG_MOD(extack,
767 "pedit/vlan rewrite invalid without egress redirect");
768 return -EINVAL;
769 }
770
771 if (act_pedit) {
772 int ret;
773
774 ret = cxgb4_action_natmode_validate(adap, natmode_flags,
775 extack);
776 if (ret)
777 return ret;
778 }
779
780 return 0;
781 }
782
cxgb4_tc_flower_hash_prio_add(struct adapter * adap,u32 tc_prio)783 static void cxgb4_tc_flower_hash_prio_add(struct adapter *adap, u32 tc_prio)
784 {
785 spin_lock_bh(&adap->tids.ftid_lock);
786 if (adap->tids.tc_hash_tids_max_prio < tc_prio)
787 adap->tids.tc_hash_tids_max_prio = tc_prio;
788 spin_unlock_bh(&adap->tids.ftid_lock);
789 }
790
cxgb4_tc_flower_hash_prio_del(struct adapter * adap,u32 tc_prio)791 static void cxgb4_tc_flower_hash_prio_del(struct adapter *adap, u32 tc_prio)
792 {
793 struct tid_info *t = &adap->tids;
794 struct ch_tc_flower_entry *fe;
795 struct rhashtable_iter iter;
796 u32 found = 0;
797
798 spin_lock_bh(&t->ftid_lock);
799 /* Bail if the current rule is not the one with the max
800 * prio.
801 */
802 if (t->tc_hash_tids_max_prio != tc_prio)
803 goto out_unlock;
804
805 /* Search for the next rule having the same or next lower
806 * max prio.
807 */
808 rhashtable_walk_enter(&adap->flower_tbl, &iter);
809 do {
810 rhashtable_walk_start(&iter);
811
812 fe = rhashtable_walk_next(&iter);
813 while (!IS_ERR_OR_NULL(fe)) {
814 if (fe->fs.hash &&
815 fe->fs.tc_prio <= t->tc_hash_tids_max_prio) {
816 t->tc_hash_tids_max_prio = fe->fs.tc_prio;
817 found++;
818
819 /* Bail if we found another rule
820 * having the same prio as the
821 * current max one.
822 */
823 if (fe->fs.tc_prio == tc_prio)
824 break;
825 }
826
827 fe = rhashtable_walk_next(&iter);
828 }
829
830 rhashtable_walk_stop(&iter);
831 } while (fe == ERR_PTR(-EAGAIN));
832 rhashtable_walk_exit(&iter);
833
834 if (!found)
835 t->tc_hash_tids_max_prio = 0;
836
837 out_unlock:
838 spin_unlock_bh(&t->ftid_lock);
839 }
840
cxgb4_flow_rule_replace(struct net_device * dev,struct flow_rule * rule,u32 tc_prio,struct netlink_ext_ack * extack,struct ch_filter_specification * fs,u32 * tid)841 int cxgb4_flow_rule_replace(struct net_device *dev, struct flow_rule *rule,
842 u32 tc_prio, struct netlink_ext_ack *extack,
843 struct ch_filter_specification *fs, u32 *tid)
844 {
845 struct adapter *adap = netdev2adap(dev);
846 struct filter_ctx ctx;
847 u16 addr_type = 0;
848 u8 inet_family;
849 int fidx, ret;
850
851 if (cxgb4_validate_flow_actions(dev, &rule->action, extack, 0))
852 return -EOPNOTSUPP;
853
854 if (cxgb4_validate_flow_match(extack, rule))
855 return -EOPNOTSUPP;
856
857 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CONTROL)) {
858 struct flow_match_control match;
859
860 flow_rule_match_control(rule, &match);
861 addr_type = match.key->addr_type;
862
863 if (match.mask->flags & FLOW_DIS_IS_FRAGMENT) {
864 fs->val.frag = match.key->flags & FLOW_DIS_IS_FRAGMENT;
865 fs->mask.frag = true;
866 }
867
868 if (!flow_rule_is_supp_control_flags(FLOW_DIS_IS_FRAGMENT,
869 match.mask->flags, extack))
870 return -EOPNOTSUPP;
871
872 } else if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV4_ADDRS)) {
873 addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
874 } else if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV6_ADDRS)) {
875 addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
876 }
877
878 cxgb4_process_flow_match(dev, rule, addr_type, fs);
879 cxgb4_process_flow_actions(dev, &rule->action, fs);
880
881 fs->hash = is_filter_exact_match(adap, fs);
882 inet_family = fs->type ? PF_INET6 : PF_INET;
883
884 /* Get a free filter entry TID, where we can insert this new
885 * rule. Only insert rule if its prio doesn't conflict with
886 * existing rules.
887 */
888 fidx = cxgb4_get_free_ftid(dev, inet_family, fs->hash,
889 tc_prio);
890 if (fidx < 0) {
891 NL_SET_ERR_MSG_MOD(extack,
892 "No free LETCAM index available");
893 return -ENOMEM;
894 }
895
896 if (fidx < adap->tids.nhpftids) {
897 fs->prio = 1;
898 fs->hash = 0;
899 }
900
901 /* If the rule can be inserted into HASH region, then ignore
902 * the index to normal FILTER region.
