1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35#include <net/tc_act/tc_mirred.h>
36#include <net/tc_act/tc_pedit.h>
37#include <net/tc_act/tc_gact.h>
38#include <net/tc_act/tc_vlan.h>
39
40#include "cxgb4.h"
41#include "cxgb4_filter.h"
42#include "cxgb4_tc_flower.h"
43
44#define STATS_CHECK_PERIOD (HZ / 2)
45
46static struct ch_tc_pedit_fields pedits[] = {
47 PEDIT_FIELDS(ETH_, DMAC_31_0, 4, dmac, 0),
48 PEDIT_FIELDS(ETH_, DMAC_47_32, 2, dmac, 4),
49 PEDIT_FIELDS(ETH_, SMAC_15_0, 2, smac, 0),
50 PEDIT_FIELDS(ETH_, SMAC_47_16, 4, smac, 2),
51 PEDIT_FIELDS(IP4_, SRC, 4, nat_fip, 0),
52 PEDIT_FIELDS(IP4_, DST, 4, nat_lip, 0),
53 PEDIT_FIELDS(IP6_, SRC_31_0, 4, nat_fip, 0),
54 PEDIT_FIELDS(IP6_, SRC_63_32, 4, nat_fip, 4),
55 PEDIT_FIELDS(IP6_, SRC_95_64, 4, nat_fip, 8),
56 PEDIT_FIELDS(IP6_, SRC_127_96, 4, nat_fip, 12),
57 PEDIT_FIELDS(IP6_, DST_31_0, 4, nat_lip, 0),
58 PEDIT_FIELDS(IP6_, DST_63_32, 4, nat_lip, 4),
59 PEDIT_FIELDS(IP6_, DST_95_64, 4, nat_lip, 8),
60 PEDIT_FIELDS(IP6_, DST_127_96, 4, nat_lip, 12),
61};
62
63static const struct cxgb4_natmode_config cxgb4_natmode_config_array[] = {
64
65 {
66 .chip = CHELSIO_T5,
67 .flags = CXGB4_ACTION_NATMODE_NONE,
68 .natmode = NAT_MODE_NONE,
69 },
70 {
71 .chip = CHELSIO_T5,
72 .flags = CXGB4_ACTION_NATMODE_DIP,
73 .natmode = NAT_MODE_DIP,
74 },
75 {
76 .chip = CHELSIO_T5,
77 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_DPORT,
78 .natmode = NAT_MODE_DIP_DP,
79 },
80 {
81 .chip = CHELSIO_T5,
82 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_DPORT |
83 CXGB4_ACTION_NATMODE_SIP,
84 .natmode = NAT_MODE_DIP_DP_SIP,
85 },
86 {
87 .chip = CHELSIO_T5,
88 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_DPORT |
89 CXGB4_ACTION_NATMODE_SPORT,
90 .natmode = NAT_MODE_DIP_DP_SP,
91 },
92 {
93 .chip = CHELSIO_T5,
94 .flags = CXGB4_ACTION_NATMODE_SIP | CXGB4_ACTION_NATMODE_SPORT,
95 .natmode = NAT_MODE_SIP_SP,
96 },
97 {
98 .chip = CHELSIO_T5,
99 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SIP |
100 CXGB4_ACTION_NATMODE_SPORT,
101 .natmode = NAT_MODE_DIP_SIP_SP,
102 },
103 {
104 .chip = CHELSIO_T5,
105 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SIP |
106 CXGB4_ACTION_NATMODE_DPORT |
107 CXGB4_ACTION_NATMODE_SPORT,
108 .natmode = NAT_MODE_ALL,
109 },
110
111 {
112 .chip = CHELSIO_T6,
113 .flags = CXGB4_ACTION_NATMODE_SIP,
114 .natmode = NAT_MODE_SIP_SP,
115 },
116 {
117 .chip = CHELSIO_T6,
118 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SPORT,
119 .natmode = NAT_MODE_DIP_DP_SP,
120 },
121 {
122 .chip = CHELSIO_T6,
123 .flags = CXGB4_ACTION_NATMODE_DIP | CXGB4_ACTION_NATMODE_SIP,
124 .natmode = NAT_MODE_ALL,
125 },
126};
127
128static void cxgb4_action_natmode_tweak(struct ch_filter_specification *fs,
129 u8 natmode_flags)
130{
131 u8 i = 0;
132
133
134
135
136
137
138 for (i = 0; i < ARRAY_SIZE(cxgb4_natmode_config_array); i++) {
139 if (cxgb4_natmode_config_array[i].flags == natmode_flags) {
140 fs->nat_mode = cxgb4_natmode_config_array[i].natmode;
141 return;
142 }
143 }
144}
145
146static struct ch_tc_flower_entry *allocate_flower_entry(void)
147{
148 struct ch_tc_flower_entry *new = kzalloc(sizeof(*new), GFP_KERNEL);
149 if (new)
150 spin_lock_init(&new->lock);
151 return new;
152}
153
154
155static struct ch_tc_flower_entry *ch_flower_lookup(struct adapter *adap,
156 unsigned long flower_cookie)
157{
158 return rhashtable_lookup_fast(&adap->flower_tbl, &flower_cookie,
159 adap->flower_ht_params);
160}
161
162static void cxgb4_process_flow_match(struct net_device *dev,
163 struct flow_rule *rule,
164 struct ch_filter_specification *fs)
165{
166 u16 addr_type = 0;
167
