1 /* 2 * Copyright (C) 2017 Netronome Systems, Inc. 3 * 4 * This software is dual licensed under the GNU General License Version 2, 5 * June 1991 as shown in the file COPYING in the top-level directory of this 6 * source tree or the BSD 2-Clause License provided below. You have the 7 * option to license this software under the complete terms of either license. 8 * 9 * The BSD 2-Clause License: 10 * 11 * Redistribution and use in source and binary forms, with or 12 * without modification, are permitted provided that the following 13 * conditions are met: 14 * 15 * 1. Redistributions of source code must retain the above 16 * copyright notice, this list of conditions and the following 17 * disclaimer. 18 * 19 * 2. Redistributions in binary form must reproduce the above 20 * copyright notice, this list of conditions and the following 21 * disclaimer in the documentation and/or other materials 22 * provided with the distribution. 23 * 24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 25 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 26 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 27 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 28 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 29 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 30 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 31 * SOFTWARE. 32 */ 33 34 #include <linux/bitfield.h> 35 #include <net/pkt_cls.h> 36 #include <net/switchdev.h> 37 #include <net/tc_act/tc_gact.h> 38 #include <net/tc_act/tc_mirred.h> 39 #include <net/tc_act/tc_pedit.h> 40 #include <net/tc_act/tc_vlan.h> 41 #include <net/tc_act/tc_tunnel_key.h> 42 43 #include "cmsg.h" 44 #include "main.h" 45 #include "../nfp_net_repr.h" 46 47 static void nfp_fl_pop_vlan(struct nfp_fl_pop_vlan *pop_vlan) 48 { 49 size_t act_size = sizeof(struct nfp_fl_pop_vlan); 50 51 pop_vlan->head.jump_id = NFP_FL_ACTION_OPCODE_POP_VLAN; 52 pop_vlan->head.len_lw = act_size >> NFP_FL_LW_SIZ; 53 pop_vlan->reserved = 0; 54 } 55 56 static void 57 nfp_fl_push_vlan(struct nfp_fl_push_vlan *push_vlan, 58 const struct tc_action *action) 59 { 60 size_t act_size = sizeof(struct nfp_fl_push_vlan); 61 struct tcf_vlan *vlan = to_vlan(action); 62 u16 tmp_push_vlan_tci; 63 64 push_vlan->head.jump_id = NFP_FL_ACTION_OPCODE_PUSH_VLAN; 65 push_vlan->head.len_lw = act_size >> NFP_FL_LW_SIZ; 66 push_vlan->reserved = 0; 67 push_vlan->vlan_tpid = tcf_vlan_push_proto(action); 68 69 tmp_push_vlan_tci = 70 FIELD_PREP(NFP_FL_PUSH_VLAN_PRIO, vlan->tcfv_push_prio) | 71 FIELD_PREP(NFP_FL_PUSH_VLAN_VID, vlan->tcfv_push_vid) | 72 NFP_FL_PUSH_VLAN_CFI; 73 push_vlan->vlan_tci = cpu_to_be16(tmp_push_vlan_tci); 74 } 75 76 static bool nfp_fl_netdev_is_tunnel_type(struct net_device *out_dev, 77 enum nfp_flower_tun_type tun_type) 78 { 79 if (!out_dev->rtnl_link_ops) 80 return false; 81 82 if (!strcmp(out_dev->rtnl_link_ops->kind, "vxlan")) 83 return