1 /* 2 * This file is part of the Chelsio T4/T5/T6 Ethernet driver for Linux. 3 * 4 * Copyright (c) 2017 Chelsio Communications, Inc. All rights reserved. 5 * 6 * This software is available to you under a choice of one of two 7 * licenses. You may choose to be licensed under the terms of the GNU 8 * General Public License (GPL) Version 2, available from the file 9 * COPYING in the main directory of this source tree, or the 10 * OpenIB.org BSD license below: 11 * 12 * Redistribution and use in source and binary forms, with or 13 * without modification, are permitted provided that the following 14 * conditions are met: 15 * 16 * - Redistributions of source code must retain the above 17 * copyright notice, this list of conditions and the following 18 * disclaimer. 19 * 20 * - Redistributions in binary form must reproduce the above 21 * copyright notice, this list of conditions and the following 22 * disclaimer in the documentation and/or other materials 23 * provided with the distribution. 24 * 25 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 26 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 27 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 28 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 29 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 30 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 31 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 32 * SOFTWARE. 33 */ 34 35 #include <net/tc_act/tc_mirred.h> 36 #include <net/tc_act/tc_pedit.h> 37 #include <net/tc_act/tc_gact.h> 38 #include <net/tc_act/tc_vlan.h> 39 40 #include "cxgb4.h" 41 #include "cxgb4_filter.h" 42 #include "cxgb4_tc_flower.h" 43 44 #define STATS_CHECK_PERIOD (HZ / 2) 45 46 static struct ch_tc_pedit_fields pedits[] = { 47 PEDIT_FIELDS(ETH_, DMAC_31_0, 4, dmac, 0), 48 PEDIT_FIELDS(ETH_, DMAC_47_32, 2, dmac, 4), 49 PEDIT_FIELDS(ETH_, SMAC_15_0, 2, smac, 0), 50 PEDIT_FIELDS(ETH_, SMAC_47_16, 4, smac, 2), 51 PEDIT_FIELDS(IP4_, SRC, 4, nat_fip, 0), 52 PEDIT_FIELDS(IP4_, DST, 4, nat_lip, 0), 53 PEDIT_FIELDS(IP6_, SRC_31_0, 4, nat_fip, 0), 54 PEDIT_FIELDS(IP6_, SRC_63_32, 4, nat_fip, 4), 55 PEDIT_FIELDS(IP6_, SRC_95_64, 4, nat_fip, 8), 56 PEDIT_FIELDS(IP6_, SRC_127_96, 4, nat_fip, 12), 57 PEDIT_FIELDS(IP6_, DST_31_0, 4, nat_lip, 0), 58 PEDIT_FIELDS(IP6_, DST_63_32, 4, nat_lip, 4), 59 PEDIT_FIELDS(IP6_, DST_95_64, 4, nat_lip, 8), 60 PEDIT_FIELDS(IP6_, DST_127_96, 4, nat_lip, 12), 61 }; 62 63 static const struct cxgb4_natmode_config cxgb4_natmode_config_array[] = { 64 /* Default supported NAT modes */ 65 { 66 .chip = CHELSIO_T5, 67 .flags = CXGB4_ACTION_NATMODE_NONE, 68 .natmode = NAT_MODE_NONE, 69 }, 70 { 71 .chip = CHELSIO_T5, 72 .flags = CXGB4_ACTION_NATMODE_DIP, 73 .natmode = NAT_MODE_DIP, 74 }, 75 { 76 .chip = CHELSIO_T5, 77 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_DPORT, 78 .natmode = NAT_MODE_DIP_DP, 79 }, 80 { 81 .chip = CHELSIO_T5, 82 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_DPORT | 83 CXGB4_ACTION_NATMODE_SIP, 84 .natmode = NAT_MODE_DIP_DP_SIP, 85 }, 86 { 87 .chip = CHELSIO_T5, 88 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_DPORT | 89 CXGB4_ACTION_NATMODE_SPORT, 90 .natmode = NAT_MODE_DIP_DP_SP, 91 }, 92 { 93 .chip = CHELSIO_T5, 94 .flags = CXGB4_ACTION_NATMODE_SIP | CXGB4_ACTION_NATMODE_SPORT, 95 .natmode = NAT_MODE_SIP_SP, 96 }, 97 { 98 .chip = CHELSIO_T5, 99 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SIP | 100 CXGB4_ACTION_NATMODE_SPORT, 101 .natmode = NAT_MODE_DIP_SIP_SP, 102 }, 103 { 104 .chip = CHELSIO_T5, 105 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SIP | 106 CXGB4_ACTION_NATMODE_DPORT | 107 CXGB4_ACTION_NATMODE_SPORT, 108 .natmode = NAT_MODE_ALL, 109 }, 110 /* T6+ can ignore L4 ports when they're disabled. */ 111 { 112 .chip = CHELSIO_T6, 113 .flags = CXGB4_ACTION_NATMODE_SIP, 114 .natmode = NAT_MODE_SIP_SP, 115 }, 116 { 117 .chip = CHELSIO_T6, 118 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SPORT, 119 .natmode = NAT_MODE_DIP_DP_SP, 120 }, 121 { 122 .chip = CHELSIO_T6, 123 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SIP, 124 .natmode = NAT_MODE_ALL, 125 }, 126 }; 127 128 static void cxgb4_action_natmode_tweak(struct ch_filter_specification *fs, 129 u8 natmode_flags) 130 { 131 u8 i = 0; 132 133 /* Translate the enabled NAT 4-tuple fields to one of the 134 * hardware supported NAT mode configurations. This ensures 135 * that we pick a valid combination, where the disabled fields 136 * do not get overwritten to 0. 