903 */
904 if (fs->hash)
905 fidx = 0;
906
907 fs->tc_prio = tc_prio;
908
909 init_completion(&ctx.completion);
910 ret = __cxgb4_set_filter(dev, fidx, fs, &ctx);
911 if (ret) {
912 NL_SET_ERR_MSG_FMT_MOD(extack, "filter creation err %d", ret);
913 return ret;
914 }
915
916 /* Wait for reply */
917 ret = wait_for_completion_timeout(&ctx.completion, 10 * HZ);
918 if (!ret)
919 return -ETIMEDOUT;
920
921 /* Check if hw returned error for filter creation */
922 if (ctx.result)
923 return ctx.result;
924
925 *tid = ctx.tid;
926
927 if (fs->hash)
928 cxgb4_tc_flower_hash_prio_add(adap, tc_prio);
929
930 return 0;
931 }
932
cxgb4_tc_flower_replace(struct net_device * dev,struct flow_cls_offload * cls)933 int cxgb4_tc_flower_replace(struct net_device *dev,
934 struct flow_cls_offload *cls)
935 {
936 struct flow_rule *rule = flow_cls_offload_flow_rule(cls);
937 struct netlink_ext_ack *extack = cls->common.extack;
938 struct adapter *adap = netdev2adap(dev);
939 struct ch_tc_flower_entry *ch_flower;
940 struct ch_filter_specification *fs;
941 int ret;
942
943 ch_flower = allocate_flower_entry();
944 if (!ch_flower) {
945 netdev_err(dev, "%s: ch_flower alloc failed.\n", __func__);
946 return -ENOMEM;
947 }
948
949 fs = &ch_flower->fs;
950 fs->hitcnts = 1;
951 fs->tc_cookie = cls->cookie;
952
953 ret = cxgb4_flow_rule_replace(dev, rule, cls->common.prio, extack, fs,
954 &ch_flower->filter_id);
955 if (ret)
956 goto free_entry;
957
958 ch_flower->tc_flower_cookie = cls->cookie;
959 ret = rhashtable_insert_fast(&adap->flower_tbl, &ch_flower->node,
960 adap->flower_ht_params);
961 if (ret)
962 goto del_filter;
963
964 return 0;
965
966 del_filter:
967 if (fs->hash)
968 cxgb4_tc_flower_hash_prio_del(adap, cls->common.prio);
969
970 cxgb4_del_filter(dev, ch_flower->filter_id, &ch_flower->fs);
971
972 free_entry:
973 kfree(ch_flower);
974 return ret;
975 }
976
cxgb4_flow_rule_destroy(struct net_device * dev,u32 tc_prio,struct ch_filter_specification * fs,int tid)977 int cxgb4_flow_rule_destroy(struct net_device *dev, u32 tc_prio,
978 struct ch_filter_specification *fs, int tid)
979 {
980 struct adapter *adap = netdev2adap(dev);
981 u8 hash;
982 int ret;
983
984 hash = fs->hash;
985
986 ret = cxgb4_del_filter(dev, tid, fs);
987 if (ret)
988 return ret;
989
990 if (hash)
991 cxgb4_tc_flower_hash_prio_del(adap, tc_prio);
992
993 return ret;
994 }
995
cxgb4_tc_flower_destroy(struct net_device * dev,struct flow_cls_offload * cls)996 int cxgb4_tc_flower_destroy(struct net_device *dev,
997 struct flow_cls_offload *cls)
998 {
999 struct adapter *adap = netdev2adap(dev);
1000 struct ch_tc_flower_entry *ch_flower;
1001 int ret;
1002
1003 ch_flower = ch_flower_lookup(adap, cls->cookie);
1004 if (!ch_flower)
1005 return -ENOENT;
1006
1007 rhashtable_remove_fast(&adap->flower_tbl, &ch_flower->node,
1008 adap->flower_ht_params);
1009
1010 ret = cxgb4_flow_rule_destroy(dev, ch_flower->fs.tc_prio,
1011 &ch_flower->fs, ch_flower->filter_id);
1012 if (ret)
1013 netdev_err(dev, "Flow rule destroy failed for tid: %u, ret: %d",
1014 ch_flower->filter_id, ret);
1015
1016 kfree_rcu(ch_flower, rcu);
1017 return ret;
1018 }
1019
ch_flower_stats_handler(struct work_struct * work)1020 static void ch_flower_stats_handler(struct work_struct *work)
1021 {
1022 struct adapter *adap = container_of(work, struct adapter,
1023 flower_stats_work);
1024 struct ch_tc_flower_entry *flower_entry;
1025 struct ch_tc_flower_stats *ofld_stats;
1026 struct rhashtable_iter iter;
1027 u64 packets;
1028 u64 bytes;
1029 int ret;
1030
1031 rhashtable_walk_enter(&adap->flower_tbl, &iter);
1032 do {
1033 rhashtable_walk_start(&iter);
1034
