1 /* 2 * This file is part of the Chelsio T4/T5/T6 Ethernet driver for Linux. 3 * 4 * Copyright (c) 2017 Chelsio Communications, Inc. All rights reserved. 5 * 6 * This software is available to you under a choice of one of two 7 * licenses. You may choose to be licensed under the terms of the GNU 8 * General Public License (GPL) Version 2, available from the file 9 * COPYING in the main directory of this source tree, or the 10 * OpenIB.org BSD license below: 11 * 12 * Redistribution and use in source and binary forms, with or 13 * without modification, are permitted provided that the following 14 * conditions are met: 15 * 16 * - Redistributions of source code must retain the above 17 * copyright notice, this list of conditions and the following 18 * disclaimer. 19 * 20 * - Redistributions in binary form must reproduce the above 21 * copyright notice, this list of conditions and the following 22 * disclaimer in the documentation and/or other materials 23 * provided with the distribution. 24 * 25 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 26 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 27 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 28 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 29 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 30 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 31 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 32 * SOFTWARE. 33 */ 34 35 #include <net/tc_act/tc_mirred.h> 36 #include <net/tc_act/tc_pedit.h> 37 #include <net/tc_act/tc_gact.h> 38 #include <net/tc_act/tc_vlan.h> 39 40 #include "cxgb4.h" 41 #include "cxgb4_filter.h" 42 #include "cxgb4_tc_flower.h" 43 44 #define STATS_CHECK_PERIOD (HZ / 2) 45 46 static struct ch_tc_pedit_fields pedits[] = { 47 PEDIT_FIELDS(ETH_, DMAC_31_0, 4, dmac, 0), 48 PEDIT_FIELDS(ETH_, DMAC_47_32, 2, dmac, 4), 49 PEDIT_FIELDS(ETH_, SMAC_15_0, 2, smac, 0), 50 PEDIT_FIELDS(ETH_, SMAC_47_16, 4, smac, 2), 51 PEDIT_FIELDS(IP4_, SRC, 4, nat_fip, 0), 52 PEDIT_FIELDS(IP4_, DST, 4, nat_lip, 0), 53 PEDIT_FIELDS(IP6_, SRC_31_0, 4, nat_fip, 0), 54 PEDIT_FIELDS(IP6_, SRC_63_32, 4, nat_fip, 4), 55 PEDIT_FIELDS(IP6_, SRC_95_64, 4, nat_fip, 8), 56 PEDIT_FIELDS(IP6_, SRC_127_96, 4, nat_fip, 12), 57 PEDIT_FIELDS(IP6_, DST_31_0, 4, nat_lip, 0), 58 PEDIT_FIELDS(IP6_, DST_63_32, 4, nat_lip, 4), 59 PEDIT_FIELDS(IP6_, DST_95_64, 4, nat_lip, 8), 60 PEDIT_FIELDS(IP6_, DST_127_96, 4, nat_lip, 12), 61 }; 62 63 static const struct cxgb4_natmode_config cxgb4_natmode_config_array[] = { 64 /* Default supported NAT modes */ 65 { 66 .chip = CHELSIO_T5, 67 .flags = CXGB4_ACTION_NATMODE_NONE, 68 .natmode = NAT_MODE_NONE, 69 }, 70 { 71 .chip = CHELSIO_T5, 72 .flags = CXGB4_ACTION_NATMODE_DIP, 73 .natmode = NAT_MODE_DIP, 74 }, 75 { 76 .chip = CHELSIO_T5, 77 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_DPORT, 78 .natmode = NAT_MODE_DIP_DP, 79 }, 80 { 81 .chip = CHELSIO_T5, 82 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_DPORT | 83 CXGB4_ACTION_NATMODE_SIP, 84 .natmode = NAT_MODE_DIP_DP_SIP, 85 }, 86 { 87 .chip = CHELSIO_T5, 88 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_DPORT | 89 CXGB4_ACTION_NATMODE_SPORT, 90 .natmode = NAT_MODE_DIP_DP_SP, 91 }, 92 { 93 .chip = CHELSIO_T5, 94 .flags = CXGB4_ACTION_NATMODE_SIP | CXGB4_ACTION_NATMODE_SPORT, 95 .natmode = NAT_MODE_SIP_SP, 96 }, 97 { 98 .chip = CHELSIO_T5, 99 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SIP | 100 CXGB4_ACTION_NATMODE_SPORT, 101 .natmode = NAT_MODE_DIP_SIP_SP, 102 }, 103 { 104 .chip = CHELSIO_T5, 105 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SIP | 106 CXGB4_ACTION_NATMODE_DPORT | 107 CXGB4_ACTION_NATMODE_SPORT, 108 .natmode = NAT_MODE_ALL, 109 }, 110 /* T6+ can ignore L4 ports when they're disabled. */ 111 { 112 .chip = CHELSIO_T6, 113 .flags = CXGB4_ACTION_NATMODE_SIP, 114 .natmode = NAT_MODE_SIP_SP, 115 }, 116 { 117 .chip = CHELSIO_T6, 118 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SPORT, 119 .natmode = NAT_MODE_DIP_DP_SP, 120 }, 121 { 122 .chip = CHELSIO_T6, 123 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SIP, 124 .natmode = NAT_MODE_ALL, 125 }, 126 }; 127 128 static void cxgb4_action_natmode_tweak(struct ch_filter_specification *fs, 129 u8 natmode_flags) 130 { 131 u8 i = 0; 132 133 /* Translate the enabled NAT 4-tuple fields to one of the 134 * hardware supported NAT mode configurations. This ensures 135 * that we pick a valid combination, where the disabled fields 136 * do not get overwritten to 0. 