tun_type == NFP_FL_TUNNEL_VXLAN; 84 85 return false; 86 } 87 88 static int 89 nfp_fl_output(struct nfp_fl_output *output, const struct tc_action *action, 90 struct nfp_fl_payload *nfp_flow, bool last, 91 struct net_device *in_dev, enum nfp_flower_tun_type tun_type, 92 int *tun_out_cnt) 93 { 94 size_t act_size = sizeof(struct nfp_fl_output); 95 struct net_device *out_dev; 96 u16 tmp_flags; 97 int ifindex; 98 99 output->head.jump_id = NFP_FL_ACTION_OPCODE_OUTPUT; 100 output->head.len_lw = act_size >> NFP_FL_LW_SIZ; 101 102 ifindex = tcf_mirred_ifindex(action); 103 out_dev = __dev_get_by_index(dev_net(in_dev), ifindex); 104 if (!out_dev) 105 return -EOPNOTSUPP; 106 107 tmp_flags = last ? NFP_FL_OUT_FLAGS_LAST : 0; 108 109 if (tun_type) { 110 /* Verify the egress netdev matches the tunnel type. */ 111 if (!nfp_fl_netdev_is_tunnel_type(out_dev, tun_type)) 112 return -EOPNOTSUPP; 113 114 if (*tun_out_cnt) 115 return -EOPNOTSUPP; 116 (*tun_out_cnt)++; 117 118 output->flags = cpu_to_be16(tmp_flags | 119 NFP_FL_OUT_FLAGS_USE_TUN); 120 output->port = cpu_to_be32(NFP_FL_PORT_TYPE_TUN | tun_type); 121 } else { 122 /* Set action output parameters. */ 123 output->flags = cpu_to_be16(tmp_flags); 124 125 /* Only offload if egress ports are on the same device as the 126 * ingress port. 127 */ 128 if (!switchdev_port_same_parent_id(in_dev, out_dev)) 129 return -EOPNOTSUPP; 130 131 output->port = cpu_to_be32(nfp_repr_get_port_id(out_dev)); 132 if (!output->port) 133 return -EOPNOTSUPP; 134 } 135 nfp_flow->meta.shortcut = output->port; 136 137 return 0; 138 } 139 140 static bool nfp_fl_supported_tun_port(const struct tc_action *action) 141 { 142 struct ip_tunnel_info *tun = tcf_tunnel_info(action); 143 144 return tun->key.tp_dst == htons(NFP_FL_VXLAN_PORT); 145 } 146 147 static struct nfp_fl_pre_tunnel *nfp_fl_pre_tunnel(char *act_data, int act_len) 148 { 149 size_t act_size = sizeof(struct nfp_fl_pre_tunnel); 150 struct nfp_fl_pre_tunnel *pre_tun_act; 151 152 /* Pre_tunnel action must be first on action list. 153 * If other actions already exist they need pushed forward. 154 */ 155 if (act_len) 156 memmove(act_data + act_size, act_data, act_len); 157 158 pre_tun_act = (struct nfp_fl_pre_tunnel *)act_data; 159 160 memset(pre_tun_act, 0, act_size); 161 162 pre_tun_act->head.jump_id = NFP_FL_ACTION_OPCODE_PRE_TUNNEL; 163 pre_tun_act->head.len_lw = act_size >> NFP_FL_LW_SIZ; 164 165 return pre_tun_act; 166 } 167 168 static int 169 nfp_fl_set_vxlan(struct nfp_fl_set_vxlan *set_vxlan, 170 const struct tc_action *action, 171 struct nfp_fl_pre_tunnel *pre_tun) 172 { 173 struct ip_tunnel_info *vxlan = tcf_tunnel_info(action); 174 size_t act_size = sizeof(struct nfp_fl_set_vxlan); 175 u32 tmp_set_vxlan_type_index = 0; 176 /* Currently support one pre-tunnel so index is always 0. */ 177 int pretun_idx = 0; 178 179 if (vxlan->options_len) { 180 /* Do not support options e.g. vxlan