1035 while ((flower_entry = rhashtable_walk_next(&iter)) &&
1036 !IS_ERR(flower_entry)) {
1037 ret = cxgb4_get_filter_counters(adap->port[0],
1038 flower_entry->filter_id,
1039 &packets, &bytes,
1040 flower_entry->fs.hash);
1041 if (!ret) {
1042 spin_lock(&flower_entry->lock);
1043 ofld_stats = &flower_entry->stats;
1044
1045 if (ofld_stats->prev_packet_count != packets) {
1046 ofld_stats->prev_packet_count = packets;
1047 ofld_stats->last_used = jiffies;
1048 }
1049 spin_unlock(&flower_entry->lock);
1050 }
1051 }
1052
1053 rhashtable_walk_stop(&iter);
1054
1055 } while (flower_entry == ERR_PTR(-EAGAIN));
1056 rhashtable_walk_exit(&iter);
1057 mod_timer(&adap->flower_stats_timer, jiffies + STATS_CHECK_PERIOD);
1058 }
1059
ch_flower_stats_cb(struct timer_list * t)1060 static void ch_flower_stats_cb(struct timer_list *t)
1061 {
1062 struct adapter *adap = timer_container_of(adap, t, flower_stats_timer);
1063
1064 schedule_work(&adap->flower_stats_work);
1065 }
1066
cxgb4_tc_flower_stats(struct net_device * dev,struct flow_cls_offload * cls)1067 int cxgb4_tc_flower_stats(struct net_device *dev,
1068 struct flow_cls_offload *cls)
1069 {
1070 struct adapter *adap = netdev2adap(dev);
1071 struct ch_tc_flower_stats *ofld_stats;
1072 struct ch_tc_flower_entry *ch_flower;
1073 u64 packets;
1074 u64 bytes;
1075 int ret;
1076
1077 ch_flower = ch_flower_lookup(adap, cls->cookie);
1078 if (!ch_flower) {
1079 ret = -ENOENT;
1080 goto err;
1081 }
1082
1083 ret = cxgb4_get_filter_counters(dev, ch_flower->filter_id,
1084 &packets, &bytes,
1085 ch_flower->fs.hash);
1086 if (ret < 0)
1087 goto err;
1088
1089 spin_lock_bh(&ch_flower->lock);
1090 ofld_stats = &ch_flower->stats;
1091 if (ofld_stats->packet_count != packets) {
1092 if (ofld_stats->prev_packet_count != packets)
1093 ofld_stats->last_used = jiffies;
1094 flow_stats_update(&cls->stats, bytes - ofld_stats->byte_count,
1095 packets - ofld_stats->packet_count, 0,
1096 ofld_stats->last_used,
1097 FLOW_ACTION_HW_STATS_IMMEDIATE);
1098
1099 ofld_stats->packet_count = packets;
1100 ofld_stats->byte_count = bytes;
1101 ofld_stats->prev_packet_count = packets;
1102 }
1103 spin_unlock_bh(&ch_flower->lock);
1104 return 0;
1105
1106 err:
1107 return ret;
1108 }
1109
1110 static const struct rhashtable_params cxgb4_tc_flower_ht_params = {
1111 .nelem_hint = 384,
1112 .head_offset = offsetof(struct ch_tc_flower_entry, node),
1113 .key_offset = offsetof(struct ch_tc_flower_entry, tc_flower_cookie),
1114 .key_len = sizeof(((struct ch_tc_flower_entry *)0)->tc_flower_cookie),
1115 .max_size = 524288,
1116 .min_size = 512,
1117 .automatic_shrinking = true
1118 };
1119
cxgb4_init_tc_flower(struct adapter * adap)1120 int cxgb4_init_tc_flower(struct adapter *adap)
1121 {
1122 int ret;
1123
1124 if (adap->tc_flower_initialized)
1125 return -EEXIST;
1126
1127 adap->flower_ht_params = cxgb4_tc_flower_ht_params;
1128 ret = rhashtable_init(&adap->flower_tbl, &adap->flower_ht_params);
1129 if (ret)
1130 return ret;
1131
1132 INIT_WORK(&adap->flower_stats_work, ch_flower_stats_handler);
1133 timer_setup(&adap->flower_stats_timer, ch_flower_stats_cb, 0);
1134 mod_timer(&adap->flower_stats_timer, jiffies + STATS_CHECK_PERIOD);
1135 adap->tc_flower_initialized = true;
1136 return 0;
1137 }
1138
cxgb4_cleanup_tc_flower(struct adapter * adap)1139 void cxgb4_cleanup_tc_flower(struct adapter *adap)
1140 {
1141 if (!adap->tc_flower_initialized)
1142 return;
1143
1144 if (adap->flower_stats_timer.function)
1145 timer_shutdown_sync(&adap->flower_stats_timer);
1146 cancel_work_sync(&adap->flower_stats_work);
1147 rhashtable_destroy(&adap->flower_tbl);
1148 adap->tc_flower_initialized = false;
1149 }
1150