137 */ 138 for (i = 0; i < ARRAY_SIZE(cxgb4_natmode_config_array); i++) { 139 if (cxgb4_natmode_config_array[i].flags == natmode_flags) { 140 fs->nat_mode = cxgb4_natmode_config_array[i].natmode; 141 return; 142 } 143 } 144 } 145 146 static struct ch_tc_flower_entry *allocate_flower_entry(void) 147 { 148 struct ch_tc_flower_entry *new = kzalloc(sizeof(*new), GFP_KERNEL); 149 if (new) 150 spin_lock_init(&new->lock); 151 return new; 152 } 153 154 /* Must be called with either RTNL or rcu_read_lock */ 155 static struct ch_tc_flower_entry *ch_flower_lookup(struct adapter *adap, 156 unsigned long flower_cookie) 157 { 158 return rhashtable_lookup_fast(&adap->flower_tbl, &flower_cookie, 159 adap->flower_ht_params); 160 } 161 162 static void cxgb4_process_flow_match(struct net_device *dev, 163 struct flow_rule *rule, 164 struct ch_filter_specification *fs) 165 { 166 u16 addr_type = 0; 167 168 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CONTROL)) { 169 struct flow_match_control match; 170 171 flow_rule_match_control(rule, &match); 172 addr_type = match.key->addr_type; 173 } else if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV4_ADDRS)) { 174 addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS; 175 } else if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV6_ADDRS)) { 176 addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; 177 } 178 179 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) { 180 struct flow_match_basic match; 181 u16 ethtype_key, ethtype_mask; 182 183 flow_rule_match_basic(rule, &match); 184 ethtype_key = ntohs(match.key->n_proto); 185 ethtype_mask = ntohs(match.mask->n_proto); 186 187 if (ethtype_key == ETH_P_ALL) { 188 ethtype_key = 0; 189 ethtype_mask = 0; 190 } 191 192 if (ethtype_key == ETH_P_IPV6) 193 fs->type = 1; 194 195 fs->val.ethtype = ethtype_key; 196 fs->mask.ethtype = ethtype_mask; 197 fs->val.proto = match.key->ip_proto; 198 fs->mask.proto = match.mask->ip_proto; 199 } 200 201 if (addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS) { 202 struct flow_match_ipv4_addrs match; 203 204 flow_rule_match_ipv4_addrs(rule, &match); 205 fs->type = 0; 206 memcpy(&fs->val.lip[0], &match.key->dst, sizeof(match.key->dst)); 207 memcpy(&fs->val.fip[0], &match.key->src, sizeof(match.key->src)); 208 memcpy(&fs->mask.lip[0], &match.mask->dst, sizeof(match.mask->dst)); 209 memcpy(&fs->mask.fip[0], &match.mask->src, sizeof(match.mask->src)); 210 211 /* also initialize nat_lip/fip to same values */ 212 memcpy(&fs->nat_lip[0], &match.key->dst, sizeof(match.key->dst)); 213 memcpy(&fs->nat_fip[0], &match.key->src, sizeof(match.key->src)); 214 } 215 216 if (addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS) { 217 struct flow_match_ipv6_addrs match; 218 219 flow_rule_match_ipv6_addrs(rule, &match); 220 fs->type = 1; 221 memcpy(&fs->val.lip[0], match.key->dst.s6_addr, 222 sizeof(match.key->dst)); 223 memcpy(&fs->val.fip[0], match.key->src.s6_addr, 224 sizeof(match.key->src)); 225 memcpy(&fs->mask.lip[0], match.mask->dst.s6_addr, 226 sizeof(match.mask->dst)); 227 memcpy(&fs->mask.fip[0], match.mask->src.s6_addr, 228 sizeof(match.mask->src)); 229 230 /* also initialize nat_lip/fip to same values */ 231 memcpy(&fs->nat_lip[0], match.key->dst.s6_addr, 232 sizeof(match.key->dst)); 233 memcpy(&fs->nat_fip[0], match.key->src.s6_addr, 234 sizeof(match.key->src)); 235 } 236 237 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS)) { 238 struct flow_match_ports match; 239 240 flow_rule_match_ports(rule, &match); 241 fs->val.lport = be16_to_cpu(match.key->dst); 242 fs->mask.lport = be16_to_cpu(match.mask->dst); 243 fs->val.fport = be16_to_cpu(match.key->src); 244 fs->mask.fport = be16_to_cpu(match.mask->src); 