1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (C) 2019-2021, Intel Corporation. */ 3 4 #include "ice.h" 5 #include "ice_tc_lib.h" 6 #include "ice_fltr.h" 7 #include "ice_lib.h" 8 #include "ice_protocol_type.h" 9 10 #define ICE_TC_METADATA_LKUP_IDX 0 11 12 /** 13 * ice_tc_count_lkups - determine lookup count for switch filter 14 * @flags: TC-flower flags 15 * @headers: Pointer to TC flower filter header structure 16 * @fltr: Pointer to outer TC filter structure 17 * 18 * Determine lookup count based on TC flower input for switch filter. 19 */ 20 static int 21 ice_tc_count_lkups(u32 flags, struct ice_tc_flower_lyr_2_4_hdrs *headers, 22 struct ice_tc_flower_fltr *fltr) 23 { 24 int lkups_cnt = 1; /* 0th lookup is metadata */ 25 26 /* Always add metadata as the 0th lookup. Included elements: 27 * - Direction flag (always present) 28 * - ICE_TC_FLWR_FIELD_VLAN_TPID (present if specified) 29 * - Tunnel flag (present if tunnel) 30 */ 31 if (fltr->direction == ICE_ESWITCH_FLTR_EGRESS) 32 lkups_cnt++; 33 34 if (flags & ICE_TC_FLWR_FIELD_TENANT_ID) 35 lkups_cnt++; 36 37 if (flags & ICE_TC_FLWR_FIELD_ENC_DST_MAC) 38 lkups_cnt++; 39 40 if (flags & ICE_TC_FLWR_FIELD_GTP_OPTS) 41 lkups_cnt++; 42 43 if (flags & ICE_TC_FLWR_FIELD_PFCP_OPTS) 44 lkups_cnt++; 45 46 if (flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV4 | 47 ICE_TC_FLWR_FIELD_ENC_DEST_IPV4 | 48 ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 | 49 ICE_TC_FLWR_FIELD_ENC_DEST_IPV6)) 50 lkups_cnt++; 51 52 if (flags & (ICE_TC_FLWR_FIELD_ENC_IP_TOS | 53 ICE_TC_FLWR_FIELD_ENC_IP_TTL)) 54 lkups_cnt++; 55 56 if (flags & ICE_TC_FLWR_FIELD_ENC_DEST_L4_PORT) 57 lkups_cnt++; 58 59 if (flags & ICE_TC_FLWR_FIELD_ETH_TYPE_ID) 60 lkups_cnt++; 61 62 /* are MAC fields specified? */ 63 if (flags & (ICE_TC_FLWR_FIELD_DST_MAC | ICE_TC_FLWR_FIELD_SRC_MAC)) 64 lkups_cnt++; 65 66 /* is VLAN specified? */ 67 if (flags & (ICE_TC_FLWR_FIELD_VLAN | ICE_TC_FLWR_FIELD_VLAN_PRIO)) 68 lkups_cnt++; 69 70 /* is CVLAN specified? */ 71 if (flags & (ICE_TC_FLWR_FIELD_CVLAN | ICE_TC_FLWR_FIELD_CVLAN_PRIO)) 72 lkups_cnt++; 73 74 /* are PPPoE options specified? */ 75 if (flags & (ICE_TC_FLWR_FIELD_PPPOE_SESSID | 76 ICE_TC_FLWR_FIELD_PPP_PROTO)) 77 lkups_cnt++; 78 79 /* are IPv[4|6] fields specified? */ 80 if (flags & (ICE_TC_FLWR_FIELD_DEST_IPV4 | ICE_TC_FLWR_FIELD_SRC_IPV4 | 81 ICE_TC_FLWR_FIELD_DEST_IPV6 | ICE_TC_FLWR_FIELD_SRC_IPV6)) 82 lkups_cnt++; 83 84 if (flags & (ICE_TC_FLWR_FIELD_IP_TOS | ICE_TC_FLWR_FIELD_IP_TTL)) 85 lkups_cnt++; 86 87 /* are L2TPv3 options specified? */ 88 if (flags & ICE_TC_FLWR_FIELD_L2TPV3_SESSID) 89 lkups_cnt++; 90 91 /* is L4 (TCP/UDP/any other L4 protocol fields) specified? */ 92 if (flags & (ICE_TC_FLWR_FIELD_DEST_L4_PORT | 93 ICE_TC_FLWR_FIELD_SRC_L4_PORT)) 94 lkups_cnt++; 95 96 return lkups_cnt; 97 } 98 99 static enum ice_protocol_type ice_proto_type_from_mac(bool inner) 100 { 101 return inner ? ICE_MAC_IL : ICE_MAC_OFOS; 102 } 103 104 static enum ice_protocol_type ice_proto_type_from_etype(bool inner) 105 { 106 return inner ? ICE_ETYPE_IL : ICE_ETYPE_OL; 107 } 108 109 static enum ice_protocol_type ice_proto_type_from_ipv4(bool inner) 110 { 111 return inner ? ICE_IPV4_IL : ICE_IPV4_OFOS; 112 } 113 114 static enum ice_protocol_type ice_proto_type_from_ipv6(bool inner) 115 { 116 return inner ? ICE_IPV6_IL : ICE_IPV6_OFOS; 117 } 118 119 static enum ice_protocol_type ice_proto_type_from_l4_port(u16 ip_proto) 120 { 121 switch (ip_proto) { 122 case IPPROTO_TCP: 123 return ICE_TCP_IL; 124 case IPPROTO_UDP: 125 return ICE_UDP_ILOS; 126 } 127 128 return 0; 129 } 130 131 static enum ice_protocol_type 132 ice_proto_type_from_tunnel(enum ice_tunnel_type type) 133 { 134 switch (type) { 135 case TNL_VXLAN: 136 return ICE_VXLAN; 137 case TNL_GENEVE: 138 return ICE_GENEVE; 139 case TNL_GRETAP: 140 return ICE_NVGRE; 141 case TNL_GTPU: 142 /* NO_PAY profiles will not work with GTP-U */ 143 return ICE_GTP; 144 case TNL_GTPC: 145 return ICE_GTP_NO_PAY; 146 case TNL_PFCP: 147 return ICE_PFCP; 148 default: 149 return 0; 150 } 151 } 152 153 static enum ice_sw_tunnel_type 154 ice_sw_type_from_tunnel(enum ice_tunnel_type type) 155 { 156 switch (type) { 157 case TNL_VXLAN: 158 return ICE_SW_TUN_VXLAN; 159 case TNL_GENEVE: 160 return ICE_SW_TUN_GENEVE; 161 case TNL_GRETAP: 162 return ICE_SW_TUN_NVGRE; 163 case TNL_GTPU: 164 return ICE_SW_TUN_GTPU; 165 case TNL_GTPC: 166 return ICE_SW_TUN_GTPC; 167 case TNL_PFCP: 168 return ICE_SW_TUN_PFCP; 169 default: 170 return ICE_NON_TUN; 171 } 172 } 173 174 static u16 ice_check_supported_vlan_tpid(u16 vlan_tpid) 175 { 176 switch (vlan_tpid) { 177 case ETH_P_8021Q: 178 case ETH_P_8021AD: 179 case ETH_P_QINQ1: 180 return vlan_tpid; 181 default: 182 return 0; 183 } 184 } 185 186 static int 187 ice_tc_fill_tunnel_outer(u32 flags, struct ice_tc_flower_fltr *fltr, 188 struct ice_adv_lkup_elem *list, int i) 189 { 190 struct ice_tc_flower_lyr_2_4_hdrs *hdr = &fltr->outer_headers; 191 192 if (flags & ICE_TC_FLWR_FIELD_TENANT_ID) { 193 u32 tenant_id; 194 195 list[i].type = ice_proto_type_from_tunnel(fltr->tunnel_type); 196 switch (fltr->tunnel_type) { 197 case TNL_VXLAN: 198 case TNL_GENEVE: 199 tenant_id = be32_to_cpu(fltr->tenant_id) << 8; 200 list[i].h_u.tnl_hdr.vni = cpu_to_be32(tenant_id); 201 memcpy(&list[i].m_u.tnl_hdr.vni, "\xff\xff\xff\x00", 4); 202 i++; 203 break; 204 case TNL_GRETAP: 205 list[i].h_u.nvgre_hdr.tni_flow = fltr->tenant_id; 206 memcpy(&list[i].m_u.nvgre_hdr.tni_flow, 207 "\xff\xff\xff\xff", 4); 208 i++; 209 break; 210 case TNL_GTPC: 211 case TNL_GTPU: 212 list[i].h_u.gtp_hdr.teid = fltr->tenant_id; 213 memcpy(&list[i].m_u.gtp_hdr.teid, 214 "\xff\xff\xff\xff", 4); 215 i++; 216 break; 217 default: 218 break; 219 } 220 } 221 222 if (flags & ICE_TC_FLWR_FIELD_ENC_DST_MAC) { 223 list[i].type = ice_proto_type_from_mac(false); 224 ether_addr_copy(list[i].h_u.eth_hdr.dst_addr, 225 hdr->l2_key.dst_mac); 226 ether_addr_copy(list[i].m_u.eth_hdr.dst_addr, 227 hdr->l2_mask.dst_mac); 228 i++; 229 } 230 231 if (flags & ICE_TC_FLWR_FIELD_GTP_OPTS) { 232 list[i].type = ice_proto_type_from_tunnel(fltr->tunnel_type); 233 234 if (fltr->gtp_pdu_info_masks.pdu_type) { 235 list[i].h_u.gtp_hdr.pdu_type = 236 fltr->gtp_pdu_info_keys.pdu_type << 4; 237 memcpy(&list[i].m_u.gtp_hdr.pdu_type, "\xf0", 1); 238 } 239 240 if (fltr->gtp_pdu_info_masks.qfi) { 241 list[i].h_u.gtp_hdr.qfi = fltr->gtp_pdu_info_keys.qfi; 242 memcpy(&list[i].m_u.gtp_hdr.qfi, "\x3f", 1); 243 } 244 245 i++; 246 } 247 248 if (flags & ICE_TC_FLWR_FIELD_PFCP_OPTS) { 249 struct ice_pfcp_hdr *hdr_h, *hdr_m; 250 251 hdr_h = &list[i].h_u.pfcp_hdr; 252 hdr_m = &list[i].m_u.pfcp_hdr; 253 list[i].type = ICE_PFCP; 254 255 hdr_h->flags = fltr->pfcp_meta_keys.type; 256 hdr_m->flags = fltr->pfcp_meta_masks.type & 0x01; 257 258 hdr_h->seid = fltr->pfcp_meta_keys.seid; 259 hdr_m->seid = fltr->pfcp_meta_masks.seid; 260 261 i++; 262 } 263 264 if (flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV4 | 265 ICE_TC_FLWR_FIELD_ENC_DEST_IPV4)) { 266 list[i].type = ice_proto_type_from_ipv4(false); 267 268 if (flags & ICE_TC_FLWR_FIELD_ENC_SRC_IPV4) { 269 list[i].h_u.ipv4_hdr.src_addr = hdr->l3_key.src_ipv4; 270 list[i].m_u.ipv4_hdr.src_addr = hdr->l3_mask.src_ipv4; 271 } 272 if (flags & ICE_TC_FLWR_FIELD_ENC_DEST_IPV4) { 273 list[i].h_u.ipv4_hdr.dst_addr = hdr->l3_key.dst_ipv4; 274 list[i].m_u.ipv4_hdr.dst_addr = hdr->l3_mask.dst_ipv4; 275 } 276 i++; 277 } 278 279 if (flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 | 280 ICE_TC_FLWR_FIELD_ENC_DEST_IPV6)) { 281 list[i].type = ice_proto_type_from_ipv6(false); 282 283 if (flags & ICE_TC_FLWR_FIELD_ENC_SRC_IPV6) { 284 memcpy(&list[i].h_u.ipv6_hdr.src_addr, 285 &hdr->l3_key.src_ipv6_addr, 286 sizeof(hdr->l3_key.src_ipv6_addr)); 287 memcpy(&list[i].m_u.ipv6_hdr.src_addr, 288 &hdr->l3_mask.src_ipv6_addr, 289 sizeof(hdr->l3_mask.src_ipv6_addr)); 290 } 291 if (flags & ICE_TC_FLWR_FIELD_ENC_DEST_IPV6) { 292 memcpy(&list[i].h_u.ipv6_hdr.dst_addr, 293 &hdr->l3_key.dst_ipv6_addr, 294 sizeof(hdr->l3_key.dst_ipv6_addr)); 295 memcpy(&list[i].m_u.ipv6_hdr.dst_addr, 296 &hdr->l3_mask.dst_ipv6_addr, 297 sizeof(hdr->l3_mask.dst_ipv6_addr)); 298 } 299 i++; 300 } 301 302 if (fltr->inner_headers.l2_key.n_proto == htons(ETH_P_IP) && 303 (flags & (ICE_TC_FLWR_FIELD_ENC_IP_TOS | 304 ICE_TC_FLWR_FIELD_ENC_IP_TTL))) { 305 list[i].type = ice_proto_type_from_ipv4(false); 306 307 if (flags & ICE_TC_FLWR_FIELD_ENC_IP_TOS) { 308 list[i].h_u.ipv4_hdr.tos = hdr->l3_key.tos; 309 list[i].m_u.ipv4_hdr.tos = hdr->l3_mask.tos; 310 } 311 312 if (flags & ICE_TC_FLWR_FIELD_ENC_IP_TTL) { 313 list[i].h_u.ipv4_hdr.time_to_live = hdr->l3_key.ttl; 314 list[i].m_u.ipv4_hdr.time_to_live = hdr->l3_mask.ttl; 315 } 316 317 i++; 318 } 319 320 if (fltr->inner_headers.l2_key.n_proto == htons(ETH_P_IPV6) && 321 (flags & (ICE_TC_FLWR_FIELD_ENC_IP_TOS | 322 ICE_TC_FLWR_FIELD_ENC_IP_TTL))) { 323 struct ice_ipv6_hdr *hdr_h, *hdr_m; 324 325 hdr_h = &list[i].h_u.ipv6_hdr; 326 hdr_m = &list[i].m_u.ipv6_hdr; 327 list[i].type = ice_proto_type_from_ipv6(false); 328 329 if (flags & ICE_TC_FLWR_FIELD_ENC_IP_TOS) { 330 be32p_replace_bits(&hdr_h->be_ver_tc_flow, 331 hdr->l3_key.tos, 332 ICE_IPV6_HDR_TC_MASK); 333 be32p_replace_bits(&hdr_m->be_ver_tc_flow, 334 hdr->l3_mask.tos, 335 ICE_IPV6_HDR_TC_MASK); 336 } 337 338 if (flags & ICE_TC_FLWR_FIELD_ENC_IP_TTL) { 339 hdr_h->hop_limit = hdr->l3_key.ttl; 340 hdr_m->hop_limit = hdr->l3_mask.ttl; 341 } 342 343 i++; 344 } 345 346 if ((flags & ICE_TC_FLWR_FIELD_ENC_DEST_L4_PORT) && 347 hdr->l3_key.ip_proto == IPPROTO_UDP) { 348 list[i].type = ICE_UDP_OF; 349 list[i].h_u.l4_hdr.dst_port = hdr->l4_key.dst_port; 350 list[i].m_u.l4_hdr.dst_port = hdr->l4_mask.dst_port; 351 i++; 352 } 353 354 /* always fill matching on tunneled packets in metadata */ 355 ice_rule_add_tunnel_metadata(&list[ICE_TC_METADATA_LKUP_IDX]); 356 357 return i; 358 } 359 360 /** 361 * ice_tc_fill_rules - fill filter rules based on TC fltr 362 * @hw: pointer to HW structure 363 * @flags: tc flower field flags 364 * @tc_fltr: pointer to TC flower filter 365 * @list: list of advance rule elements 366 * @rule_info: pointer to information about rule 367 * @l4_proto: pointer to information such as L4 proto type 368 * 369 * Fill ice_adv_lkup_elem list based on TC flower flags and 370 * TC flower headers. This list should be used to add 371 * advance filter in hardware. 372 */ 373 static int 374 ice_tc_fill_rules(struct ice_hw *hw, u32 flags, 375 struct ice_tc_flower_fltr *tc_fltr, 376 struct ice_adv_lkup_elem *list, 377 struct ice_adv_rule_info *rule_info, 378 u16 *l4_proto) 379 { 380 struct ice_tc_flower_lyr_2_4_hdrs *headers = &tc_fltr->outer_headers; 381 bool inner = false; 382 u16 vlan_tpid = 0; 383 int i = 1; /* 0th lookup is metadata */ 384 385 rule_info->vlan_type = vlan_tpid; 386 387 /* Always add direction metadata */ 388 ice_rule_add_direction_metadata(&list[ICE_TC_METADATA_LKUP_IDX]); 389 390 if (tc_fltr->direction == ICE_ESWITCH_FLTR_EGRESS) { 391 ice_rule_add_src_vsi_metadata(&list[i]); 392 i++; 393 } 394 395 rule_info->tun_type = ice_sw_type_from_tunnel(tc_fltr->tunnel_type); 396 if (tc_fltr->tunnel_type != TNL_LAST) { 397 i = ice_tc_fill_tunnel_outer(flags, tc_fltr, list, i); 398 399 /* PFCP is considered non-tunneled - don't swap headers. */ 400 if (tc_fltr->tunnel_type != TNL_PFCP) { 401 headers = &tc_fltr->inner_headers; 402 inner = true; 403 } 404 } 405 406 if (flags & ICE_TC_FLWR_FIELD_ETH_TYPE_ID) { 407 list[i].type = ice_proto_type_from_etype(inner); 408 list[i].h_u.ethertype.ethtype_id = headers->l2_key.n_proto; 409 list[i].m_u.ethertype.ethtype_id = headers->l2_mask.n_proto; 410 i++; 411 } 412 413 if (flags & (ICE_TC_FLWR_FIELD_DST_MAC | 414 ICE_TC_FLWR_FIELD_SRC_MAC)) { 415 struct ice_tc_l2_hdr *l2_key, *l2_mask; 416 417 l2_key = &headers->l2_key; 418 l2_mask = &headers->l2_mask; 419 420 list[i].type = ice_proto_type_from_mac(inner); 421 if (flags & ICE_TC_FLWR_FIELD_DST_MAC) { 422 ether_addr_copy(list[i].h_u.eth_hdr.dst_addr, 423 l2_key->dst_mac); 424 ether_addr_copy(list[i].m_u.eth_hdr.dst_addr, 425 l2_mask->dst_mac); 426 } 427 if (flags & ICE_TC_FLWR_FIELD_SRC_MAC) { 428 ether_addr_copy(list[i].h_u.eth_hdr.src_addr, 429 l2_key->src_mac); 430 ether_addr_copy(list[i].m_u.eth_hdr.src_addr, 431 l2_mask->src_mac); 432 } 433 i++; 434 } 435 436 /* copy VLAN info */ 437 if (flags & (ICE_TC_FLWR_FIELD_VLAN | ICE_TC_FLWR_FIELD_VLAN_PRIO)) { 438 if (flags & ICE_TC_FLWR_FIELD_CVLAN) 439 list[i].type = ICE_VLAN_EX; 440 else 441 list[i].type = ICE_VLAN_OFOS; 442 443 if (flags & ICE_TC_FLWR_FIELD_VLAN) { 444 list[i].h_u.vlan_hdr.vlan = headers->vlan_hdr.vlan_id; 445 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0x0FFF); 446 } 447 448 if (flags & ICE_TC_FLWR_FIELD_VLAN_PRIO) { 449 if (flags & ICE_TC_FLWR_FIELD_VLAN) { 450 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0xEFFF); 451 } else { 452 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0xE000); 453 list[i].h_u.vlan_hdr.vlan = 0; 454 } 455 list[i].h_u.vlan_hdr.vlan |= 456 headers->vlan_hdr.vlan_prio; 457 } 458 459 i++; 460 } 461 462 if (flags & ICE_TC_FLWR_FIELD_VLAN_TPID) { 463 vlan_tpid = be16_to_cpu(headers->vlan_hdr.vlan_tpid); 464 rule_info->vlan_type = 465 ice_check_supported_vlan_tpid(vlan_tpid); 466 467 ice_rule_add_vlan_metadata(&list[ICE_TC_METADATA_LKUP_IDX]); 468 } 469 470 if (flags & (ICE_TC_FLWR_FIELD_CVLAN | ICE_TC_FLWR_FIELD_CVLAN_PRIO)) { 471 list[i].type = ICE_VLAN_IN; 472 473 if (flags & ICE_TC_FLWR_FIELD_CVLAN) { 474 list[i].h_u.vlan_hdr.vlan = headers->cvlan_hdr.vlan_id; 475 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0x0FFF); 476 } 477 478 if (flags & ICE_TC_FLWR_FIELD_CVLAN_PRIO) { 479 if (flags & ICE_TC_FLWR_FIELD_CVLAN) { 480 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0xEFFF); 481 } else { 482 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0xE000); 483 list[i].h_u.vlan_hdr.vlan = 0; 484 } 485 list[i].h_u.vlan_hdr.vlan |= 486 headers->cvlan_hdr.vlan_prio; 487 } 488 489 i++; 490 } 491 492 if (flags & (ICE_TC_FLWR_FIELD_PPPOE_SESSID | 493 ICE_TC_FLWR_FIELD_PPP_PROTO)) { 494 struct ice_pppoe_hdr *vals, *masks; 495 496 vals = &list[i].h_u.pppoe_hdr; 497 masks = &list[i].m_u.pppoe_hdr; 498 499 list[i].type = ICE_PPPOE; 500 501 if (flags & ICE_TC_FLWR_FIELD_PPPOE_SESSID) { 502 vals->session_id = headers->pppoe_hdr.session_id; 503 masks->session_id = cpu_to_be16(0xFFFF); 504 } 505 506 if (flags & ICE_TC_FLWR_FIELD_PPP_PROTO) { 507 vals->ppp_prot_id = headers->pppoe_hdr.ppp_proto; 508 masks->ppp_prot_id = cpu_to_be16(0xFFFF); 509 } 510 511 i++; 512 } 513 514 /* copy L3 (IPv[4|6]: src, dest) address */ 515 if (flags & (ICE_TC_FLWR_FIELD_DEST_IPV4 | 516 ICE_TC_FLWR_FIELD_SRC_IPV4)) { 517 struct ice_tc_l3_hdr *l3_key, *l3_mask; 518 519 list[i].type = ice_proto_type_from_ipv4(inner); 520 l3_key = &headers->l3_key; 521 l3_mask = &headers->l3_mask; 522 if (flags & ICE_TC_FLWR_FIELD_DEST_IPV4) { 523 list[i].h_u.ipv4_hdr.dst_addr = l3_key->dst_ipv4; 524 list[i].m_u.ipv4_hdr.dst_addr = l3_mask->dst_ipv4; 525 } 526 if (flags & ICE_TC_FLWR_FIELD_SRC_IPV4) { 527 list[i].h_u.ipv4_hdr.src_addr = l3_key->src_ipv4; 528 list[i].m_u.ipv4_hdr.src_addr = l3_mask->src_ipv4; 529 } 530 i++; 531 } else if (flags & (ICE_TC_FLWR_FIELD_DEST_IPV6 | 532 ICE_TC_FLWR_FIELD_SRC_IPV6)) { 533 struct ice_ipv6_hdr *ipv6_hdr, *ipv6_mask; 534 struct ice_tc_l3_hdr *l3_key, *l3_mask; 535 536 list[i].type = ice_proto_type_from_ipv6(inner); 537 ipv6_hdr = &list[i].h_u.ipv6_hdr; 538 ipv6_mask = &list[i].m_u.ipv6_hdr; 539 l3_key = &headers->l3_key; 540 l3_mask = &headers->l3_mask; 541 542 if (flags & ICE_TC_FLWR_FIELD_DEST_IPV6) { 543 memcpy(&ipv6_hdr->dst_addr, &l3_key->dst_ipv6_addr, 544 sizeof(l3_key->dst_ipv6_addr)); 545 memcpy(&ipv6_mask->dst_addr, &l3_mask->dst_ipv6_addr, 546 sizeof(l3_mask->dst_ipv6_addr)); 547 } 548 if (flags & ICE_TC_FLWR_FIELD_SRC_IPV6) { 549 memcpy(&ipv6_hdr->src_addr, &l3_key->src_ipv6_addr, 550 sizeof(l3_key->src_ipv6_addr)); 551 memcpy(&ipv6_mask->src_addr, &l3_mask->src_ipv6_addr, 552 sizeof(l3_mask->src_ipv6_addr)); 553 } 554 i++; 555 } 556 557 if (headers->l2_key.n_proto == htons(ETH_P_IP) && 558 (flags & (ICE_TC_FLWR_FIELD_IP_TOS | ICE_TC_FLWR_FIELD_IP_TTL))) { 559 list[i].type = ice_proto_type_from_ipv4(inner); 560 561 if (flags & ICE_TC_FLWR_FIELD_IP_TOS) { 562 list[i].h_u.ipv4_hdr.tos = headers->l3_key.tos; 563 list[i].m_u.ipv4_hdr.tos = headers->l3_mask.tos; 564 } 565 566 if (flags & ICE_TC_FLWR_FIELD_IP_TTL) { 567 list[i].h_u.ipv4_hdr.time_to_live = 568 headers->l3_key.ttl; 569 list[i].m_u.ipv4_hdr.time_to_live = 570 headers->l3_mask.ttl; 571 } 572 573 i++; 574 } 575 576 if (headers->l2_key.n_proto == htons(ETH_P_IPV6) && 577 (flags & (ICE_TC_FLWR_FIELD_IP_TOS | ICE_TC_FLWR_FIELD_IP_TTL))) { 578 struct ice_ipv6_hdr *hdr_h, *hdr_m; 579 580 hdr_h = &list[i].h_u.ipv6_hdr; 581 hdr_m = &list[i].m_u.ipv6_hdr; 582 list[i].type = ice_proto_type_from_ipv6(inner); 583 584 if (flags & ICE_TC_FLWR_FIELD_IP_TOS) { 585 be32p_replace_bits(&hdr_h->be_ver_tc_flow, 586 headers->l3_key.tos, 587 ICE_IPV6_HDR_TC_MASK); 588 be32p_replace_bits(&hdr_m->be_ver_tc_flow, 589 headers->l3_mask.tos, 590 ICE_IPV6_HDR_TC_MASK); 591 } 592 593 if (flags & ICE_TC_FLWR_FIELD_IP_TTL) { 594 hdr_h->hop_limit = headers->l3_key.ttl; 595 hdr_m->hop_limit = headers->l3_mask.ttl; 596 } 597 598 i++; 599 } 600 601 if (flags & ICE_TC_FLWR_FIELD_L2TPV3_SESSID) { 602 list[i].type = ICE_L2TPV3; 603 604 list[i].h_u.l2tpv3_sess_hdr.session_id = 605 headers->l2tpv3_hdr.session_id; 606 list[i].m_u.l2tpv3_sess_hdr.session_id = 607 cpu_to_be32(0xFFFFFFFF); 608 609 i++; 610 } 611 612 /* copy L4 (src, dest) port */ 613 if (flags & (ICE_TC_FLWR_FIELD_DEST_L4_PORT | 614 ICE_TC_FLWR_FIELD_SRC_L4_PORT)) { 615 struct ice_tc_l4_hdr *l4_key, *l4_mask; 616 617 list[i].type = ice_proto_type_from_l4_port(headers->l3_key.ip_proto); 618 l4_key = &headers->l4_key; 619 l4_mask = &headers->l4_mask; 620 621 if (flags & ICE_TC_FLWR_FIELD_DEST_L4_PORT) { 622 list[i].h_u.l4_hdr.dst_port = l4_key->dst_port; 623 list[i].m_u.l4_hdr.dst_port = l4_mask->dst_port; 624 } 625 if (flags & ICE_TC_FLWR_FIELD_SRC_L4_PORT) { 626 list[i].h_u.l4_hdr.src_port = l4_key->src_port; 627 list[i].m_u.l4_hdr.src_port = l4_mask->src_port; 628 } 629 i++; 630 } 631 632 return i; 633 } 634 635 /** 636 * ice_tc_tun_get_type - get the tunnel type 637 * @tunnel_dev: ptr to tunnel device 638 * 639 * This function detects appropriate tunnel_type if specified device is 640 * tunnel device such as VXLAN/Geneve 641 */ 642 static int ice_tc_tun_get_type(struct net_device *tunnel_dev) 643 { 644 if (netif_is_vxlan(tunnel_dev)) 645 return TNL_VXLAN; 646 if (netif_is_geneve(tunnel_dev)) 647 return TNL_GENEVE; 648 if (netif_is_gretap(tunnel_dev) || 649 netif_is_ip6gretap(tunnel_dev)) 650 return TNL_GRETAP; 651 652 /* Assume GTP-U by default in case of GTP netdev. 653 * GTP-C may be selected later, based on enc_dst_port. 654 */ 655 if (netif_is_gtp(tunnel_dev)) 656 return TNL_GTPU; 657 if (netif_is_pfcp(tunnel_dev)) 658 return TNL_PFCP; 659 return TNL_LAST; 660 } 661 662 bool ice_is_tunnel_supported(struct net_device *dev) 663 { 664 return ice_tc_tun_get_type(dev) != TNL_LAST; 665 } 666 667 static bool ice_tc_is_dev_uplink(struct net_device *dev) 668 { 669 return netif_is_ice(dev) || ice_is_tunnel_supported(dev); 670 } 671 672 static int ice_tc_setup_redirect_action(struct net_device *filter_dev, 673 struct ice_tc_flower_fltr *fltr, 674 struct net_device *target_dev) 675 { 676 struct ice_repr *repr; 677 678 fltr->action.fltr_act = ICE_FWD_TO_VSI; 679 680 if (ice_is_port_repr_netdev(filter_dev) && 681 ice_is_port_repr_netdev(target_dev)) { 682 repr = ice_netdev_to_repr(target_dev); 683 684 fltr->dest_vsi = repr->src_vsi; 685 fltr->direction = ICE_ESWITCH_FLTR_EGRESS; 686 } else if (ice_is_port_repr_netdev(filter_dev) && 687 ice_tc_is_dev_uplink(target_dev)) { 688 repr = ice_netdev_to_repr(filter_dev); 689 690 fltr->dest_vsi = repr->src_vsi->back->eswitch.uplink_vsi; 691 fltr->direction = ICE_ESWITCH_FLTR_EGRESS; 692 } else if (ice_tc_is_dev_uplink(filter_dev) && 693 ice_is_port_repr_netdev(target_dev)) { 694 repr = ice_netdev_to_repr(target_dev); 695 696 fltr->dest_vsi = repr->src_vsi; 697 fltr->direction = ICE_ESWITCH_FLTR_INGRESS; 698 } else { 699 NL_SET_ERR_MSG_MOD(fltr->extack, 700 "Unsupported netdevice in switchdev mode"); 701 return -EINVAL; 702 } 703 704 return 0; 705 } 706 707 static int 708 ice_tc_setup_drop_action(struct net_device *filter_dev, 709 struct ice_tc_flower_fltr *fltr) 710 { 711 fltr->action.fltr_act = ICE_DROP_PACKET; 712 713 if (ice_is_port_repr_netdev(filter_dev)) { 714 fltr->direction = ICE_ESWITCH_FLTR_EGRESS; 715 } else if (ice_tc_is_dev_uplink(filter_dev)) { 716 fltr->direction = ICE_ESWITCH_FLTR_INGRESS; 717 } else { 718 NL_SET_ERR_MSG_MOD(fltr->extack, 719 "Unsupported netdevice in switchdev mode"); 720 return -EINVAL; 721 } 722 723 return 0; 724 } 725 726 static int ice_tc_setup_mirror_action(struct net_device *filter_dev, 727 struct ice_tc_flower_fltr *fltr, 728 struct net_device *target_dev) 729 { 730 struct ice_repr *repr; 731 732 fltr->action.fltr_act = ICE_MIRROR_PACKET; 733 734 if (ice_is_port_repr_netdev(filter_dev) && 735 ice_is_port_repr_netdev(target_dev)) { 736 repr = ice_netdev_to_repr(target_dev); 737 738 fltr->dest_vsi = repr->src_vsi; 739 fltr->direction = ICE_ESWITCH_FLTR_EGRESS; 740 } else if (ice_is_port_repr_netdev(filter_dev) && 741 ice_tc_is_dev_uplink(target_dev)) { 742 repr = ice_netdev_to_repr(filter_dev); 743 744 fltr->dest_vsi = repr->src_vsi->back->eswitch.uplink_vsi; 745 fltr->direction = ICE_ESWITCH_FLTR_EGRESS; 746 } else if (ice_tc_is_dev_uplink(filter_dev) && 747 ice_is_port_repr_netdev(target_dev)) { 748 repr = ice_netdev_to_repr(target_dev); 749 750 fltr->dest_vsi = repr->src_vsi; 751 fltr->direction = ICE_ESWITCH_FLTR_INGRESS; 752 } else { 753 NL_SET_ERR_MSG_MOD(fltr->extack, 754 "Unsupported netdevice in switchdev mode"); 755 return -EINVAL; 756 } 757 758 return 0; 759 } 760 761 static int ice_eswitch_tc_parse_action(struct net_device *filter_dev, 762 struct ice_tc_flower_fltr *fltr, 763 struct flow_action_entry *act) 764 { 765 int err; 766 767 switch (act->id) { 768 case FLOW_ACTION_DROP: 769 err = ice_tc_setup_drop_action(filter_dev, fltr); 770 if (err) 771 return err; 772 773 break; 774 775 case FLOW_ACTION_REDIRECT: 776 err = ice_tc_setup_redirect_action(filter_dev, fltr, act->dev); 777 if (err) 778 return err; 779 780 break; 781 782 case FLOW_ACTION_MIRRED: 783 err = ice_tc_setup_mirror_action(filter_dev, fltr, act->dev); 784 if (err) 785 return err; 786 break; 787 788 default: 789 NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported action in switchdev mode"); 790 return -EINVAL; 791 } 792 793 return 0; 794 } 795 796 static int 797 ice_eswitch_add_tc_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr) 798 { 799 struct ice_tc_flower_lyr_2_4_hdrs *headers = &fltr->outer_headers; 800 struct ice_adv_rule_info rule_info = { 0 }; 801 struct ice_rule_query_data rule_added; 802 struct ice_hw *hw = &vsi->back->hw; 803 struct ice_adv_lkup_elem *list; 804 u32 flags = fltr->flags; 805 int lkups_cnt; 806 int ret; 807 int i; 808 809 if (flags & ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT) { 810 NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported encap field(s)"); 811 return -EOPNOTSUPP; 812 } 813 814 lkups_cnt = ice_tc_count_lkups(flags, headers, fltr); 815 list = kcalloc(lkups_cnt, sizeof(*list), GFP_ATOMIC); 816 if (!list) 817 return -ENOMEM; 818 819 i = ice_tc_fill_rules(hw, flags, fltr, list, &rule_info, NULL); 820 if (i != lkups_cnt) { 821 ret = -EINVAL; 822 goto exit; 823 } 824 825 rule_info.sw_act.fltr_act = fltr->action.fltr_act; 826 if (fltr->action.fltr_act != ICE_DROP_PACKET) 827 rule_info.sw_act.vsi_handle = fltr->dest_vsi->idx; 828 /* For now, making priority to be highest, and it also becomes 829 * the priority for recipe which will get created as a result of 830 * new extraction sequence based on input set. 831 * Priority '7' is max val for switch recipe, higher the number 832 * results into order of switch rule evaluation. 