1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (C) 2019-2021, Intel Corporation. */
3
4 #include "ice.h"
5 #include "ice_tc_lib.h"
6 #include "ice_fltr.h"
7 #include "ice_lib.h"
8 #include "ice_protocol_type.h"
9
10 #define ICE_TC_METADATA_LKUP_IDX 0
11
12 /**
13 * ice_tc_count_lkups - determine lookup count for switch filter
14 * @flags: TC-flower flags
15 * @headers: Pointer to TC flower filter header structure
16 * @fltr: Pointer to outer TC filter structure
17 *
18 * Determine lookup count based on TC flower input for switch filter.
19 */
20 static int
ice_tc_count_lkups(u32 flags,struct ice_tc_flower_lyr_2_4_hdrs * headers,struct ice_tc_flower_fltr * fltr)21 ice_tc_count_lkups(u32 flags, struct ice_tc_flower_lyr_2_4_hdrs *headers,
22 struct ice_tc_flower_fltr *fltr)
23 {
24 int lkups_cnt = 1; /* 0th lookup is metadata */
25
26 /* Always add metadata as the 0th lookup. Included elements:
27 * - Direction flag (always present)
28 * - ICE_TC_FLWR_FIELD_VLAN_TPID (present if specified)
29 * - Tunnel flag (present if tunnel)
30 */
31 if (fltr->direction == ICE_ESWITCH_FLTR_EGRESS)
32 lkups_cnt++;
33
34 if (flags & ICE_TC_FLWR_FIELD_TENANT_ID)
35 lkups_cnt++;
36
37 if (flags & ICE_TC_FLWR_FIELD_ENC_DST_MAC)
38 lkups_cnt++;
39
40 if (flags & ICE_TC_FLWR_FIELD_ENC_OPTS)
41 lkups_cnt++;
42
43 if (flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV4 |
44 ICE_TC_FLWR_FIELD_ENC_DEST_IPV4 |
45 ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 |
46 ICE_TC_FLWR_FIELD_ENC_DEST_IPV6))
47 lkups_cnt++;
48
49 if (flags & (ICE_TC_FLWR_FIELD_ENC_IP_TOS |
50 ICE_TC_FLWR_FIELD_ENC_IP_TTL))
51 lkups_cnt++;
52
53 if (flags & ICE_TC_FLWR_FIELD_ENC_DEST_L4_PORT)
54 lkups_cnt++;
55
56 if (flags & ICE_TC_FLWR_FIELD_ETH_TYPE_ID)
57 lkups_cnt++;
58
59 /* are MAC fields specified? */
60 if (flags & (ICE_TC_FLWR_FIELD_DST_MAC | ICE_TC_FLWR_FIELD_SRC_MAC))
61 lkups_cnt++;
62
63 /* is VLAN specified? */
64 if (flags & (ICE_TC_FLWR_FIELD_VLAN | ICE_TC_FLWR_FIELD_VLAN_PRIO))
65 lkups_cnt++;
66
67 /* is CVLAN specified? */
68 if (flags & (ICE_TC_FLWR_FIELD_CVLAN | ICE_TC_FLWR_FIELD_CVLAN_PRIO))
69 lkups_cnt++;
70
71 /* are PPPoE options specified? */
72 if (flags & (ICE_TC_FLWR_FIELD_PPPOE_SESSID |
73 ICE_TC_FLWR_FIELD_PPP_PROTO))
74 lkups_cnt++;
75
76 /* are IPv[4|6] fields specified? */
77 if (flags & (ICE_TC_FLWR_FIELD_DEST_IPV4 | ICE_TC_FLWR_FIELD_SRC_IPV4 |
78 ICE_TC_FLWR_FIELD_DEST_IPV6 | ICE_TC_FLWR_FIELD_SRC_IPV6))
79 lkups_cnt++;
80
81 if (flags & (ICE_TC_FLWR_FIELD_IP_TOS | ICE_TC_FLWR_FIELD_IP_TTL))
82 lkups_cnt++;
83
84 /* are L2TPv3 options specified? */
