1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (C) 2019-2021, Intel Corporation. */ 3 4 #include "ice.h" 5 #include "ice_tc_lib.h" 6 #include "ice_fltr.h" 7 #include "ice_lib.h" 8 #include "ice_protocol_type.h" 9 10 #define ICE_TC_METADATA_LKUP_IDX 0 11 12 /** 13 * ice_tc_count_lkups - determine lookup count for switch filter 14 * @flags: TC-flower flags 15 * @headers: Pointer to TC flower filter header structure 16 * @fltr: Pointer to outer TC filter structure 17 * 18 * Determine lookup count based on TC flower input for switch filter. 19 */ 20 static int 21 ice_tc_count_lkups(u32 flags, struct ice_tc_flower_lyr_2_4_hdrs *headers, 22 struct ice_tc_flower_fltr *fltr) 23 { 24 int lkups_cnt = 1; /* 0th lookup is metadata */ 25 26 /* Always add metadata as the 0th lookup. Included elements: 27 * - Direction flag (always present) 28 * - ICE_TC_FLWR_FIELD_VLAN_TPID (present if specified) 29 * - Tunnel flag (present if tunnel) 30 */ 31 32 if (flags & ICE_TC_FLWR_FIELD_TENANT_ID) 33 lkups_cnt++; 34 35 if (flags & ICE_TC_FLWR_FIELD_ENC_DST_MAC) 36 lkups_cnt++; 37 38 if (flags & ICE_TC_FLWR_FIELD_ENC_OPTS) 39 lkups_cnt++; 40 41 if (flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV4 | 42 ICE_TC_FLWR_FIELD_ENC_DEST_IPV4 | 43 ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 | 44 ICE_TC_FLWR_FIELD_ENC_DEST_IPV6)) 45 lkups_cnt++; 46 47 if (flags & (ICE_TC_FLWR_FIELD_ENC_IP_TOS | 48 ICE_TC_FLWR_FIELD_ENC_IP_TTL)) 49 lkups_cnt++; 50 51 if (flags & ICE_TC_FLWR_FIELD_ENC_DEST_L4_PORT) 52 lkups_cnt++; 53 54 if (flags & ICE_TC_FLWR_FIELD_ETH_TYPE_ID) 55 lkups_cnt++; 56 57 /* are MAC fields specified? */ 58 if (flags & (ICE_TC_FLWR_FIELD_DST_MAC | ICE_TC_FLWR_FIELD_SRC_MAC)) 59 lkups_cnt++; 60 61 /* is VLAN specified? */ 62 if (flags & (ICE_TC_FLWR_FIELD_VLAN | ICE_TC_FLWR_FIELD_VLAN_PRIO)) 63 lkups_cnt++; 64 65 /* is CVLAN specified? */ 66 if (flags & (ICE_TC_FLWR_FIELD_CVLAN | ICE_TC_FLWR_FIELD_CVLAN_PRIO)) 67 lkups_cnt++; 68 69 /* are PPPoE options specified? */ 70 if (flags & (ICE_TC_FLWR_FIELD_PPPOE_SESSID | 71 ICE_TC_FLWR_FIELD_PPP_PROTO)) 72 lkups_cnt++; 73 74 /* are IPv[4|6] fields specified? */ 75 if (flags & (ICE_TC_FLWR_FIELD_DEST_IPV4 | ICE_TC_FLWR_FIELD_SRC_IPV4 | 76 ICE_TC_FLWR_FIELD_DEST_IPV6 | ICE_TC_FLWR_FIELD_SRC_IPV6)) 77 lkups_cnt++; 78 79 if (flags & (ICE_TC_FLWR_FIELD_IP_TOS | ICE_TC_FLWR_FIELD_IP_TTL)) 80 lkups_cnt++; 81 82 /* are L2TPv3 options specified? */ 83 if (flags & ICE_TC_FLWR_FIELD_L2TPV3_SESSID) 84 lkups_cnt++; 85 86 /* is L4 (TCP/UDP/any other L4 protocol fields) specified? */ 87 if (flags & (ICE_TC_FLWR_FIELD_DEST_L4_PORT | 88 ICE_TC_FLWR_FIELD_SRC_L4_PORT)) 89 lkups_cnt++; 90 91 return lkups_cnt; 92 } 93 94 static enum ice_protocol_type ice_proto_type_from_mac(bool inner) 95 { 96 return inner ? ICE_MAC_IL : ICE_MAC_OFOS; 97 } 98 99 static enum ice_protocol_type ice_proto_type_from_etype(bool inner) 100 { 101 return inner ? ICE_ETYPE_IL : ICE_ETYPE_OL; 102 } 103 104 static enum ice_protocol_type ice_proto_type_from_ipv4(bool inner) 105 { 106 return inner ? ICE_IPV4_IL : ICE_IPV4_OFOS; 107 } 108 109 static enum ice_protocol_type ice_proto_type_from_ipv6(bool inner) 110 { 111 return inner ? ICE_IPV6_IL : ICE_IPV6_OFOS; 112 } 113 114 static enum ice_protocol_type ice_proto_type_from_l4_port(u16 ip_proto) 115 { 116 switch (ip_proto) { 117 case IPPROTO_TCP: 118 return ICE_TCP_IL; 119 case IPPROTO_UDP: 120 return ICE_UDP_ILOS; 121 } 122 123 return 0; 124 } 125 126 static enum ice_protocol_type 127 ice_proto_type_from_tunnel(enum ice_tunnel_type type) 128 { 129 switch (type) { 130 case TNL_VXLAN: 131 return ICE_VXLAN; 132 case TNL_GENEVE: 133 return ICE_GENEVE; 134 case TNL_GRETAP: 135 return ICE_NVGRE; 136 case TNL_GTPU: 137 /* NO_PAY profiles will not work with GTP-U */ 138 return ICE_GTP; 139 case TNL_GTPC: 140 return ICE_GTP_NO_PAY; 141 default: 142 return 0; 143 } 144 } 145 146 static enum ice_sw_tunnel_type 147 ice_sw_type_from_tunnel(enum ice_tunnel_type type) 148 { 149 switch (type) { 150 case TNL_VXLAN: 151 return ICE_SW_TUN_VXLAN; 152 case TNL_GENEVE: 153 return ICE_SW_TUN_GENEVE; 154 case TNL_GRETAP: 155 return ICE_SW_TUN_NVGRE; 156 case TNL_GTPU: 157 return ICE_SW_TUN_GTPU; 158 case TNL_GTPC: 159 return ICE_SW_TUN_GTPC; 160 default: 161 return ICE_NON_TUN; 162 } 163 } 164 165 static u16 ice_check_supported_vlan_tpid(u16 vlan_tpid) 166 { 167 switch (vlan_tpid) { 168 case ETH_P_8021Q: 169 case ETH_P_8021AD: 170 case ETH_P_QINQ1: 171 return vlan_tpid; 172 default: 173 return 0; 174 } 175 } 176 177 static int 178 ice_tc_fill_tunnel_outer(u32 flags, struct ice_tc_flower_fltr *fltr, 179 struct ice_adv_lkup_elem *list, int i) 180 { 181 struct ice_tc_flower_lyr_2_4_hdrs *hdr = &fltr->outer_headers; 182 183 if (flags & ICE_TC_FLWR_FIELD_TENANT_ID) { 184 u32 tenant_id; 185 186 list[i].type = ice_proto_type_from_tunnel(fltr->tunnel_type); 187 switch (fltr->tunnel_type) { 188 case TNL_VXLAN: 189 case TNL_GENEVE: 190 tenant_id = be32_to_cpu(fltr->tenant_id) << 8; 191 list[i].h_u.tnl_hdr.vni = cpu_to_be32(tenant_id); 192 memcpy(&list[i].m_u.tnl_hdr.vni, "\xff\xff\xff\x00", 4); 193 i++; 194 break; 195 case TNL_GRETAP: 196 list[i].h_u.nvgre_hdr.tni_flow = fltr->tenant_id; 197 memcpy(&list[i].m_u.nvgre_hdr.tni_flow, 198 "\xff\xff\xff\xff", 4); 199 i++; 200 break; 201 case TNL_GTPC: 202 case TNL_GTPU: 203 list[i].h_u.gtp_hdr.teid = fltr->tenant_id; 204 memcpy(&list[i].m_u.gtp_hdr.teid, 205 "\xff\xff\xff\xff", 4); 206 i++; 207 break; 208 default: 209 break; 210 } 211 } 212 213 if (flags & ICE_TC_FLWR_FIELD_ENC_DST_MAC) { 214 list[i].type = ice_proto_type_from_mac(false); 215 ether_addr_copy(list[i].h_u.eth_hdr.dst_addr, 216 hdr->l2_key.dst_mac); 217 ether_addr_copy(list[i].m_u.eth_hdr.dst_addr, 218 hdr->l2_mask.dst_mac); 219 i++; 220 } 221 222 if (flags & ICE_TC_FLWR_FIELD_ENC_OPTS && 223 (fltr->tunnel_type == TNL_GTPU || fltr->tunnel_type == TNL_GTPC)) { 224 list[i].type = ice_proto_type_from_tunnel(fltr->tunnel_type); 225 226 if (fltr->gtp_pdu_info_masks.pdu_type) { 227 list[i].h_u.gtp_hdr.pdu_type = 228 fltr->gtp_pdu_info_keys.pdu_type << 4; 229 memcpy(&list[i].m_u.gtp_hdr.pdu_type, "\xf0", 1); 230 } 231 232 if (fltr->gtp_pdu_info_masks.qfi) { 233 list[i].h_u.gtp_hdr.qfi = fltr->gtp_pdu_info_keys.qfi; 234 memcpy(&list[i].m_u.gtp_hdr.qfi, "\x3f", 1); 235 } 236 237 i++; 238 } 239 240 if (flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV4 | 241 ICE_TC_FLWR_FIELD_ENC_DEST_IPV4)) { 242 list[i].type = ice_proto_type_from_ipv4(false); 243 244 if (flags & ICE_TC_FLWR_FIELD_ENC_SRC_IPV4) { 245 list[i].h_u.ipv4_hdr.src_addr = hdr->l3_key.src_ipv4; 246 list[i].m_u.ipv4_hdr.src_addr = hdr->l3_mask.src_ipv4; 247 } 248 if (flags & ICE_TC_FLWR_FIELD_ENC_DEST_IPV4) { 249 list[i].h_u.ipv4_hdr.dst_addr = hdr->l3_key.dst_ipv4; 250 list[i].m_u.ipv4_hdr.dst_addr = hdr->l3_mask.dst_ipv4; 251 } 252 i++; 253 } 254 255 if (flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 | 256 ICE_TC_FLWR_FIELD_ENC_DEST_IPV6)) { 257 list[i].type = ice_proto_type_from_ipv6(false); 258 259 if (flags & ICE_TC_FLWR_FIELD_ENC_SRC_IPV6) { 260 memcpy(&list[i].h_u.ipv6_hdr.src_addr, 261 &hdr->l3_key.src_ipv6_addr, 262 sizeof(hdr->l3_key.src_ipv6_addr)); 263 memcpy(&list[i].m_u.ipv6_hdr.src_addr, 264 &hdr->l3_mask.src_ipv6_addr, 265 sizeof(hdr->l3_mask.src_ipv6_addr)); 266 } 267 if (flags & ICE_TC_FLWR_FIELD_ENC_DEST_IPV6) { 268 memcpy(&list[i].h_u.ipv6_hdr.dst_addr, 269 &hdr->l3_key.dst_ipv6_addr, 270 sizeof(hdr->l3_key.dst_ipv6_addr)); 271 memcpy(&list[i].m_u.ipv6_hdr.dst_addr, 272 &hdr->l3_mask.dst_ipv6_addr, 273 sizeof(hdr->l3_mask.dst_ipv6_addr)); 274 } 275 i++; 276 } 277 278 if (fltr->inner_headers.l2_key.n_proto == htons(ETH_P_IP) && 279 (flags & (ICE_TC_FLWR_FIELD_ENC_IP_TOS | 280 ICE_TC_FLWR_FIELD_ENC_IP_TTL))) { 281 list[i].type = ice_proto_type_from_ipv4(false); 282 283 if (flags & ICE_TC_FLWR_FIELD_ENC_IP_TOS) { 284 list[i].h_u.ipv4_hdr.tos = hdr->l3_key.tos; 285 list[i].m_u.ipv4_hdr.tos = hdr->l3_mask.tos; 286 } 287 288 if (flags & ICE_TC_FLWR_FIELD_ENC_IP_TTL) { 289 list[i].h_u.ipv4_hdr.time_to_live = hdr->l3_key.ttl; 290 list[i].m_u.ipv4_hdr.time_to_live = hdr->l3_mask.ttl; 291 } 292 293 i++; 294 } 295 296 if (fltr->inner_headers.l2_key.n_proto == htons(ETH_P_IPV6) && 297 (flags & (ICE_TC_FLWR_FIELD_ENC_IP_TOS | 298 ICE_TC_FLWR_FIELD_ENC_IP_TTL))) { 299 struct ice_ipv6_hdr *hdr_h, *hdr_m; 300 301 hdr_h = &list[i].h_u.ipv6_hdr; 302 hdr_m = &list[i].m_u.ipv6_hdr; 303 list[i].type = ice_proto_type_from_ipv6(false); 304 305 if (flags & ICE_TC_FLWR_FIELD_ENC_IP_TOS) { 306 be32p_replace_bits(&hdr_h->be_ver_tc_flow, 307 hdr->l3_key.tos, 308 ICE_IPV6_HDR_TC_MASK); 309 be32p_replace_bits(&hdr_m->be_ver_tc_flow, 310 hdr->l3_mask.tos, 311 ICE_IPV6_HDR_TC_MASK); 312 } 313 314 if (flags & ICE_TC_FLWR_FIELD_ENC_IP_TTL) { 315 hdr_h->hop_limit = hdr->l3_key.ttl; 316 hdr_m->hop_limit = hdr->l3_mask.ttl; 317 } 318 319 i++; 320 } 321 322 if ((flags & ICE_TC_FLWR_FIELD_ENC_DEST_L4_PORT) && 323 hdr->l3_key.ip_proto == IPPROTO_UDP) { 324 list[i].type = ICE_UDP_OF; 325 list[i].h_u.l4_hdr.dst_port = hdr->l4_key.dst_port; 326 list[i].m_u.l4_hdr.dst_port = hdr->l4_mask.dst_port; 327 i++; 328 } 329 330 /* always fill matching on tunneled packets in metadata */ 331 ice_rule_add_tunnel_metadata(&list[ICE_TC_METADATA_LKUP_IDX]); 332 333 return i; 334 } 335 336 /** 337 * ice_tc_fill_rules - fill filter rules based on TC fltr 338 * @hw: pointer to HW structure 339 * @flags: tc flower field flags 340 * @tc_fltr: pointer to TC flower filter 341 * @list: list of advance rule elements 342 * @rule_info: pointer to information about rule 343 * @l4_proto: pointer to information such as L4 proto type 344 * 345 * Fill ice_adv_lkup_elem list based on TC flower flags and 346 * TC flower headers. This list should be used to add 347 * advance filter in hardware. 348 */ 349 static int 350 ice_tc_fill_rules(struct ice_hw *hw, u32 flags, 351 struct ice_tc_flower_fltr *tc_fltr, 352 struct ice_adv_lkup_elem *list, 353 struct ice_adv_rule_info *rule_info, 354 u16 *l4_proto) 355 { 356 struct ice_tc_flower_lyr_2_4_hdrs *headers = &tc_fltr->outer_headers; 357 bool inner = false; 358 u16 vlan_tpid = 0; 359 int i = 1; /* 0th lookup is metadata */ 360 361 rule_info->vlan_type = vlan_tpid; 362 363 /* Always add direction metadata */ 364 ice_rule_add_direction_metadata(&list[ICE_TC_METADATA_LKUP_IDX]); 365 366 rule_info->tun_type = ice_sw_type_from_tunnel(tc_fltr->tunnel_type); 367 if (tc_fltr->tunnel_type != TNL_LAST) { 368 i = ice_tc_fill_tunnel_outer(flags, tc_fltr, list, i); 369 370 headers = &tc_fltr->inner_headers; 371 inner = true; 372 } 373 374 if (flags & ICE_TC_FLWR_FIELD_ETH_TYPE_ID) { 375 list[i].type = ice_proto_type_from_etype(inner); 376 list[i].h_u.ethertype.ethtype_id = headers->l2_key.n_proto; 377 list[i].m_u.ethertype.ethtype_id = headers->l2_mask.n_proto; 378 i++; 379 } 380 381 if (flags & (ICE_TC_FLWR_FIELD_DST_MAC | 382 ICE_TC_FLWR_FIELD_SRC_MAC)) { 383 struct ice_tc_l2_hdr *l2_key, *l2_mask; 384 385 l2_key = &headers->l2_key; 386 l2_mask = &headers->l2_mask; 387 388 list[i].type = ice_proto_type_from_mac(inner); 389 if (flags & ICE_TC_FLWR_FIELD_DST_MAC) { 390 ether_addr_copy(list[i].h_u.eth_hdr.dst_addr, 391 l2_key->dst_mac); 392 ether_addr_copy(list[i].m_u.eth_hdr.dst_addr, 393 l2_mask->dst_mac); 394 } 395 if (flags & ICE_TC_FLWR_FIELD_SRC_MAC) { 396 ether_addr_copy(list[i].h_u.eth_hdr.src_addr, 397 l2_key->src_mac); 398 ether_addr_copy(list[i].m_u.eth_hdr.src_addr, 399 l2_mask->src_mac); 400 } 401 i++; 402 } 403 404 /* copy VLAN info */ 405 if (flags & (ICE_TC_FLWR_FIELD_VLAN | ICE_TC_FLWR_FIELD_VLAN_PRIO)) { 406 if (flags & ICE_TC_FLWR_FIELD_CVLAN) 407 list[i].type = ICE_VLAN_EX; 408 else 409 list[i].type = ICE_VLAN_OFOS; 410 411 if (flags & ICE_TC_FLWR_FIELD_VLAN) { 412 list[i].h_u.vlan_hdr.vlan = headers->vlan_hdr.vlan_id; 413 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0x0FFF); 414 } 415 416 if (flags & ICE_TC_FLWR_FIELD_VLAN_PRIO) { 417 if (flags & ICE_TC_FLWR_FIELD_VLAN) { 418 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0xEFFF); 419 } else { 420 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0xE000); 421 list[i].h_u.vlan_hdr.vlan = 0; 422 } 423 list[i].h_u.vlan_hdr.vlan |= 424 headers->vlan_hdr.vlan_prio; 425 } 426 427 i++; 428 } 429 430 if (flags & ICE_TC_FLWR_FIELD_VLAN_TPID) { 431 vlan_tpid = be16_to_cpu(headers->vlan_hdr.vlan_tpid); 432 rule_info->vlan_type = 433 ice_check_supported_vlan_tpid(vlan_tpid); 434 435 ice_rule_add_vlan_metadata(&list[ICE_TC_METADATA_LKUP_IDX]); 436 } 437 438 if (flags & (ICE_TC_FLWR_FIELD_CVLAN | ICE_TC_FLWR_FIELD_CVLAN_PRIO)) { 439 list[i].type = ICE_VLAN_IN; 440 441 if (flags & ICE_TC_FLWR_FIELD_CVLAN) { 442 list[i].h_u.vlan_hdr.vlan = headers->cvlan_hdr.vlan_id; 443 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0x0FFF); 444 } 445 446 if (flags & ICE_TC_FLWR_FIELD_CVLAN_PRIO) { 447 if (flags & ICE_TC_FLWR_FIELD_CVLAN) { 448 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0xEFFF); 449 } else { 450 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0xE000); 451 list[i].h_u.vlan_hdr.vlan = 0; 452 } 453 list[i].h_u.vlan_hdr.vlan |= 454 headers->cvlan_hdr.vlan_prio; 455 } 456 457 i++; 458 } 459 460 if (flags & (ICE_TC_FLWR_FIELD_PPPOE_SESSID | 461 ICE_TC_FLWR_FIELD_PPP_PROTO)) { 462 struct ice_pppoe_hdr *vals, *masks; 463 464 vals = &list[i].h_u.pppoe_hdr; 465 masks = &list[i].m_u.pppoe_hdr; 466 467 list[i].type = ICE_PPPOE; 468 469 if (flags & ICE_TC_FLWR_FIELD_PPPOE_SESSID) { 470 vals->session_id = headers->pppoe_hdr.session_id; 471 masks->session_id = cpu_to_be16(0xFFFF); 472 } 473 474 if (flags & ICE_TC_FLWR_FIELD_PPP_PROTO) { 475 vals->ppp_prot_id = headers->pppoe_hdr.ppp_proto; 476 masks->ppp_prot_id = cpu_to_be16(0xFFFF); 477 } 478 479 i++; 480 } 481 482 /* copy L3 (IPv[4|6]: src, dest) address */ 483 if (flags & (ICE_TC_FLWR_FIELD_DEST_IPV4 | 484 ICE_TC_FLWR_FIELD_SRC_IPV4)) { 485 struct ice_tc_l3_hdr *l3_key, *l3_mask; 486 487 list[i].type = ice_proto_type_from_ipv4(inner); 488 l3_key = &headers->l3_key; 489 l3_mask = &headers->l3_mask; 490 if (flags & ICE_TC_FLWR_FIELD_DEST_IPV4) { 491 list[i].h_u.ipv4_hdr.dst_addr = l3_key->dst_ipv4; 492 list[i].m_u.ipv4_hdr.dst_addr = l3_mask->dst_ipv4; 493 } 494 if (flags & ICE_TC_FLWR_FIELD_SRC_IPV4) { 495 list[i].h_u.ipv4_hdr.src_addr = l3_key->src_ipv4; 496 list[i].m_u.ipv4_hdr.src_addr = l3_mask->src_ipv4; 497 } 498 i++; 499 } else if (flags & (ICE_TC_FLWR_FIELD_DEST_IPV6 | 500 ICE_TC_FLWR_FIELD_SRC_IPV6)) { 501 struct ice_ipv6_hdr *ipv6_hdr, *ipv6_mask; 502 struct ice_tc_l3_hdr *l3_key, *l3_mask; 503 504 list[i].type = ice_proto_type_from_ipv6(inner); 505 ipv6_hdr = &list[i].h_u.ipv6_hdr; 506 ipv6_mask = &list[i].m_u.ipv6_hdr; 507 l3_key = &headers->l3_key; 508 l3_mask = &headers->l3_mask; 509 510 if (flags & ICE_TC_FLWR_FIELD_DEST_IPV6) { 511 memcpy(&ipv6_hdr->dst_addr, &l3_key->dst_ipv6_addr, 512 sizeof(l3_key->dst_ipv6_addr)); 513 memcpy(&ipv6_mask->dst_addr, &l3_mask->dst_ipv6_addr, 514 sizeof(l3_mask->dst_ipv6_addr)); 515 } 516 if (flags & ICE_TC_FLWR_FIELD_SRC_IPV6) { 517 memcpy(&ipv6_hdr->src_addr, &l3_key->src_ipv6_addr, 518 sizeof(l3_key->src_ipv6_addr)); 519 memcpy(&ipv6_mask->src_addr, &l3_mask->src_ipv6_addr, 520 sizeof(l3_mask->src_ipv6_addr)); 521 } 522 i++; 523 } 524 525 if (headers->l2_key.n_proto == htons(ETH_P_IP) && 526 (flags & (ICE_TC_FLWR_FIELD_IP_TOS | ICE_TC_FLWR_FIELD_IP_TTL))) { 527 list[i].type = ice_proto_type_from_ipv4(inner); 528 529 if (flags & ICE_TC_FLWR_FIELD_IP_TOS) { 530 list[i].h_u.ipv4_hdr.tos = headers->l3_key.tos; 531 list[i].m_u.ipv4_hdr.tos = headers->l3_mask.tos; 532 } 533 534 if (flags & ICE_TC_FLWR_FIELD_IP_TTL) { 535 list[i].h_u.ipv4_hdr.time_to_live = 536 headers->l3_key.ttl; 537 list[i].m_u.ipv4_hdr.time_to_live = 538 headers->l3_mask.ttl; 539 } 540 541 i++; 542 } 543 544 if (headers->l2_key.n_proto == htons(ETH_P_IPV6) && 545 (flags & (ICE_TC_FLWR_FIELD_IP_TOS | ICE_TC_FLWR_FIELD_IP_TTL))) { 546 struct ice_ipv6_hdr *hdr_h, *hdr_m; 547 548 hdr_h = &list[i].h_u.ipv6_hdr; 549 hdr_m = &list[i].m_u.ipv6_hdr; 550 list[i].type = ice_proto_type_from_ipv6(inner); 551 552 if (flags & ICE_TC_FLWR_FIELD_IP_TOS) { 553 be32p_replace_bits(&hdr_h->be_ver_tc_flow, 554 headers->l3_key.tos, 555 