168 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CONTROL)) {
169 struct flow_match_control match;
170
171 flow_rule_match_control(rule, &match);
172 addr_type = match.key->addr_type;
173 } else if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV4_ADDRS)) {
174 addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS;
175 } else if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IPV6_ADDRS)) {
176 addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
177 }
178
179 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) {
180 struct flow_match_basic match;
181 u16 ethtype_key, ethtype_mask;
182
183 flow_rule_match_basic(rule, &match);
184 ethtype_key = ntohs(match.key->n_proto);
185 ethtype_mask = ntohs(match.mask->n_proto);
186
187 if (ethtype_key == ETH_P_ALL) {
188 ethtype_key = 0;
189 ethtype_mask = 0;
190 }
191
192 if (ethtype_key == ETH_P_IPV6)
193 fs->type = 1;
194
195 fs->val.ethtype = ethtype_key;
196 fs->mask.ethtype = ethtype_mask;
197 fs->val.proto = match.key->ip_proto;
198 fs->mask.proto = match.mask->ip_proto;
199 }
200
201 if (addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS) {
202 struct flow_match_ipv4_addrs match;
203
204 flow_rule_match_ipv4_addrs(rule, &match);
205 fs->type = 0;
206 memcpy(&fs->val.lip[0], &match.key->dst, sizeof(match.key->dst));
207 memcpy(&fs->val.fip[0], &match.key->src, sizeof(match.key->src));
208 memcpy(&fs->mask.lip[0], &match.mask->dst, sizeof(match.mask->dst));
209 memcpy(&fs->mask.fip[0], &match.mask->src, sizeof(match.mask->src));
210
211
212 memcpy(&fs->nat_lip[0], &match.key->dst, sizeof(match.key->dst));
213 memcpy(&fs->nat_fip[0], &match.key->src, sizeof(match.key->src));
214 }
215
216 if (addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS) {
217 struct flow_match_ipv6_addrs match;
218
219 flow_rule_match_ipv6_addrs(rule, &match);
220 fs->type = 1;
221 memcpy(&fs->val.lip[0], match.key->dst.s6_addr,
222 sizeof(match.key->dst));
223 memcpy(&fs->val.fip[0], match.key->src.s6_addr,
224 sizeof(match.key->src));
225 memcpy(&fs->mask.lip[0], match.mask->dst.s6_addr,
226 sizeof(match.mask->dst));
227 memcpy(&fs->mask.fip[0], match.mask->src.s6_addr,
228 sizeof(match.mask->src));
229
230
231 memcpy(&fs->nat_lip[0], match.key->dst.s6_addr,
232 sizeof(match.key->dst));
233 memcpy(&fs->nat_fip[0], match.key->src.s6_addr,
234 sizeof(match.key->src));
235 }
236
237 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS)) {
238 struct flow_match_ports match;
239
240 flow_rule_match_ports(rule, &match);
241 fs->val.lport = be16_to_cpu(match.key->dst);
242 fs->mask.lport = be16_to_cpu(match.mask->dst);
243 fs->val.fport = be16_to_cpu(match.key->src);
244 fs->mask.fport = be16_to_cpu(match.mask->src);
245
246
247 fs->nat_lport = fs->val.lport;
248 fs->nat_fport = fs->val.fport;
249 }
250
251 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IP)) {
252 struct flow_match_ip match;
253
254 flow_rule_match_ip(rule, &match);
255 fs->val.tos = match.key->tos;
256 fs->mask.tos = match.mask->tos;
257 }
258
259 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_KEYID)) {
260 struct flow_match_enc_keyid match;
261
262 flow_rule_match_enc_keyid(rule, &match);
263 fs->val.vni = be32_to_cpu(match.key->keyid);
264 fs->mask.vni = be32_to_cpu(match.mask->keyid);
265 if (fs->mask.vni) {
266 fs->val.encap_vld = 1;
267 fs->mask.encap_vld = 1;
268 }
269 }
270
271 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_VLAN)) {
272 struct flow_match_vlan match;
273 u16 vlan_tci, vlan_tci_mask;
274
275 flow_rule_match_vlan(rule, &match);
276 vlan_tci = match.key->vlan_id | (match.key->vlan_priority <<
277 VLAN_PRIO_SHIFT);