85 if (flags & ICE_TC_FLWR_FIELD_L2TPV3_SESSID)
86 lkups_cnt++;
87
88 /* is L4 (TCP/UDP/any other L4 protocol fields) specified? */
89 if (flags & (ICE_TC_FLWR_FIELD_DEST_L4_PORT |
90 ICE_TC_FLWR_FIELD_SRC_L4_PORT))
91 lkups_cnt++;
92
93 return lkups_cnt;
94 }
95
ice_proto_type_from_mac(bool inner)96 static enum ice_protocol_type ice_proto_type_from_mac(bool inner)
97 {
98 return inner ? ICE_MAC_IL : ICE_MAC_OFOS;
99 }
100
ice_proto_type_from_etype(bool inner)101 static enum ice_protocol_type ice_proto_type_from_etype(bool inner)
102 {
103 return inner ? ICE_ETYPE_IL : ICE_ETYPE_OL;
104 }
105
ice_proto_type_from_ipv4(bool inner)106 static enum ice_protocol_type ice_proto_type_from_ipv4(bool inner)
107 {
108 return inner ? ICE_IPV4_IL : ICE_IPV4_OFOS;
109 }
110
ice_proto_type_from_ipv6(bool inner)111 static enum ice_protocol_type ice_proto_type_from_ipv6(bool inner)
112 {
113 return inner ? ICE_IPV6_IL : ICE_IPV6_OFOS;
114 }
115
ice_proto_type_from_l4_port(u16 ip_proto)116 static enum ice_protocol_type ice_proto_type_from_l4_port(u16 ip_proto)
117 {
118 switch (ip_proto) {
119 case IPPROTO_TCP:
120 return ICE_TCP_IL;
121 case IPPROTO_UDP:
122 return ICE_UDP_ILOS;
123 }
124
125 return 0;
126 }
127
128 static enum ice_protocol_type
ice_proto_type_from_tunnel(enum ice_tunnel_type type)129 ice_proto_type_from_tunnel(enum ice_tunnel_type type)
130 {
131 switch (type) {
132 case TNL_VXLAN:
133 return ICE_VXLAN;
134 case TNL_GENEVE:
135 return ICE_GENEVE;
136 case TNL_GRETAP:
137 return ICE_NVGRE;
138 case TNL_GTPU:
139 /* NO_PAY profiles will not work with GTP-U */
140 return ICE_GTP;
141 case TNL_GTPC:
142 return ICE_GTP_NO_PAY;
143 default:
144 return 0;
145 }
146 }
147
148 static enum ice_sw_tunnel_type
ice_sw_type_from_tunnel(enum ice_tunnel_type type)149 ice_sw_type_from_tunnel(enum ice_tunnel_type type)
150 {
151 switch (type) {
152 case TNL_VXLAN:
153 return ICE_SW_TUN_VXLAN;
154 case TNL_GENEVE:
155 return ICE_SW_TUN_GENEVE;
156 case TNL_GRETAP:
157 return ICE_SW_TUN_NVGRE;
158 case TNL_GTPU:
159 return ICE_SW_TUN_GTPU;
160 case TNL_GTPC:
161 return ICE_SW_TUN_GTPC;
162 default:
163 return ICE_NON_TUN;
164 }
165 }
166
ice_check_supported_vlan_tpid(u16 vlan_tpid)167 static u16 ice_check_supported_vlan_tpid(u16 vlan_tpid)
168 {
169 switch (vlan_tpid) {
170 case ETH_P_8021Q:
171 case ETH_P_8021AD:
172 case ETH_P_QINQ1:
173 return vlan_tpid;
174 default:
175 return 0;
176 }
177 }
178
179 static int
ice_tc_fill_tunnel_outer(u32 flags,struct ice_tc_flower_fltr * fltr,struct ice_adv_lkup_elem * list,int i)180 ice_tc_fill_tunnel_outer(u32 flags, struct ice_tc_flower_fltr *fltr,