137 */ 138 for (i = 0; i < ARRAY_SIZE(cxgb4_natmode_config_array); i++) { 139 if (cxgb4_natmode_config_array[i].flags == natmode_flags) { 140 fs->nat_mode = cxgb4_natmode_config_array[i].natmode; 141 return; 142 } 143 } 144 } 145 146 static struct ch_tc_flower_entry *allocate_flower_entry(void) 147 { 148 struct ch_tc_flower_entry *new = kzalloc(sizeof(*new), GFP_KERNEL); 149 if (new) 150 spin_lock_init(&new->lock); 151 return new; 152 } 153 154 /* Must be called with either RTNL or rcu_read_lock */ 155 static struct ch_tc_flower_entry *ch_flower_lookup(struct adapter *adap, 156 unsigned long flower_cookie) 157 { 158 return rhashtable_lookup_fast(&adap->flower_tbl, &flower_cookie, 159 adap->flower_ht_params); 160 } 161 162 static void cxgb4_process_flow_match(struct net_device *dev, 163 struct flow_rule *rule, 164 u16 addr_type, 165 struct ch_filter_specification *fs) 166 { 167 168 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) { 169 struct flow_match_basic match; 170 u16 ethtype_key, ethtype_mask; 171 172 flow_rule_match_basic(rule, &match); 173 ethtype_key = ntohs(match.key->n_proto); 174 ethtype_mask = ntohs(match.mask->n_proto); 175 176 if (ethtype_key == ETH_P_ALL) { 177 ethtype_key = 0; 178 ethtype_mask = 0; 179 } 180 181 if (ethtype_key == ETH_P_IPV6) 182 fs->type = 1; 183 184 fs->val.ethtype = ethtype_key; 185 fs->mask.ethtype = ethtype_mask; 186 fs->val.proto = match.key->ip_proto; 187 fs->mask.proto = match.mask->ip_proto; 188 } 189 190 if (addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS) { 191 struct flow_match_ipv4_addrs match; 192 193 flow_rule_match_ipv4_addrs(rule, &match); 194 fs->type = 0; 195 memcpy(&fs->val.lip[0], &match.key->dst, sizeof(match.key->dst)); 196 memcpy(&fs->val.fip[0], &match.key->src, sizeof(match.key->src)); 197 memcpy(&fs->mask.lip[0], &match.mask->dst, sizeof(match.mask->dst)); 198 memcpy(&fs->mask.fip[0], &match.mask->src, sizeof(match.mask->src)); 199 200 /* also initialize nat_lip/fip to same values */ 201 memcpy(&fs->nat_lip[0], &match.key->dst, sizeof(match.key->dst)); 202 memcpy(&fs->nat_fip[0], &match.key->src, sizeof(match.key->src)); 203 } 204 205 if (addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS) { 206 struct flow_match_ipv6_addrs match; 207 208 flow_rule_match_ipv6_addrs(rule, &match); 209 fs->type = 1; 210 memcpy(&fs->val.lip[0], match.key->dst.s6_addr, 211 sizeof(match.key->dst)); 212 memcpy(&fs->val.fip[0], match.key->src.s6_addr, 213 sizeof(match.key->src)); 214 memcpy(&fs->mask.lip[0], match.mask->dst.s6_addr, 215 sizeof(match.mask->dst)); 216 memcpy(&fs->mask.fip[0], match.mask->src.s6_addr, 217 sizeof(match.mask->src)); 218 219 /* also initialize nat_lip/fip to same values */ 220 memcpy(&fs->nat_lip[0], match.key->dst.s6_addr, 221 sizeof(match.key->dst)); 222 memcpy(&fs->nat_fip[0], match.key->src.s6_addr, 223 sizeof(match.key->src)); 224 } 225 226 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS)) { 227 struct flow_match_ports match; 228 229 flow_rule_match_ports(rule, &match); 230 fs->val.lport = be16_to_cpu(match.key->dst); 231 fs->mask.lport = be16_to_cpu(match.mask->dst); 232 fs->val.fport = be16_to_cpu(match.key->src); 233 fs->mask.fport = be16_to_cpu(match.mask->src); 234 235 /* also initialize nat_lport/fport to same values */ 236 fs->nat_lport = fs->val.lport; 237 fs->nat_fport = fs->val.fport; 238 } 239 240 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IP)) { 241 struct flow_match_ip match; 242 243 flow_rule_match_ip(rule, &match); 244 fs->val.tos = match.key->tos; 245 fs->mask.tos = match.mask->tos; 246 } 247 248 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_KEYID)) { 249 struct flow_match_enc_keyid match; 250 251 flow_rule_match_enc_keyid(rule, &match); 252 fs->val.vni = be32_to_cpu(match.key->keyid); 253 fs->mask.vni = be32_to_cpu(match.mask->keyid); 254 if (fs->mask.vni) { 255 fs->val.encap_vld = 1; 256 fs->mask.encap_vld = 1; 257 } 258 } 259 260 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_VLAN)) { 261 struct flow_match_vlan match; 262 u16 vlan_tci, vlan_tci_mask; 263 264 flow_rule_match_vlan(rule, &match); 265 vlan_tci = match.key->vlan_id | (match.key->vlan_priority << 266 VLAN_PRIO_SHIFT); 267 vlan_tci_mask = match.mask->vlan_id | (match.mask->vlan_priority << 268 VLAN_PRIO_SHIFT); 269 fs->val.ivlan = vlan_tci; 270 fs->mask.ivlan = vlan_tci_mask; 271 272 fs->val.ivlan_vld = 1; 273 fs->mask.ivlan_vld = 1; 274 275 /* Chelsio adapters use ivlan_vld bit to match vlan packets 276 * as 802.1Q. Also, when vlan tag is present in packets, 277 * ethtype match is used then to match on ethtype of inner 278 * header ie. the header following the vlan header. 279 * So, set the ivlan_vld based on ethtype info supplied by 280 * TC for vlan packets if its 802.1Q. And then reset the 281 * ethtype value else, hw will try to match the supplied 282 * ethtype value with ethtype of inner header. 283 */ 284 if (fs->val.ethtype == ETH_P_8021Q) { 285 fs->val.ethtype = 0; 286 fs->mask.ethtype = 0; 287 } 288 } 289 290 /* Match only packets coming from the ingress port where this 291 * filter will be created. 292 */ 293 fs->val.iport = netdev2pinfo(dev)->port_id; 294 fs->mask.iport = ~0; 295 } 296 297 static int cxgb4_validate_flow_match(struct netlink_ext_ack *extack, 298 struct flow_rule *rule) 299 { 300 struct flow_dissector *dissector = rule->match.dissector; 301 u16 ethtype_mask = 0; 302 u16 ethtype_key = 0; 303 304 if (dissector->used_keys & 305 ~(BIT_ULL(FLOW_DISSECTOR_KEY_CONTROL) | 306 BIT_ULL(FLOW_DISSECTOR_KEY_BASIC) | 307 BIT_ULL(FLOW_DISSECTOR_KEY_IPV4_ADDRS) | 308 BIT_ULL(FLOW_DISSECTOR_KEY_IPV6_ADDRS) | 309 BIT_ULL(FLOW_DISSECTOR_KEY_PORTS) | 310 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_KEYID) | 311 BIT_ULL(FLOW_DISSECTOR_KEY_VLAN) | 312 BIT_ULL(FLOW_DISSECTOR_KEY_IP))) { 313 NL_SET_ERR_MSG_FMT_MOD(extack, 314 "Unsupported key used: 0x%llx", 315 dissector->used_keys); 316 return -EOPNOTSUPP; 317 } 318 319 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) { 320 struct flow_match_basic match; 321 322 flow_rule_match_basic(rule, &match); 323 ethtype_key = ntohs(match.key->n_proto); 324 ethtype_mask = ntohs(match.mask->n_proto); 325 } 326 327 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IP)) { 328 u16 eth_ip_type = ethtype_key & ethtype_mask; 329 struct flow_match_ip match; 330 331 if (eth_ip_type != ETH_P_IP && eth_ip_type != ETH_P_IPV6) { 332 NL_SET_ERR_MSG_MOD(extack, 333 "IP Key supported only with IPv4/v6"); 334 return -EINVAL; 335 } 336 337 flow_rule_match_ip(rule, &match); 338 if (match.mask->ttl) { 339 NL_SET_ERR_MSG_MOD(extack, 340 "ttl match unsupported for offload"); 341 return -EOPNOTSUPP; 342 } 343 } 344 345 return 0; 346 } 347 348 static void offload_pedit(struct ch_filter_specification *fs, u32 val, u32 mask, 349 u8 field) 350 { 351 u32 set_val = val & ~mask; 352 u32 offset = 0; 353 u8 size = 1; 354 int i; 355 356 for (i = 0; i < ARRAY_SIZE(pedits); i++) { 357 if (pedits[i].field == field) { 358 offset = pedits[i].offset; 359 size = pedits[i].size; 360 break; 361 } 362 } 363 memcpy((u8 *)fs + offset, &set_val, size); 364 } 365 366 static void process_pedit_field(struct ch_filter_specification *fs, u32 val, 367 u32 mask, u32 offset, u8 htype, 368 u8 *natmode_flags) 369 { 370 switch (htype) { 371 case FLOW_ACT_MANGLE_HDR_TYPE_ETH: 372 switch (offset) { 373 case PEDIT_ETH_DMAC_31_0: 374 fs->newdmac = 1; 375 offload_pedit(fs, val, mask, ETH_DMAC_31_0); 376 break; 377 case PEDIT_ETH_DMAC_47_32_SMAC_15_0: 378 if (~mask & PEDIT_ETH_DMAC_MASK) 379 offload_pedit(fs, val, mask, ETH_DMAC_47_32); 380 else 381 offload_pedit(fs, val >> 16, mask >> 16, 382 ETH_SMAC_15_0); 383 break; 384 case PEDIT_ETH_SMAC_47_16: 385 fs->newsmac = 1; 386 offload_pedit(fs, val, mask, ETH_SMAC_47_16); 387 } 388 break; 389 case FLOW_ACT_MANGLE_HDR_TYPE_IP4: 390 switch (offset) { 391 case PEDIT_IP4_SRC: 392 