245 246 /* also initialize nat_lport/fport to same values */ 247 fs->nat_lport = fs->val.lport; 248 fs->nat_fport = fs->val.fport; 249 } 250 251 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IP)) { 252 struct flow_match_ip match; 253 254 flow_rule_match_ip(rule, &match); 255 fs->val.tos = match.key->tos; 256 fs->mask.tos = match.mask->tos; 257 } 258 259 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_KEYID)) { 260 struct flow_match_enc_keyid match; 261 262 flow_rule_match_enc_keyid(rule, &match); 263 fs->val.vni = be32_to_cpu(match.key->keyid); 264 fs->mask.vni = be32_to_cpu(match.mask->keyid); 265 if (fs->mask.vni) { 266 fs->val.encap_vld = 1; 267 fs->mask.encap_vld = 1; 268 } 269 } 270 271 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_VLAN)) { 272 struct flow_match_vlan match; 273 u16 vlan_tci, vlan_tci_mask; 274 275 flow_rule_match_vlan(rule, &match); 276 vlan_tci = match.key->vlan_id | (match.key->vlan_priority << 277 VLAN_PRIO_SHIFT); 278 vlan_tci_mask = match.mask->vlan_id | (match.mask->vlan_priority << 279 VLAN_PRIO_SHIFT); 280 fs->val.ivlan = vlan_tci; 281 fs->mask.ivlan = vlan_tci_mask; 282 283 fs->val.ivlan_vld = 1; 284 fs->mask.ivlan_vld = 1; 285 286 /* Chelsio adapters use ivlan_vld bit to match vlan packets 287 * as 802.1Q. Also, when vlan tag is present in packets, 288 * ethtype match is used then to match on ethtype of inner 289 * header ie. the header following the vlan header. 290 * So, set the ivlan_vld based on ethtype info supplied by 291 * TC for vlan packets if its 802.1Q. And then reset the 292 * ethtype value else, hw will try to match the supplied 293 * ethtype value with ethtype of inner header. 294 */ 295 if (fs->val.ethtype == ETH_P_8021Q) { 296 fs->val.ethtype = 0; 297 fs->mask.ethtype = 0; 298 } 299 } 300 301 /* Match only packets coming from the ingress port where this 302 * filter will be created. 303 */ 304 fs->val.iport = netdev2pinfo(dev)->port_id; 305 fs->mask.iport = ~0; 306 } 307 308 static int cxgb4_validate_flow_match(struct netlink_ext_ack *extack, 309 struct flow_rule *rule) 310 { 311 struct flow_dissector *dissector = rule->match.dissector; 312 u16 ethtype_mask = 0; 313 u16 ethtype_key = 0; 314 315 if (dissector->used_keys & 316 ~(BIT_ULL(FLOW_DISSECTOR_KEY_CONTROL) | 317 BIT_ULL(FLOW_DISSECTOR_KEY_BASIC) | 318 BIT_ULL(FLOW_DISSECTOR_KEY_IPV4_ADDRS) | 319 BIT_ULL(FLOW_DISSECTOR_KEY_IPV6_ADDRS) | 320 BIT_ULL(FLOW_DISSECTOR_KEY_PORTS) | 321 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_KEYID) | 322 BIT_ULL(FLOW_DISSECTOR_KEY_VLAN) | 323 BIT_ULL(FLOW_DISSECTOR_KEY_IP))) { 324 NL_SET_ERR_MSG_FMT_MOD(extack, 325 "Unsupported key used: 0x%llx", 326 dissector->used_keys); 327 return -EOPNOTSUPP; 328 } 329 330 if (flow_rule_match_has_control_flags(rule, extack)) 331 return -EOPNOTSUPP; 332 333 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) { 334 struct flow_match_basic match; 335 336 flow_rule_match_basic(rule, &match); 337 ethtype_key = ntohs(match.key->n_proto); 338 ethtype_mask = ntohs(match.mask->n_proto); 339 } 340 341 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IP)) { 342 u16 eth_ip_type = ethtype_key & ethtype_mask; 343 struct flow_match_ip match; 344 345 if (eth_ip_type != ETH_P_IP && eth_ip_type != ETH_P_IPV6) { 346 NL_SET_ERR_MSG_MOD(extack, 347 "IP Key supported only with IPv4/v6"); 348 return -EINVAL; 349 } 350 351 flow_rule_match_ip(rule, &match); 352 if (match.mask->ttl) { 353 NL_SET_ERR_MSG_MOD(extack, 354 "ttl match unsupported for offload"); 355 return -EOPNOTSUPP; 356 } 357 } 358 359 return 0; 360 } 361 362 static void offload_pedit(struct ch_filter_specification *fs, u32 val, u32 mask, 363 u8 field) 364 { 365 u32 set_val = val & ~mask; 366 u32 offset = 0; 367 u8 size = 1; 368 int i; 369 370 for (i = 0; i < ARRAY_SIZE(pedits); i++) { 371 if (pedits[i].field == field) { 372 offset = pedits[i].offset; 373 size = pedits[i].size; 374 break; 375 } 376 } 377 memcpy((u8 *)fs + offset, &set_val, size); 378 } 379 380 static void process_pedit_field(struct ch_filter_specification *fs, u32 val, 381 u32 mask, u32 