ICE_IPV6_HDR_TC_MASK); 556 be32p_replace_bits(&hdr_m->be_ver_tc_flow, 557 headers->l3_mask.tos, 558 ICE_IPV6_HDR_TC_MASK); 559 } 560 561 if (flags & ICE_TC_FLWR_FIELD_IP_TTL) { 562 hdr_h->hop_limit = headers->l3_key.ttl; 563 hdr_m->hop_limit = headers->l3_mask.ttl; 564 } 565 566 i++; 567 } 568 569 if (flags & ICE_TC_FLWR_FIELD_L2TPV3_SESSID) { 570 list[i].type = ICE_L2TPV3; 571 572 list[i].h_u.l2tpv3_sess_hdr.session_id = 573 headers->l2tpv3_hdr.session_id; 574 list[i].m_u.l2tpv3_sess_hdr.session_id = 575 cpu_to_be32(0xFFFFFFFF); 576 577 i++; 578 } 579 580 /* copy L4 (src, dest) port */ 581 if (flags & (ICE_TC_FLWR_FIELD_DEST_L4_PORT | 582 ICE_TC_FLWR_FIELD_SRC_L4_PORT)) { 583 struct ice_tc_l4_hdr *l4_key, *l4_mask; 584 585 list[i].type = ice_proto_type_from_l4_port(headers->l3_key.ip_proto); 586 l4_key = &headers->l4_key; 587 l4_mask = &headers->l4_mask; 588 589 if (flags & ICE_TC_FLWR_FIELD_DEST_L4_PORT) { 590 list[i].h_u.l4_hdr.dst_port = l4_key->dst_port; 591 list[i].m_u.l4_hdr.dst_port = l4_mask->dst_port; 592 } 593 if (flags & ICE_TC_FLWR_FIELD_SRC_L4_PORT) { 594 list[i].h_u.l4_hdr.src_port = l4_key->src_port; 595 list[i].m_u.l4_hdr.src_port = l4_mask->src_port; 596 } 597 i++; 598 } 599 600 return i; 601 } 602 603 /** 604 * ice_tc_tun_get_type - get the tunnel type 605 * @tunnel_dev: ptr to tunnel device 606 * 607 * This function detects appropriate tunnel_type if specified device is 608 * tunnel device such as VXLAN/Geneve 609 */ 610 static int ice_tc_tun_get_type(struct net_device *tunnel_dev) 611 { 612 if (netif_is_vxlan(tunnel_dev)) 613 return TNL_VXLAN; 614 if (netif_is_geneve(tunnel_dev)) 615 return TNL_GENEVE; 616 if (netif_is_gretap(tunnel_dev) || 617 netif_is_ip6gretap(tunnel_dev)) 618 return TNL_GRETAP; 619 620 /* Assume GTP-U by default in case of GTP netdev. 621 * GTP-C may be selected later, based on enc_dst_port. 622 */ 623 if (netif_is_gtp(tunnel_dev)) 624 return TNL_GTPU; 625 return TNL_LAST; 626 } 627 628 bool ice_is_tunnel_supported(struct net_device *dev) 629 { 630 return ice_tc_tun_get_type(dev) != TNL_LAST; 631 } 632 633 static bool ice_tc_is_dev_uplink(struct net_device *dev) 634 { 635 return netif_is_ice(dev) || ice_is_tunnel_supported(dev); 636 } 637 638 static int ice_tc_setup_redirect_action(struct net_device *filter_dev, 639 struct ice_tc_flower_fltr *fltr, 640 struct net_device *target_dev) 641 { 642 struct ice_repr *repr; 643 644 fltr->action.fltr_act = ICE_FWD_TO_VSI; 645 646 if (ice_is_port_repr_netdev(filter_dev) && 647 ice_is_port_repr_netdev(target_dev)) { 648 repr = ice_netdev_to_repr(target_dev); 649 650 fltr->dest_vsi = repr->src_vsi; 651 fltr->direction = ICE_ESWITCH_FLTR_EGRESS; 652 } else if (ice_is_port_repr_netdev(filter_dev) && 653 ice_tc_is_dev_uplink(target_dev)) { 654 repr = ice_netdev_to_repr(filter_dev); 655 656 fltr->dest_vsi = repr->src_vsi->back->eswitch.uplink_vsi; 657 fltr->direction = ICE_ESWITCH_FLTR_EGRESS; 658 } else if (ice_tc_is_dev_uplink(filter_dev) && 659 ice_is_port_repr_netdev(target_dev)) { 660 repr = ice_netdev_to_repr(target_dev); 661 662 fltr->dest_vsi = repr->src_vsi; 663 fltr->direction = ICE_ESWITCH_FLTR_INGRESS; 664 } else { 665 NL_SET_ERR_MSG_MOD(fltr->extack, 666 "Unsupported netdevice in switchdev mode"); 667 return -EINVAL; 668 } 669 670 return 0; 671 } 672 673 static int 674 ice_tc_setup_drop_action(struct net_device *filter_dev, 675 struct ice_tc_flower_fltr *fltr) 676 { 677 fltr->action.fltr_act = ICE_DROP_PACKET; 678 679 if (ice_is_port_repr_netdev(filter_dev)) { 680 fltr->direction = ICE_ESWITCH_FLTR_EGRESS; 681 } else if (ice_tc_is_dev_uplink(filter_dev)) { 682 fltr->direction = ICE_ESWITCH_FLTR_INGRESS; 683 } else { 684 NL_SET_ERR_MSG_MOD(fltr->extack, 685 "Unsupported netdevice in switchdev mode"); 686 return -EINVAL; 687 } 688 689 return 0; 690 } 691 692 static int ice_tc_setup_mirror_action(struct net_device *filter_dev, 693 struct ice_tc_flower_fltr *fltr, 694 struct net_device *target_dev) 695 { 696 struct ice_repr *repr; 697 698 fltr->action.fltr_act = ICE_MIRROR_PACKET; 699 700 if (ice_is_port_repr_netdev(filter_dev) && 701 ice_is_port_repr_netdev(target_dev)) { 702 repr = ice_netdev_to_repr(target_dev); 703 704 fltr->dest_vsi = repr->src_vsi; 705 fltr->direction = ICE_ESWITCH_FLTR_EGRESS; 706 } else if (ice_is_port_repr_netdev(filter_dev) && 707 ice_tc_is_dev_uplink(target_dev)) { 708 repr = ice_netdev_to_repr(filter_dev); 709 710 fltr->dest_vsi = repr->src_vsi->back->eswitch.uplink_vsi; 711 fltr->direction = ICE_ESWITCH_FLTR_EGRESS; 712 } else if (ice_tc_is_dev_uplink(filter_dev) && 713 ice_is_port_repr_netdev(target_dev)) { 714 repr = ice_netdev_to_repr(target_dev); 715 716 fltr->dest_vsi = repr->src_vsi; 717 fltr->direction = ICE_ESWITCH_FLTR_INGRESS; 718 } else { 719 NL_SET_ERR_MSG_MOD(fltr->extack, 720 "Unsupported netdevice in switchdev mode"); 721 return -EINVAL; 722 } 723 724 return 0; 725 } 726 727 static int ice_eswitch_tc_parse_action(struct net_device *filter_dev, 728 struct ice_tc_flower_fltr *fltr, 729 struct flow_action_entry *act) 730 { 731 int err; 732 733 switch (act->id) { 734 case FLOW_ACTION_DROP: 735 err = ice_tc_setup_drop_action(filter_dev, fltr); 736 if (err) 737 return err; 738 739 break; 740 741 case FLOW_ACTION_REDIRECT: 742 err = ice_tc_setup_redirect_action(filter_dev, fltr, act->dev); 743 if (err) 744 return err; 745 746 break; 747 748 case FLOW_ACTION_MIRRED: 749 err = ice_tc_setup_mirror_action(filter_dev, fltr, act->dev); 750 if (err) 751 return err; 752 break; 753 754 default: 755 NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported action in switchdev mode"); 756 return -EINVAL; 757 } 758 759 return 0; 760 } 761 762 static int 763 ice_eswitch_add_tc_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr) 764 { 765 struct ice_tc_flower_lyr_2_4_hdrs *headers = &fltr->outer_headers; 766 struct ice_adv_rule_info rule_info = { 0 }; 767 struct ice_rule_query_data rule_added; 768 struct ice_hw *hw = &vsi->back->hw; 769 struct ice_adv_lkup_elem *list; 770 u32 flags = fltr->flags; 771 int lkups_cnt; 772 int ret; 773 int i; 774 775 if (!flags || (flags & ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT)) { 776 NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported encap field(s)"); 777 return -EOPNOTSUPP; 778 } 779 780 lkups_cnt = ice_tc_count_lkups(flags, headers, fltr); 781 list = kcalloc(lkups_cnt, sizeof(*list), GFP_ATOMIC); 782 if (!list) 783 return -ENOMEM; 784 785 i = ice_tc_fill_rules(hw, flags, fltr, list, &rule_info, NULL); 786 if (i != lkups_cnt) { 787 ret = -EINVAL; 788 goto exit; 789 } 790 791 rule_info.sw_act.fltr_act = fltr->action.fltr_act; 792 if (fltr->action.fltr_act != ICE_DROP_PACKET) 793 rule_info.sw_act.vsi_handle = fltr->dest_vsi->idx; 794 /* For now, making priority to be highest, and it also becomes 795 * the priority for recipe which will get created as a result of 796 * new extraction sequence based on input set. 797 * Priority '7' is max val for switch recipe, higher the number 798 * results into order of switch rule evaluation. 