gpe. */ 181 return -EOPNOTSUPP; 182 } 183 184 set_vxlan->head.jump_id = NFP_FL_ACTION_OPCODE_SET_IPV4_TUNNEL; 185 set_vxlan->head.len_lw = act_size >> NFP_FL_LW_SIZ; 186 187 /* Set tunnel type and pre-tunnel index. */ 188 tmp_set_vxlan_type_index |= 189 FIELD_PREP(NFP_FL_IPV4_TUNNEL_TYPE, NFP_FL_TUNNEL_VXLAN) | 190 FIELD_PREP(NFP_FL_IPV4_PRE_TUN_INDEX, pretun_idx); 191 192 set_vxlan->tun_type_index = cpu_to_be32(tmp_set_vxlan_type_index); 193 194 set_vxlan->tun_id = vxlan->key.tun_id; 195 set_vxlan->tun_flags = vxlan->key.tun_flags; 196 set_vxlan->ipv4_ttl = vxlan->key.ttl; 197 set_vxlan->ipv4_tos = vxlan->key.tos; 198 199 /* Complete pre_tunnel action. */ 200 pre_tun->ipv4_dst = vxlan->key.u.ipv4.dst; 201 202 return 0; 203 } 204 205 static void nfp_fl_set_helper32(u32 value, u32 mask, u8 *p_exact, u8 *p_mask) 206 { 207 u32 oldvalue = get_unaligned((u32 *)p_exact); 208 u32 oldmask = get_unaligned((u32 *)p_mask); 209 210 value &= mask; 211 value |= oldvalue & ~mask; 212 213 put_unaligned(oldmask | mask, (u32 *)p_mask); 214 put_unaligned(value, (u32 *)p_exact); 215 } 216 217 static int 218 nfp_fl_set_eth(const struct tc_action *action, int idx, u32 off, 219 struct nfp_fl_set_eth *set_eth) 220 { 221 u32 exact, mask; 222 223 if (off + 4 > ETH_ALEN * 2) 224 return -EOPNOTSUPP; 225 226 mask = ~tcf_pedit_mask(action, idx); 227 exact = tcf_pedit_val(action, idx); 228 229 if (exact & ~mask) 230 return -EOPNOTSUPP; 231 232 nfp_fl_set_helper32(exact, mask, &set_eth->eth_addr_val[off], 233 &set_eth->eth_addr_mask[off]); 234 235 set_eth->reserved = cpu_to_be16(0); 236 set_eth->head.jump_id = NFP_FL_ACTION_OPCODE_SET_ETHERNET; 237 set_eth->head.len_lw = sizeof(*set_eth) >> NFP_FL_LW_SIZ; 238 239 return 0; 240 } 241 242 static int 243 nfp_fl_set_ip4(const struct tc_action *action, int idx, u32 off, 244 struct nfp_fl_set_ip4_addrs *set_ip_addr) 245 { 246 __be32 exact, mask; 247 248 /* We are expecting tcf_pedit to return a big endian value */ 249 mask = (__force __be32)~tcf_pedit_mask(action, idx); 250 exact = (__force __be32)tcf_pedit_val(action, idx); 251 252 if (exact & ~mask) 253 return -EOPNOTSUPP; 254 255 switch (off) { 256 case offsetof(struct iphdr, daddr): 257 set_ip_addr->ipv4_dst_mask = mask; 258 set_ip_addr->ipv4_dst = exact; 259 break; 260 case offsetof(struct iphdr, saddr): 261 set_ip_addr->ipv4_src_mask = mask; 262 set_ip_addr->ipv4_src = exact; 263 break; 264 default: 265 return -EOPNOTSUPP; 266 } 267 268 set_ip_addr->reserved = cpu_to_be16(0); 269 set_ip_addr->head.jump_id = NFP_FL_ACTION_OPCODE_SET_IPV4_ADDRS; 270 set_ip_addr->head.len_lw = sizeof(*set_ip_addr) >> NFP_FL_LW_SIZ; 271 272 return 0; 273 } 274 275 static void 276 nfp_fl_set_ip6_helper(int opcode_tag, int idx, __be32 exact, __be32 mask, 277 struct nfp_fl_set_ipv6_addr *ip6) 278 { 279 ip6->ipv6[idx % 4].mask = mask; 280 ip6->ipv6[idx % 4].exact = exact; 281 282 ip6->reserved = cpu_to_be16(0); 283 ip6->head.jump_id = opcode_tag; 284 ip6->head.len_lw = sizeof(*ip6) >> NFP_FL_LW_SIZ; 285 } 286 287 static int 288 nfp_fl_set_ip6(const struct tc_action *action, int idx, u32 off, 289 struct nfp_fl_set_ipv6_addr *ip_dst, 290 struct nfp_fl_set_ipv6_addr *ip_src) 291 { 292 __be32 exact, mask; 293 294 /* We are expecting tcf_pedit to return a big endian value */ 295 mask = (__force __be32)~tcf_pedit_mask(action, idx); 296 exact = (__force __be32)tcf_pedit_val(action, idx); 297 298 if (exact & ~mask) 299 return -EOPNOTSUPP; 300 301 if (off < offsetof(struct ipv6hdr, saddr)) 302 return -EOPNOTSUPP; 303 else if (off < offsetof(struct ipv6hdr, daddr)) 304 nfp_fl_set_ip6_helper(NFP_FL_ACTION_OPCODE_SET_IPV6_SRC, idx, 305 exact, mask, ip_src); 306 else if (off < offsetof(struct ipv6hdr, daddr) + 307 sizeof(struct in6_addr)) 308 nfp_fl_set_ip6_helper(NFP_FL_ACTION_OPCODE_SET_IPV6_DST, idx, 309 exact, mask, ip_dst); 310 else 311 return -EOPNOTSUPP; 312 313 return 0; 314 } 315 316 static int 317 nfp_fl_set_tport(const struct tc_action *action, int idx, u32 off, 318 struct nfp_fl_set_tport *set_tport, int opcode) 319 { 320 u32 exact, mask; 321 322 if (off) 323 return -EOPNOTSUPP; 324 325 mask = ~tcf_pedit_mask(action, idx); 326 exact = tcf_pedit_val(action, idx); 327 328 if (exact & ~mask) 329 return -EOPNOTSUPP; 330 331 nfp_fl_set_helper32(exact, mask, set_tport->tp_port_val, 332 set_tport->tp_port_mask); 333 334 set_tport->reserved = cpu_to_be16(0); 335 set_tport->head.jump_id = opcode; 336 set_tport->head.len_lw = sizeof(*set_tport) >> NFP_FL_LW_SIZ; 337 338 return 0; 339 } 340 341 static int 342 nfp_fl_pedit(const struct tc_action *action, char *nfp_action, int *a_len) 343 { 344 struct nfp_fl_set_ipv6_addr set_ip6_dst, set_ip6_src; 345 struct nfp_fl_set_ip4_addrs set_ip_addr; 346 struct nfp_fl_set_tport set_tport; 347 struct nfp_fl_set_eth set_eth; 348 enum pedit_header_type htype; 349 int idx, nkeys, err; 350 size_t act_size; 351 u32 offset, cmd; 352 353 memset(&set_ip6_dst, 0, sizeof(set_ip6_dst)); 354 memset(&set_ip6_src, 0, sizeof(set_ip6_src)); 355 memset(&set_ip_addr, 0, sizeof(set_ip_addr)); 356 memset(&set_tport, 0, sizeof(set_tport)); 357 memset(&set_eth, 0, sizeof(set_eth)); 358 nkeys = tcf_pedit_nkeys(action); 359 360 for (idx = 0; idx < nkeys; idx++) { 361 cmd = tcf_pedit_cmd(action, idx); 362 htype = tcf_pedit_htype(action, idx); 363 offset = tcf_pedit_offset(action, idx); 364 365 if (cmd != TCA_PEDIT_KEY_EX_CMD_SET) 366 return -EOPNOTSUPP; 367 368 switch (htype) { 369 case TCA_PEDIT_KEY_EX_HDR_TYPE_ETH: 370 err = nfp_fl_set_eth(action, idx, offset, &set_eth); 371 break; 372 case TCA_PEDIT_KEY_EX_HDR_TYPE_IP4: 373 err = nfp_fl_set_ip4(action, idx, offset, &set_ip_addr); 374 break; 375 case TCA_PEDIT_KEY_EX_HDR_TYPE_IP6: 376 err = nfp_fl_set_ip6(action, idx, offset, &set_ip6_dst, 377 &set_ip6_src); 378 break; 379 case