278 vlan_tci_mask = match.mask->vlan_id | (match.mask->vlan_priority <<
279 VLAN_PRIO_SHIFT);
280 fs->val.ivlan = vlan_tci;
281 fs->mask.ivlan = vlan_tci_mask;
282
283 fs->val.ivlan_vld = 1;
284 fs->mask.ivlan_vld = 1;
285
286
287
288
289
290
291
292
293
294
295 if (fs->val.ethtype == ETH_P_8021Q) {
296 fs->val.ethtype = 0;
297 fs->mask.ethtype = 0;
298 }
299 }
300
301
302
303
304 fs->val.iport = netdev2pinfo(dev)->port_id;
305 fs->mask.iport = ~0;
306}
307
308static int cxgb4_validate_flow_match(struct net_device *dev,
309 struct flow_rule *rule)
310{
311 struct flow_dissector *dissector = rule->match.dissector;
312 u16 ethtype_mask = 0;
313 u16 ethtype_key = 0;
314
315 if (dissector->used_keys &
316 ~(BIT(FLOW_DISSECTOR_KEY_CONTROL) |
317 BIT(FLOW_DISSECTOR_KEY_BASIC) |
318 BIT(FLOW_DISSECTOR_KEY_IPV4_ADDRS) |
319 BIT(FLOW_DISSECTOR_KEY_IPV6_ADDRS) |
320 BIT(FLOW_DISSECTOR_KEY_PORTS) |
321 BIT(FLOW_DISSECTOR_KEY_ENC_KEYID) |
322 BIT(FLOW_DISSECTOR_KEY_VLAN) |
323 BIT(FLOW_DISSECTOR_KEY_IP))) {
324 netdev_warn(dev, "Unsupported key used: 0x%x\n",
325 dissector->used_keys);
326 return -EOPNOTSUPP;
327 }
328
329 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) {
330 struct flow_match_basic match;
331
332 flow_rule_match_basic(rule, &match);
333 ethtype_key = ntohs(match.key->n_proto);
334 ethtype_mask = ntohs(match.mask->n_proto);
335 }
336
337 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IP)) {
338 u16 eth_ip_type = ethtype_key & ethtype_mask;
339 struct flow_match_ip match;
340
341 if (eth_ip_type != ETH_P_IP && eth_ip_type != ETH_P_IPV6) {
342 netdev_err(dev, "IP Key supported only with IPv4/v6");
343 return -EINVAL;
344 }
345
346 flow_rule_match_ip(rule, &match);
347 if (match.mask->ttl) {
348 netdev_warn(dev, "ttl match unsupported for offload");
349 return -EOPNOTSUPP;
350 }
351 }
352
353 return 0;
354}
355
356static void offload_pedit(struct ch_filter_specification *fs, u32 val, u32 mask,
357 u8 field)
358{
359 u32 set_val = val & ~mask;
360 u32 offset = 0;
361 u8 size = 1;
362 int i;
363
364 for (i = 0; i < ARRAY_SIZE(pedits); i++) {
365 if (pedits[i].field == field) {
366 offset = pedits[i].offset;
367 size = pedits[i].size;
368 break;
369 }
370 }
371 memcpy((u8 *)fs + offset, &set_val, size);
372}
373
374static void process_pedit_field(struct ch_filter_specification *fs, u32 val,
375 u32 mask, u32 offset, u8 htype,
376 u8 *natmode_flags)
377{
378 switch (htype) {
379 case FLOW_ACT_MANGLE_HDR_TYPE_ETH:
380 switch (offset) {
381 case PEDIT_ETH_DMAC_31_0:
382 fs->newdmac = 1;
383 offload_pedit(fs, val, mask, ETH_DMAC_31_0);
384 break;
385 case PEDIT_ETH_DMAC_47_32_SMAC_15_0:
386 if (~mask & PEDIT_ETH_DMAC_MASK)
387 offload_pedit(fs, val, mask, ETH_DMAC_47_32);
388 else
389 offload_pedit(fs, val >> 16, mask >> 16,
390 ETH_SMAC_15_0);
391 break;
392 case PEDIT_ETH_SMAC_47_16:
393 fs->newsmac = 1;
394 offload_pedit(fs, val, mask, ETH_SMAC_47_16);
395 }
396 break;
397 case FLOW_ACT_MANGLE_HDR_TYPE_IP4:
398 switch (offset) {
399 case PEDIT_IP4_SRC:
400 offload_pedit(fs, val, mask, IP4_SRC);
401 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP;
402 break;
403 case PEDIT_IP4_DST:
404 offload_pedit(fs, val, mask, IP4_DST);
405 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP;
406 }
407 break;
408 case FLOW_ACT_MANGLE_HDR_TYPE_IP6:
409 switch (offset) {
410 case PEDIT_IP6_SRC_31_0:
411 offload_pedit(fs, val, mask, IP6_SRC_31_0);
412 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP;
413 break;
414 case PEDIT_IP6_SRC_63_32:
415 offload_pedit(fs, val, mask, IP6_SRC_63_32);
416 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP;