offset, u8 htype, 382 u8 *natmode_flags) 383 { 384 switch (htype) { 385 case FLOW_ACT_MANGLE_HDR_TYPE_ETH: 386 switch (offset) { 387 case PEDIT_ETH_DMAC_31_0: 388 fs->newdmac = 1; 389 offload_pedit(fs, val, mask, ETH_DMAC_31_0); 390 break; 391 case PEDIT_ETH_DMAC_47_32_SMAC_15_0: 392 if (~mask & PEDIT_ETH_DMAC_MASK) 393 offload_pedit(fs, val, mask, ETH_DMAC_47_32); 394 else 395 offload_pedit(fs, val >> 16, mask >> 16, 396 ETH_SMAC_15_0); 397 break; 398 case PEDIT_ETH_SMAC_47_16: 399 fs->newsmac = 1; 400 offload_pedit(fs, val, mask, ETH_SMAC_47_16); 401 } 402 break; 403 case FLOW_ACT_MANGLE_HDR_TYPE_IP4: 404 switch (offset) { 405 case PEDIT_IP4_SRC: 406 offload_pedit(fs, val, mask, IP4_SRC); 407 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP; 408 break; 409 case PEDIT_IP4_DST: 410 offload_pedit(fs, val, mask, IP4_DST); 411 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP; 412 } 413 break; 414 case FLOW_ACT_MANGLE_HDR_TYPE_IP6: 415 switch (offset) { 416 case PEDIT_IP6_SRC_31_0: 417 offload_pedit(fs, val, mask, IP6_SRC_31_0); 418 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP; 419 break; 420 case PEDIT_IP6_SRC_63_32: 421 offload_pedit(fs, val, mask, IP6_SRC_63_32); 422 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP; 423 break; 424 case PEDIT_IP6_SRC_95_64: 425 offload_pedit(fs, val, mask, IP6_SRC_95_64); 426 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP; 427 break; 428 case PEDIT_IP6_SRC_127_96: 429 offload_pedit(fs, val, mask, IP6_SRC_127_96); 430 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP; 431 break; 432 case PEDIT_IP6_DST_31_0: 433 offload_pedit(fs, val, mask, IP6_DST_31_0); 434 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP; 435 break; 436 case PEDIT_IP6_DST_63_32: 437 offload_pedit(fs, val, mask, IP6_DST_63_32); 438 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP; 439 break; 440 case PEDIT_IP6_DST_95_64: 441 offload_pedit(fs, val, mask, IP6_DST_95_64); 442 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP; 443 break; 444 case PEDIT_IP6_DST_127_96: 445 offload_pedit(fs, val, mask, IP6_DST_127_96); 446 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP; 447 } 448 break; 449 case FLOW_ACT_MANGLE_HDR_TYPE_TCP: 450 switch (offset) { 451 case PEDIT_TCP_SPORT_DPORT: 452 if (~mask & PEDIT_TCP_UDP_SPORT_MASK) { 453 fs->nat_fport = val; 454 *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT; 455 } else { 456 fs->nat_lport = val >> 16; 457 *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT; 458 } 459 } 460 break; 461 case FLOW_ACT_MANGLE_HDR_TYPE_UDP: 462 switch (offset) { 463 case PEDIT_UDP_SPORT_DPORT: 464 if (~mask & PEDIT_TCP_UDP_SPORT_MASK) { 465 fs->nat_fport = val; 466 *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT; 467 } else { 468 fs->nat_lport = val >> 16; 469 *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT; 470 } 471 } 472 break; 473 } 474 } 475 476 static int cxgb4_action_natmode_validate(struct adapter *adap, u8 natmode_flags, 477 struct netlink_ext_ack *extack) 478 { 479 u8 i = 0; 480 481 /* Extract the NAT mode to enable based on what 4-tuple fields 482 * are enabled to be overwritten. This ensures that the 483 * disabled fields don't get overwritten to 0. 484 */ 485 for (i = 0; i < ARRAY_SIZE(cxgb4_natmode_config_array); i++) { 486 const struct cxgb4_natmode_config *c; 487 488 c = &cxgb4_natmode_config_array[i]; 489 if (CHELSIO_CHIP_VERSION(adap->params.chip) >= c->chip && 490 natmode_flags == c->flags) 491 return 0; 492 } 493 NL_SET_ERR_MSG_MOD(extack, "Unsupported NAT mode 4-tuple combination"); 494 return -EOPNOTSUPP; 495 } 496 497 void cxgb4_process_flow_actions(struct net_device *in, 498 struct flow_action *actions, 499 struct ch_filter_specification *fs) 500 { 501 struct flow_action_entry *act; 502 u8 natmode_flags = 0; 503 int i; 504 505 flow_action_for_each(i, act, actions) { 506 switch (act->id) { 507 case FLOW_ACTION_ACCEPT: 508 fs->action = FILTER_PASS; 509 break; 510 case FLOW_ACTION_DROP: 511 fs->action = FILTER_DROP; 512 break; 513 case FLOW_ACTION_MIRRED: 514 case FLOW_ACTION_REDIRECT: { 515 struct