799 */ 800 rule_info.priority = 7; 801 rule_info.flags_info.act_valid = true; 802 803 if (fltr->direction == ICE_ESWITCH_FLTR_INGRESS) { 804 /* Uplink to VF */ 805 rule_info.sw_act.flag |= ICE_FLTR_RX; 806 rule_info.sw_act.src = hw->pf_id; 807 rule_info.flags_info.act = ICE_SINGLE_ACT_LB_ENABLE; 808 } else if (fltr->direction == ICE_ESWITCH_FLTR_EGRESS && 809 fltr->dest_vsi == vsi->back->eswitch.uplink_vsi) { 810 /* VF to Uplink */ 811 rule_info.sw_act.flag |= ICE_FLTR_TX; 812 rule_info.sw_act.src = vsi->idx; 813 rule_info.flags_info.act = ICE_SINGLE_ACT_LAN_ENABLE; 814 } else { 815 /* VF to VF */ 816 rule_info.sw_act.flag |= ICE_FLTR_TX; 817 rule_info.sw_act.src = vsi->idx; 818 rule_info.flags_info.act = ICE_SINGLE_ACT_LB_ENABLE; 819 } 820 821 /* specify the cookie as filter_rule_id */ 822 rule_info.fltr_rule_id = fltr->cookie; 823 824 ret = ice_add_adv_rule(hw, list, lkups_cnt, &rule_info, &rule_added); 825 if (ret == -EEXIST) { 826 NL_SET_ERR_MSG_MOD(fltr->extack, "Unable to add filter because it already exist"); 827 ret = -EINVAL; 828 goto exit; 829 } else if (ret) { 830 NL_SET_ERR_MSG_MOD(fltr->extack, "Unable to add filter due to error"); 831 goto exit; 832 } 833 834 /* store the output params, which are needed later for removing 835 * advanced switch filter 836 */ 837 fltr->rid = rule_added.rid; 838 fltr->rule_id = rule_added.rule_id; 839 fltr->dest_vsi_handle = rule_added.vsi_handle; 840 841 exit: 842 kfree(list); 843 return ret; 844 } 845 846 /** 847 * ice_locate_vsi_using_queue - locate VSI using queue (forward to queue action) 848 * @vsi: Pointer to VSI 849 * @queue: Queue index 850 * 851 * Locate the VSI using specified "queue". When ADQ is not enabled, 852 * always return input VSI, otherwise locate corresponding 853 * VSI based on per channel "offset" and "qcount" 854 */ 855 struct ice_vsi * 856 ice_locate_vsi_using_queue(struct ice_vsi *vsi, int queue) 857 { 858 int num_tc, tc; 859 860 /* if ADQ is not active, passed VSI is the candidate VSI */ 861 if (!ice_is_adq_active(vsi->back)) 862 return vsi; 863 864 /* Locate the VSI (it could still be main PF VSI or CHNL_VSI depending 865 * upon queue number) 866 */ 867 num_tc = vsi->mqprio_qopt.qopt.num_tc; 868 869 for (tc = 0; tc < num_tc; tc++) { 870 int qcount = vsi->mqprio_qopt.qopt.count[tc]; 871 int offset = vsi->mqprio_qopt.qopt.offset[tc]; 872 873 if (queue >= offset && queue < offset + qcount) { 874 /* for non-ADQ TCs, passed VSI is the candidate VSI */ 875 if (tc < ICE_CHNL_START_TC) 876 return vsi; 877 else 878 return vsi->tc_map_vsi[tc]; 879 } 880 } 881 return NULL; 882 } 883 884 static struct ice_rx_ring * 885 ice_locate_rx_ring_using_queue(struct ice_vsi *vsi, 886 struct ice_tc_flower_fltr *tc_fltr) 887 { 888 u16 queue = tc_fltr->action.fwd.q.queue; 889 890 return queue < vsi->num_rxq ? vsi->rx_rings[queue] : NULL; 891 } 892 893 /** 894 * ice_tc_forward_action - Determine destination VSI and queue for the action 895 * @vsi: Pointer to VSI 896 * @tc_fltr: Pointer to TC flower filter structure 897 * 898 * Validates the tc forward action and determines the destination VSI and queue 899 * for the forward action. 900 */ 901 static struct ice_vsi * 902 ice_tc_forward_action(struct ice_vsi *vsi, struct ice_tc_flower_fltr *tc_fltr) 903 { 904 struct ice_rx_ring *ring = NULL; 905 struct ice_vsi *dest_vsi = NULL; 906 struct ice_pf *pf = vsi->back; 907 struct device *dev; 908 u32 tc_class; 909 int q; 910 911 dev = ice_pf_to_dev(pf); 912 913 /* Get the destination VSI and/or destination queue and validate them */ 914 switch (tc_fltr->action.fltr_act) { 915 case ICE_FWD_TO_VSI: 916 tc_class = tc_fltr->action.fwd.tc.tc_class; 917 /* Select the destination VSI */ 918 if (tc_class < ICE_CHNL_START_TC) { 919 NL_SET_ERR_MSG_MOD(tc_fltr->extack, 920 "Unable to add filter because of unsupported destination"); 921 return ERR_PTR(-EOPNOTSUPP); 922 } 923 /* Locate ADQ VSI depending on hw_tc number */ 924 dest_vsi = vsi->tc_map_vsi[tc_class]; 925 break; 926 case ICE_FWD_TO_Q: 927 /* Locate the Rx queue */ 928 ring = ice_locate_rx_ring_using_queue(vsi, tc_fltr); 929 if (!ring) { 930 dev_err(dev, 931 "Unable to locate Rx queue for action fwd_to_queue: %u\n", 932 tc_fltr->action.fwd.q.queue); 933 return ERR_PTR(-EINVAL); 934 } 935 /* Determine destination VSI even though the action is 936 * FWD_TO_QUEUE, because QUEUE is associated with VSI 937 */ 938 q = tc_fltr->action.fwd.q.queue; 939 dest_vsi = ice_locate_vsi_using_queue(vsi, q); 940 break; 941 default: 942 dev_err(dev, 943 "Unable to add filter because of unsupported action %u (supported actions: fwd to tc, fwd to queue)\n", 944 tc_fltr->action.fltr_act); 945 return ERR_PTR(-EINVAL); 946 } 947 /* Must have valid dest_vsi (it could be main VSI or ADQ VSI) */ 948 if (!dest_vsi) { 949 dev_err(dev, 950 "Unable to add filter because specified destination VSI doesn't exist\n"); 951 return ERR_PTR(-EINVAL); 952 } 953 return dest_vsi; 954 } 955 956 /** 957 * ice_add_tc_flower_adv_fltr - add appropriate filter rules 958 * @vsi: Pointer to VSI 959 * @tc_fltr: Pointer to TC flower filter structure 960 * 961 * based on filter parameters using Advance recipes supported 962 * by OS package. 963 */ 964 static int 965 ice_add_tc_flower_adv_fltr(struct ice_vsi *vsi, 966 struct ice_tc_flower_fltr *tc_fltr) 967 { 968 struct ice_tc_flower_lyr_2_4_hdrs *headers = &tc_fltr->outer_headers; 969 struct ice_adv_rule_info rule_info = {0}; 970 struct ice_rule_query_data rule_added; 971 struct ice_adv_lkup_elem *list; 972 struct ice_pf *pf = vsi->back; 973 struct ice_hw *hw = &pf->hw; 974 u32 flags = tc_fltr->flags; 975 struct ice_vsi *dest_vsi; 976 struct device *dev; 977 u16 lkups_cnt = 0; 978 u16 l4_proto = 0; 979 int ret = 0; 980 u16 i = 0; 981 982 dev = ice_pf_to_dev(pf); 983 if (ice_is_safe_mode(pf)) { 984 NL_SET_ERR_MSG_MOD(tc_fltr->extack, "Unable to add filter because driver is in safe mode"); 985 return -EOPNOTSUPP; 986 } 987 988 if (!flags || (flags & (ICE_TC_FLWR_FIELD_ENC_DEST_IPV4 | 989 ICE_TC_FLWR_FIELD_ENC_SRC_IPV4 | 990 ICE_TC_FLWR_FIELD_ENC_DEST_IPV6 | 991 ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 | 992 ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT))) { 993 NL_SET_ERR_MSG_MOD(tc_fltr->extack, "Unsupported encap field(s)"); 994 return -EOPNOTSUPP; 995 } 996 997 /* validate forwarding action VSI and queue */ 998 if (ice_is_forward_action(tc_fltr->action.fltr_act)) { 999 dest_vsi = ice_tc_forward_action(vsi, tc_fltr); 1000 if (IS_ERR(dest_vsi)) 1001 return PTR_ERR(dest_vsi); 1002 } 1003 1004 lkups_cnt = ice_tc_count_lkups(flags, headers, tc_fltr); 1005 list = kcalloc(lkups_cnt, sizeof(*list), GFP_ATOMIC); 1006 if (!list) 1007 return -ENOMEM; 1008 1009 i = ice_tc_fill_rules(hw, flags, tc_fltr, list, &rule_info, &l4_proto); 1010 if (i != lkups_cnt) { 1011 ret = -EINVAL; 1012 goto exit; 1013 } 1014 1015 rule_info.sw_act.fltr_act = tc_fltr->action.fltr_act; 1016 /* specify the cookie as filter_rule_id */ 1017 rule_info.fltr_rule_id = tc_fltr->cookie; 1018 1019 switch (tc_fltr->action.fltr_act) { 1020 case ICE_FWD_TO_VSI: 1021 rule_info.sw_act.vsi_handle = dest_vsi->idx; 1022 rule_info.priority = ICE_SWITCH_FLTR_PRIO_VSI; 1023 rule_info.sw_act.src = hw->pf_id; 1024 dev_dbg(dev, "add switch rule for TC:%u vsi_idx:%u, lkups_cnt:%u\n", 1025 tc_fltr->action.fwd.tc.tc_class, 1026 rule_info.sw_act.vsi_handle, lkups_cnt); 1027 break; 1028 case ICE_FWD_TO_Q: 1029 /* HW queue number in global space */ 1030 rule_info.sw_act.fwd_id.q_id = tc_fltr->action.fwd.q.hw_queue; 1031 rule_info.sw_act.vsi_handle = dest_vsi->idx; 1032 rule_info.priority = ICE_SWITCH_FLTR_PRIO_QUEUE; 1033 rule_info.sw_act.src = hw->pf_id; 1034 dev_dbg(dev, "add switch rule action to forward to queue:%u (HW queue %u), lkups_cnt:%u\n", 1035 tc_fltr->action.fwd.q.queue, 1036 tc_fltr->action.fwd.q.hw_queue, lkups_cnt); 1037 break; 1038 case ICE_DROP_PACKET: 1039 rule_info.sw_act.flag |= ICE_FLTR_RX; 1040 rule_info.sw_act.src = hw->pf_id; 1041 rule_info.priority = ICE_SWITCH_FLTR_PRIO_VSI; 1042 break; 1043 default: 1044 ret = -EOPNOTSUPP; 1045 goto exit; 1046 } 1047 1048 ret = ice_add_adv_rule(hw, list, lkups_cnt, &rule_info, &rule_added); 1049 if (ret == -EEXIST) { 1050 NL_SET_ERR_MSG_MOD(tc_fltr->extack, 1051 "Unable to add filter because it already exist"); 1052 ret = -EINVAL; 1053 goto exit; 1054 } else if (ret) { 1055 NL_SET_ERR_MSG_MOD(tc_fltr->extack, 1056 "Unable to add filter due to error"); 1057 goto exit; 1058 } 1059 1060 /* store the output params, which are needed later for removing 1061 * advanced switch filter 1062 */ 1063 tc_fltr->rid = rule_added.rid; 1064 tc_fltr->rule_id = rule_added.rule_id; 1065 tc_fltr->dest_vsi_handle = rule_added.vsi_handle; 1066 if (tc_fltr->action.fltr_act == ICE_FWD_TO_VSI || 1067 tc_fltr->action.fltr_act == ICE_FWD_TO_Q) { 1068 tc_fltr->dest_vsi = dest_vsi; 1069 /* keep track of advanced switch filter for 1070 * destination VSI 1071 */ 1072 dest_vsi->num_chnl_fltr++; 1073 1074 /* keeps track of channel filters for PF VSI */ 1075 if (vsi->type == ICE_VSI_PF && 1076 (flags & (ICE_TC_FLWR_FIELD_DST_MAC | 1077 ICE_TC_FLWR_FIELD_ENC_DST_MAC))) 1078 pf->num_dmac_chnl_fltrs++; 1079 } 1080 switch (tc_fltr->action.fltr_act) { 1081 case ICE_FWD_TO_VSI: 