181 struct ice_adv_lkup_elem *list, int i)
182 {
183 struct ice_tc_flower_lyr_2_4_hdrs *hdr = &fltr->outer_headers;
184
185 if (flags & ICE_TC_FLWR_FIELD_TENANT_ID) {
186 u32 tenant_id;
187
188 list[i].type = ice_proto_type_from_tunnel(fltr->tunnel_type);
189 switch (fltr->tunnel_type) {
190 case TNL_VXLAN:
191 case TNL_GENEVE:
192 tenant_id = be32_to_cpu(fltr->tenant_id) << 8;
193 list[i].h_u.tnl_hdr.vni = cpu_to_be32(tenant_id);
194 memcpy(&list[i].m_u.tnl_hdr.vni, "\xff\xff\xff\x00", 4);
195 i++;
196 break;
197 case TNL_GRETAP:
198 list[i].h_u.nvgre_hdr.tni_flow = fltr->tenant_id;
199 memcpy(&list[i].m_u.nvgre_hdr.tni_flow,
200 "\xff\xff\xff\xff", 4);
201 i++;
202 break;
203 case TNL_GTPC:
204 case TNL_GTPU:
205 list[i].h_u.gtp_hdr.teid = fltr->tenant_id;
206 memcpy(&list[i].m_u.gtp_hdr.teid,
207 "\xff\xff\xff\xff", 4);
208 i++;
209 break;
210 default:
211 break;
212 }
213 }
214
215 if (flags & ICE_TC_FLWR_FIELD_ENC_DST_MAC) {
216 list[i].type = ice_proto_type_from_mac(false);
217 ether_addr_copy(list[i].h_u.eth_hdr.dst_addr,
218 hdr->l2_key.dst_mac);
219 ether_addr_copy(list[i].m_u.eth_hdr.dst_addr,
220 hdr->l2_mask.dst_mac);
221 i++;
222 }
223
224 if (flags & ICE_TC_FLWR_FIELD_ENC_OPTS &&
225 (fltr->tunnel_type == TNL_GTPU || fltr->tunnel_type == TNL_GTPC)) {
226 list[i].type = ice_proto_type_from_tunnel(fltr->tunnel_type);
227
228 if (fltr->gtp_pdu_info_masks.pdu_type) {
229 list[i].h_u.gtp_hdr.pdu_type =
230 fltr->gtp_pdu_info_keys.pdu_type << 4;
231 memcpy(&list[i].m_u.gtp_hdr.pdu_type, "\xf0", 1);
232 }
233
234 if (fltr->gtp_pdu_info_masks.qfi) {
235 list[i].h_u.gtp_hdr.qfi = fltr->gtp_pdu_info_keys.qfi;
236 memcpy(&list[i].m_u.gtp_hdr.qfi, "\x3f", 1);
237 }
238
239 i++;
240 }
241
242 if (flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV4 |
243 ICE_TC_FLWR_FIELD_ENC_DEST_IPV4)) {
244 list[i].type = ice_proto_type_from_ipv4(false);
245
246 if (flags & ICE_TC_FLWR_FIELD_ENC_SRC_IPV4) {
247 list[i].h_u.ipv4_hdr.src_addr = hdr->l3_key.src_ipv4;
248 list[i].m_u.ipv4_hdr.src_addr = hdr->l3_mask.src_ipv4;
249 }
250 if (flags & ICE_TC_FLWR_FIELD_ENC_DEST_IPV4) {
251 list[i].h_u.ipv4_hdr.dst_addr = hdr->l3_key.dst_ipv4;
252 list[i].m_u.ipv4_hdr.dst_addr = hdr->l3_mask.dst_ipv4;
253 }
254 i++;
255 }
256
257 if (flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 |
258 ICE_TC_FLWR_FIELD_ENC_DEST_IPV6)) {
259 list[i].type = ice_proto_type_from_ipv6(false);
260
261 if (flags & ICE_TC_FLWR_FIELD_ENC_SRC_IPV6) {
262 memcpy(&list[i].h_u.ipv6_hdr.src_addr,
263 &hdr->l3_key.src_ipv6_addr,
264 sizeof(hdr->l3_key.src_ipv6_addr));
265 memcpy(&list[i].m_u.ipv6_hdr.src_addr,