TCA_PEDIT_KEY_EX_HDR_TYPE_TCP: 380 err = nfp_fl_set_tport(action, idx, offset, &set_tport, 381 NFP_FL_ACTION_OPCODE_SET_TCP); 382 break; 383 case TCA_PEDIT_KEY_EX_HDR_TYPE_UDP: 384 err = nfp_fl_set_tport(action, idx, offset, &set_tport, 385 NFP_FL_ACTION_OPCODE_SET_UDP); 386 break; 387 default: 388 return -EOPNOTSUPP; 389 } 390 if (err) 391 return err; 392 } 393 394 if (set_eth.head.len_lw) { 395 act_size = sizeof(set_eth); 396 memcpy(nfp_action, &set_eth, act_size); 397 *a_len += act_size; 398 } else if (set_ip_addr.head.len_lw) { 399 act_size = sizeof(set_ip_addr); 400 memcpy(nfp_action, &set_ip_addr, act_size); 401 *a_len += act_size; 402 } else if (set_ip6_dst.head.len_lw && set_ip6_src.head.len_lw) { 403 /* TC compiles set src and dst IPv6 address as a single action, 404 * the hardware requires this to be 2 separate actions. 405 */ 406 act_size = sizeof(set_ip6_src); 407 memcpy(nfp_action, &set_ip6_src, act_size); 408 *a_len += act_size; 409 410 act_size = sizeof(set_ip6_dst); 411 memcpy(&nfp_action[sizeof(set_ip6_src)], &set_ip6_dst, 412 act_size); 413 *a_len += act_size; 414 } else if (set_ip6_dst.head.len_lw) { 415 act_size = sizeof(set_ip6_dst); 416 memcpy(nfp_action, &set_ip6_dst, act_size); 417 *a_len += act_size; 418 } else if (set_ip6_src.head.len_lw) { 419 act_size = sizeof(set_ip6_src); 420 memcpy(nfp_action, &set_ip6_src, act_size); 421 *a_len += act_size; 422 } else if (set_tport.head.len_lw) { 423 act_size = sizeof(set_tport); 424 memcpy(nfp_action, &set_tport, act_size); 425 *a_len += act_size; 426 } 427 428 return 0; 429 } 430 431 static int 432 nfp_flower_loop_action(const struct tc_action *a, 433 struct nfp_fl_payload *nfp_fl, int *a_len, 434 struct net_device *netdev, 435 enum nfp_flower_tun_type *tun_type, int *tun_out_cnt) 436 { 437 struct nfp_fl_pre_tunnel *pre_tun; 438 struct nfp_fl_set_vxlan *s_vxl; 439 struct nfp_fl_push_vlan *psh_v; 440 struct nfp_fl_pop_vlan *pop_v; 441 struct nfp_fl_output *output; 442 int err; 443 444 if (is_tcf_gact_shot(a)) { 445 nfp_fl->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_DROP); 446 } else if (is_tcf_mirred_egress_redirect(a)) { 447 if (*a_len + sizeof(struct nfp_fl_output) > NFP_FL_MAX_A_SIZ) 448 return -EOPNOTSUPP; 449 450 output = (struct nfp_fl_output *)&nfp_fl->action_data[*a_len]; 451 err = nfp_fl_output(output, a, nfp_fl, true, netdev, *tun_type, 452 tun_out_cnt); 453 if (err) 454 return err; 455 456 *a_len += sizeof(struct nfp_fl_output); 457 } else if (is_tcf_mirred_egress_mirror(a)) { 458 if (*a_len + sizeof(struct nfp_fl_output) > NFP_FL_MAX_A_SIZ) 459 return -EOPNOTSUPP; 460 461 output = (struct nfp_fl_output *)&nfp_fl->action_data[*a_len]; 462 err = nfp_fl_output(output, a, nfp_fl, false, netdev, *tun_type, 463 tun_out_cnt); 464 if (err) 465 return err; 466 467 *a_len += sizeof(struct nfp_fl_output); 468 } else if (is_tcf_vlan(a) && tcf_vlan_action(a) == TCA_VLAN_ACT_POP) { 469 