1082 dev_dbg(dev, "added switch rule (lkups_cnt %u, flags 0x%x), action is forward to TC %u, rid %u, rule_id %u, vsi_idx %u\n", 1083 lkups_cnt, flags, 1084 tc_fltr->action.fwd.tc.tc_class, rule_added.rid, 1085 rule_added.rule_id, rule_added.vsi_handle); 1086 break; 1087 case ICE_FWD_TO_Q: 1088 dev_dbg(dev, "added switch rule (lkups_cnt %u, flags 0x%x), action is forward to queue: %u (HW queue %u) , rid %u, rule_id %u\n", 1089 lkups_cnt, flags, tc_fltr->action.fwd.q.queue, 1090 tc_fltr->action.fwd.q.hw_queue, rule_added.rid, 1091 rule_added.rule_id); 1092 break; 1093 case ICE_DROP_PACKET: 1094 dev_dbg(dev, "added switch rule (lkups_cnt %u, flags 0x%x), action is drop, rid %u, rule_id %u\n", 1095 lkups_cnt, flags, rule_added.rid, rule_added.rule_id); 1096 break; 1097 default: 1098 break; 1099 } 1100 exit: 1101 kfree(list); 1102 return ret; 1103 } 1104 1105 /** 1106 * ice_tc_set_pppoe - Parse PPPoE fields from TC flower filter 1107 * @match: Pointer to flow match structure 1108 * @fltr: Pointer to filter structure 1109 * @headers: Pointer to outer header fields 1110 * @returns PPP protocol used in filter (ppp_ses or ppp_disc) 1111 */ 1112 static u16 1113 ice_tc_set_pppoe(struct flow_match_pppoe *match, 1114 struct ice_tc_flower_fltr *fltr, 1115 struct ice_tc_flower_lyr_2_4_hdrs *headers) 1116 { 1117 if (match->mask->session_id) { 1118 fltr->flags |= ICE_TC_FLWR_FIELD_PPPOE_SESSID; 1119 headers->pppoe_hdr.session_id = match->key->session_id; 1120 } 1121 1122 if (match->mask->ppp_proto) { 1123 fltr->flags |= ICE_TC_FLWR_FIELD_PPP_PROTO; 1124 headers->pppoe_hdr.ppp_proto = match->key->ppp_proto; 1125 } 1126 1127 return be16_to_cpu(match->key->type); 1128 } 1129 1130 /** 1131 * ice_tc_set_ipv4 - Parse IPv4 addresses from TC flower filter 1132 * @match: Pointer to flow match structure 1133 * @fltr: Pointer to filter structure 1134 * @headers: inner or outer header fields 1135 * @is_encap: set true for tunnel IPv4 address 1136 */ 1137 static int 1138 ice_tc_set_ipv4(struct flow_match_ipv4_addrs *match, 1139 struct ice_tc_flower_fltr *fltr, 1140 struct ice_tc_flower_lyr_2_4_hdrs *headers, bool is_encap) 1141 { 1142 if (match->key->dst) { 1143 if (is_encap) 1144 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DEST_IPV4; 1145 else 1146 fltr->flags |= ICE_TC_FLWR_FIELD_DEST_IPV4; 1147 headers->l3_key.dst_ipv4 = match->key->dst; 1148 headers->l3_mask.dst_ipv4 = match->mask->dst; 1149 } 1150 if (match->key->src) { 1151 if (is_encap) 1152 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_SRC_IPV4; 1153 else 1154 fltr->flags |= ICE_TC_FLWR_FIELD_SRC_IPV4; 1155 headers->l3_key.src_ipv4 = match->key->src; 1156 headers->l3_mask.src_ipv4 = match->mask->src; 1157 } 1158 return 0; 1159 } 1160 1161 /** 1162 * ice_tc_set_ipv6 - Parse IPv6 addresses from TC flower filter 1163 * @match: Pointer to flow match structure 1164 * @fltr: Pointer to filter structure 1165 * @headers: inner or outer header fields 1166 * @is_encap: set true for tunnel IPv6 address 1167 */ 1168 static int 1169 ice_tc_set_ipv6(struct flow_match_ipv6_addrs *match, 1170 struct ice_tc_flower_fltr *fltr, 1171 struct ice_tc_flower_lyr_2_4_hdrs *headers, bool is_encap) 1172 { 1173 struct ice_tc_l3_hdr *l3_key, *l3_mask; 1174 1175 /* src and dest IPV6 address should not be LOOPBACK 1176 * (0:0:0:0:0:0:0:1), which can be represented as ::1 1177 */ 1178 if (ipv6_addr_loopback(&match->key->dst) || 1179 ipv6_addr_loopback(&match->key->src)) { 1180 NL_SET_ERR_MSG_MOD(fltr->extack, "Bad IPv6, addr is LOOPBACK"); 1181 return -EINVAL; 1182 } 1183 /* if src/dest IPv6 address is *,* error */ 1184 if (ipv6_addr_any(&match->mask->dst) && 1185 ipv6_addr_any(&match->mask->src)) { 1186 NL_SET_ERR_MSG_MOD(fltr->extack, "Bad src/dest IPv6, addr is any"); 1187 return -EINVAL; 1188 } 1189 if (!ipv6_addr_any(&match->mask->dst)) { 1190 if (is_encap) 1191 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DEST_IPV6; 1192 else 1193 fltr->flags |= ICE_TC_FLWR_FIELD_DEST_IPV6; 1194 } 1195 if (!ipv6_addr_any(&match->mask->src)) { 1196 if (is_encap) 1197 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_SRC_IPV6; 1198 else 1199 fltr->flags |= ICE_TC_FLWR_FIELD_SRC_IPV6; 1200 } 1201 1202 l3_key = &headers->l3_key; 1203 l3_mask = &headers->l3_mask; 1204 1205 if (fltr->flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 | 1206 ICE_TC_FLWR_FIELD_SRC_IPV6)) { 1207 memcpy(&l3_key->src_ipv6_addr, &match->key->src.s6_addr, 1208 sizeof(match->key->src.s6_addr)); 1209 memcpy(&l3_mask->src_ipv6_addr, &match->mask->src.s6_addr, 1210 sizeof(match->mask->src.s6_addr)); 1211 } 1212 if (fltr->flags & (ICE_TC_FLWR_FIELD_ENC_DEST_IPV6 | 1213 ICE_TC_FLWR_FIELD_DEST_IPV6)) { 1214 memcpy(&l3_key->dst_ipv6_addr, &match->key->dst.s6_addr, 1215 sizeof(match->key->dst.s6_addr)); 1216 memcpy(&l3_mask->dst_ipv6_addr, &match->mask->dst.s6_addr, 1217 sizeof(match->mask->dst.s6_addr)); 1218 } 1219 1220 return 0; 1221 } 1222 1223 /** 1224 * ice_tc_set_tos_ttl - Parse IP ToS/TTL from TC flower filter 1225 * @match: Pointer to flow match structure 1226 * @fltr: Pointer to filter structure 1227 * @headers: inner or outer header fields 1228 * @is_encap: set true for tunnel 1229 */ 1230 static void 1231 ice_tc_set_tos_ttl(struct flow_match_ip *match, 1232 struct ice_tc_flower_fltr *fltr, 1233 struct ice_tc_flower_lyr_2_4_hdrs *headers, 1234 bool is_encap) 1235 { 1236 if (match->mask->tos) { 1237 if (is_encap) 1238 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_IP_TOS; 1239 else 1240 fltr->flags |= ICE_TC_FLWR_FIELD_IP_TOS; 1241 1242 headers->l3_key.tos = match->key->tos; 1243 headers->l3_mask.tos = match->mask->tos; 1244 } 1245 1246 if (match->mask->ttl) { 1247 if (is_encap) 1248 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_IP_TTL; 1249 else 1250 fltr->flags |= ICE_TC_FLWR_FIELD_IP_TTL; 1251 1252 headers->l3_key.ttl = match->key->ttl; 1253 headers->l3_mask.ttl = match->mask->ttl; 1254 } 1255 } 1256 1257 /** 1258 * ice_tc_set_port - Parse ports from TC flower filter 1259 * @match: Flow match structure 1260 * @fltr: Pointer to filter structure 1261 * @headers: inner or outer header fields 1262 * @is_encap: set true for tunnel port 1263 */ 1264 static int 1265 ice_tc_set_port(struct flow_match_ports match, 1266 struct ice_tc_flower_fltr *fltr, 1267 struct ice_tc_flower_lyr_2_4_hdrs *headers, bool is_encap) 1268 { 1269 if (match.key->dst) { 1270 if (is_encap) 1271 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DEST_L4_PORT; 1272 else 1273 fltr->flags |= ICE_TC_FLWR_FIELD_DEST_L4_PORT; 1274 1275 headers->l4_key.dst_port = match.key->dst; 1276 headers->l4_mask.dst_port = match.mask->dst; 1277 } 1278 if (match.key->src) { 1279 if (is_encap) 1280 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT; 1281 else 1282 fltr->flags |= ICE_TC_FLWR_FIELD_SRC_L4_PORT; 1283 1284 headers->l4_key.src_port = match.key->src; 1285 headers->l4_mask.src_port = match.mask->src; 1286 } 1287 return 0; 1288 } 1289 1290 static struct net_device * 1291 ice_get_tunnel_device(struct net_device *dev, struct flow_rule *rule) 1292 { 1293 struct flow_action_entry *act; 1294 int i; 1295 1296 if (ice_is_tunnel_supported(dev)) 1297 return dev; 1298 1299 flow_action_for_each(i, act, &rule->action) { 1300 if (act->id == FLOW_ACTION_REDIRECT && 1301 ice_is_tunnel_supported(act->dev)) 1302 return act->dev; 1303 } 1304 1305 return NULL; 1306 } 1307 1308 /** 1309 * ice_parse_gtp_type - Sets GTP tunnel type to GTP-U or GTP-C 1310 * @match: Flow match structure 1311 * @fltr: Pointer to filter structure 1312 * 1313 * GTP-C/GTP-U is selected based on destination port number (enc_dst_port). 1314 * Before calling this funtcion, fltr->tunnel_type should be set to TNL_GTPU, 1315 * therefore making GTP-U the default choice (when destination port number is 1316 * not specified). 