266 &hdr->l3_mask.src_ipv6_addr,
267 sizeof(hdr->l3_mask.src_ipv6_addr));
268 }
269 if (flags & ICE_TC_FLWR_FIELD_ENC_DEST_IPV6) {
270 memcpy(&list[i].h_u.ipv6_hdr.dst_addr,
271 &hdr->l3_key.dst_ipv6_addr,
272 sizeof(hdr->l3_key.dst_ipv6_addr));
273 memcpy(&list[i].m_u.ipv6_hdr.dst_addr,
274 &hdr->l3_mask.dst_ipv6_addr,
275 sizeof(hdr->l3_mask.dst_ipv6_addr));
276 }
277 i++;
278 }
279
280 if (fltr->inner_headers.l2_key.n_proto == htons(ETH_P_IP) &&
281 (flags & (ICE_TC_FLWR_FIELD_ENC_IP_TOS |
282 ICE_TC_FLWR_FIELD_ENC_IP_TTL))) {
283 list[i].type = ice_proto_type_from_ipv4(false);
284
285 if (flags & ICE_TC_FLWR_FIELD_ENC_IP_TOS) {
286 list[i].h_u.ipv4_hdr.tos = hdr->l3_key.tos;
287 list[i].m_u.ipv4_hdr.tos = hdr->l3_mask.tos;
288 }
289
290 if (flags & ICE_TC_FLWR_FIELD_ENC_IP_TTL) {
291 list[i].h_u.ipv4_hdr.time_to_live = hdr->l3_key.ttl;
292 list[i].m_u.ipv4_hdr.time_to_live = hdr->l3_mask.ttl;
293 }
294
295 i++;
296 }
297
298 if (fltr->inner_headers.l2_key.n_proto == htons(ETH_P_IPV6) &&
299 (flags & (ICE_TC_FLWR_FIELD_ENC_IP_TOS |
300 ICE_TC_FLWR_FIELD_ENC_IP_TTL))) {
301 struct ice_ipv6_hdr *hdr_h, *hdr_m;
302
303 hdr_h = &list[i].h_u.ipv6_hdr;
304 hdr_m = &list[i].m_u.ipv6_hdr;
305 list[i].type = ice_proto_type_from_ipv6(false);
306
307 if (flags & ICE_TC_FLWR_FIELD_ENC_IP_TOS) {
308 be32p_replace_bits(&hdr_h->be_ver_tc_flow,
309 hdr->l3_key.tos,
310 ICE_IPV6_HDR_TC_MASK);
311 be32p_replace_bits(&hdr_m->be_ver_tc_flow,
312 hdr->l3_mask.tos,
313 ICE_IPV6_HDR_TC_MASK);
314 }
315
316 if (flags & ICE_TC_FLWR_FIELD_ENC_IP_TTL) {
317 hdr_h->hop_limit = hdr->l3_key.ttl;
318 hdr_m->hop_limit = hdr->l3_mask.ttl;
319 }
320
321 i++;
322 }
323
324 if ((flags & ICE_TC_FLWR_FIELD_ENC_DEST_L4_PORT) &&
325 hdr->l3_key.ip_proto == IPPROTO_UDP) {
326 list[i].type = ICE_UDP_OF;
327 list[i].h_u.l4_hdr.dst_port = hdr->l4_key.dst_port;
328 list[i].m_u.l4_hdr.dst_port = hdr->l4_mask.dst_port;
329 i++;
330 }
331
332 /* always fill matching on tunneled packets in metadata */
333 ice_rule_add_tunnel_metadata(&list[ICE_TC_METADATA_LKUP_IDX]);
334
335 return i;
336 }
337
338 /**
339 * ice_tc_fill_rules - fill filter rules based on TC fltr
340 * @hw: pointer to HW structure
341 * @flags: tc flower field flags
342 * @tc_fltr: pointer to TC flower filter
343 * @list: list of advance rule elements
344 * @rule_info: pointer to information about rule
345 * @l4_proto: pointer to information such as L4 proto type
346 *
347 * Fill ice_adv_lkup_elem list based on TC flower flags and
348 * TC flower headers. This list should be used to add
349 * advance filter in hardware.