offload_pedit(fs, val, mask, IP4_SRC); 393 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP; 394 break; 395 case PEDIT_IP4_DST: 396 offload_pedit(fs, val, mask, IP4_DST); 397 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP; 398 } 399 break; 400 case FLOW_ACT_MANGLE_HDR_TYPE_IP6: 401 switch (offset) { 402 case PEDIT_IP6_SRC_31_0: 403 offload_pedit(fs, val, mask, IP6_SRC_31_0); 404 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP; 405 break; 406 case PEDIT_IP6_SRC_63_32: 407 offload_pedit(fs, val, mask, IP6_SRC_63_32); 408 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP; 409 break; 410 case PEDIT_IP6_SRC_95_64: 411 offload_pedit(fs, val, mask, IP6_SRC_95_64); 412 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP; 413 break; 414 case PEDIT_IP6_SRC_127_96: 415 offload_pedit(fs, val, mask, IP6_SRC_127_96); 416 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP; 417 break; 418 case PEDIT_IP6_DST_31_0: 419 offload_pedit(fs, val, mask, IP6_DST_31_0); 420 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP; 421 break; 422 case PEDIT_IP6_DST_63_32: 423 offload_pedit(fs, val, mask, IP6_DST_63_32); 424 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP; 425 break; 426 case PEDIT_IP6_DST_95_64: 427 offload_pedit(fs, val, mask, IP6_DST_95_64); 428 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP; 429 break; 430 case PEDIT_IP6_DST_127_96: 431 offload_pedit(fs, val, mask, IP6_DST_127_96); 432 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP; 433 } 434 break; 435 case FLOW_ACT_MANGLE_HDR_TYPE_TCP: 436 switch (offset) { 437 case PEDIT_TCP_SPORT_DPORT: 438 if (~mask & PEDIT_TCP_UDP_SPORT_MASK) { 439 fs->nat_fport = val; 440 *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT; 441 } else { 442 fs->nat_lport = val >> 16; 443 *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT; 444 } 445 } 446 break; 447 case FLOW_ACT_MANGLE_HDR_TYPE_UDP: 448 switch (offset) { 449 case PEDIT_UDP_SPORT_DPORT: 450 if (~mask & PEDIT_TCP_UDP_SPORT_MASK) { 451 fs->nat_fport = val; 452 *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT; 453 } else { 454 fs->nat_lport = val >> 16; 455 *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT; 456 } 457 } 458 break; 459 } 460 } 461 462 static int cxgb4_action_natmode_validate(struct adapter *adap, u8 natmode_flags, 463 struct netlink_ext_ack *extack) 464 { 465 u8 i = 0; 466 467 /* Extract the NAT mode to enable based on what 4-tuple fields 468 * are enabled to be overwritten. This ensures that the 469 * disabled fields don't get overwritten to 0. 470 */ 471 for (i = 0; i < ARRAY_SIZE(cxgb4_natmode_config_array); i++) { 472 const struct cxgb4_natmode_config *c; 473 474 c = &cxgb4_natmode_config_array[i]; 475 if (CHELSIO_CHIP_VERSION(adap->params.chip) >= c->chip && 476 natmode_flags == c->flags) 477 return 0; 478 } 479 NL_SET_ERR_MSG_MOD(extack, "Unsupported NAT mode 4-tuple combination"); 480 return -EOPNOTSUPP; 481 } 482 483 void cxgb4_process_flow_actions(struct net_device *in, 484 struct flow_action *actions, 485 struct ch_filter_specification *fs) 486 { 487 struct flow_action_entry *act; 488 u8 natmode_flags = 0; 489 int i; 490 491 flow_action_for_each(i, act, actions) { 492 switch (act->id) { 493 case FLOW_ACTION_ACCEPT: 494 fs->action = FILTER_PASS; 495 break; 496 case FLOW_ACTION_DROP: 497 fs->action = FILTER_DROP; 498 break; 499 case FLOW_ACTION_MIRRED: 500 case FLOW_ACTION_REDIRECT: { 501 struct net_device *out = act->dev; 502 struct port_info *pi = netdev_priv(out); 503 504 fs->action = FILTER_SWITCH; 505 fs->eport = pi->port_id; 506 } 507 break; 508 case FLOW_ACTION_VLAN_POP: 509 case FLOW_ACTION_VLAN_PUSH: 510 case FLOW_ACTION_VLAN_MANGLE: { 511 u8 prio = act->vlan.prio; 512 u16 vid = act->vlan.vid; 513 u16 vlan_tci = (prio << VLAN_PRIO_SHIFT) | vid; 514 switch (act->id) { 515 case FLOW_ACTION_VLAN_POP: 516 fs->newvlan |= VLAN_REMOVE; 517 break; 518 case FLOW_ACTION_VLAN_PUSH: 519 fs->newvlan |= VLAN_INSERT; 520 fs->vlan = vlan_tci; 521 break; 522 case FLOW_ACTION_VLAN_MANGLE: 523 fs->newvlan |= VLAN_REWRITE; 524 fs->vlan = vlan_tci; 525 break; 526 default: 527 break; 528 } 529 } 530 break; 531 case FLOW_ACTION_MANGLE: { 532 u32 mask, val, offset; 533 u8 htype; 534 535 htype = act->mangle.htype; 536 mask = act->mangle.mask; 537 val = act->mangle.val; 538 offset = act->mangle.offset; 539 540 process_pedit_field(fs, val, mask, offset, htype, 541 &natmode_flags); 542 } 543 break; 544 case FLOW_ACTION_QUEUE: 545 fs->action = FILTER_PASS; 546 fs->dirsteer = 1; 547 fs->iq = act->queue.index; 548 break; 549 default: 550 break; 551 } 552 } 553 if (natmode_flags) 554 cxgb4_action_natmode_tweak(fs, natmode_flags); 555 556 } 557 558 static bool valid_l4_mask(u32 mask) 559 { 560 u16 hi, lo; 561 562 /* Either the upper 16-bits (SPORT) OR the lower 563 * 16-bits (DPORT) can be set, but NOT BOTH. 564 */ 565 hi = (mask >> 16) & 0xFFFF; 566 lo = mask & 0xFFFF; 567 568 return hi && lo ? false : true; 569 } 570 571 static bool valid_pedit_action(struct netlink_ext_ack *extack, 572 const struct flow_action_entry *act, 573 u8 *natmode_flags) 574 { 575 u32 mask, offset; 576 u8 htype; 577 578 htype = act->mangle.htype; 579 mask = act->mangle.mask; 580 offset = act->mangle.offset; 581 582 switch (htype) { 583 case FLOW_ACT_MANGLE_HDR_TYPE_ETH: 584 switch (offset) { 585 case PEDIT_ETH_DMAC_31_0: 586 case PEDIT_ETH_DMAC_47_32_SMAC_15_0: 587 case PEDIT_ETH_SMAC_47_16: 588 break; 589 default: 590 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit field"); 591 return false; 592 } 593 break; 594 case FLOW_ACT_MANGLE_HDR_TYPE_IP4: 595 switch (offset) { 596 case PEDIT_IP4_SRC: 597 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP; 598 break; 599 case PEDIT_IP4_DST: 600 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP; 601 break; 602 default: 603 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit field"); 604 return false; 605 } 606 break; 607 case FLOW_ACT_MANGLE_HDR_TYPE_IP6: 608 switch (offset) { 609 case PEDIT_IP6_SRC_31_0: 610 case PEDIT_IP6_SRC_63_32: 611 case PEDIT_IP6_SRC_95_64: 612 case PEDIT_IP6_SRC_127_96: 613 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP; 614 break; 615 case PEDIT_IP6_DST_31_0: 616 case PEDIT_IP6_DST_63_32: 617 case PEDIT_IP6_DST_95_64: 618 case PEDIT_IP6_DST_127_96: 619 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP; 620 break; 621 default: 622 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit field"); 623 return false; 624 } 625 break; 626 case FLOW_ACT_MANGLE_HDR_TYPE_TCP: 627 switch (offset) { 628 case PEDIT_TCP_SPORT_DPORT: 629 if (!valid_l4_mask(~mask)) { 630 NL_SET_ERR_MSG_MOD(extack, 631 "Unsupported mask for TCP L4 ports"); 632 return false; 633 } 634 if (~mask & PEDIT_TCP_UDP_SPORT_MASK) 635 *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT; 636 else 637 *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT; 638 break; 639 default: 640 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit field"); 641 return false; 642 } 643 break; 644 case FLOW_ACT_MANGLE_HDR_TYPE_UDP: 645 switch (offset) { 646 case PEDIT_UDP_SPORT_DPORT: 647 if (!valid_l4_mask(~mask)) { 648 NL_SET_ERR_MSG_MOD(extack, 649 "Unsupported mask for UDP L4 ports"); 650 return false; 651 } 652 if (~mask & PEDIT_TCP_UDP_SPORT_MASK) 653 *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT; 654 else 655 *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT; 656 break; 657 default: 658 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit field"); 659 return false; 660 } 661 break; 662 default: 663 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit type"); 664 return false; 665 } 666 return true; 667 } 668 669 int cxgb4_validate_flow_actions(struct net_device *dev, 670 struct flow_action *actions, 671 struct netlink_ext_ack *extack, 672 u8 matchall_filter) 673 { 674 struct adapter *adap = netdev2adap(dev); 675 struct flow_action_entry *act; 676 bool act_redir = false; 677 bool act_pedit = false; 678 bool act_vlan = false; 679 u8 natmode_flags = 0; 680 int i; 681 682 if (!flow_action_basic_hw_stats_check(actions, extack)) 683 return -EOPNOTSUPP; 684 685 flow_action_for_each(i, act, actions) { 686 switch (act->id) { 687 case FLOW_ACTION_ACCEPT: 688 case FLOW_ACTION_DROP: 689 /* Do nothing */ 690 break; 691 case FLOW_ACTION_MIRRED: 692 case FLOW_ACTION_REDIRECT: { 693 struct net_device *n_dev, *target_dev; 694 bool found = false; 695 unsigned int i; 696 697 if (act->id == FLOW_ACTION_MIRRED && 698 !matchall_filter) { 699 NL_SET_ERR_MSG_MOD(extack, 700 "Egress mirror action is only supported for tc-matchall"); 701 return -EOPNOTSUPP; 702 } 703 704 target_dev = act->dev; 705 for_each_port(adap, i) { 706 n_dev = adap->port[i]; 707 if (target_dev == n_dev) { 708 found = true; 709 break; 710 } 711 } 712 713 /* If interface doesn't belong to our hw, then 714 * the provided output port is not valid 715 */ 716 if (!found) { 717 NL_SET_ERR_MSG_MOD(extack, "Out port invalid"); 718 return -EINVAL; 719 } 720 act_redir = true; 721 } 722 break; 723 case FLOW_ACTION_VLAN_POP: 724 case FLOW_ACTION_VLAN_PUSH: 725 case FLOW_ACTION_VLAN_MANGLE: { 726 u16 proto = be16_to_cpu(act->vlan.proto); 727 728 switch (act->id) { 729 case FLOW_ACTION_VLAN_POP: 730 break; 731 case FLOW_ACTION_VLAN_PUSH: 732 case FLOW_ACTION_VLAN_MANGLE: 733 if (proto != ETH_P_8021Q) { 734 NL_SET_ERR_MSG_MOD(extack, 735 "Unsupported vlan proto"); 736 return -EOPNOTSUPP; 737 } 738 break; 739 default: 740 NL_SET_ERR_MSG_MOD(extack, 741 "Unsupported vlan action"); 742 return -EOPNOTSUPP; 743 } 744 act_vlan = true; 745 } 746 break; 747 case FLOW_ACTION_MANGLE: { 748 bool pedit_valid = valid_pedit_action(extack, act, 749 &natmode_flags); 750 751 if (!pedit_valid) 752 return -EOPNOTSUPP; 753 act_pedit = true; 754 } 755 break; 756 case FLOW_ACTION_QUEUE: 757 /* Do nothing. cxgb4_set_filter will validate */ 758 break; 759 default: 760 NL_SET_ERR_MSG_MOD(extack, "Unsupported action"); 761 return -EOPNOTSUPP; 762 } 763 } 764 765 if ((act_pedit || act_vlan) && !act_redir) { 766 NL_SET_ERR_MSG_MOD(extack, 767 "pedit/vlan rewrite invalid without egress redirect"); 768 return -EINVAL; 769 } 770 771 if (act_pedit) { 772 int ret; 773 774 ret = cxgb4_action_natmode_validate(adap, natmode_flags, 775 extack); 776 if (ret) 777 return ret; 778 } 779 780 return 0; 781 } 782 783 static void cxgb4_tc_flower_hash_prio_add(struct adapter *adap, u32 tc_prio) 784 { 785 spin_lock_bh(&adap->tids.ftid_lock); 786 if (adap->tids.tc_hash_tids_max_prio < tc_prio) 787 adap->tids.tc_hash_tids_max_prio = tc_prio; 788 spin_unlock_bh(&adap->tids.ftid_lock); 789 } 790 791 static void cxgb4_tc_flower_hash_prio_del(struct adapter *adap, u32 tc_prio) 792 { 793 struct tid_info *t = &adap->tids; 794 struct ch_tc_flower_entry *fe; 795 struct rhashtable_iter iter; 796 u32 found = 0; 797 798 spin_lock_bh(&t->ftid_lock); 799 /* Bail if the current rule is not the one with the max 800 * prio. 801 */ 802 if (t->tc_hash_tids_max_prio != tc_prio) 803 goto out_unlock; 804 805 /* Search for the next rule having the same or next lower 806 * max prio. 807 */ 808 rhashtable_walk_enter(&adap->flower_tbl, &iter); 809 do { 810 rhashtable_walk_start(&iter); 811 812 fe = rhashtable_walk_next(&iter); 813 while (!IS_ERR_OR_NULL(fe)) { 814 if (fe->fs.hash && 815 fe->fs.tc_prio <= t->tc_hash_tids_max_prio) { 816 t->tc_hash_tids_max_prio = fe->fs.tc_prio; 817 found++; 818 819 /* Bail if we found another rule 820 * having the same prio as the 821 * current max one. 822 */ 823 if (fe->fs.tc_prio == tc_prio) 824 break; 825 } 826 827 fe = rhashtable_walk_next(&iter); 828 } 829 830 rhashtable_walk_stop(&iter); 831 } while (fe == ERR_PTR(-EAGAIN)); 832 rhashtable_walk_exit(&iter); 833 834 if (!found) 835 t->tc_hash_tids_max_prio = 0; 836 837 out_unlock: 838 spin_unlock_bh(&t->ftid_lock); 839 } 840 841 int cxgb4_flow_rule_replace(struct net_device *dev, struct flow_rule *rule, 842 u32 tc_prio, struct netlink_ext_ack *extack, 843 struct ch_filter_specification *fs, u32 *tid) 844 { 845 struct adapter *adap = netdev2adap(dev); 846 struct filter_ctx ctx; 847 u16 addr_type = 0; 848 u8 inet_family; 849 int fidx, ret; 850 851 if (cxgb4_validate_flow_actions(dev, &rule->action, extack, 0)) 852 return -EOPNOTSUPP; 853 854 if (cxgb4_validate_flow_match(extack, rule)) 855 return -EOPNOTSUPP; 856 857 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CONTROL)) { 