1317 */ 1318 static int 1319 ice_parse_gtp_type(struct flow_match_ports match, 1320 struct ice_tc_flower_fltr *fltr) 1321 { 1322 u16 dst_port; 1323 1324 if (match.key->dst) { 1325 dst_port = be16_to_cpu(match.key->dst); 1326 1327 switch (dst_port) { 1328 case 2152: 1329 break; 1330 case 2123: 1331 fltr->tunnel_type = TNL_GTPC; 1332 break; 1333 default: 1334 NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported GTP port number"); 1335 return -EINVAL; 1336 } 1337 } 1338 1339 return 0; 1340 } 1341 1342 static int 1343 ice_parse_tunnel_attr(struct net_device *dev, struct flow_rule *rule, 1344 struct ice_tc_flower_fltr *fltr) 1345 { 1346 struct ice_tc_flower_lyr_2_4_hdrs *headers = &fltr->outer_headers; 1347 struct flow_match_control enc_control; 1348 1349 fltr->tunnel_type = ice_tc_tun_get_type(dev); 1350 headers->l3_key.ip_proto = IPPROTO_UDP; 1351 1352 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_KEYID)) { 1353 struct flow_match_enc_keyid enc_keyid; 1354 1355 flow_rule_match_enc_keyid(rule, &enc_keyid); 1356 1357 if (!enc_keyid.mask->keyid || 1358 enc_keyid.mask->keyid != cpu_to_be32(ICE_TC_FLOWER_MASK_32)) 1359 return -EINVAL; 1360 1361 fltr->flags |= ICE_TC_FLWR_FIELD_TENANT_ID; 1362 fltr->tenant_id = enc_keyid.key->keyid; 1363 } 1364 1365 flow_rule_match_enc_control(rule, &enc_control); 1366 1367 if (enc_control.key->addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS) { 1368 struct flow_match_ipv4_addrs match; 1369 1370 flow_rule_match_enc_ipv4_addrs(rule, &match); 1371 if (ice_tc_set_ipv4(&match, fltr, headers, true)) 1372 return -EINVAL; 1373 } else if (enc_control.key->addr_type == 1374 FLOW_DISSECTOR_KEY_IPV6_ADDRS) { 1375 struct flow_match_ipv6_addrs match; 1376 1377 flow_rule_match_enc_ipv6_addrs(rule, &match); 1378 if (ice_tc_set_ipv6(&match, fltr, headers, true)) 1379 return -EINVAL; 1380 } 1381 1382 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_IP)) { 1383 struct flow_match_ip match; 1384 1385 flow_rule_match_enc_ip(rule, &match); 1386 ice_tc_set_tos_ttl(&match, fltr, headers, true); 1387 } 1388 1389 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_PORTS) && 1390 fltr->tunnel_type != TNL_VXLAN && fltr->tunnel_type != TNL_GENEVE) { 1391 struct flow_match_ports match; 1392 1393 flow_rule_match_enc_ports(rule, &match); 1394 1395 if (fltr->tunnel_type != TNL_GTPU) { 1396 if (ice_tc_set_port(match, fltr, headers, true)) 1397 return -EINVAL; 1398 } else { 1399 if (ice_parse_gtp_type(match, fltr)) 1400 return -EINVAL; 1401 } 1402 } 1403 1404 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_OPTS)) { 1405 struct flow_match_enc_opts match; 1406 1407 flow_rule_match_enc_opts(rule, &match); 1408 1409 memcpy(&fltr->gtp_pdu_info_keys, &match.key->data[0], 1410 sizeof(struct gtp_pdu_session_info)); 1411 1412 memcpy(&fltr->gtp_pdu_info_masks, &match.mask->data[0], 1413 sizeof(struct gtp_pdu_session_info)); 1414 1415 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_OPTS; 1416 } 1417 1418 return 0; 1419 } 1420 1421 /** 1422 * ice_parse_cls_flower - Parse TC flower filters provided by kernel 1423 * @vsi: Pointer to the VSI 1424 * @filter_dev: Pointer to device on which filter is being added 1425 * @f: Pointer to struct flow_cls_offload 1426 * @fltr: Pointer to filter structure 1427 */ 1428 static int 1429 ice_parse_cls_flower(struct net_device *filter_dev, struct ice_vsi *vsi, 1430 struct flow_cls_offload *f, 1431 struct ice_tc_flower_fltr *fltr) 1432 { 1433 struct ice_tc_flower_lyr_2_4_hdrs *headers = &fltr->outer_headers; 1434 struct flow_rule *rule = flow_cls_offload_flow_rule(f); 1435 u16 n_proto_mask = 0, n_proto_key = 0, addr_type = 0; 1436 struct flow_dissector *dissector; 1437 struct net_device *tunnel_dev; 1438 1439 dissector = rule->match.dissector; 1440 1441 if (dissector->used_keys & 1442 ~(BIT_ULL(FLOW_DISSECTOR_KEY_CONTROL) | 1443 BIT_ULL(FLOW_DISSECTOR_KEY_BASIC) | 1444 BIT_ULL(FLOW_DISSECTOR_KEY_ETH_ADDRS) | 1445 BIT_ULL(FLOW_DISSECTOR_KEY_VLAN) | 1446 BIT_ULL(FLOW_DISSECTOR_KEY_CVLAN) | 1447 BIT_ULL(FLOW_DISSECTOR_KEY_IPV4_ADDRS) | 1448 BIT_ULL(FLOW_DISSECTOR_KEY_IPV6_ADDRS) | 1449 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_CONTROL) | 1450 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_KEYID) | 1451 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) | 1452 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) | 1453 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_PORTS) | 1454 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_OPTS) | 1455 BIT_ULL(FLOW_DISSECTOR_KEY_IP) | 1456 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IP) | 1457 BIT_ULL(FLOW_DISSECTOR_KEY_PORTS) | 1458 BIT_ULL(FLOW_DISSECTOR_KEY_PPPOE) | 1459 BIT_ULL(FLOW_DISSECTOR_KEY_L2TPV3))) { 1460 NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported key used"); 1461 return -EOPNOTSUPP; 1462 } 1463 1464 tunnel_dev = ice_get_tunnel_device(filter_dev, rule); 1465 if (tunnel_dev) { 1466 int err; 1467 1468 filter_dev = tunnel_dev; 1469 1470 err = ice_parse_tunnel_attr(filter_dev, rule, fltr); 1471 if (err) { 1472 NL_SET_ERR_MSG_MOD(fltr->extack, "Failed to parse TC flower tunnel attributes"); 1473 return err; 1474 } 1475 1476 /* header pointers should point to the inner headers, outer 1477 * header were already set by ice_parse_tunnel_attr 1478 */ 1479 headers = &fltr->inner_headers; 1480 } else if (dissector->used_keys & 1481 (BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) | 1482 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) | 1483 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_KEYID) | 1484 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_PORTS))) { 1485 NL_SET_ERR_MSG_MOD(fltr->extack, "Tunnel key used, but device isn't a tunnel"); 1486 return -EOPNOTSUPP; 1487 } else { 1488 fltr->tunnel_type = TNL_LAST; 1489 } 1490 1491 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) { 1492 struct flow_match_basic match; 1493 1494 flow_rule_match_basic(rule, &match); 1495 1496 n_proto_key = ntohs(match.key->n_proto); 1497 n_proto_mask = ntohs(match.mask->n_proto); 1498 1499 if (n_proto_key == ETH_P_ALL || n_proto_key == 0 || 1500 fltr->tunnel_type == TNL_GTPU || 1501 fltr->tunnel_type == TNL_GTPC) { 1502 n_proto_key = 0; 1503 n_proto_mask = 0; 1504 } else { 1505 fltr->flags |= ICE_TC_FLWR_FIELD_ETH_TYPE_ID; 1506 } 1507 1508 headers->l2_key.n_proto = cpu_to_be16(n_proto_key); 1509 headers->l2_mask.n_proto = cpu_to_be16(n_proto_mask); 1510 headers->l3_key.ip_proto = match.key->ip_proto; 1511 } 1512 1513 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ETH_ADDRS)) { 1514 struct flow_match_eth_addrs match; 1515 1516 flow_rule_match_eth_addrs(rule, &match); 1517 1518 if (!is_zero_ether_addr(match.key->dst)) { 1519 ether_addr_copy(headers->l2_key.dst_mac, 1520 match.key->dst); 1521 ether_addr_copy(headers->l2_mask.dst_mac, 1522 match.mask->dst); 1523 fltr->flags |= ICE_TC_FLWR_FIELD_DST_MAC; 1524 } 1525 1526 if (!is_zero_ether_addr(match.key->src)) { 1527 ether_addr_copy(headers->l2_key.src_mac, 1528 match.key->src); 1529 ether_addr_copy(headers->l2_mask.src_mac, 1530 match.mask->src); 1531 fltr->flags |= ICE_TC_FLWR_FIELD_SRC_MAC; 1532 } 1533 } 1534 1535 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_VLAN) || 1536 is_vlan_dev(filter_dev)) { 1537 struct flow_dissector_key_vlan mask; 1538 struct flow_dissector_key_vlan key; 1539 struct flow_match_vlan match; 1540 1541 if (is_vlan_dev(filter_dev)) { 1542 match.key = &key; 1543 match.key->vlan_id = vlan_dev_vlan_id(filter_dev); 1544 match.key->vlan_priority = 0; 1545 match.mask = &mask; 1546 memset(match.mask, 0xff, sizeof(*match.mask)); 1547 match.mask->vlan_priority = 0; 1548 } else { 1549 flow_rule_match_vlan(rule, &match); 1550 } 1551 1552 if (match.mask->vlan_id) { 1553 if (match.mask->vlan_id == VLAN_VID_MASK) { 1554 fltr->flags |= ICE_TC_FLWR_FIELD_VLAN; 1555 headers->vlan_hdr.vlan_id = 1556 cpu_to_be16(match.key->vlan_id & 1557 VLAN_VID_MASK); 1558 } else { 1559 NL_SET_ERR_MSG_MOD(fltr->extack, "Bad VLAN mask"); 1560 return -EINVAL; 1561 } 1562 } 1563 1564 if (match.mask->vlan_priority) { 1565 fltr->flags |= ICE_TC_FLWR_FIELD_VLAN_PRIO; 1566 headers->vlan_hdr.vlan_prio = 1567 be16_encode_bits(match.key->vlan_priority, 1568 VLAN_PRIO_MASK); 1569 } 1570 1571 if (match.mask->vlan_tpid) { 1572 headers->vlan_hdr.vlan_tpid = match.key->vlan_tpid; 1573 fltr->flags |= ICE_TC_FLWR_FIELD_VLAN_TPID; 1574 } 1575 } 1576 1577 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CVLAN)) { 