417 break;
418 case PEDIT_IP6_SRC_95_64:
419 offload_pedit(fs, val, mask, IP6_SRC_95_64);
420 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP;
421 break;
422 case PEDIT_IP6_SRC_127_96:
423 offload_pedit(fs, val, mask, IP6_SRC_127_96);
424 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP;
425 break;
426 case PEDIT_IP6_DST_31_0:
427 offload_pedit(fs, val, mask, IP6_DST_31_0);
428 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP;
429 break;
430 case PEDIT_IP6_DST_63_32:
431 offload_pedit(fs, val, mask, IP6_DST_63_32);
432 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP;
433 break;
434 case PEDIT_IP6_DST_95_64:
435 offload_pedit(fs, val, mask, IP6_DST_95_64);
436 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP;
437 break;
438 case PEDIT_IP6_DST_127_96:
439 offload_pedit(fs, val, mask, IP6_DST_127_96);
440 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP;
441 }
442 break;
443 case FLOW_ACT_MANGLE_HDR_TYPE_TCP:
444 switch (offset) {
445 case PEDIT_TCP_SPORT_DPORT:
446 if (~mask & PEDIT_TCP_UDP_SPORT_MASK) {
447 fs->nat_fport = val;
448 *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT;
449 } else {
450 fs->nat_lport = val >> 16;
451 *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT;
452 }
453 }
454 break;
455 case FLOW_ACT_MANGLE_HDR_TYPE_UDP:
456 switch (offset) {
457 case PEDIT_UDP_SPORT_DPORT:
458 if (~mask & PEDIT_TCP_UDP_SPORT_MASK) {
459 fs->nat_fport = val;
460 *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT;
461 } else {
462 fs->nat_lport = val >> 16;
463 *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT;
464 }
465 }
466 break;
467 }
468}
469
470static int cxgb4_action_natmode_validate(struct adapter *adap, u8 natmode_flags,
471 struct netlink_ext_ack *extack)
472{
473 u8 i = 0;
474
475
476
477
478
479 for (i = 0; i < ARRAY_SIZE(cxgb4_natmode_config_array); i++) {
480 const struct cxgb4_natmode_config *c;
481
482 c = &cxgb4_natmode_config_array[i];
483 if (CHELSIO_CHIP_VERSION(adap->params.chip) >= c->chip &&
484 natmode_flags == c->flags)
485 return 0;
486 }
487 NL_SET_ERR_MSG_MOD(extack, "Unsupported NAT mode 4-tuple combination");
488 return -EOPNOTSUPP;
489}
490
491void cxgb4_process_flow_actions(struct net_device *in,
492 struct flow_action *actions,
493 struct ch_filter_specification *fs)
494{
495 struct flow_action_entry *act;
496 u8 natmode_flags = 0;
497 int i;
498
499 flow_action_for_each(i, act, actions) {
500 switch (act->id) {
501 case FLOW_ACTION_ACCEPT:
502 fs->action = FILTER_PASS;
503 break;
504 case FLOW_ACTION_DROP:
505 fs->action = FILTER_DROP;
506 break;
507 case FLOW_ACTION_MIRRED:
508 case FLOW_ACTION_REDIRECT: {
509 struct net_device *out = act->dev;
510 struct port_info *pi = netdev_priv(out);
511
512 fs->action = FILTER_SWITCH;
513 fs->eport = pi->port_id;
514 }
515 break;
516 case FLOW_ACTION_VLAN_POP:
517 case FLOW_ACTION_VLAN_PUSH:
518 case FLOW_ACTION_VLAN_MANGLE: {
519 u8 prio = act->vlan.prio;
520 u16 vid = act->vlan.vid;
521 u16 vlan_tci = (prio << VLAN_PRIO_SHIFT) | vid;
522 switch (act->id) {
523 case FLOW_ACTION_VLAN_POP:
524 fs->newvlan |= VLAN_REMOVE;
525 break;
526 case FLOW_ACTION_VLAN_PUSH:
527 fs->newvlan |= VLAN_INSERT;
528 fs->vlan = vlan_tci;
529 break;
530 case FLOW_ACTION_VLAN_MANGLE:
531 fs->newvlan |= VLAN_REWRITE;
532 fs->vlan = vlan_tci;
533 break;
534 default:
535 break;
536 }
537 }
538 break;
539 case FLOW_ACTION_MANGLE: {
540 u32 mask, val, offset;
541 u8 htype;
542
543 htype = act->mangle.htype;
544 mask = act->mangle.mask;
545 val = act->mangle.val;
546 offset = act->mangle.offset;
547
548 process_pedit_field(fs, val, mask, offset, htype,