858 struct flow_match_control match; 859 860 flow_rule_match_control(rule, &match); 861 addr_type = match.key->addr_type; 862 863 if (match.mask->flags & FLOW_DIS_IS_FRAGMENT) { 864 fs->val.frag = match.key->flags & FLOW_DIS_IS_FRAGMENT; 865 fs->mask.frag = true; 866 } 867 868 if (!flow_rule_is_supp_control_flags(FLOW_DIS_IS_FRAGMENT, 869 match.mask->flags, extack)) 870 return -EOPNOTSUPP; 871 872 } else if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV4_ADDRS)) { 873 addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS; 874 } else if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV6_ADDRS)) { 875 addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; 876 } 877 878 cxgb4_process_flow_match(dev, rule, addr_type, fs); 879 cxgb4_process_flow_actions(dev, &rule->action, fs); 880 881 fs->hash = is_filter_exact_match(adap, fs); 882 inet_family = fs->type ? PF_INET6 : PF_INET; 883 884 /* Get a free filter entry TID, where we can insert this new 885 * rule. Only insert rule if its prio doesn't conflict with 886 * existing rules. 887 */ 888 fidx = cxgb4_get_free_ftid(dev, inet_family, fs->hash, 889 tc_prio); 890 if (fidx < 0) { 891 NL_SET_ERR_MSG_MOD(extack, 892 "No free LETCAM index available"); 893 return -ENOMEM; 894 } 895 896 if (fidx < adap->tids.nhpftids) { 897 fs->prio = 1; 898 fs->hash = 0; 899 } 900 901 /* If the rule can be inserted into HASH region, then ignore 902 * the index to normal FILTER region. 903 */ 904 if (fs->hash) 905 fidx = 0; 906 907 fs->tc_prio = tc_prio; 908 909 init_completion(&ctx.completion); 910 ret = __cxgb4_set_filter(dev, fidx, fs, &ctx); 911 if (ret) { 912 NL_SET_ERR_MSG_FMT_MOD(extack, "filter creation err %d", ret); 913 return ret; 914 } 915 916 /* Wait for reply */ 917 ret = wait_for_completion_timeout(&ctx.completion, 10 * HZ); 918 if (!ret) 919 return -ETIMEDOUT; 920 921 /* Check if hw returned error for filter creation */ 922 if (ctx.result) 923 return ctx.result; 924 925 *tid = ctx.tid; 926 927 if (fs->hash) 928 cxgb4_tc_flower_hash_prio_add(adap, tc_prio); 929 930 return 0; 931 } 932 933 int cxgb4_tc_flower_replace(struct net_device *dev, 934 struct flow_cls_offload *cls) 935 { 936 struct flow_rule *rule = flow_cls_offload_flow_rule(cls); 937 struct netlink_ext_ack *extack = cls->common.extack; 938 struct adapter *adap = netdev2adap(dev); 939 struct ch_tc_flower_entry *ch_flower; 940 struct ch_filter_specification *fs; 941 int ret; 942 943 ch_flower = allocate_flower_entry(); 944 if (!ch_flower) { 945 netdev_err(dev, "%s: ch_flower alloc failed.\n", __func__); 946 return -ENOMEM; 947 } 948 949 fs = &ch_flower->fs; 950 fs->hitcnts = 1; 951 fs->tc_cookie = cls->cookie; 952 953 ret = cxgb4_flow_rule_replace(dev, rule, cls->common.prio, extack, fs, 954 &ch_flower->filter_id); 955 if (ret) 956 goto free_entry; 957 958 ch_flower->tc_flower_cookie = cls->cookie; 959 ret = rhashtable_insert_fast(&adap->flower_tbl, &ch_flower->node, 960 adap->flower_ht_params); 961 if (ret) 962 goto del_filter; 963 964 return 0; 965 966 del_filter: 967 if (fs->hash) 968 cxgb4_tc_flower_hash_prio_del(adap, cls->common.prio); 969 970 cxgb4_del_filter(dev, ch_flower->filter_id, &ch_flower->fs); 971 972 free_entry: 973 kfree(ch_flower); 974 return ret; 975 } 976 977 int cxgb4_flow_rule_destroy(struct net_device *dev, u32 tc_prio, 978 struct ch_filter_specification *fs, int tid) 979 { 980 struct adapter *adap = netdev2adap(dev); 981 u8 hash; 982 int ret; 983 984 hash = fs->hash; 985 986 ret = cxgb4_del_filter(dev, tid, fs); 987 if (ret) 988 return ret; 989 990 if (hash) 991 cxgb4_tc_flower_hash_prio_del(adap, tc_prio); 992 993 return ret; 994 } 995 996 int cxgb4_tc_flower_destroy(struct net_device *dev, 997 struct flow_cls_offload *cls) 998 { 999 struct adapter *adap = netdev2adap(dev); 1000 struct ch_tc_flower_entry *ch_flower; 1001 int ret; 1002 1003 ch_flower = ch_flower_lookup(adap, cls->cookie); 1004 if (!ch_flower) 1005 return -ENOENT; 1006 1007 rhashtable_remove_fast(&adap->flower_tbl, &ch_flower->node, 1008 adap->flower_ht_params); 1009 1010 ret = cxgb4_flow_rule_destroy(dev, ch_flower->fs.tc_prio, 1011 &ch_flower->fs, ch_flower->filter_id); 1012 if (ret) 1013 netdev_err(dev, "Flow rule destroy failed for tid: %u, ret: %d", 1014 ch_flower->filter_id, ret); 1015 1016 kfree_rcu(ch_flower, rcu); 1017 return ret; 1018 } 1019 1020 static void ch_flower_stats_handler(struct work_struct *work) 1021 { 1022 struct adapter *adap = container_of(work, struct adapter, 1023 flower_stats_work); 1024 struct ch_tc_flower_entry *flower_entry; 1025 struct ch_tc_flower_stats *ofld_stats; 1026 struct rhashtable_iter iter; 1027 u64 packets; 1028 u64 bytes; 1029 int ret; 1030 1031 rhashtable_walk_enter(&adap->flower_tbl, &iter); 1032 do { 1033 rhashtable_walk_start(&iter); 1034 1035 while ((flower_entry = rhashtable_walk_next(&iter)) && 1036 !IS_ERR(flower_entry)) { 1037 ret = cxgb4_get_filter_counters(adap->port[0], 1038 flower_entry->filter_id, 1039 &packets, &bytes, 1040 flower_entry->fs.hash); 1041 if (!ret) { 1042 spin_lock(&flower_entry->lock); 1043 ofld_stats = &flower_entry->stats; 1044 1045 if (ofld_stats->prev_packet_count != packets) { 1046 ofld_stats->prev_packet_count = packets; 1047 ofld_stats->last_used = jiffies; 1048 } 1049 spin_unlock(&flower_entry->lock); 1050 } 1051 } 1052 1053 rhashtable_walk_stop(&iter); 1054 1055 } while (flower_entry == ERR_PTR(-EAGAIN)); 1056 rhashtable_walk_exit(&iter); 1057 mod_timer(&adap->flower_stats_timer, jiffies + STATS_CHECK_PERIOD); 1058 } 1059 1060 static void ch_flower_stats_cb(struct timer_list *t) 1061 { 1062 struct adapter *adap = timer_container_of(adap, t, flower_stats_timer); 1063 1064 schedule_work(&adap->flower_stats_work); 1065 } 1066 1067 int cxgb4_tc_flower_stats(struct net_device *dev, 1068 struct flow_cls_offload *cls) 1069 { 1070 struct adapter *adap = netdev2adap(dev); 1071 struct ch_tc_flower_stats *ofld_stats; 1072 struct ch_tc_flower_entry *ch_flower; 1073 u64 packets; 1074 u64 bytes; 1075 int ret; 1076 1077 ch_flower = ch_flower_lookup(adap, cls->cookie); 1078 if (!ch_flower) { 1079 ret = -ENOENT; 1080 goto err; 1081 } 1082 1083 ret = cxgb4_get_filter_counters(dev, ch_flower->filter_id, 1084 &packets, &bytes, 1085 ch_flower->fs.hash); 1086 if (ret < 0) 1087 goto err; 1088 1089 spin_lock_bh(&ch_flower->lock); 1090 ofld_stats = &ch_flower->stats; 1091 if (ofld_stats->packet_count != packets) { 1092 if (ofld_stats->prev_packet_count != packets) 1093 ofld_stats->last_used = jiffies; 1094 flow_stats_update(&cls->stats, bytes - ofld_stats->byte_count, 1095 packets - ofld_stats->packet_count, 0, 1096 ofld_stats->last_used, 1097 FLOW_ACTION_HW_STATS_IMMEDIATE); 1098 1099 ofld_stats->packet_count = packets; 1100 ofld_stats->byte_count = bytes; 1101 ofld_stats->prev_packet_count = packets; 1102 } 1103 spin_unlock_bh(&ch_flower->lock); 1104 return 0; 1105 1106 err: 1107 return ret; 1108 } 1109 1110 static const struct rhashtable_params cxgb4_tc_flower_ht_params = { 1111 .nelem_hint = 384, 1112 .head_offset = offsetof(struct ch_tc_flower_entry, node), 1113 .key_offset = offsetof(struct ch_tc_flower_entry, tc_flower_cookie), 1114 .key_len = sizeof(((struct ch_tc_flower_entry *)0)->tc_flower_cookie), 1115 .max_size = 524288, 1116 .min_size = 512, 1117 .automatic_shrinking = true 1118 }; 1119 1120 int cxgb4_init_tc_flower(struct adapter *adap) 1121 { 1122 int ret; 1123 1124 if (adap->tc_flower_initialized) 1125 return -EEXIST; 1126 1127 adap->flower_ht_params = cxgb4_tc_flower_ht_params; 1128 ret = rhashtable_init(&adap->flower_tbl, &adap->flower_ht_params); 1129 if (ret) 1130 return ret; 1131 1132 INIT_WORK(&adap->flower_stats_work, ch_flower_stats_handler); 1133 timer_setup(&adap->flower_stats_timer, ch_flower_stats_cb, 0); 1134 mod_timer(&adap->flower_stats_timer, jiffies + STATS_CHECK_PERIOD); 1135 adap->tc_flower_initialized = true; 1136 return 0; 1137 } 1138 1139 void cxgb4_cleanup_tc_flower(struct adapter *adap) 1140 { 1141 if (!adap->tc_flower_initialized) 1142 return; 1143 1144 if (adap->flower_stats_timer.function) 1145 timer_shutdown_sync(&adap->flower_stats_timer); 1146 cancel_work_sync(&adap->flower_stats_work); 1147 rhashtable_destroy(&adap->flower_tbl); 1148 adap->tc_flower_initialized = false; 1149 } 1150