1578 struct flow_match_vlan match; 1579 1580 if (!ice_is_dvm_ena(&vsi->back->hw)) { 1581 NL_SET_ERR_MSG_MOD(fltr->extack, "Double VLAN mode is not enabled"); 1582 return -EINVAL; 1583 } 1584 1585 flow_rule_match_cvlan(rule, &match); 1586 1587 if (match.mask->vlan_id) { 1588 if (match.mask->vlan_id == VLAN_VID_MASK) { 1589 fltr->flags |= ICE_TC_FLWR_FIELD_CVLAN; 1590 headers->cvlan_hdr.vlan_id = 1591 cpu_to_be16(match.key->vlan_id & 1592 VLAN_VID_MASK); 1593 } else { 1594 NL_SET_ERR_MSG_MOD(fltr->extack, 1595 "Bad CVLAN mask"); 1596 return -EINVAL; 1597 } 1598 } 1599 1600 if (match.mask->vlan_priority) { 1601 fltr->flags |= ICE_TC_FLWR_FIELD_CVLAN_PRIO; 1602 headers->cvlan_hdr.vlan_prio = 1603 be16_encode_bits(match.key->vlan_priority, 1604 VLAN_PRIO_MASK); 1605 } 1606 } 1607 1608 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PPPOE)) { 1609 struct flow_match_pppoe match; 1610 1611 flow_rule_match_pppoe(rule, &match); 1612 n_proto_key = ice_tc_set_pppoe(&match, fltr, headers); 1613 1614 /* If ethertype equals ETH_P_PPP_SES, n_proto might be 1615 * overwritten by encapsulated protocol (ppp_proto field) or set 1616 * to 0. To correct this, flow_match_pppoe provides the type 1617 * field, which contains the actual ethertype (ETH_P_PPP_SES). 1618 */ 1619 headers->l2_key.n_proto = cpu_to_be16(n_proto_key); 1620 headers->l2_mask.n_proto = cpu_to_be16(0xFFFF); 1621 fltr->flags |= ICE_TC_FLWR_FIELD_ETH_TYPE_ID; 1622 } 1623 1624 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CONTROL)) { 1625 struct flow_match_control match; 1626 1627 flow_rule_match_control(rule, &match); 1628 1629 addr_type = match.key->addr_type; 1630 } 1631 1632 if (addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS) { 1633 struct flow_match_ipv4_addrs match; 1634 1635 flow_rule_match_ipv4_addrs(rule, &match); 1636 if (ice_tc_set_ipv4(&match, fltr, headers, false)) 1637 return -EINVAL; 1638 } 1639 1640 if (addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS) { 1641 struct flow_match_ipv6_addrs match; 1642 1643 flow_rule_match_ipv6_addrs(rule, &match); 1644 if (ice_tc_set_ipv6(&match, fltr, headers, false)) 1645 return -EINVAL; 1646 } 1647 1648 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IP)) { 1649 struct flow_match_ip match; 1650 1651 flow_rule_match_ip(rule, &match); 1652 ice_tc_set_tos_ttl(&match, fltr, headers, false); 1653 } 1654 1655 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_L2TPV3)) { 1656 struct flow_match_l2tpv3 match; 1657 1658 flow_rule_match_l2tpv3(rule, &match); 1659 1660 fltr->flags |= ICE_TC_FLWR_FIELD_L2TPV3_SESSID; 1661 headers->l2tpv3_hdr.session_id = match.key->session_id; 1662 } 1663 1664 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS)) { 1665 struct flow_match_ports match; 1666 1667 flow_rule_match_ports(rule, &match); 1668 if (ice_tc_set_port(match, fltr, headers, false)) 1669 return -EINVAL; 1670 switch (headers->l3_key.ip_proto) { 1671 case IPPROTO_TCP: 1672 case IPPROTO_UDP: 1673 break; 1674 default: 1675 NL_SET_ERR_MSG_MOD(fltr->extack, "Only UDP and TCP transport are supported"); 1676 return -EINVAL; 1677 } 1678 } 1679 return 0; 1680 } 1681 1682 /** 1683 * ice_add_switch_fltr - Add TC flower filters 1684 * @vsi: Pointer to VSI 1685 * @fltr: Pointer to struct ice_tc_flower_fltr 1686 * 1687 * Add filter in HW switch block 1688 */ 1689 static int 1690 ice_add_switch_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr) 1691 { 1692 if (fltr->action.fltr_act == ICE_FWD_TO_QGRP) 1693 return -EOPNOTSUPP; 1694 1695 if (ice_is_eswitch_mode_switchdev(vsi->back)) 1696 return ice_eswitch_add_tc_fltr(vsi, fltr); 1697 1698 return ice_add_tc_flower_adv_fltr(vsi, fltr); 1699 } 1700 1701 /** 1702 * ice_prep_adq_filter - Prepare ADQ filter with the required additional headers 1703 * @vsi: Pointer to VSI 1704 * @fltr: Pointer to TC flower filter structure 1705 * 1706 * Prepare ADQ filter with the required additional header fields 1707 */ 1708 static int 1709 ice_prep_adq_filter(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr) 1710 { 1711 if ((fltr->flags & ICE_TC_FLWR_FIELD_TENANT_ID) && 1712 (fltr->flags & (ICE_TC_FLWR_FIELD_DST_MAC | 1713 ICE_TC_FLWR_FIELD_SRC_MAC))) { 1714 NL_SET_ERR_MSG_MOD(fltr->extack, 1715 "Unable to add filter because filter using tunnel key and inner MAC is unsupported combination"); 1716 return -EOPNOTSUPP; 1717 } 1718 1719 /* For ADQ, filter must include dest MAC address, otherwise unwanted 1720 * packets with unrelated MAC address get delivered to ADQ VSIs as long 1721 * as remaining filter criteria is satisfied such as dest IP address 1722 * and dest/src L4 port. Below code handles the following cases: 1723 * 1. For non-tunnel, if user specify MAC addresses, use them. 1724 * 2. For non-tunnel, if user didn't specify MAC address, add implicit 1725 * dest MAC to be lower netdev's active unicast MAC address 1726 * 3. For tunnel, as of now TC-filter through flower classifier doesn't 1727 * have provision for user to specify outer DMAC, hence driver to 1728 * implicitly add outer dest MAC to be lower netdev's active unicast 1729 * MAC address. 1730 */ 1731 if (fltr->tunnel_type != TNL_LAST && 1732 !(fltr->flags & ICE_TC_FLWR_FIELD_ENC_DST_MAC)) 1733 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DST_MAC; 1734 1735 if (fltr->tunnel_type == TNL_LAST && 1736 !(fltr->flags & ICE_TC_FLWR_FIELD_DST_MAC)) 1737 fltr->flags |= ICE_TC_FLWR_FIELD_DST_MAC; 1738 1739 if (fltr->flags & (ICE_TC_FLWR_FIELD_DST_MAC | 1740 ICE_TC_FLWR_FIELD_ENC_DST_MAC)) { 1741 ether_addr_copy(fltr->outer_headers.l2_key.dst_mac, 1742 vsi->netdev->dev_addr); 1743 eth_broadcast_addr(fltr->outer_headers.l2_mask.dst_mac); 1744 } 1745 1746 /* Make sure VLAN is already added to main VSI, before allowing ADQ to 1747 * add a VLAN based filter such as MAC + VLAN + L4 port. 1748 */ 1749 if (fltr->flags & ICE_TC_FLWR_FIELD_VLAN) { 1750 u16 vlan_id = be16_to_cpu(fltr->outer_headers.vlan_hdr.vlan_id); 1751 1752 if (!ice_vlan_fltr_exist(&vsi->back->hw, vlan_id, vsi->idx)) { 1753 NL_SET_ERR_MSG_MOD(fltr->extack, 1754 "Unable to add filter because legacy VLAN filter for specified destination doesn't exist"); 1755 return -EINVAL; 1756 } 1757 } 1758 return 0; 1759 } 1760 1761 /** 1762 * ice_handle_tclass_action - Support directing to a traffic class 1763 * @vsi: Pointer to VSI 1764 * @cls_flower: Pointer to TC flower offload structure 1765 * @fltr: Pointer to TC flower filter structure 1766 * 1767 * Support directing traffic to a traffic class/queue-set 1768 */ 1769 static int 1770 ice_handle_tclass_action(struct ice_vsi *vsi, 1771 struct flow_cls_offload *cls_flower, 1772 struct ice_tc_flower_fltr *fltr) 1773 { 1774 int tc = tc_classid_to_hwtc(vsi->netdev, cls_flower->classid); 1775 1776 /* user specified hw_tc (must be non-zero for ADQ TC), action is forward 1777 * to hw_tc (i.e. ADQ channel number) 1778 */ 1779 if (tc < ICE_CHNL_START_TC) { 1780 NL_SET_ERR_MSG_MOD(fltr->extack, 1781 "Unable to add filter because of unsupported destination"); 1782 return -EOPNOTSUPP; 1783 } 1784 if (!