if (*a_len + sizeof(struct nfp_fl_pop_vlan) > NFP_FL_MAX_A_SIZ) 470 return -EOPNOTSUPP; 471 472 pop_v = (struct nfp_fl_pop_vlan *)&nfp_fl->action_data[*a_len]; 473 nfp_fl->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_POPV); 474 475 nfp_fl_pop_vlan(pop_v); 476 *a_len += sizeof(struct nfp_fl_pop_vlan); 477 } else if (is_tcf_vlan(a) && tcf_vlan_action(a) == TCA_VLAN_ACT_PUSH) { 478 if (*a_len + sizeof(struct nfp_fl_push_vlan) > NFP_FL_MAX_A_SIZ) 479 return -EOPNOTSUPP; 480 481 psh_v = (struct nfp_fl_push_vlan *)&nfp_fl->action_data[*a_len]; 482 nfp_fl->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_NULL); 483 484 nfp_fl_push_vlan(psh_v, a); 485 *a_len += sizeof(struct nfp_fl_push_vlan); 486 } else if (is_tcf_tunnel_set(a) && nfp_fl_supported_tun_port(a)) { 487 /* Pre-tunnel action is required for tunnel encap. 488 * This checks for next hop entries on NFP. 489 * If none, the packet falls back before applying other actions. 490 */ 491 if (*a_len + sizeof(struct nfp_fl_pre_tunnel) + 492 sizeof(struct nfp_fl_set_vxlan) > NFP_FL_MAX_A_SIZ) 493 return -EOPNOTSUPP; 494 495 *tun_type = NFP_FL_TUNNEL_VXLAN; 496 pre_tun = nfp_fl_pre_tunnel(nfp_fl->action_data, *a_len); 497 nfp_fl->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_NULL); 498 *a_len += sizeof(struct nfp_fl_pre_tunnel); 499 500 s_vxl = (struct nfp_fl_set_vxlan *)&nfp_fl->action_data[*a_len]; 501 err = nfp_fl_set_vxlan(s_vxl, a, pre_tun); 502 if (err) 503 return err; 504 505 *a_len += sizeof(struct nfp_fl_set_vxlan); 506 } else if (is_tcf_tunnel_release(a)) { 507 /* Tunnel decap is handled by default so accept action. */ 508 return 0; 509 } else if (is_tcf_pedit(a)) { 510 if (nfp_fl_pedit(a, &nfp_fl->action_data[*a_len], a_len)) 511 return -EOPNOTSUPP; 512 } else { 513 /* Currently we do not handle any other actions. */ 514 return -EOPNOTSUPP; 515 } 516 517 return 0; 518 } 519 520 int nfp_flower_compile_action(struct tc_cls_flower_offload *flow, 521 struct net_device *netdev, 522 struct nfp_fl_payload *nfp_flow) 523 { 524 int act_len, act_cnt, err, tun_out_cnt; 525 enum nfp_flower_tun_type tun_type; 526 const struct tc_action *a; 527 LIST_HEAD(actions); 528 529 memset(nfp_flow->action_data, 0, NFP_FL_MAX_A_SIZ); 530 nfp_flow->meta.act_len = 0; 531 tun_type = NFP_FL_TUNNEL_NONE; 532 act_len = 0; 533 act_cnt = 0; 534 tun_out_cnt = 0; 535 536 tcf_exts_to_list(flow->exts, &actions); 537 list_for_each_entry(a, &actions, list) { 538 err = nfp_flower_loop_action(a, nfp_flow, &act_len, netdev, 539 &tun_type, &tun_out_cnt); 540 if (err) 541 return err; 542 act_cnt++; 543 } 544 545 /* We optimise when the action list is small, this can unfortunately 546 * not happen once we have more than one action in the action list. 547 */ 548 if (act_cnt > 1) 549 nfp_flow->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_NULL); 550 551 nfp_flow->meta.act_len = act_len; 552 553 return 0; 554 } 555