net_device *out = act->dev; 516 struct port_info *pi = netdev_priv(out); 517 518 fs->action = FILTER_SWITCH; 519 fs->eport = pi->port_id; 520 } 521 break; 522 case FLOW_ACTION_VLAN_POP: 523 case FLOW_ACTION_VLAN_PUSH: 524 case FLOW_ACTION_VLAN_MANGLE: { 525 u8 prio = act->vlan.prio; 526 u16 vid = act->vlan.vid; 527 u16 vlan_tci = (prio << VLAN_PRIO_SHIFT) | vid; 528 switch (act->id) { 529 case FLOW_ACTION_VLAN_POP: 530 fs->newvlan |= VLAN_REMOVE; 531 break; 532 case FLOW_ACTION_VLAN_PUSH: 533 fs->newvlan |= VLAN_INSERT; 534 fs->vlan = vlan_tci; 535 break; 536 case FLOW_ACTION_VLAN_MANGLE: 537 fs->newvlan |= VLAN_REWRITE; 538 fs->vlan = vlan_tci; 539 break; 540 default: 541 break; 542 } 543 } 544 break; 545 case FLOW_ACTION_MANGLE: { 546 u32 mask, val, offset; 547 u8 htype; 548 549 htype = act->mangle.htype; 550 mask = act->mangle.mask; 551 val = act->mangle.val; 552 offset = act->mangle.offset; 553 554 process_pedit_field(fs, val, mask, offset, htype, 555 &natmode_flags); 556 } 557 break; 558 case FLOW_ACTION_QUEUE: 559 fs->action = FILTER_PASS; 560 fs->dirsteer = 1; 561 fs->iq = act->queue.index; 562 break; 563 default: 564 break; 565 } 566 } 567 if (natmode_flags) 568 cxgb4_action_natmode_tweak(fs, natmode_flags); 569 570 } 571 572 static bool valid_l4_mask(u32 mask) 573 { 574 u16 hi, lo; 575 576 /* Either the upper 16-bits (SPORT) OR the lower 577 * 16-bits (DPORT) can be set, but NOT BOTH. 578 */ 579 hi = (mask >> 16) & 0xFFFF; 580 lo = mask & 0xFFFF; 581 582 return hi && lo ? false : true; 583 } 584 585 static bool valid_pedit_action(struct netlink_ext_ack *extack, 586 const struct flow_action_entry *act, 587 u8 *natmode_flags) 588 { 589 u32 mask, offset; 590 u8 htype; 591 592 htype = act->mangle.htype; 593 mask = act->mangle.mask; 594 offset = act->mangle.offset; 595 596 switch (htype) { 597 case FLOW_ACT_MANGLE_HDR_TYPE_ETH: 598 switch (offset) { 599 case PEDIT_ETH_DMAC_31_0: 600 case PEDIT_ETH_DMAC_47_32_SMAC_15_0: 601 case PEDIT_ETH_SMAC_47_16: 602 break; 603 default: 604 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit field"); 605 return false; 606 } 607 break; 608 case FLOW_ACT_MANGLE_HDR_TYPE_IP4: 609 switch (offset) { 610 case PEDIT_IP4_SRC: 611 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP; 612 break; 613 case PEDIT_IP4_DST: 614 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP; 615 break; 616 default: 617 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit field"); 618 return false; 619 } 620 break; 621 case FLOW_ACT_MANGLE_HDR_TYPE_IP6: 622 switch (offset) { 623 case PEDIT_IP6_SRC_31_0: 624 case PEDIT_IP6_SRC_63_32: 625 case PEDIT_IP6_SRC_95_64: 626 case PEDIT_IP6_SRC_127_96: 627 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP; 628 break; 629 case PEDIT_IP6_DST_31_0: 630 case PEDIT_IP6_DST_63_32: 631 case PEDIT_IP6_DST_95_64: 632 case PEDIT_IP6_DST_127_96: 633 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP; 634 break; 635 default: 636 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit field"); 637 return false; 638 } 639 break; 640 case FLOW_ACT_MANGLE_HDR_TYPE_TCP: 641 switch (offset) { 642 case PEDIT_TCP_SPORT_DPORT: 643 if (!valid_l4_mask(~mask)) { 644 NL_SET_ERR_MSG_MOD(extack, 645 "Unsupported mask for TCP L4 ports"); 646 return false; 647 } 648 if (~mask & PEDIT_TCP_UDP_SPORT_MASK) 649 *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT; 650 else 651 *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT; 652 break; 653 default: 654 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit field"); 655 return false; 656 } 657 break; 658 case FLOW_ACT_MANGLE_HDR_TYPE_UDP: 659 switch (offset) { 660 case PEDIT_UDP_SPORT_DPORT: 661 if (!valid_l4_mask(~mask)) { 662 NL_SET_ERR_MSG_MOD(extack, 663 "Unsupported mask for UDP L4 ports"); 664 return false; 665 } 666 if (~mask & PEDIT_TCP_UDP_SPORT_MASK) 667 *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT; 668 else 669 *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT; 670 break; 671 default: 672 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit field"); 673 return false; 674 } 675 