549 &natmode_flags);
550 }
551 break;
552 case FLOW_ACTION_QUEUE:
553 fs->action = FILTER_PASS;
554 fs->dirsteer = 1;
555 fs->iq = act->queue.index;
556 break;
557 default:
558 break;
559 }
560 }
561 if (natmode_flags)
562 cxgb4_action_natmode_tweak(fs, natmode_flags);
563
564}
565
566static bool valid_l4_mask(u32 mask)
567{
568 u16 hi, lo;
569
570
571
572
573 hi = (mask >> 16) & 0xFFFF;
574 lo = mask & 0xFFFF;
575
576 return hi && lo ? false : true;
577}
578
579static bool valid_pedit_action(struct net_device *dev,
580 const struct flow_action_entry *act,
581 u8 *natmode_flags)
582{
583 u32 mask, offset;
584 u8 htype;
585
586 htype = act->mangle.htype;
587 mask = act->mangle.mask;
588 offset = act->mangle.offset;
589
590 switch (htype) {
591 case FLOW_ACT_MANGLE_HDR_TYPE_ETH:
592 switch (offset) {
593 case PEDIT_ETH_DMAC_31_0:
594 case PEDIT_ETH_DMAC_47_32_SMAC_15_0:
595 case PEDIT_ETH_SMAC_47_16:
596 break;
597 default:
598 netdev_err(dev, "%s: Unsupported pedit field\n",
599 __func__);
600 return false;
601 }
602 break;
603 case FLOW_ACT_MANGLE_HDR_TYPE_IP4:
604 switch (offset) {
605 case PEDIT_IP4_SRC:
606 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP;
607 break;
608 case PEDIT_IP4_DST:
609 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP;
610 break;
611 default:
612 netdev_err(dev, "%s: Unsupported pedit field\n",
613 __func__);
614 return false;
615 }
616 break;
617 case FLOW_ACT_MANGLE_HDR_TYPE_IP6:
618 switch (offset) {
619 case PEDIT_IP6_SRC_31_0:
620 case PEDIT_IP6_SRC_63_32:
621 case PEDIT_IP6_SRC_95_64:
622 case PEDIT_IP6_SRC_127_96:
623 *natmode_flags |= CXGB4_ACTION_NATMODE_SIP;
624 break;
625 case PEDIT_IP6_DST_31_0:
626 case PEDIT_IP6_DST_63_32:
627 case PEDIT_IP6_DST_95_64:
628 case PEDIT_IP6_DST_127_96:
629 *natmode_flags |= CXGB4_ACTION_NATMODE_DIP;
630 break;
631 default:
632 netdev_err(dev, "%s: Unsupported pedit field\n",
633 __func__);
634 return false;
635 }
636 break;
637 case FLOW_ACT_MANGLE_HDR_TYPE_TCP:
638 switch (offset) {
639 case PEDIT_TCP_SPORT_DPORT:
640 if (!valid_l4_mask(~mask)) {
641 netdev_err(dev, "%s: Unsupported mask for TCP L4 ports\n",
642 __func__);
643 return false;
644 }
645 if (~mask & PEDIT_TCP_UDP_SPORT_MASK)
646 *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT;
647 else
648 *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT;
649 break;
650 default:
651 netdev_err(dev, "%s: Unsupported pedit field\n",
652 __func__);
653 return false;
654 }
655 break;
656 case FLOW_ACT_MANGLE_HDR_TYPE_UDP:
657 switch (offset) {
658 case PEDIT_UDP_SPORT_DPORT:
659 if (!valid_l4_mask(~mask)) {
660 netdev_err(dev, "%s: Unsupported mask for UDP L4 ports\n",
661 __func__);
662 return false;
663 }
664 if (~mask & PEDIT_TCP_UDP_SPORT_MASK)
665 *natmode_flags |= CXGB4_ACTION_NATMODE_SPORT;
666 else
667 *natmode_flags |= CXGB4_ACTION_NATMODE_DPORT;
668 break;
669 default:
670 netdev_err(dev, "%s: Unsupported pedit field\n",
671 __func__);
672 return false;
673 }
674 break;
675 default:
676 netdev_err(dev, "%s: Unsupported pedit type\n", __func__);
677 return false;
678 }
679 return true;
680}
681
682int cxgb4_validate_flow_actions(struct net_device *dev,
683 struct flow_action *actions,
684 struct netlink_ext_ack *extack,
685 u8 matchall_filter)
686{
687 struct adapter *adap = netdev2adap(dev);
688 struct flow_action_entry *act;
689 bool act_redir = false;
690 bool act_pedit = false;
691 bool act_vlan = false;
692 u8 natmode_flags = 0;
693 int i;
694
695 if (!flow_action_basic_hw_stats_check(actions, extack))
696 return -EOPNOTSUPP;
697
698 flow_action_for_each(i, act, actions) {
699 switch (act->id) {
700 case FLOW_ACTION_ACCEPT:
701 case FLOW_ACTION_DROP:
702
703 break;
704 case FLOW_ACTION_MIRRED:
705 case FLOW_ACTION_REDIRECT: {
706 struct net_device *n_dev, *target_dev;
707 bool found = false;
708 unsigned int i;
709
710 if (act->id == FLOW_ACTION_MIRRED &&
711 !matchall_filter) {
712 NL_SET_ERR_MSG_MOD(extack,
713 "Egress mirror action is only supported for tc-matchall");
714 return -EOPNOTSUPP;
715 }
716
717 target_dev = act->dev;
718 for_each_port(adap, i) {
719 n_dev = adap->port[i];
720 if (target_dev == n_dev) {
721 found = true;
722 break;
723 }
724 }
725
726
727
728
729 if (!found) {
730 netdev_err(dev, "%s: Out port invalid\n",
731 __func__);
732 return -EINVAL;
733 }
734 act_redir = true;
735 }
736 break;
737 case FLOW_ACTION_VLAN_POP:
738 case FLOW_ACTION_VLAN_PUSH:
739 case FLOW_ACTION_VLAN_MANGLE: {
740 u16 proto = be16_to_cpu(act->vlan.proto);
741
742 switch (act->id) {
743 case FLOW_ACTION_VLAN_POP:
744 break;
745 case FLOW_ACTION_VLAN_PUSH:
746 case FLOW_ACTION_VLAN_MANGLE:
747 if (proto != ETH_P_8021Q) {
748 netdev_err(dev, "%s: Unsupported vlan proto\n",
749 __func__);
750 return -EOPNOTSUPP;
751 }
752 break;
753 default:
754 netdev_err(dev, "%s: Unsupported vlan action\n",
755 __func__);
756 return -EOPNOTSUPP;
757 }
758 act_vlan = true;
759 }
760 break;
761 case FLOW_ACTION_MANGLE: {
762 bool pedit_valid = valid_pedit_action(dev, act,
763 &natmode_flags);
764
765 if (!pedit_valid)
766 return -EOPNOTSUPP;
767 act_pedit = true;
768 }
769 break;
770 case FLOW_ACTION_QUEUE:
771
772 break;
773 default:
774 netdev_err(dev, "%s: Unsupported action\n", __func__);
775 return -EOPNOTSUPP;
776 }
777 }
778
779 if ((act_pedit || act_vlan) && !act_redir) {
780 netdev_err(dev, "%s: pedit/vlan rewrite invalid without egress redirect\n",
781 __func__);
782 return -EINVAL;
783 }
784
785 if (act_pedit) {
786 int ret;
787
788 ret = cxgb4_action_natmode_validate(adap, natmode_flags,
789 extack);
790 if (ret)
791 return ret;
792 }
793
794 return 0;
795}
796
797static void cxgb4_tc_flower_hash_prio_add(struct adapter *adap, u32 tc_prio)
798{
799 spin_lock_bh(&adap->tids.ftid_lock);
800 if (adap->tids.tc_hash_tids_max_prio < tc_prio)
801 adap->tids.tc_hash_tids_max_prio = tc_prio;
802 spin_unlock_bh(&adap->tids.ftid_lock);
803}
804
805static void cxgb4_tc_flower_hash_prio_del(struct adapter *adap, u32 tc_prio)
806{
807 struct tid_info *t = &adap->tids;
808 struct ch_tc_flower_entry *fe;
809 struct rhashtable_iter iter;
810 u32 found = 0;
811
812 spin_lock_bh(&t->ftid_lock);
813
814
815
816 if (t->tc_hash_tids_max_prio != tc_prio)
817 goto out_unlock;
818
819
820
821
822 rhashtable_walk_enter(&adap->flower_tbl, &iter);
823 do {
824 rhashtable_walk_start(&iter);
825
826 fe = rhashtable_walk_next(&iter);
827 while (!IS_ERR_OR_NULL(fe)) {
828 if (fe->fs.hash &&
829 fe->fs.tc_prio <= t->tc_hash_tids_max_prio) {
830 t->tc_hash_tids_max_prio = fe->fs.tc_prio;
831 found++;
832
833
834
835
836
837 if (fe->fs.tc_prio == tc_prio)
838 break;
839 }
840
841 fe = rhashtable_walk_next(&iter);
842 }
843
844 rhashtable_walk_stop(&iter);
845 } while (fe == ERR_PTR(-EAGAIN));
846 rhashtable_walk_exit(&iter);
847
848 if (!found)
849 t->tc_hash_tids_max_prio = 0;
850
851out_unlock:
852 spin_unlock_bh(&t->ftid_lock);
853}
854
855int cxgb4_flow_rule_replace(struct net_device *dev, struct flow_rule *rule,
856 u32 tc_prio, struct netlink_ext_ack *extack,
857 struct ch_filter_specification *fs, u32 *tid)
858{
859 struct adapter *adap = netdev2adap(dev);
860 struct filter_ctx ctx;
861 u8 inet_family;
862 int fidx, ret;
863
864 if (cxgb4_validate_flow_actions(dev, &rule->action, extack, 0))
865 return -EOPNOTSUPP;