833 */ 834 rule_info.priority = 7; 835 rule_info.flags_info.act_valid = true; 836 837 if (fltr->direction == ICE_ESWITCH_FLTR_INGRESS) { 838 /* Uplink to VF */ 839 rule_info.sw_act.flag |= ICE_FLTR_RX; 840 rule_info.sw_act.src = hw->pf_id; 841 rule_info.flags_info.act = ICE_SINGLE_ACT_LB_ENABLE; 842 } else if (fltr->direction == ICE_ESWITCH_FLTR_EGRESS && 843 fltr->dest_vsi == vsi->back->eswitch.uplink_vsi) { 844 /* VF to Uplink */ 845 rule_info.sw_act.flag |= ICE_FLTR_TX; 846 rule_info.sw_act.src = vsi->idx; 847 rule_info.flags_info.act = ICE_SINGLE_ACT_LAN_ENABLE; 848 } else { 849 /* VF to VF */ 850 rule_info.sw_act.flag |= ICE_FLTR_TX; 851 rule_info.sw_act.src = vsi->idx; 852 rule_info.flags_info.act = ICE_SINGLE_ACT_LB_ENABLE; 853 } 854 855 /* specify the cookie as filter_rule_id */ 856 rule_info.fltr_rule_id = fltr->cookie; 857 rule_info.src_vsi = vsi->idx; 858 859 ret = ice_add_adv_rule(hw, list, lkups_cnt, &rule_info, &rule_added); 860 if (ret == -EEXIST) { 861 NL_SET_ERR_MSG_MOD(fltr->extack, "Unable to add filter because it already exist"); 862 ret = -EINVAL; 863 goto exit; 864 } else if (ret) { 865 NL_SET_ERR_MSG_MOD(fltr->extack, "Unable to add filter due to error"); 866 goto exit; 867 } 868 869 /* store the output params, which are needed later for removing 870 * advanced switch filter 871 */ 872 fltr->rid = rule_added.rid; 873 fltr->rule_id = rule_added.rule_id; 874 fltr->dest_vsi_handle = rule_added.vsi_handle; 875 876 exit: 877 kfree(list); 878 return ret; 879 } 880 881 /** 882 * ice_locate_vsi_using_queue - locate VSI using queue (forward to queue action) 883 * @vsi: Pointer to VSI 884 * @queue: Queue index 885 * 886 * Locate the VSI using specified "queue". When ADQ is not enabled, 887 * always return input VSI, otherwise locate corresponding 888 * VSI based on per channel "offset" and "qcount" 889 */ 890 struct ice_vsi * 891 ice_locate_vsi_using_queue(struct ice_vsi *vsi, int queue) 892 { 893 int num_tc, tc; 894 895 /* if ADQ is not active, passed VSI is the candidate VSI */ 896 if (!ice_is_adq_active(vsi->back)) 897 return vsi; 898 899 /* Locate the VSI (it could still be main PF VSI or CHNL_VSI depending 900 * upon queue number) 901 */ 902 num_tc = vsi->mqprio_qopt.qopt.num_tc; 903 904 for (tc = 0; tc < num_tc; tc++) { 905 int qcount = vsi->mqprio_qopt.qopt.count[tc]; 906 int offset = vsi->mqprio_qopt.qopt.offset[tc]; 907 908 if (queue >= offset && queue < offset + qcount) { 909 /* for non-ADQ TCs, passed VSI is the candidate VSI */ 910 if (tc < ICE_CHNL_START_TC) 911 return vsi; 912 else 913 return vsi->tc_map_vsi[tc]; 914 } 915 } 916 return NULL; 917 } 918 919 static struct ice_rx_ring * 920 ice_locate_rx_ring_using_queue(struct ice_vsi *vsi, 921 struct ice_tc_flower_fltr *tc_fltr) 922 { 923 u16 queue = tc_fltr->action.fwd.q.queue; 924 925 return queue < vsi->num_rxq ? vsi->rx_rings[queue] : NULL; 926 } 927 928 /** 929 * ice_tc_forward_action - Determine destination VSI and queue for the action 930 * @vsi: Pointer to VSI 931 * @tc_fltr: Pointer to TC flower filter structure 932 * 933 * Validates the tc forward action and determines the destination VSI and queue 934 * for the forward action. 935 */ 936 static struct ice_vsi * 937 ice_tc_forward_action(struct ice_vsi *vsi, struct ice_tc_flower_fltr *tc_fltr) 938 { 939 struct ice_rx_ring *ring = NULL; 940 struct ice_vsi *dest_vsi = NULL; 941 struct ice_pf *pf = vsi->back; 942 struct device *dev; 943 u32 tc_class; 944 int q; 945 946 dev = ice_pf_to_dev(pf); 947 948 /* Get the destination VSI and/or destination queue and validate them */ 949 switch (tc_fltr->action.fltr_act) { 950 case ICE_FWD_TO_VSI: 951 tc_class = tc_fltr->action.fwd.tc.tc_class; 952 /* Select the destination VSI */ 953 if (tc_class < ICE_CHNL_START_TC) { 954 NL_SET_ERR_MSG_MOD(tc_fltr->extack, 955 "Unable to add filter because of unsupported destination"); 956 return ERR_PTR(-EOPNOTSUPP); 957 } 958 /* Locate ADQ VSI depending on hw_tc number */ 959 dest_vsi = vsi->tc_map_vsi[tc_class]; 960 break; 961 case ICE_FWD_TO_Q: 962 /* Locate the Rx queue */ 963 ring = ice_locate_rx_ring_using_queue(vsi, tc_fltr); 964 if (!ring) { 965 dev_err(dev, 966 "Unable to locate Rx queue for action fwd_to_queue: %u\n", 967 tc_fltr->action.fwd.q.queue); 968 return ERR_PTR(-EINVAL); 969 } 970 /* Determine destination VSI even though the action is 971 * FWD_TO_QUEUE, because QUEUE is associated with VSI 972 */ 973 q = tc_fltr->action.fwd.q.queue; 974 dest_vsi = ice_locate_vsi_using_queue(vsi, q); 975 break; 976 default: 977 dev_err(dev, 978 "Unable to add filter because of unsupported action %u (supported actions: fwd to tc, fwd to queue)\n", 979 tc_fltr->action.fltr_act); 980 return ERR_PTR(-EINVAL); 981 } 982 /* Must have valid dest_vsi (it could be main VSI or ADQ VSI) */ 983 if (!dest_vsi) { 984 dev_err(dev, 985 "Unable to add filter because specified destination VSI doesn't exist\n"); 986 return ERR_PTR(-EINVAL); 987 } 988 return dest_vsi; 989 } 990 991 /** 992 * ice_add_tc_flower_adv_fltr - add appropriate filter rules 993 * @vsi: Pointer to VSI 994 * @tc_fltr: Pointer to TC flower filter structure 995 * 996 * based on filter parameters using Advance recipes supported 997 * by OS package. 998 */ 999 static int 1000 ice_add_tc_flower_adv_fltr(struct ice_vsi *vsi, 1001 struct ice_tc_flower_fltr *tc_fltr) 1002 { 1003 struct ice_tc_flower_lyr_2_4_hdrs *headers = &tc_fltr->outer_headers; 1004 struct ice_adv_rule_info rule_info = {0}; 1005 struct ice_rule_query_data rule_added; 1006 struct ice_adv_lkup_elem *list; 1007 struct ice_pf *pf = vsi->back; 1008 struct ice_hw *hw = &pf->hw; 1009 u32 flags = tc_fltr->flags; 1010 struct ice_vsi *dest_vsi; 1011 struct device *dev; 1012 u16 lkups_cnt = 0; 1013 u16 l4_proto = 0; 1014 int ret = 0; 1015 u16 i = 0; 1016 1017 dev = ice_pf_to_dev(pf); 1018 if (ice_is_safe_mode(pf)) { 1019 NL_SET_ERR_MSG_MOD(tc_fltr->extack, "Unable to add filter because driver is in safe mode"); 1020 return -EOPNOTSUPP; 1021 } 1022 1023 if (!flags || (flags & (ICE_TC_FLWR_FIELD_ENC_DEST_IPV4 | 1024 ICE_TC_FLWR_FIELD_ENC_SRC_IPV4 | 1025 ICE_TC_FLWR_FIELD_ENC_DEST_IPV6 | 1026 ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 | 1027 ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT))) { 1028 NL_SET_ERR_MSG_MOD(tc_fltr->extack, "Unsupported encap field(s)"); 1029 return -EOPNOTSUPP; 1030 } 1031 1032 /* validate forwarding action VSI and queue */ 1033 if (ice_is_forward_action(tc_fltr->action.fltr_act)) { 1034 dest_vsi = ice_tc_forward_action(vsi, tc_fltr); 1035 if (IS_ERR(dest_vsi)) 1036 return PTR_ERR(dest_vsi); 1037 } 1038 1039 lkups_cnt = ice_tc_count_lkups(flags, headers, tc_fltr); 1040 list = kcalloc(lkups_cnt, sizeof(*list), GFP_ATOMIC); 1041 if (!list) 1042 return -ENOMEM; 1043 1044 i = ice_tc_fill_rules(hw, flags, tc_fltr, list, &rule_info, &l4_proto); 1045 if (i != lkups_cnt) { 1046 ret = -EINVAL; 1047 goto exit; 1048 } 1049 1050 rule_info.sw_act.fltr_act = tc_fltr->action.fltr_act; 1051 /* specify the cookie as filter_rule_id */ 1052 rule_info.fltr_rule_id = tc_fltr->cookie; 1053 1054 switch (tc_fltr->action.fltr_act) { 1055 case ICE_FWD_TO_VSI: 1056 rule_info.sw_act.vsi_handle = dest_vsi->idx; 1057 rule_info.priority = ICE_SWITCH_FLTR_PRIO_VSI; 1058 rule_info.sw_act.src = hw->pf_id; 1059 dev_dbg(dev, "add switch rule for TC:%u vsi_idx:%u, lkups_cnt:%u\n", 1060 tc_fltr->action.fwd.tc.tc_class, 1061 rule_info.sw_act.vsi_handle, lkups_cnt); 1062 break; 1063 case ICE_FWD_TO_Q: 1064 /* HW queue number in global space */ 1065 rule_info.sw_act.fwd_id.q_id = tc_fltr->action.fwd.q.hw_queue; 1066 rule_info.sw_act.vsi_handle = dest_vsi->idx; 1067 rule_info.priority = ICE_SWITCH_FLTR_PRIO_QUEUE; 1068 rule_info.sw_act.src = hw->pf_id; 1069 dev_dbg(dev, "add switch rule action to forward to queue:%u (HW queue %u), lkups_cnt:%u\n", 1070 tc_fltr->action.fwd.q.queue, 1071 tc_fltr->action.fwd.q.hw_queue, lkups_cnt); 1072 break; 1073 case ICE_DROP_PACKET: 1074 rule_info.sw_act.flag |= ICE_FLTR_RX; 1075 rule_info.sw_act.src = hw->pf_id; 1076 rule_info.priority = ICE_SWITCH_FLTR_PRIO_VSI; 1077 break; 1078 default: 1079 ret = -EOPNOTSUPP; 1080 goto exit; 1081 } 1082 1083 ret = ice_add_adv_rule(hw, list, lkups_cnt, &rule_info, &rule_added); 1084 if (ret == -EEXIST) { 1085 NL_SET_ERR_MSG_MOD(tc_fltr->extack, 1086 "Unable to add filter because it already exist"); 1087 ret = -EINVAL; 1088 goto exit; 1089 } else if (ret) { 1090 NL_SET_ERR_MSG_MOD(tc_fltr->extack, 1091 "Unable to add filter due to error"); 1092 goto exit; 1093 } 1094 1095 /* store the output params, which are needed later for removing 1096 * advanced switch filter 1097 */ 1098 tc_fltr->rid = rule_added.rid; 1099 tc_fltr->rule_id = rule_added.rule_id; 1100 tc_fltr->dest_vsi_handle = rule_added.vsi_handle; 1101 if (tc_fltr->action.fltr_act == ICE_FWD_TO_VSI || 1102 tc_fltr->action.fltr_act == ICE_FWD_TO_Q) { 1103 tc_fltr->dest_vsi = dest_vsi; 1104 /* keep track of advanced switch filter for 1105 * destination VSI 1106 */ 1107 dest_vsi->num_chnl_fltr++; 1108 1109 /* keeps track of channel filters for PF VSI */ 1110 if (vsi->type == ICE_VSI_PF && 1111 (flags & (ICE_TC_FLWR_FIELD_DST_MAC | 1112 ICE_TC_FLWR_FIELD_ENC_DST_MAC))) 1113 pf->num_dmac_chnl_fltrs++; 1114 } 1115 switch (tc_fltr->action.fltr_act) { 1116 case ICE_FWD_TO_VSI: 1117 dev_dbg(dev, "added switch rule (lkups_cnt %u, flags 0x%x), action is forward to TC %u, rid %u, rule_id %u, vsi_idx %u\n", 1118 lkups_cnt, flags, 1119 tc_fltr->action.fwd.tc.tc_class, rule_added.rid, 1120 rule_added.rule_id, rule_added.vsi_handle); 1121 break; 1122 case ICE_FWD_TO_Q: 1123 dev_dbg(dev, "added switch rule (lkups_cnt %u, flags 0x%x), action is forward to queue: %u (HW queue %u) , rid %u, rule_id %u\n", 1124 lkups_cnt, flags, tc_fltr->action.fwd.q.queue, 1125 tc_fltr->action.fwd.q.hw_queue, rule_added.rid, 1126 rule_added.rule_id); 1127 break; 1128 case ICE_DROP_PACKET: 1129 dev_dbg(dev, "added switch rule (lkups_cnt %u, flags 0x%x), action is drop, rid %u, rule_id %u\n", 1130 lkups_cnt, flags, rule_added.rid, rule_added.rule_id); 1131 break; 1132 default: 1133 break; 1134 } 1135 exit: 1136 kfree(list); 1137 return ret; 1138 } 1139 1140 /** 1141 * ice_tc_set_pppoe - Parse PPPoE fields from TC flower filter 1142 * @match: Pointer to flow match structure 1143 * @fltr: Pointer to filter structure 1144 * @headers: Pointer to outer header fields 1145 * @returns PPP protocol used in filter (ppp_ses or ppp_disc) 1146 */ 1147 static u16 1148 ice_tc_set_pppoe(struct flow_match_pppoe *match, 1149 struct ice_tc_flower_fltr *fltr, 1150 struct ice_tc_flower_lyr_2_4_hdrs *headers) 1151 { 1152 if (match->mask->session_id) { 1153 fltr->flags |= ICE_TC_FLWR_FIELD_PPPOE_SESSID; 1154 headers->pppoe_hdr.session_id = match->key->session_id; 1155 } 1156 1157 if (match->mask->ppp_proto) { 1158 fltr->flags |= ICE_TC_FLWR_FIELD_PPP_PROTO; 1159 headers->pppoe_hdr.ppp_proto = match->key->ppp_proto; 1160 } 1161 1162 return be16_to_cpu(match->key->type); 1163 } 1164 1165 /** 1166 * ice_tc_set_ipv4 - Parse IPv4 addresses from TC flower filter 1167 * @match: Pointer to flow match structure 1168 * @fltr: Pointer to filter structure 1169 * @headers: inner or outer header fields 1170 * @is_encap: set true for tunnel IPv4 address 1171 */ 1172 static int 1173 ice_tc_set_ipv4(struct flow_match_ipv4_addrs *match, 1174 struct ice_tc_flower_fltr *fltr, 1175 struct ice_tc_flower_lyr_2_4_hdrs *headers, bool is_encap) 1176 { 1177 if (match->key->dst) { 1178 if (is_encap) 1179 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DEST_IPV4; 1180 else 1181 fltr->flags |= ICE_TC_FLWR_FIELD_DEST_IPV4; 1182 headers->l3_key.dst_ipv4 = match->key->dst; 1183 headers->l3_mask.dst_ipv4 = match->mask->dst; 1184 } 1185 if (match->key->src) { 1186 if (is_encap) 1187 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_SRC_IPV4; 1188 else 1189 fltr->flags |= ICE_TC_FLWR_FIELD_SRC_IPV4; 1190 headers->l3_key.src_ipv4 = match->key->src; 1191 headers->l3_mask.src_ipv4 = match->mask->src; 1192 } 1193 return 0; 1194 } 1195 1196 /** 1197 * ice_tc_set_ipv6 - Parse IPv6 addresses from TC flower filter 1198 * @match: Pointer to flow match structure 1199 * @fltr: Pointer to filter structure 1200 * @headers: inner or outer header fields 1201 * @is_encap: set true for tunnel IPv6 address 1202 */ 1203 static int 1204 ice_tc_set_ipv6(struct flow_match_ipv6_addrs *match, 1205 struct ice_tc_flower_fltr *fltr, 1206 struct ice_tc_flower_lyr_2_4_hdrs *headers, bool is_encap) 1207 { 1208 struct ice_tc_l3_hdr *l3_key, *l3_mask; 1209 1210 /* src and dest IPV6 address should not be LOOPBACK 1211 * (0:0:0:0:0:0:0:1), which can be represented as ::1 1212 */ 1213 if (ipv6_addr_loopback(&match->key->dst) || 1214 ipv6_addr_loopback(&match->key->src)) { 1215 NL_SET_ERR_MSG_MOD(fltr->extack, "Bad IPv6, addr is LOOPBACK"); 1216 return -EINVAL; 1217 } 1218 /* if src/dest IPv6 address is *,* error */ 1219 if (ipv6_addr_any(&match->mask->dst) && 1220 ipv6_addr_any(&match->mask->src)) { 1221 NL_SET_ERR_MSG_MOD(fltr->extack, "Bad src/dest IPv6, addr is any"); 1222 return -EINVAL; 1223 } 1224 if (!ipv6_addr_any(&match->mask->dst)) { 1225 if (is_encap) 1226 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DEST_IPV6; 1227 else 1228 fltr->flags |= ICE_TC_FLWR_FIELD_DEST_IPV6; 1229 } 1230 if (!ipv6_addr_any(&match->mask->src)) { 1231 if (is_encap) 1232 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_SRC_IPV6; 1233 else 1234 fltr->flags |= ICE_TC_FLWR_FIELD_SRC_IPV6; 1235 } 1236 1237 l3_key = &headers->l3_key; 1238 l3_mask = &headers->l3_mask; 1239 1240 if (fltr->flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 | 1241 ICE_TC_FLWR_FIELD_SRC_IPV6)) { 1242 memcpy(&l3_key->src_ipv6_addr, &match->key->src.s6_addr, 1243 sizeof(match->key->src.s6_addr)); 1244 memcpy(&l3_mask->src_ipv6_addr, &match->mask->src.s6_addr, 1245 sizeof(match->mask->src.s6_addr)); 1246 } 1247 if (fltr->flags & (ICE_TC_FLWR_FIELD_ENC_DEST_IPV6 | 1248 ICE_TC_FLWR_FIELD_DEST_IPV6)) { 1249 memcpy(&l3_key->dst_ipv6_addr, &match->key->dst.s6_addr, 1250 sizeof(match->key->dst.s6_addr)); 1251 memcpy(&l3_mask->dst_ipv6_addr, &match->mask->dst.s6_addr, 1252 sizeof(match->mask->dst.s6_addr)); 1253 } 1254 1255 return 0; 1256 } 1257 1258 /** 1259 * ice_tc_set_tos_ttl - Parse IP ToS/TTL from TC flower filter 1260 * @match: Pointer to flow match structure 1261 * @fltr: Pointer to filter structure 1262 * @headers: inner or outer header fields 1263 * @is_encap: set true for tunnel 1264 */ 1265 static void 1266 ice_tc_set_tos_ttl(struct flow_match_ip *match, 1267 struct ice_tc_flower_fltr *fltr, 1268 struct ice_tc_flower_lyr_2_4_hdrs *headers, 1269 bool is_encap) 1270 { 1271 if (match->mask->tos) { 1272 if (is_encap) 1273 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_IP_TOS; 1274 else 1275 fltr->flags |= ICE_TC_FLWR_FIELD_IP_TOS; 1276 1277 headers->l3_key.tos = match->key->tos; 1278 headers->l3_mask.tos = match->mask->tos; 1279 } 1280 1281 if (match->mask->ttl) { 1282 if (is_encap) 1283 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_IP_TTL; 1284 else 1285 fltr->flags |= ICE_TC_FLWR_FIELD_IP_TTL; 1286 1287 headers->l3_key.ttl = match->key->ttl; 1288 headers->l3_mask.ttl = match->mask->ttl; 1289 } 1290 } 1291 1292 /** 1293 * ice_tc_set_port - Parse ports from TC flower filter 1294 * @match: Flow match structure 1295 * @fltr: Pointer to filter structure 1296 * @headers: inner or outer header fields 1297 * @is_encap: set true for tunnel port 1298 */ 1299 static int 1300 ice_tc_set_port(struct flow_match_ports match, 1301 struct ice_tc_flower_fltr *fltr, 1302 struct ice_tc_flower_lyr_2_4_hdrs *headers, bool is_encap) 1303 { 1304 if (match.key->dst) { 1305 if (is_encap) 1306 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DEST_L4_PORT; 1307 else 1308 fltr->flags |= ICE_TC_FLWR_FIELD_DEST_L4_PORT; 1309 1310 headers->l4_key.dst_port = match.key->dst; 1311 headers->l4_mask.dst_port = match.mask->dst; 1312 } 1313 if (match.key->src) { 1314 if (is_encap) 1315 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT; 1316 else 1317 fltr->flags |= ICE_TC_FLWR_FIELD_SRC_L4_PORT; 1318 1319 headers->l4_key.src_port = match.key->src; 1320 headers->l4_mask.src_port = match.mask->src; 1321 } 1322 return 0; 1323 } 1324 1325 static struct net_device * 1326 ice_get_tunnel_device(struct net_device *dev, struct flow_rule *rule) 1327 { 1328 struct flow_action_entry *act; 1329 int i; 1330 1331 if (ice_is_tunnel_supported(dev)) 1332 return dev; 1333 1334 flow_action_for_each(i, act, &rule->action) { 1335 if (act->id == FLOW_ACTION_REDIRECT && 1336 ice_is_tunnel_supported(act->dev)) 1337 return act->dev; 1338 } 1339 1340 return NULL; 1341 } 1342 1343 /** 1344 * ice_parse_gtp_type - Sets GTP tunnel type to GTP-U or GTP-C 1345 * @match: Flow match structure 1346 * @fltr: Pointer to filter structure 1347 * 1348 * GTP-C/GTP-U is selected based on destination port number (enc_dst_port). 1349 * Before calling this funtcion, fltr->tunnel_type should be set to TNL_GTPU, 1350 * therefore making GTP-U the default choice (when destination port number is 1351 * not specified). 