break; 676 default: 677 NL_SET_ERR_MSG_MOD(extack, "Unsupported pedit type"); 678 return false; 679 } 680 return true; 681 } 682 683 int cxgb4_validate_flow_actions(struct net_device *dev, 684 struct flow_action *actions, 685 struct netlink_ext_ack *extack, 686 u8 matchall_filter) 687 { 688 struct adapter *adap = netdev2adap(dev); 689 struct flow_action_entry *act; 690 bool act_redir = false; 691 bool act_pedit = false; 692 bool act_vlan = false; 693 u8 natmode_flags = 0; 694 int i; 695 696 if (!flow_action_basic_hw_stats_check(actions, extack)) 697 return -EOPNOTSUPP; 698 699 flow_action_for_each(i, act, actions) { 700 switch (act->id) { 701 case FLOW_ACTION_ACCEPT: 702 case FLOW_ACTION_DROP: 703 /* Do nothing */ 704 break; 705 case FLOW_ACTION_MIRRED: 706 case FLOW_ACTION_REDIRECT: { 707 struct net_device *n_dev, *target_dev; 708 bool found = false; 709 unsigned int i; 710 711 if (act->id == FLOW_ACTION_MIRRED && 712 !matchall_filter) { 713 NL_SET_ERR_MSG_MOD(extack, 714 "Egress mirror action is only supported for tc-matchall"); 715 return -EOPNOTSUPP; 716 } 717 718 target_dev = act->dev; 719 for_each_port(adap, i) { 720 n_dev = adap->port[i]; 721 if (target_dev == n_dev) { 722 found = true; 723 break; 724 } 725 } 726 727 /* If interface doesn't belong to our hw, then 728 * the provided output port is not valid 729 */ 730 if (!found) { 731 NL_SET_ERR_MSG_MOD(extack, "Out port invalid"); 732 return -EINVAL; 733 } 734 act_redir = true; 735 } 736 break; 737 case FLOW_ACTION_VLAN_POP: 738 case FLOW_ACTION_VLAN_PUSH: 739 case FLOW_ACTION_VLAN_MANGLE: { 740 u16 proto = be16_to_cpu(act->vlan.proto); 741 742 switch (act->id) { 743 case FLOW_ACTION_VLAN_POP: 744 break; 745 case FLOW_ACTION_VLAN_PUSH: 746 case FLOW_ACTION_VLAN_MANGLE: 747 if (proto != ETH_P_8021Q) { 748 NL_SET_ERR_MSG_MOD(extack, 749 "Unsupported vlan proto"); 750 return -EOPNOTSUPP; 751 } 752 break; 753 default: 754 NL_SET_ERR_MSG_MOD(extack, 755 "Unsupported vlan action"); 756 return -EOPNOTSUPP; 757 } 758 act_vlan = true; 759 } 760 break; 761 case FLOW_ACTION_MANGLE: { 762 bool pedit_valid = valid_pedit_action(extack, act, 763 &natmode_flags); 764 765 if (!pedit_valid) 766 return -EOPNOTSUPP; 767 act_pedit = true; 768 } 769 break; 770 case FLOW_ACTION_QUEUE: 771 /* Do nothing. cxgb4_set_filter will validate */ 772 break; 773 default: 774 NL_SET_ERR_MSG_MOD(extack, "Unsupported action"); 775 return -EOPNOTSUPP; 776 } 777 } 778 779 if ((act_pedit || act_vlan) && !act_redir) { 780 NL_SET_ERR_MSG_MOD(extack, 781 "pedit/vlan rewrite invalid without egress redirect"); 782 return -EINVAL; 783 } 784 785 if (act_pedit) { 786 int ret; 787 788 ret = cxgb4_action_natmode_validate(adap, natmode_flags, 789 extack); 790 if (ret) 791 return ret; 792 } 793 794 return 0; 795 } 796 797 static void cxgb4_tc_flower_hash_prio_add(struct adapter *adap, u32 tc_prio) 798 { 799 spin_lock_bh(&adap->tids.ftid_lock); 800 if (adap->tids.tc_hash_tids_max_prio < tc_prio) 801 adap->tids.tc_hash_tids_max_prio = tc_prio; 802 spin_unlock_bh(&adap->tids.ftid_lock); 803 } 804 805 static void cxgb4_tc_flower_hash_prio_del(struct adapter *adap, u32 tc_prio) 806 { 807 struct tid_info *t = &adap->tids; 808 struct ch_tc_flower_entry *fe; 809 struct rhashtable_iter iter; 810 u32 found = 0; 811 812 spin_lock_bh(&t->ftid_lock); 813 /* Bail if the current rule is not the one with the max 814 * prio. 815 */ 816 if (t->tc_hash_tids_max_prio != tc_prio) 817 goto out_unlock; 818 819 /* Search for the next rule having the same or next lower 820 * max prio. 821 */ 822 rhashtable_walk_enter(&adap->flower_tbl, &iter); 823 do { 824 rhashtable_walk_start(&iter); 825 826 fe = rhashtable_walk_next(&iter); 827 while (!IS_ERR_OR_NULL(fe)) { 828 if (fe->fs.hash && 829 fe->fs.tc_prio <= t->tc_hash_tids_max_prio) { 830 t->tc_hash_tids_max_prio = fe->fs.tc_prio; 831 found++; 832 833 /* Bail if we found another rule 834 * having the same prio as the 835 * current max one. 836 */ 837 if (fe->fs.tc_prio == tc_prio) 838 break; 839 } 840 841 fe = rhashtable_walk_next(&iter); 842 } 843 844 rhashtable_walk_stop(&iter); 845 } while (fe == ERR_PTR(-EAGAIN)); 846 rhashtable_walk_exit(&iter); 847 848 if (!found) 849 t->tc_hash_tids_max_prio = 0; 850 851 out_unlock: 852 spin_unlock_bh(&t->ftid_lock); 853 } 854 855 int cxgb4_flow_rule_replace(struct net_device *dev, struct flow_rule *rule, 856 u32 tc_prio, struct netlink_ext_ack *extack, 857 struct ch_filter_specification *fs, u32 *tid) 858 { 859 struct adapter *adap = netdev2adap(dev); 860 struct filter_ctx ctx; 861 u8 inet_family; 862 int fidx, ret; 863 864 if (cxgb4_validate_flow_actions(dev, &rule->action, extack, 0)) 865 return -EOPNOTSUPP; 866 867 if (cxgb4_validate_flow_match(extack, rule)) 868 return -EOPNOTSUPP; 869 870 cxgb4_process_flow_match(dev, rule, fs); 871 cxgb4_process_flow_actions(dev, &rule->action, fs); 872 873 fs->hash = is_filter_exact_match(adap, fs); 874 inet_family = fs->type ? PF_INET6 : PF_INET; 875 876 /* Get a free filter entry TID, where we can insert this new 877 * rule. Only insert rule if its prio doesn't conflict with 878 * existing rules. 879 */ 880 fidx = cxgb4_get_free_ftid(dev, inet_family, fs->hash, 881 tc_prio); 882 if (fidx < 0) { 883 NL_SET_ERR_MSG_MOD(extack, 884 "No free LETCAM index available"); 885 return -ENOMEM; 886 } 887 888 if (fidx < adap->tids.nhpftids) { 889 fs->prio = 1; 890 fs->hash = 0; 891 } 892 893 /* If the rule can be inserted into HASH region, then ignore 894 * the index to normal FILTER region. 895 */ 896 if (fs->hash) 897 fidx = 0; 898 899 fs->tc_prio = tc_prio; 900 901 init_completion(&ctx.completion); 902 ret = __cxgb4_set_filter(dev, fidx, fs, &ctx); 903 if (ret) { 904 NL_SET_ERR_MSG_FMT_MOD(extack, "filter creation err %d", ret); 905 return ret; 906 } 907 908 /* Wait for reply */ 909 ret = wait_for_completion_timeout(&ctx.completion, 10 * HZ); 910 if (!ret) 911 return -ETIMEDOUT; 912 913 /* Check if hw returned error for filter creation */ 914 if (ctx.result) 915 return ctx.result; 916 917 *tid = ctx.tid; 918 919 if (fs->hash) 920 cxgb4_tc_flower_hash_prio_add(adap, tc_prio); 921 922 return 0; 923 } 924 925 int cxgb4_tc_flower_replace(struct net_device *dev, 926 struct flow_cls_offload *cls) 927 { 928 struct flow_rule *rule = flow_cls_offload_flow_rule(cls); 929 struct netlink_ext_ack *extack = cls->common.extack; 930 struct adapter *adap = netdev2adap(dev); 931 struct ch_tc_flower_entry *ch_flower; 932 struct ch_filter_specification *fs; 933 int ret; 934 935 ch_flower = allocate_flower_entry(); 936 if (!ch_flower) { 937 netdev_err(dev, "%s: ch_flower alloc failed.\n", __func__); 938 return -ENOMEM; 939 } 940 941 fs = &ch_flower->fs; 942 fs->hitcnts = 1; 943 fs->tc_cookie = cls->cookie; 944 945 ret = cxgb4_flow_rule_replace(dev, rule, cls->common.prio, extack, fs, 946 &ch_flower->filter_id); 947 if (ret) 948 goto free_entry; 949 950 ch_flower->tc_flower_cookie = cls->cookie; 951 ret = rhashtable_insert_fast(&adap->flower_tbl, &ch_flower->node, 952 adap->flower_ht_params); 953 if (ret) 954 goto del_filter; 955 956 return 0; 957 958 del_filter: 959 if (fs->hash) 960 cxgb4_tc_flower_hash_prio_del(adap, cls->common.prio); 961 962 cxgb4_del_filter(dev, ch_flower->filter_id, &ch_flower->fs); 963 964 free_entry: 965 kfree(ch_flower); 966 return ret; 967 } 968 969 int cxgb4_flow_rule_destroy(struct net_device *dev, u32 tc_prio, 970 struct ch_filter_specification *fs, int tid) 971 { 972 struct adapter *adap = netdev2adap(dev); 973 u8 hash; 974 int ret; 975 976 hash = fs->hash; 977 978 ret = cxgb4_del_filter(dev, tid, fs); 979 if (ret) 980 return ret; 981 982 if (hash) 983 cxgb4_tc_flower_hash_prio_del(adap, tc_prio); 984 985 return ret; 986 } 987 988 int cxgb4_tc_flower_destroy(struct net_device *dev, 989 struct flow_cls_offload *cls) 990 { 991 struct adapter *adap = netdev2adap(dev); 992 struct ch_tc_flower_entry *ch_flower; 993 int ret; 994 995 ch_flower = ch_flower_lookup(adap, cls->cookie); 996 if (!ch_flower) 997 return -ENOENT; 998 999 rhashtable_remove_fast(&adap->flower_tbl, &ch_flower->node, 1000 adap->flower_ht_params); 1001 1002 ret = cxgb4_flow_rule_destroy(dev, ch_flower->fs.tc_prio, 1003 &ch_flower->fs, ch_flower->filter_id); 