350 */
351 static int
ice_tc_fill_rules(struct ice_hw * hw,u32 flags,struct ice_tc_flower_fltr * tc_fltr,struct ice_adv_lkup_elem * list,struct ice_adv_rule_info * rule_info,u16 * l4_proto)352 ice_tc_fill_rules(struct ice_hw *hw, u32 flags,
353 struct ice_tc_flower_fltr *tc_fltr,
354 struct ice_adv_lkup_elem *list,
355 struct ice_adv_rule_info *rule_info,
356 u16 *l4_proto)
357 {
358 struct ice_tc_flower_lyr_2_4_hdrs *headers = &tc_fltr->outer_headers;
359 bool inner = false;
360 u16 vlan_tpid = 0;
361 int i = 1; /* 0th lookup is metadata */
362
363 rule_info->vlan_type = vlan_tpid;
364
365 /* Always add direction metadata */
366 ice_rule_add_direction_metadata(&list[ICE_TC_METADATA_LKUP_IDX]);
367
368 if (tc_fltr->direction == ICE_ESWITCH_FLTR_EGRESS) {
369 ice_rule_add_src_vsi_metadata(&list[i]);
370 i++;
371 }
372
373 rule_info->tun_type = ice_sw_type_from_tunnel(tc_fltr->tunnel_type);
374 if (tc_fltr->tunnel_type != TNL_LAST) {
375 i = ice_tc_fill_tunnel_outer(flags, tc_fltr, list, i);
376
377 headers = &tc_fltr->inner_headers;
378 inner = true;
379 }
380
381 if (flags & ICE_TC_FLWR_FIELD_ETH_TYPE_ID) {
382 list[i].type = ice_proto_type_from_etype(inner);
383 list[i].h_u.ethertype.ethtype_id = headers->l2_key.n_proto;
384 list[i].m_u.ethertype.ethtype_id = headers->l2_mask.n_proto;
385 i++;
386 }
387
388 if (flags & (ICE_TC_FLWR_FIELD_DST_MAC |
389 ICE_TC_FLWR_FIELD_SRC_MAC)) {
390 struct ice_tc_l2_hdr *l2_key, *l2_mask;
391
392 l2_key = &headers->l2_key;
393 l2_mask = &headers->l2_mask;
394
395 list[i].type = ice_proto_type_from_mac(inner);
396 if (flags & ICE_TC_FLWR_FIELD_DST_MAC) {
397 ether_addr_copy(list[i].h_u.eth_hdr.dst_addr,
398 l2_key->dst_mac);
399 ether_addr_copy(list[i].m_u.eth_hdr.dst_addr,
400 l2_mask->dst_mac);
401 }
402 if (flags & ICE_TC_FLWR_FIELD_SRC_MAC) {
403 ether_addr_copy(list[i].h_u.eth_hdr.src_addr,
404 l2_key->src_mac);
405 ether_addr_copy(list[i].m_u.eth_hdr.src_addr,
406 l2_mask->src_mac);
407 }
408 i++;
409 }
410
411 /* copy VLAN info */
412 if (flags & (ICE_TC_FLWR_FIELD_VLAN | ICE_TC_FLWR_FIELD_VLAN_PRIO)) {
413 if (flags & ICE_TC_FLWR_FIELD_CVLAN)
414 list[i].type = ICE_VLAN_EX;
415 else
416 list[i].type = ICE_VLAN_OFOS;
417
418 if (flags & ICE_TC_FLWR_FIELD_VLAN) {
419 list[i].h_u.vlan_hdr.vlan = headers->vlan_hdr.vlan_id;
420 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0x0FFF);
421 }
422
423 if (flags & ICE_TC_FLWR_FIELD_VLAN_PRIO) {
424 if (flags & ICE_TC_FLWR_FIELD_VLAN) {
425 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0xEFFF);
426 } else {
427 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0xE000);
428 list[i].h_u.vlan_hdr.vlan = 0;
429 }
430 list[i].h_u.vlan_hdr.vlan |=
431 headers->vlan_hdr.vlan_prio;
432 }
433
434 i++;
435 }
436
437 if (flags & ICE_TC_FLWR_FIELD_VLAN_TPID) {
438 vlan_tpid = be16_to_cpu(headers->vlan_hdr.vlan_tpid);
439 rule_info->vlan_type =
440 ice_check_supported_vlan_tpid(vlan_tpid);
441
442 ice_rule_add_vlan_metadata(&list[ICE_TC_METADATA_LKUP_IDX]);
443 }
444
445 if (flags & (ICE_TC_FLWR_FIELD_CVLAN | ICE_TC_FLWR_FIELD_CVLAN_PRIO)) {