866
867 if (cxgb4_validate_flow_match(dev, rule))
868 return -EOPNOTSUPP;
869
870 cxgb4_process_flow_match(dev, rule, fs);
871 cxgb4_process_flow_actions(dev, &rule->action, fs);
872
873 fs->hash = is_filter_exact_match(adap, fs);
874 inet_family = fs->type ? PF_INET6 : PF_INET;
875
876
877
878
879
880 fidx = cxgb4_get_free_ftid(dev, inet_family, fs->hash,
881 tc_prio);
882 if (fidx < 0) {
883 NL_SET_ERR_MSG_MOD(extack,
884 "No free LETCAM index available");
885 return -ENOMEM;
886 }
887
888 if (fidx < adap->tids.nhpftids) {
889 fs->prio = 1;
890 fs->hash = 0;
891 }
892
893
894
895
896 if (fs->hash)
897 fidx = 0;
898
899 fs->tc_prio = tc_prio;
900
901 init_completion(&ctx.completion);
902 ret = __cxgb4_set_filter(dev, fidx, fs, &ctx);
903 if (ret) {
904 netdev_err(dev, "%s: filter creation err %d\n",
905 __func__, ret);
906 return ret;
907 }
908
909
910 ret = wait_for_completion_timeout(&ctx.completion, 10 * HZ);
911 if (!ret)
912 return -ETIMEDOUT;
913
914
915 if (ctx.result)
916 return ctx.result;
917
918 *tid = ctx.tid;
919
920 if (fs->hash)
921 cxgb4_tc_flower_hash_prio_add(adap, tc_prio);
922
923 return 0;
924}
925
926int cxgb4_tc_flower_replace(struct net_device *dev,
927 struct flow_cls_offload *cls)
928{
929 struct flow_rule *rule = flow_cls_offload_flow_rule(cls);
930 struct netlink_ext_ack *extack = cls->common.extack;
931 struct adapter *adap = netdev2adap(dev);
932 struct ch_tc_flower_entry *ch_flower;
933 struct ch_filter_specification *fs;
934 int ret;
935
936 ch_flower = allocate_flower_entry();
937 if (!ch_flower) {
938 netdev_err(dev, "%s: ch_flower alloc failed.\n", __func__);
939 return -ENOMEM;
940 }
941
942 fs = &ch_flower->fs;
943 fs->hitcnts = 1;
944 fs->tc_cookie = cls->cookie;
945
946 ret = cxgb4_flow_rule_replace(dev, rule, cls->common.prio, extack, fs,
947 &ch_flower->filter_id);
948 if (ret)
949 goto free_entry;
950
951 ch_flower->tc_flower_cookie = cls->cookie;
952 ret = rhashtable_insert_fast(&adap->flower_tbl, &ch_flower->node,
953 adap->flower_ht_params);
954 if (ret)
955 goto del_filter;
956
957 return 0;
958
959del_filter:
960 if (fs->hash)
961 cxgb4_tc_flower_hash_prio_del(adap, cls->common.prio);
962
963 cxgb4_del_filter(dev, ch_flower->filter_id, &ch_flower->fs);
964
965free_entry:
966 kfree(ch_flower);
967 return ret;
968}
969
970int cxgb4_flow_rule_destroy(struct net_device *dev, u32 tc_prio,
971 struct ch_filter_specification *fs, int tid)
972{
973 struct adapter *adap = netdev2adap(dev);
974 u8 hash;
975 int ret;
976
977 hash = fs->hash;
978
979 ret = cxgb4_del_filter(dev, tid, fs);
980 if (ret)
981 return ret;
982
983 if (hash)
984 cxgb4_tc_flower_hash_prio_del(adap, tc_prio);
985
986 return ret;
987}
988
989int cxgb4_tc_flower_destroy(struct net_device *dev,
990 struct flow_cls_offload *cls)
991{
992 struct adapter *adap = netdev2adap(dev);
993 struct ch_tc_flower_entry *ch_flower;
994 int ret;
995
996 ch_flower = ch_flower_lookup(adap, cls->cookie);
997 if (!ch_flower)
998 return -ENOENT;
999
1000 rhashtable_remove_fast(&adap->flower_tbl, &ch_flower->node,
1001 adap->flower_ht_params);
1002
1003 ret = cxgb4_flow_rule_destroy(dev, ch_flower->fs.tc_prio,
1004 &ch_flower->fs, ch_flower->filter_id);
1005 if (ret)
1006 netdev_err(dev, "Flow rule destroy failed for tid: %u, ret: %d",
1007 ch_flower->filter_id, ret);
1008
1009 kfree_rcu(ch_flower, rcu);
1010 return ret;
1011}
1012
1013static void ch_flower_stats_handler(struct work_struct *work)
1014{
1015 struct adapter *adap = container_of(work, struct adapter,
1016 flower_stats_work);
1017 struct ch_tc_flower_entry *flower_entry;
1018 struct ch_tc_flower_stats *ofld_stats;