1004 if (ret) 1005 netdev_err(dev, "Flow rule destroy failed for tid: %u, ret: %d", 1006 ch_flower->filter_id, ret); 1007 1008 kfree_rcu(ch_flower, rcu); 1009 return ret; 1010 } 1011 1012 static void ch_flower_stats_handler(struct work_struct *work) 1013 { 1014 struct adapter *adap = container_of(work, struct adapter, 1015 flower_stats_work); 1016 struct ch_tc_flower_entry *flower_entry; 1017 struct ch_tc_flower_stats *ofld_stats; 1018 struct rhashtable_iter iter; 1019 u64 packets; 1020 u64 bytes; 1021 int ret; 1022 1023 rhashtable_walk_enter(&adap->flower_tbl, &iter); 1024 do { 1025 rhashtable_walk_start(&iter); 1026 1027 while ((flower_entry = rhashtable_walk_next(&iter)) && 1028 !IS_ERR(flower_entry)) { 1029 ret = cxgb4_get_filter_counters(adap->port[0], 1030 flower_entry->filter_id, 1031 &packets, &bytes, 1032 flower_entry->fs.hash); 1033 if (!ret) { 1034 spin_lock(&flower_entry->lock); 1035 ofld_stats = &flower_entry->stats; 1036 1037 if (ofld_stats->prev_packet_count != packets) { 1038 ofld_stats->prev_packet_count = packets; 1039 ofld_stats->last_used = jiffies; 1040 } 1041 spin_unlock(&flower_entry->lock); 1042 } 1043 } 1044 1045 rhashtable_walk_stop(&iter); 1046 1047 } while (flower_entry == ERR_PTR(-EAGAIN)); 1048 rhashtable_walk_exit(&iter); 1049 mod_timer(&adap->flower_stats_timer, jiffies + STATS_CHECK_PERIOD); 1050 } 1051 1052 static void ch_flower_stats_cb(struct timer_list *t) 1053 { 1054 struct adapter *adap = from_timer(adap, t, flower_stats_timer); 1055 1056 schedule_work(&adap->flower_stats_work); 1057 } 1058 1059 int cxgb4_tc_flower_stats(struct net_device *dev, 1060 struct flow_cls_offload *cls) 1061 { 1062 struct adapter *adap = netdev2adap(dev); 1063 struct ch_tc_flower_stats *ofld_stats; 1064 struct ch_tc_flower_entry *ch_flower; 1065 u64 packets; 1066 u64 bytes; 1067 int ret; 1068 1069 ch_flower = ch_flower_lookup(adap, cls->cookie); 1070 if (!ch_flower) { 1071 ret = -ENOENT; 1072 goto err; 1073 } 1074 1075 ret = cxgb4_get_filter_counters(dev, ch_flower->filter_id, 1076 &packets, &bytes, 1077 ch_flower->fs.hash); 1078 if (ret < 0) 1079 goto err; 1080 1081 spin_lock_bh(&ch_flower->lock); 1082 ofld_stats = &ch_flower->stats; 1083 if (ofld_stats->packet_count != packets) { 1084 if (ofld_stats->prev_packet_count != packets) 1085 ofld_stats->last_used = jiffies; 1086 flow_stats_update(&cls->stats, bytes - ofld_stats->byte_count, 1087 packets - ofld_stats->packet_count, 0, 1088 ofld_stats->last_used, 1089 FLOW_ACTION_HW_STATS_IMMEDIATE); 1090 1091 ofld_stats->packet_count = packets; 1092 ofld_stats->byte_count = bytes; 1093 ofld_stats->prev_packet_count = packets; 1094 } 1095 spin_unlock_bh(&ch_flower->lock); 1096 return 0; 1097 1098 err: 1099 return ret; 1100 } 1101 1102 static const struct rhashtable_params cxgb4_tc_flower_ht_params = { 1103 .nelem_hint = 384, 1104 .head_offset = offsetof(struct ch_tc_flower_entry, node), 1105 .key_offset = offsetof(struct ch_tc_flower_entry, tc_flower_cookie), 1106 .key_len = sizeof(((struct ch_tc_flower_entry *)0)->tc_flower_cookie), 1107 .max_size = 524288, 1108 .min_size = 512, 1109 .automatic_shrinking = true 1110 }; 1111 1112 int cxgb4_init_tc_flower(struct adapter *adap) 1113 { 1114 int ret; 1115 1116 if (adap->tc_flower_initialized) 1117 return -EEXIST; 1118 1119 adap->flower_ht_params = cxgb4_tc_flower_ht_params; 1120 ret = rhashtable_init(&adap->flower_tbl, &adap->flower_ht_params); 1121 if (ret) 1122 return ret; 1123 1124 INIT_WORK(&adap->flower_stats_work, ch_flower_stats_handler); 1125 timer_setup(&adap->flower_stats_timer, ch_flower_stats_cb, 0); 1126 mod_timer(&adap->flower_stats_timer, jiffies + STATS_CHECK_PERIOD); 1127 adap->tc_flower_initialized = true; 1128 return 0; 1129 } 1130 1131 void cxgb4_cleanup_tc_flower(struct adapter *adap) 1132 { 1133 if (!adap->tc_flower_initialized) 1134 return; 1135 1136 if (adap->flower_stats_timer.function) 1137 timer_shutdown_sync(&adap->flower_stats_timer); 1138 cancel_work_sync(&adap->flower_stats_work); 1139 rhashtable_destroy(&adap->flower_tbl); 1140 adap->tc_flower_initialized = false; 1141 } 1142