(vsi->all_enatc & BIT(tc))) { 1785 NL_SET_ERR_MSG_MOD(fltr->extack, 1786 "Unable to add filter because of non-existence destination"); 1787 return -EINVAL; 1788 } 1789 fltr->action.fltr_act = ICE_FWD_TO_VSI; 1790 fltr->action.fwd.tc.tc_class = tc; 1791 1792 return ice_prep_adq_filter(vsi, fltr); 1793 } 1794 1795 static int 1796 ice_tc_forward_to_queue(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr, 1797 struct flow_action_entry *act) 1798 { 1799 struct ice_vsi *ch_vsi = NULL; 1800 u16 queue = act->rx_queue; 1801 1802 if (queue >= vsi->num_rxq) { 1803 NL_SET_ERR_MSG_MOD(fltr->extack, 1804 "Unable to add filter because specified queue is invalid"); 1805 return -EINVAL; 1806 } 1807 fltr->action.fltr_act = ICE_FWD_TO_Q; 1808 fltr->action.fwd.q.queue = queue; 1809 /* determine corresponding HW queue */ 1810 fltr->action.fwd.q.hw_queue = vsi->rxq_map[queue]; 1811 1812 /* If ADQ is configured, and the queue belongs to ADQ VSI, then prepare 1813 * ADQ switch filter 1814 */ 1815 ch_vsi = ice_locate_vsi_using_queue(vsi, fltr->action.fwd.q.queue); 1816 if (!ch_vsi) 1817 return -EINVAL; 1818 fltr->dest_vsi = ch_vsi; 1819 if (!ice_is_chnl_fltr(fltr)) 1820 return 0; 1821 1822 return ice_prep_adq_filter(vsi, fltr); 1823 } 1824 1825 static int 1826 ice_tc_parse_action(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr, 1827 struct flow_action_entry *act) 1828 { 1829 switch (act->id) { 1830 case FLOW_ACTION_RX_QUEUE_MAPPING: 1831 /* forward to queue */ 1832 return ice_tc_forward_to_queue(vsi, fltr, act); 1833 case FLOW_ACTION_DROP: 1834 fltr->action.fltr_act = ICE_DROP_PACKET; 1835 return 0; 1836 default: 1837 NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported TC action"); 1838 return -EOPNOTSUPP; 1839 } 1840 } 1841 1842 /** 1843 * ice_parse_tc_flower_actions - Parse the actions for a TC filter 1844 * @filter_dev: Pointer to device on which filter is being added 1845 * @vsi: Pointer to VSI 1846 * @cls_flower: Pointer to TC flower offload structure 1847 * @fltr: Pointer to TC flower filter structure 1848 * 1849 * Parse the actions for a TC filter 1850 */ 1851 static int ice_parse_tc_flower_actions(struct net_device *filter_dev, 1852 struct ice_vsi *vsi, 1853 struct flow_cls_offload *cls_flower, 1854 struct ice_tc_flower_fltr *fltr) 1855 { 1856 struct flow_rule *rule = flow_cls_offload_flow_rule(cls_flower); 1857 struct flow_action *flow_action = &rule->action; 1858 struct flow_action_entry *act; 1859 int i, err; 1860 1861 if (cls_flower->classid) 1862 return ice_handle_tclass_action(vsi, cls_flower, fltr); 1863 1864 if (!flow_action_has_entries(flow_action)) 1865 return -EINVAL; 1866 1867 flow_action_for_each(i, act, flow_action) { 1868 if (ice_is_eswitch_mode_switchdev(vsi->back)) 1869 err = ice_eswitch_tc_parse_action(filter_dev, fltr, act); 1870 else 1871 err = ice_tc_parse_action(vsi, fltr, act); 1872 if (err) 1873 return err; 1874 continue; 1875 } 1876 return 0; 1877 } 1878 1879 /** 1880 * ice_del_tc_fltr - deletes a filter from HW table 1881 * @vsi: Pointer to VSI 1882 * @fltr: Pointer to struct ice_tc_flower_fltr 1883 * 1884 * This function deletes a filter from HW table and manages book-keeping 1885 */ 1886 static int ice_del_tc_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr) 1887 { 1888 struct ice_rule_query_data rule_rem; 1889 struct ice_pf *pf = vsi->back; 1890 int err; 1891 1892 rule_rem.rid = fltr->rid; 1893 rule_rem.rule_id = fltr->rule_id; 1894 rule_rem.vsi_handle = fltr->dest_vsi_handle; 1895 err = ice_rem_adv_rule_by_id(&pf->hw, &rule_rem); 1896 if (err) { 1897 if (err == -ENOENT) { 1898 NL_SET_ERR_MSG_MOD(fltr->extack, "Filter does not exist"); 1899 return -ENOENT; 1900 } 1901 NL_SET_ERR_MSG_MOD(fltr->extack, "Failed to delete TC flower filter"); 1902 return -EIO; 1903 } 1904 1905 /* update advanced switch filter count for destination 1906 * VSI if filter destination was VSI 1907 */ 1908 if (fltr->dest_vsi) { 1909 if (fltr->dest_vsi->type == ICE_VSI_CHNL) { 1910 fltr->dest_vsi->num_chnl_fltr--; 1911 1912 /* keeps track of channel filters for PF VSI */ 1913 if (vsi->type == ICE_VSI_PF && 1914 (fltr->flags & (ICE_TC_FLWR_FIELD_DST_MAC | 1915 ICE_TC_FLWR_FIELD_ENC_DST_MAC))) 1916 pf->num_dmac_chnl_fltrs--; 1917 } 1918 } 1919 return 0; 1920 } 1921 1922 /** 1923 * ice_add_tc_fltr - adds a TC flower filter 1924 * @netdev: Pointer to netdev 1925 * @vsi: Pointer to VSI 1926 * @f: Pointer to flower offload structure 1927 * @__fltr: Pointer to struct ice_tc_flower_fltr 1928 * 1929 * This function parses TC-flower input fields, parses action, 1930 * and adds a filter. 1931 */ 1932 static int 1933 ice_add_tc_fltr(struct net_device *netdev, struct ice_vsi *vsi, 1934 struct flow_cls_offload *f, 1935 struct ice_tc_flower_fltr **__fltr) 1936 { 1937 struct ice_tc_flower_fltr *fltr; 1938 int err; 1939 1940 /* by default, set output to be INVALID */ 1941 *__fltr = NULL; 1942 1943 fltr = kzalloc(sizeof(*fltr), GFP_KERNEL); 1944 if (!fltr) 1945 return -ENOMEM; 1946 1947 fltr->cookie = f->cookie; 1948 fltr->extack = f->common.extack; 1949 fltr->src_vsi = vsi; 1950 INIT_HLIST_NODE(&fltr->tc_flower_node); 1951 1952 err = ice_parse_cls_flower(netdev, vsi, f, fltr); 1953 if (err < 0) 1954 goto err; 1955 1956 err = ice_parse_tc_flower_actions(netdev, vsi, f, fltr); 1957 if (err < 0) 1958 goto err; 1959 1960 err = ice_add_switch_fltr(vsi, fltr); 1961 if (err < 0) 1962 goto err; 1963 1964 /* return the newly created filter */ 1965 *__fltr = fltr; 1966 1967 return 0; 1968 err: 1969 kfree(fltr); 1970 return err; 1971 } 1972 1973 /** 1974 * ice_find_tc_flower_fltr - Find the TC flower filter in the list 1975 * @pf: Pointer to PF 1976 * @cookie: filter specific cookie 1977 */ 1978 static struct ice_tc_flower_fltr * 1979 ice_find_tc_flower_fltr(struct ice_pf *pf, unsigned long cookie) 1980 { 1981 struct ice_tc_flower_fltr *fltr; 1982 1983 hlist_for_each_entry(fltr, &pf->tc_flower_fltr_list, tc_flower_node) 1984 if (cookie == fltr->cookie) 1985 return fltr; 1986 1987 return NULL; 1988 } 1989 1990 /** 1991 * ice_add_cls_flower - add TC flower filters 1992 * @netdev: Pointer to filter device 1993 * @vsi: Pointer to VSI 1994 * @cls_flower: Pointer to flower offload structure 1995 */ 1996 int 1997 ice_add_cls_flower(struct net_device *netdev, struct ice_vsi *vsi, 1998 struct flow_cls_offload *cls_flower) 1999 { 2000 struct netlink_ext_ack *extack = cls_flower->common.extack; 2001 struct net_device *vsi_netdev = vsi->netdev; 2002 struct ice_tc_flower_fltr *fltr; 2003 struct ice_pf *pf = vsi->back; 2004 int err; 2005 2006 if (ice_is_reset_in_progress(pf->state)) 2007 return -EBUSY; 2008 if (test_bit(ICE_FLAG_FW_LLDP_AGENT, pf->flags)) 2009 return -EINVAL; 2010 2011 if (ice_is_port_repr_netdev(netdev)) 2012 vsi_netdev = netdev; 2013 2014 if (!(vsi_netdev->features & NETIF_F_HW_TC) && 2015 !test_bit(ICE_FLAG_CLS_FLOWER, pf->flags)) { 2016 /* Based on TC indirect notifications from kernel, all ice 2017 * devices get an instance of rule from higher level device. 2018 * Avoid triggering explicit error in this case. 2019 */ 2020 if (netdev == vsi_netdev) 2021 NL_SET_ERR_MSG_MOD(extack, "can't apply TC flower filters, turn ON hw-tc-offload and try again"); 2022 return -EINVAL; 2023 } 2024 2025 /* avoid duplicate entries, if exists - return error */ 2026 fltr = ice_find_tc_flower_fltr(pf, cls_flower->cookie); 2027 if (fltr) { 2028 NL_SET_ERR_MSG_MOD(extack, "filter cookie already exists, ignoring"); 2029 return -EEXIST; 2030 } 2031 2032 /* prep and add TC-flower filter in HW */ 2033 err = ice_add_tc_fltr(netdev, vsi, cls_flower, &fltr); 2034 if (err) 2035 return err; 2036 2037 /* add filter into an ordered list */ 2038 hlist_add_head(&fltr->tc_flower_node, &pf->tc_flower_fltr_list); 2039 return 0; 2040 } 2041 2042 /** 2043 * ice_del_cls_flower - delete TC flower filters 2044 * @vsi: Pointer to VSI 2045 * @cls_flower: Pointer to struct flow_cls_offload 2046 */ 2047 int 2048 ice_del_cls_flower(struct ice_vsi *vsi, struct flow_cls_offload *cls_flower) 2049 { 2050 struct ice_tc_flower_fltr *fltr; 2051 struct ice_pf *pf = vsi->back; 2052 int err; 2053 2054 /* find filter */ 2055 fltr = ice_find_tc_flower_fltr(pf, cls_flower->cookie); 2056 if (!fltr) { 2057 if (!test_bit(ICE_FLAG_TC_MQPRIO, pf->flags) && 2058 hlist_empty(&pf->tc_flower_fltr_list)) 2059 return 0; 2060 2061 NL_SET_ERR_MSG_MOD(cls_flower->common.extack, "failed to delete TC flower filter because unable to find it"); 2062 return -EINVAL; 2063 } 2064 2065 fltr->extack = cls_flower->common.extack; 2066 /* delete filter from HW */ 2067 err = ice_del_tc_fltr(vsi, fltr); 2068 if (err) 2069 return err; 2070 2071 /* delete filter from an ordered list */ 2072 hlist_del(&fltr->tc_flower_node); 2073 2074 /* free the filter node */ 2075 kfree(fltr); 2076 2077 return 0; 2078 } 2079 2080 /** 2081 * ice_replay_tc_fltrs - replay TC filters 2082 * @pf: pointer to PF struct 2083 */ 2084 void ice_replay_tc_fltrs(struct ice_pf *pf) 2085 { 2086 struct ice_tc_flower_fltr *fltr; 2087 struct hlist_node *node; 2088 2089 hlist_for_each_entry_safe(fltr, node, 2090 &pf->tc_flower_fltr_list, 2091 tc_flower_node) { 2092 fltr->extack = NULL; 2093 ice_add_switch_fltr(fltr->src_vsi, fltr); 2094 } 2095 } 2096