1352 */ 1353 static int 1354 ice_parse_gtp_type(struct flow_match_ports match, 1355 struct ice_tc_flower_fltr *fltr) 1356 { 1357 u16 dst_port; 1358 1359 if (match.key->dst) { 1360 dst_port = be16_to_cpu(match.key->dst); 1361 1362 switch (dst_port) { 1363 case 2152: 1364 break; 1365 case 2123: 1366 fltr->tunnel_type = TNL_GTPC; 1367 break; 1368 default: 1369 NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported GTP port number"); 1370 return -EINVAL; 1371 } 1372 } 1373 1374 return 0; 1375 } 1376 1377 static int 1378 ice_parse_tunnel_attr(struct net_device *dev, struct flow_rule *rule, 1379 struct ice_tc_flower_fltr *fltr) 1380 { 1381 struct ice_tc_flower_lyr_2_4_hdrs *headers = &fltr->outer_headers; 1382 struct flow_match_control enc_control; 1383 1384 fltr->tunnel_type = ice_tc_tun_get_type(dev); 1385 headers->l3_key.ip_proto = IPPROTO_UDP; 1386 1387 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_KEYID)) { 1388 struct flow_match_enc_keyid enc_keyid; 1389 1390 flow_rule_match_enc_keyid(rule, &enc_keyid); 1391 1392 if (!enc_keyid.mask->keyid || 1393 enc_keyid.mask->keyid != cpu_to_be32(ICE_TC_FLOWER_MASK_32)) 1394 return -EINVAL; 1395 1396 fltr->flags |= ICE_TC_FLWR_FIELD_TENANT_ID; 1397 fltr->tenant_id = enc_keyid.key->keyid; 1398 } 1399 1400 flow_rule_match_enc_control(rule, &enc_control); 1401 1402 if (enc_control.key->addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS) { 1403 struct flow_match_ipv4_addrs match; 1404 1405 flow_rule_match_enc_ipv4_addrs(rule, &match); 1406 if (ice_tc_set_ipv4(&match, fltr, headers, true)) 1407 return -EINVAL; 1408 } else if (enc_control.key->addr_type == 1409 FLOW_DISSECTOR_KEY_IPV6_ADDRS) { 1410 struct flow_match_ipv6_addrs match; 1411 1412 flow_rule_match_enc_ipv6_addrs(rule, &match); 1413 if (ice_tc_set_ipv6(&match, fltr, headers, true)) 1414 return -EINVAL; 1415 } 1416 1417 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_IP)) { 1418 struct flow_match_ip match; 1419 1420 flow_rule_match_enc_ip(rule, &match); 1421 ice_tc_set_tos_ttl(&match, fltr, headers, true); 1422 } 1423 1424 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_PORTS) && 1425 fltr->tunnel_type != TNL_VXLAN && fltr->tunnel_type != TNL_GENEVE) { 1426 struct flow_match_ports match; 1427 1428 flow_rule_match_enc_ports(rule, &match); 1429 1430 if (fltr->tunnel_type != TNL_GTPU) { 1431 if (ice_tc_set_port(match, fltr, headers, true)) 1432 return -EINVAL; 1433 } else { 1434 if (ice_parse_gtp_type(match, fltr)) 1435 return -EINVAL; 1436 } 1437 } 1438 1439 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_OPTS) && 1440 (fltr->tunnel_type == TNL_GTPU || fltr->tunnel_type == TNL_GTPC)) { 1441 struct flow_match_enc_opts match; 1442 1443 flow_rule_match_enc_opts(rule, &match); 1444 1445 memcpy(&fltr->gtp_pdu_info_keys, &match.key->data[0], 1446 sizeof(struct gtp_pdu_session_info)); 1447 1448 memcpy(&fltr->gtp_pdu_info_masks, &match.mask->data[0], 1449 sizeof(struct gtp_pdu_session_info)); 1450 1451 fltr->flags |= ICE_TC_FLWR_FIELD_GTP_OPTS; 1452 } 1453 1454 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_OPTS) && 1455 fltr->tunnel_type == TNL_PFCP) { 1456 struct flow_match_enc_opts match; 1457 1458 flow_rule_match_enc_opts(rule, &match); 1459 1460 memcpy(&fltr->pfcp_meta_keys, match.key->data, 1461 sizeof(struct pfcp_metadata)); 1462 memcpy(&fltr->pfcp_meta_masks, match.mask->data, 1463 sizeof(struct pfcp_metadata)); 1464 1465 fltr->flags |= ICE_TC_FLWR_FIELD_PFCP_OPTS; 1466 } 1467 1468 return 0; 1469 } 1470 1471 /** 1472 * ice_parse_cls_flower - Parse TC flower filters provided by kernel 1473 * @vsi: Pointer to the VSI 1474 * @filter_dev: Pointer to device on which filter is being added 1475 * @f: Pointer to struct flow_cls_offload 1476 * @fltr: Pointer to filter structure 1477 */ 1478 static int 1479 ice_parse_cls_flower(struct net_device *filter_dev, struct ice_vsi *vsi, 1480 struct flow_cls_offload *f, 1481 struct ice_tc_flower_fltr *fltr) 1482 { 1483 struct ice_tc_flower_lyr_2_4_hdrs *headers = &fltr->outer_headers; 1484 struct flow_rule *rule = flow_cls_offload_flow_rule(f); 1485 u16 n_proto_mask = 0, n_proto_key = 0, addr_type = 0; 1486 struct flow_dissector *dissector; 1487 struct net_device *tunnel_dev; 1488 1489 dissector = rule->match.dissector; 1490 1491 if (dissector->used_keys & 1492 ~(BIT_ULL(FLOW_DISSECTOR_KEY_CONTROL) | 1493 BIT_ULL(FLOW_DISSECTOR_KEY_BASIC) | 1494 BIT_ULL(FLOW_DISSECTOR_KEY_ETH_ADDRS) | 1495 BIT_ULL(FLOW_DISSECTOR_KEY_VLAN) | 1496 BIT_ULL(FLOW_DISSECTOR_KEY_CVLAN) | 1497 BIT_ULL(FLOW_DISSECTOR_KEY_IPV4_ADDRS) | 1498 BIT_ULL(FLOW_DISSECTOR_KEY_IPV6_ADDRS) | 1499 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_CONTROL) | 1500 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_KEYID) | 1501 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) | 1502 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) | 1503 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_PORTS) | 1504 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_OPTS) | 1505 BIT_ULL(FLOW_DISSECTOR_KEY_IP) | 1506 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IP) | 1507 BIT_ULL(FLOW_DISSECTOR_KEY_PORTS) | 1508 BIT_ULL(FLOW_DISSECTOR_KEY_PPPOE) | 1509 BIT_ULL(FLOW_DISSECTOR_KEY_L2TPV3))) { 1510 NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported key used"); 1511 return -EOPNOTSUPP; 1512 } 1513 1514 tunnel_dev = ice_get_tunnel_device(filter_dev, rule); 1515 if (tunnel_dev) { 1516 int err; 1517 1518 filter_dev = tunnel_dev; 1519 1520 err = ice_parse_tunnel_attr(filter_dev, rule, fltr); 1521 if (err) { 1522 NL_SET_ERR_MSG_MOD(fltr->extack, "Failed to parse TC flower tunnel attributes"); 1523 return err; 1524 } 1525 1526 /* PFCP is considered non-tunneled - don't swap headers. */ 1527 if (fltr->tunnel_type != TNL_PFCP) { 1528 /* Header pointers should point to the inner headers, 1529 * outer header were already set by 1530 * ice_parse_tunnel_attr(). 1531 */ 1532 headers = &fltr->inner_headers; 1533 } 1534 } else if (dissector->used_keys & 1535 (BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) | 1536 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) | 1537 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_KEYID) | 1538 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_PORTS) | 1539 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IP) | 1540 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_OPTS) | 1541 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_CONTROL))) { 1542 NL_SET_ERR_MSG_MOD(fltr->extack, "Tunnel key used, but device isn't a tunnel"); 1543 return -EOPNOTSUPP; 1544 } else { 1545 fltr->tunnel_type = TNL_LAST; 1546 } 1547 1548 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) { 1549 struct flow_match_basic match; 1550 1551 flow_rule_match_basic(rule, &match); 1552 1553 n_proto_key = ntohs(match.key->n_proto); 1554 n_proto_mask = ntohs(match.mask->n_proto); 1555 1556 if (n_proto_key == ETH_P_ALL || n_proto_key == 0 || 1557 fltr->tunnel_type == TNL_GTPU || 1558 fltr->tunnel_type == TNL_GTPC) { 1559 n_proto_key = 0; 1560 n_proto_mask = 0; 1561 } else { 1562 fltr->flags |= ICE_TC_FLWR_FIELD_ETH_TYPE_ID; 1563 } 1564 1565 headers->l2_key.n_proto = cpu_to_be16(n_proto_key); 1566 headers->l2_mask.n_proto = cpu_to_be16(n_proto_mask); 1567 headers->l3_key.ip_proto = match.key->ip_proto; 1568 } 1569 1570 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ETH_ADDRS)) { 1571 struct flow_match_eth_addrs match; 1572 1573 flow_rule_match_eth_addrs(rule, &match); 1574 1575 if (!is_zero_ether_addr(match.key->dst)) { 1576 ether_addr_copy(headers->l2_key.dst_mac, 1577 match.key->dst); 1578 ether_addr_copy(headers->l2_mask.dst_mac, 1579 match.mask->dst); 1580 fltr->flags |= ICE_TC_FLWR_FIELD_DST_MAC; 1581 } 1582 1583 if (!is_zero_ether_addr(match.key->src)) { 1584 ether_addr_copy(headers->l2_key.src_mac, 1585 match.key->src); 1586 ether_addr_copy(headers->l2_mask.src_mac, 1587 match.mask->src); 1588 fltr->flags |= ICE_TC_FLWR_FIELD_SRC_MAC; 1589 } 1590 } 1591 1592 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_VLAN) || 1593 is_vlan_dev(filter_dev)) { 1594 struct flow_dissector_key_vlan mask; 1595 struct flow_dissector_key_vlan key; 1596 struct flow_match_vlan match; 1597 1598 if (is_vlan_dev(filter_dev)) { 1599 match.key = &key; 1600 match.key->vlan_id = vlan_dev_vlan_id(filter_dev); 1601 match.key->vlan_priority = 0; 1602 match.mask = &mask; 1603 memset(match.mask, 0xff, sizeof(*match.mask)); 1604 match.mask->vlan_priority = 0; 1605 } else { 1606 flow_rule_match_vlan(rule, &match); 1607 } 1608 1609 if (match.mask->vlan_id) { 1610 if (match.mask->vlan_id == VLAN_VID_MASK) { 1611 fltr->flags |= ICE_TC_FLWR_FIELD_VLAN; 1612 headers->vlan_hdr.vlan_id = 1613 cpu_to_be16(match.key->vlan_id & 1614 VLAN_VID_MASK); 1615 } else { 1616 NL_SET_ERR_MSG_MOD(fltr->extack, "Bad VLAN mask"); 1617 return -EINVAL; 1618 } 1619 } 1620 1621 if (match.mask->vlan_priority) { 1622 fltr->flags |= ICE_TC_FLWR_FIELD_VLAN_PRIO; 1623 headers->vlan_hdr.vlan_prio = 1624 be16_encode_bits(match.key->vlan_priority, 1625 VLAN_PRIO_MASK); 1626 } 1627 1628 if (match.mask->vlan_tpid) { 1629 headers->vlan_hdr.vlan_tpid = match.key->vlan_tpid; 1630 fltr->flags |= ICE_TC_FLWR_FIELD_VLAN_TPID; 1631 } 1632 } 1633 1634 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CVLAN)) { 1635 struct flow_match_vlan match; 1636 1637 if (!ice_is_dvm_ena(&vsi->back->hw)) { 1638 NL_SET_ERR_MSG_MOD(fltr->extack, "Double VLAN mode is not enabled"); 1639 return -EINVAL; 1640 } 1641 1642 flow_rule_match_cvlan(rule, &match); 1643 1644 if (match.mask->vlan_id) { 1645 if (match.mask->vlan_id == VLAN_VID_MASK) { 1646 fltr->flags |= ICE_TC_FLWR_FIELD_CVLAN; 1647 headers->cvlan_hdr.vlan_id = 1648 cpu_to_be16(match.key->vlan_id & 1649 VLAN_VID_MASK); 1650 } else { 1651 NL_SET_ERR_MSG_MOD(fltr->extack, 1652 "Bad CVLAN mask"); 1653 return -EINVAL; 1654 } 1655 } 1656 1657 if (match.mask->vlan_priority) { 1658 fltr->flags |= ICE_TC_FLWR_FIELD_CVLAN_PRIO; 1659 headers->cvlan_hdr.vlan_prio = 1660 be16_encode_bits(match.key->vlan_priority, 1661 VLAN_PRIO_MASK); 1662 } 1663 } 1664 1665 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PPPOE)) { 1666 struct flow_match_pppoe match; 1667 1668 flow_rule_match_pppoe(rule, &match); 1669 n_proto_key = ice_tc_set_pppoe(&match, fltr, headers); 1670 1671 /* If ethertype equals ETH_P_PPP_SES, n_proto might be 1672 * overwritten by encapsulated protocol (ppp_proto field) or set 1673 * to 0. To correct this, flow_match_pppoe provides the type 1674 * field, which contains the actual ethertype (ETH_P_PPP_SES). 1675 */ 1676 headers->l2_key.n_proto = cpu_to_be16(n_proto_key); 1677 headers->l2_mask.n_proto = cpu_to_be16(0xFFFF); 1678 fltr->flags |= ICE_TC_FLWR_FIELD_ETH_TYPE_ID; 1679 } 1680 1681 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CONTROL)) { 1682 struct flow_match_control match; 1683 1684 flow_rule_match_control(rule, &match); 1685 1686 addr_type = match.key->addr_type; 1687 } 1688 1689 if (addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS) { 1690 struct flow_match_ipv4_addrs match; 1691 1692 flow_rule_match_ipv4_addrs(rule, &match); 1693 if (ice_tc_set_ipv4(&match, fltr, headers, false)) 1694 return -EINVAL; 1695 } 1696 1697 if (addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS) { 1698 struct flow_match_ipv6_addrs match; 1699 1700 flow_rule_match_ipv6_addrs(rule, &match); 1701 if (ice_tc_set_ipv6(&match, fltr, headers, false)) 1702 return -EINVAL; 1703 } 1704 1705 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IP)) { 1706 struct flow_match_ip match; 1707 1708 flow_rule_match_ip(rule, &match); 1709 ice_tc_set_tos_ttl(&match, fltr, headers, false); 1710 } 1711 1712 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_L2TPV3)) { 1713 struct flow_match_l2tpv3 match; 1714 1715 flow_rule_match_l2tpv3(rule, &match); 1716 1717 fltr->flags |= ICE_TC_FLWR_FIELD_L2TPV3_SESSID; 1718 headers->l2tpv3_hdr.session_id = match.key->session_id; 1719 } 1720 1721 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS)) { 1722 struct flow_match_ports match; 1723 1724 flow_rule_match_ports(rule, &match); 1725 if (ice_tc_set_port(match, fltr, headers, false)) 1726 return -EINVAL; 1727 switch (headers->l3_key.ip_proto) { 1728 case IPPROTO_TCP: 1729 case IPPROTO_UDP: 1730 break; 1731 default: 1732 NL_SET_ERR_MSG_MOD(fltr->extack, "Only UDP and TCP transport are supported"); 1733 return -EINVAL; 1734 } 1735 } 1736 return 0; 1737 } 1738 1739 /** 1740 * ice_add_switch_fltr - Add TC flower filters 1741 * @vsi: Pointer to VSI 1742 * @fltr: Pointer to struct ice_tc_flower_fltr 1743 * 1744 * Add filter in HW switch block 1745 */ 1746 static int 1747 ice_add_switch_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr) 1748 { 1749 if (fltr->action.fltr_act == ICE_FWD_TO_QGRP) 1750 return -EOPNOTSUPP; 1751 1752 if (ice_is_eswitch_mode_switchdev(vsi->back)) 1753 return ice_eswitch_add_tc_fltr(vsi, fltr); 1754 1755 return ice_add_tc_flower_adv_fltr(vsi, fltr); 1756 } 1757 1758 /** 1759 * ice_prep_adq_filter - Prepare ADQ filter with the required additional headers 1760 * @vsi: Pointer to VSI 1761 * @fltr: Pointer to TC flower filter structure 1762 * 1763 * Prepare ADQ filter with the required additional header fields 1764 */ 1765 static int 1766 ice_prep_adq_filter(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr) 1767 { 1768 if ((fltr->flags & ICE_TC_FLWR_FIELD_TENANT_ID) && 1769 (fltr->flags & (ICE_TC_FLWR_FIELD_DST_MAC | 1770 ICE_TC_FLWR_FIELD_SRC_MAC))) { 1771 NL_SET_ERR_MSG_MOD(fltr->extack, 1772 "Unable to add filter because filter using tunnel key and inner MAC is unsupported combination"); 1773 return -EOPNOTSUPP; 1774 } 1775 1776 /* For ADQ, filter must include dest MAC address, otherwise unwanted 1777 * packets with unrelated MAC address get delivered to ADQ VSIs as long 1778 * as remaining filter criteria is satisfied such as dest IP address 1779 * and dest/src L4 port. Below code handles the following cases: 1780 * 1. For non-tunnel, if user specify MAC addresses, use them. 1781 * 2. For non-tunnel, if user didn't specify MAC address, add implicit 1782 * dest MAC to be lower netdev's active unicast MAC address 1783 * 3. For tunnel, as of now TC-filter through flower classifier doesn't 1784 * have provision for user to specify outer DMAC, hence driver to 1785 * implicitly add outer dest MAC to be lower netdev's active unicast 1786 * MAC address. 1787 */ 1788 if (fltr->tunnel_type != TNL_LAST && 1789 !(fltr->flags & ICE_TC_FLWR_FIELD_ENC_DST_MAC)) 1790 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DST_MAC; 1791 1792 if (fltr->tunnel_type == TNL_LAST && 1793 !(fltr->flags & ICE_TC_FLWR_FIELD_DST_MAC)) 1794 fltr->flags |= ICE_TC_FLWR_FIELD_DST_MAC; 1795 1796 if (fltr->flags & (ICE_TC_FLWR_FIELD_DST_MAC | 1797 ICE_TC_FLWR_FIELD_ENC_DST_MAC)) { 1798 ether_addr_copy(fltr->outer_headers.l2_key.dst_mac, 1799 vsi->netdev->dev_addr); 1800 eth_broadcast_addr(fltr->outer_headers.l2_mask.dst_mac); 1801 } 1802 1803 /* Make sure VLAN is already added to main VSI, before allowing ADQ to 1804 * add a VLAN based filter such as MAC + VLAN + L4 port. 1805 */ 1806 if (fltr->flags & ICE_TC_FLWR_FIELD_VLAN) { 1807 u16 vlan_id = be16_to_cpu(fltr->outer_headers.vlan_hdr.vlan_id); 1808 1809 if (!ice_vlan_fltr_exist(&vsi->back->hw, vlan_id, vsi->idx)) { 1810 NL_SET_ERR_MSG_MOD(fltr->extack, 1811 "Unable to add filter because legacy VLAN filter for specified destination doesn't exist"); 1812 return -EINVAL; 1813 } 1814 } 1815 return 0; 1816 } 1817 1818 /** 1819 * ice_handle_tclass_action - Support directing to a traffic class 1820 * @vsi: Pointer to VSI 1821 * @cls_flower: Pointer to TC flower offload structure 1822 * @fltr: Pointer to TC flower filter structure 1823 * 1824 * Support directing traffic to a traffic class/queue-set 1825 */ 1826 static int 1827 ice_handle_tclass_action(struct ice_vsi *vsi, 1828 struct flow_cls_offload *cls_flower, 1829 struct ice_tc_flower_fltr *fltr) 1830 { 1831 int tc = tc_classid_to_hwtc(vsi->netdev, cls_flower->classid); 1832 1833 /* user specified hw_tc (must be non-zero for ADQ TC), action is forward 1834 * to hw_tc (i.e. ADQ channel number) 1835 */ 1836 if (tc < ICE_CHNL_START_TC) { 1837 NL_SET_ERR_MSG_MOD(fltr->extack, 1838 "Unable to add filter because of unsupported destination"); 1839 return -EOPNOTSUPP; 1840 } 1841 if (!