1019 struct rhashtable_iter iter;
1020 u64 packets;
1021 u64 bytes;
1022 int ret;
1023
1024 rhashtable_walk_enter(&adap->flower_tbl, &iter);
1025 do {
1026 rhashtable_walk_start(&iter);
1027
1028 while ((flower_entry = rhashtable_walk_next(&iter)) &&
1029 !IS_ERR(flower_entry)) {
1030 ret = cxgb4_get_filter_counters(adap->port[0],
1031 flower_entry->filter_id,
1032 &packets, &bytes,
1033 flower_entry->fs.hash);
1034 if (!ret) {
1035 spin_lock(&flower_entry->lock);
1036 ofld_stats = &flower_entry->stats;
1037
1038 if (ofld_stats->prev_packet_count != packets) {
1039 ofld_stats->prev_packet_count = packets;
1040 ofld_stats->last_used = jiffies;
1041 }
1042 spin_unlock(&flower_entry->lock);
1043 }
1044 }
1045
1046 rhashtable_walk_stop(&iter);
1047
1048 } while (flower_entry == ERR_PTR(-EAGAIN));
1049 rhashtable_walk_exit(&iter);
1050 mod_timer(&adap->flower_stats_timer, jiffies + STATS_CHECK_PERIOD);
1051}
1052
1053static void ch_flower_stats_cb(struct timer_list *t)
1054{
1055 struct adapter *adap = from_timer(adap, t, flower_stats_timer);
1056
1057 schedule_work(&adap->flower_stats_work);
1058}
1059
1060int cxgb4_tc_flower_stats(struct net_device *dev,
1061 struct flow_cls_offload *cls)
1062{
1063 struct adapter *adap = netdev2adap(dev);
1064 struct ch_tc_flower_stats *ofld_stats;
1065 struct ch_tc_flower_entry *ch_flower;
1066 u64 packets;
1067 u64 bytes;
1068 int ret;
1069
1070 ch_flower = ch_flower_lookup(adap, cls->cookie);
1071 if (!ch_flower) {
1072 ret = -ENOENT;
1073 goto err;
1074 }
1075
1076 ret = cxgb4_get_filter_counters(dev, ch_flower->filter_id,
1077 &packets, &bytes,
1078 ch_flower->fs.hash);
1079 if (ret < 0)
1080 goto err;
1081
1082 spin_lock_bh(&ch_flower->lock);
1083 ofld_stats = &ch_flower->stats;
1084 if (ofld_stats->packet_count != packets) {
1085 if (ofld_stats->prev_packet_count != packets)
1086 ofld_stats->last_used = jiffies;
1087 flow_stats_update(&cls->stats, bytes - ofld_stats->byte_count,
1088 packets - ofld_stats->packet_count, 0,
1089 ofld_stats->last_used,
1090 FLOW_ACTION_HW_STATS_IMMEDIATE);
1091
1092 ofld_stats->packet_count = packets;
1093 ofld_stats->byte_count = bytes;
1094 ofld_stats->prev_packet_count = packets;
1095 }
1096 spin_unlock_bh(&ch_flower->lock);
1097 return 0;
1098
1099err:
1100 return ret;
1101}
1102
1103static const struct rhashtable_params cxgb4_tc_flower_ht_params = {
1104 .nelem_hint = 384,
1105 .head_offset = offsetof(struct ch_tc_flower_entry, node),
1106 .key_offset = offsetof(struct ch_tc_flower_entry, tc_flower_cookie),
1107 .key_len = sizeof(((struct ch_tc_flower_entry *)0)->tc_flower_cookie),
1108 .max_size = 524288,
1109 .min_size = 512,
1110 .automatic_shrinking = true
1111};
1112
1113int cxgb4_init_tc_flower(struct adapter *adap)
1114{
1115 int ret;
1116
1117 if (adap->tc_flower_initialized)
1118 return -EEXIST;
1119
1120 adap->flower_ht_params = cxgb4_tc_flower_ht_params;
1121 ret = rhashtable_init(&adap->flower_tbl, &adap->flower_ht_params);
1122 if (ret)
1123 return ret;
1124
1125 INIT_WORK(&adap->flower_stats_work, ch_flower_stats_handler);
1126 timer_setup(&adap->flower_stats_timer, ch_flower_stats_cb, 0);
1127 mod_timer(&adap->flower_stats_timer, jiffies + STATS_CHECK_PERIOD);
1128 adap->tc_flower_initialized = true;
1129 return 0;
1130}
1131
1132void cxgb4_cleanup_tc_flower(struct adapter *adap)
1133{
1134 if (!adap->tc_flower_initialized)
1135 return;
1136
1137 if (adap->flower_stats_timer.function)
1138 del_timer_sync(&adap->flower_stats_timer);
1139 cancel_work_sync(&adap->flower_stats_work);
1140 rhashtable_destroy(&adap->flower_tbl);
1141 adap->tc_flower_initialized = false;
1142}
1143