(vsi->all_enatc & BIT(tc))) { 1842 NL_SET_ERR_MSG_MOD(fltr->extack, 1843 "Unable to add filter because of non-existence destination"); 1844 return -EINVAL; 1845 } 1846 fltr->action.fltr_act = ICE_FWD_TO_VSI; 1847 fltr->action.fwd.tc.tc_class = tc; 1848 1849 return ice_prep_adq_filter(vsi, fltr); 1850 } 1851 1852 static int 1853 ice_tc_forward_to_queue(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr, 1854 struct flow_action_entry *act) 1855 { 1856 struct ice_vsi *ch_vsi = NULL; 1857 u16 queue = act->rx_queue; 1858 1859 if (queue >= vsi->num_rxq) { 1860 NL_SET_ERR_MSG_MOD(fltr->extack, 1861 "Unable to add filter because specified queue is invalid"); 1862 return -EINVAL; 1863 } 1864 fltr->action.fltr_act = ICE_FWD_TO_Q; 1865 fltr->action.fwd.q.queue = queue; 1866 /* determine corresponding HW queue */ 1867 fltr->action.fwd.q.hw_queue = vsi->rxq_map[queue]; 1868 1869 /* If ADQ is configured, and the queue belongs to ADQ VSI, then prepare 1870 * ADQ switch filter 1871 */ 1872 ch_vsi = ice_locate_vsi_using_queue(vsi, fltr->action.fwd.q.queue); 1873 if (!ch_vsi) 1874 return -EINVAL; 1875 fltr->dest_vsi = ch_vsi; 1876 if (!ice_is_chnl_fltr(fltr)) 1877 return 0; 1878 1879 return ice_prep_adq_filter(vsi, fltr); 1880 } 1881 1882 static int 1883 ice_tc_parse_action(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr, 1884 struct flow_action_entry *act) 1885 { 1886 switch (act->id) { 1887 case FLOW_ACTION_RX_QUEUE_MAPPING: 1888 /* forward to queue */ 1889 return ice_tc_forward_to_queue(vsi, fltr, act); 1890 case FLOW_ACTION_DROP: 1891 fltr->action.fltr_act = ICE_DROP_PACKET; 1892 return 0; 1893 default: 1894 NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported TC action"); 1895 return -EOPNOTSUPP; 1896 } 1897 } 1898 1899 /** 1900 * ice_parse_tc_flower_actions - Parse the actions for a TC filter 1901 * @filter_dev: Pointer to device on which filter is being added 1902 * @vsi: Pointer to VSI 1903 * @cls_flower: Pointer to TC flower offload structure 1904 * @fltr: Pointer to TC flower filter structure 1905 * 1906 * Parse the actions for a TC filter 1907 */ 1908 static int ice_parse_tc_flower_actions(struct net_device *filter_dev, 1909 struct ice_vsi *vsi, 1910 struct flow_cls_offload *cls_flower, 1911 struct ice_tc_flower_fltr *fltr) 1912 { 1913 struct flow_rule *rule = flow_cls_offload_flow_rule(cls_flower); 1914 struct flow_action *flow_action = &rule->action; 1915 struct flow_action_entry *act; 1916 int i, err; 1917 1918 if (cls_flower->classid) 1919 return ice_handle_tclass_action(vsi, cls_flower, fltr); 1920 1921 if (!flow_action_has_entries(flow_action)) 1922 return -EINVAL; 1923 1924 flow_action_for_each(i, act, flow_action) { 1925 if (ice_is_eswitch_mode_switchdev(vsi->back)) 1926 err = ice_eswitch_tc_parse_action(filter_dev, fltr, act); 1927 else 1928 err = ice_tc_parse_action(vsi, fltr, act); 1929 if (err) 1930 return err; 1931 continue; 1932 } 1933 return 0; 1934 } 1935 1936 /** 1937 * ice_del_tc_fltr - deletes a filter from HW table 1938 * @vsi: Pointer to VSI 1939 * @fltr: Pointer to struct ice_tc_flower_fltr 1940 * 1941 * This function deletes a filter from HW table and manages book-keeping 1942 */ 1943 static int ice_del_tc_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr) 1944 { 1945 struct ice_rule_query_data rule_rem; 1946 struct ice_pf *pf = vsi->back; 1947 int err; 1948 1949 rule_rem.rid = fltr->rid; 1950 rule_rem.rule_id = fltr->rule_id; 1951 rule_rem.vsi_handle = fltr->dest_vsi_handle; 1952 err = ice_rem_adv_rule_by_id(&pf->hw, &rule_rem); 1953 if (err) { 1954 if (err == -ENOENT) { 1955 NL_SET_ERR_MSG_MOD(fltr->extack, "Filter does not exist"); 1956 return -ENOENT; 1957 } 1958 NL_SET_ERR_MSG_MOD(fltr->extack, "Failed to delete TC flower filter"); 1959 return -EIO; 1960 } 1961 1962 /* update advanced switch filter count for destination 1963 * VSI if filter destination was VSI 1964 */ 1965 if (fltr->dest_vsi) { 1966 if (fltr->dest_vsi->type == ICE_VSI_CHNL) { 1967 fltr->dest_vsi->num_chnl_fltr--; 1968 1969 /* keeps track of channel filters for PF VSI */ 1970 if (vsi->type == ICE_VSI_PF && 1971 (fltr->flags & (ICE_TC_FLWR_FIELD_DST_MAC | 1972 ICE_TC_FLWR_FIELD_ENC_DST_MAC))) 1973 pf->num_dmac_chnl_fltrs--; 1974 } 1975 } 1976 return 0; 1977 } 1978 1979 /** 1980 * ice_add_tc_fltr - adds a TC flower filter 1981 * @netdev: Pointer to netdev 1982 * @vsi: Pointer to VSI 1983 * @f: Pointer to flower offload structure 1984 * @__fltr: Pointer to struct ice_tc_flower_fltr 1985 * 1986 * This function parses TC-flower input fields, parses action, 1987 * and adds a filter. 1988 */ 1989 static int 1990 ice_add_tc_fltr(struct net_device *netdev, struct ice_vsi *vsi, 1991 struct flow_cls_offload *f, 1992 struct ice_tc_flower_fltr **__fltr) 1993 { 1994 struct ice_tc_flower_fltr *fltr; 1995 int err; 1996 1997 /* by default, set output to be INVALID */ 1998 *__fltr = NULL; 1999 2000 fltr = kzalloc(sizeof(*fltr), GFP_KERNEL); 2001 if (!fltr) 2002 return -ENOMEM; 2003 2004 fltr->cookie = f->cookie; 2005 fltr->extack = f->common.extack; 2006 fltr->src_vsi = vsi; 2007 INIT_HLIST_NODE(&fltr->tc_flower_node); 2008 2009 err = ice_parse_cls_flower(netdev, vsi, f, fltr); 2010 if (err < 0) 2011 goto err; 2012 2013 err = ice_parse_tc_flower_actions(netdev, vsi, f, fltr); 2014 if (err < 0) 2015 goto err; 2016 2017 err = ice_add_switch_fltr(vsi, fltr); 2018 if (err < 0) 2019 goto err; 2020 2021 /* return the newly created filter */ 2022 *__fltr = fltr; 2023 2024 return 0; 2025 err: 2026 kfree(fltr); 2027 return err; 2028 } 2029 2030 /** 2031 * ice_find_tc_flower_fltr - Find the TC flower filter in the list 2032 * @pf: Pointer to PF 2033 * @cookie: filter specific cookie 2034 */ 2035 static struct ice_tc_flower_fltr * 2036 ice_find_tc_flower_fltr(struct ice_pf *pf, unsigned long cookie) 2037 { 2038 struct ice_tc_flower_fltr *fltr; 2039 2040 hlist_for_each_entry(fltr, &pf->tc_flower_fltr_list, tc_flower_node) 2041 if (cookie == fltr->cookie) 2042 return fltr; 2043 2044 return NULL; 2045 } 2046 2047 /** 2048 * ice_add_cls_flower - add TC flower filters 2049 * @netdev: Pointer to filter device 2050 * @vsi: Pointer to VSI 2051 * @cls_flower: Pointer to flower offload structure 2052 */ 2053 int 2054 ice_add_cls_flower(struct net_device *netdev, struct ice_vsi *vsi, 2055 struct flow_cls_offload *cls_flower) 2056 { 2057 struct netlink_ext_ack *extack = cls_flower->common.extack; 2058 struct net_device *vsi_netdev = vsi->netdev; 2059 struct ice_tc_flower_fltr *fltr; 2060 struct ice_pf *pf = vsi->back; 2061 int err; 2062 2063 if (ice_is_reset_in_progress(pf->state)) 2064 return -EBUSY; 2065 if (test_bit(ICE_FLAG_FW_LLDP_AGENT, pf->flags)) 2066 return -EINVAL; 2067 2068 if (ice_is_port_repr_netdev(netdev)) 2069 vsi_netdev = netdev; 2070 2071 if (!(vsi_netdev->features & NETIF_F_HW_TC) && 2072 !test_bit(ICE_FLAG_CLS_FLOWER, pf->flags)) { 2073 /* Based on TC indirect notifications from kernel, all ice 2074 * devices get an instance of rule from higher level device. 2075 * Avoid triggering explicit error in this case. 2076 */ 2077 if (netdev == vsi_netdev) 2078 NL_SET_ERR_MSG_MOD(extack, "can't apply TC flower filters, turn ON hw-tc-offload and try again"); 2079 return -EINVAL; 2080 } 2081 2082 /* avoid duplicate entries, if exists - return error */ 2083 fltr = ice_find_tc_flower_fltr(pf, cls_flower->cookie); 2084 if (fltr) { 2085 NL_SET_ERR_MSG_MOD(extack, "filter cookie already exists, ignoring"); 2086 return -EEXIST; 2087 } 2088 2089 /* prep and add TC-flower filter in HW */ 2090 err = ice_add_tc_fltr(netdev, vsi, cls_flower, &fltr); 2091 if (err) 2092 return err; 2093 2094 /* add filter into an ordered list */ 2095 hlist_add_head(&fltr->tc_flower_node, &pf->tc_flower_fltr_list); 2096 return 0; 2097 } 2098 2099 /** 2100 * ice_del_cls_flower - delete TC flower filters 2101 * @vsi: Pointer to VSI 2102 * @cls_flower: Pointer to struct flow_cls_offload 2103 */ 2104 int 2105 ice_del_cls_flower(struct ice_vsi *vsi, struct flow_cls_offload *cls_flower) 2106 { 2107 struct ice_tc_flower_fltr *fltr; 2108 struct ice_pf *pf = vsi->back; 2109 int err; 2110 2111 /* find filter */ 2112 fltr = ice_find_tc_flower_fltr(pf, cls_flower->cookie); 2113 if (!fltr) { 2114 if (!test_bit(ICE_FLAG_TC_MQPRIO, pf->flags) && 2115 hlist_empty(&pf->tc_flower_fltr_list)) 2116 return 0; 2117 2118 NL_SET_ERR_MSG_MOD(cls_flower->common.extack, "failed to delete TC flower filter because unable to find it"); 2119 return -EINVAL; 2120 } 2121 2122 fltr->extack = cls_flower->common.extack; 2123 /* delete filter from HW */ 2124 err = ice_del_tc_fltr(vsi, fltr); 2125 if (err) 2126 return err; 2127 2128 /* delete filter from an ordered list */ 2129 hlist_del(&fltr->tc_flower_node); 2130 2131 /* free the filter node */ 2132 kfree(fltr); 2133 2134 return 0; 2135 } 2136 2137 /** 2138 * ice_replay_tc_fltrs - replay TC filters 2139 * @pf: pointer to PF struct 2140 */ 2141 void ice_replay_tc_fltrs(struct ice_pf *pf) 2142 { 2143 struct ice_tc_flower_fltr *fltr; 2144 struct hlist_node *node; 2145 2146 hlist_for_each_entry_safe(fltr, node, 2147 &pf->tc_flower_fltr_list, 2148 tc_flower_node) { 2149 fltr->extack = NULL; 2150 ice_add_switch_fltr(fltr->src_vsi, fltr); 2151 } 2152 } 2153