446 list[i].type = ICE_VLAN_IN;
447
448 if (flags & ICE_TC_FLWR_FIELD_CVLAN) {
449 list[i].h_u.vlan_hdr.vlan = headers->cvlan_hdr.vlan_id;
450 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0x0FFF);
451 }
452
453 if (flags & ICE_TC_FLWR_FIELD_CVLAN_PRIO) {
454 if (flags & ICE_TC_FLWR_FIELD_CVLAN) {
455 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0xEFFF);
456 } else {
457 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0xE000);
458 list[i].h_u.vlan_hdr.vlan = 0;
459 }
460 list[i].h_u.vlan_hdr.vlan |=
461 headers->cvlan_hdr.vlan_prio;
462 }
463
464 i++;
465 }
466
467 if (flags & (ICE_TC_FLWR_FIELD_PPPOE_SESSID |
468 ICE_TC_FLWR_FIELD_PPP_PROTO)) {
469 struct ice_pppoe_hdr *vals, *masks;
470
471 vals = &list[i].h_u.pppoe_hdr;
472 masks = &list[i].m_u.pppoe_hdr;
473
474 list[i].type = ICE_PPPOE;
475
476 if (flags & ICE_TC_FLWR_FIELD_PPPOE_SESSID) {
477 vals->session_id = headers->pppoe_hdr.session_id;
478 masks->session_id = cpu_to_be16(0xFFFF);
479 }
480
481 if (flags & ICE_TC_FLWR_FIELD_PPP_PROTO) {
482 vals->ppp_prot_id = headers->pppoe_hdr.ppp_proto;
483 masks->ppp_prot_id = cpu_to_be16(0xFFFF);
484 }
485
486 i++;
487 }
488
489 /* copy L3 (IPv[4|6]: src, dest) address */
490 if (flags & (ICE_TC_FLWR_FIELD_DEST_IPV4 |
491 ICE_TC_FLWR_FIELD_SRC_IPV4)) {
492 struct ice_tc_l3_hdr *l3_key, *l3_mask;
493
494 list[i].type = ice_proto_type_from_ipv4(inner);
495 l3_key = &headers->l3_key;
496 l3_mask = &headers->l3_mask;
497 if (flags & ICE_TC_FLWR_FIELD_DEST_IPV4) {
498 list[i].h_u.ipv4_hdr.dst_addr = l3_key->dst_ipv4;
499 list[i].m_u.ipv4_hdr.dst_addr = l3_mask->dst_ipv4;
500 }
501 if (flags & ICE_TC_FLWR_FIELD_SRC_IPV4) {
502 list[i].h_u.ipv4_hdr.src_addr = l3_key->src_ipv4;
503 list[i].m_u.ipv4_hdr.src_addr = l3_mask->src_ipv4;
504 }
505 i++;
506 } else if (flags & (ICE_TC_FLWR_FIELD_DEST_IPV6 |
507 ICE_TC_FLWR_FIELD_SRC_IPV6)) {
508 struct ice_ipv6_hdr *ipv6_hdr, *ipv6_mask;
509 struct ice_tc_l3_hdr *l3_key, *l3_mask;
510
511 list[i].type = ice_proto_type_from_ipv6(inner);
512 ipv6_hdr = &list[i].h_u.ipv6_hdr;
513 ipv6_mask = &list[i].m_u.ipv6_hdr;
514 l3_key = &headers->l3_key;
515 l3_mask = &headers->l3_mask;
516
517 if (flags & ICE_TC_FLWR_FIELD_DEST_IPV6) {
518 memcpy(&ipv6_hdr->dst_addr, &l3_key->dst_ipv6_addr,
519 sizeof(l3_key->dst_ipv6_addr));
520 memcpy(&ipv6_mask->dst_addr, &l3_mask->dst_ipv6_addr,
521 sizeof(l3_mask->dst_ipv6_addr));
522 }
523 if (flags & ICE_TC_FLWR_FIELD_SRC_IPV6) {
524 memcpy(&ipv6_hdr->src_addr, &l3_key->src_ipv6_addr,
525 sizeof(l3_key->src_ipv6_addr));
526 memcpy(&ipv6_mask->src_addr, &l3_mask->src_ipv6_addr,
527 sizeof(l3_mask->src_ipv6_addr));
528 }
529 i++;
530 }
531
532 if (headers->l2_key.n_proto == htons(ETH_P_IP) &&
533 (flags & (ICE_TC_FLWR_FIELD_IP_TOS | ICE_TC_FLWR_FIELD_IP_TTL))) {
534 list[i].type = ice_proto_type_from_ipv4(inner);
535
536 if (flags & ICE_TC_FLWR_FIELD_IP_TOS) {
537 list[i].h_u.ipv4_hdr.tos = headers->l3_key.tos;
538 list[i].m_u.ipv4_hdr.tos = headers->l3_mask.tos;
539 }
540
541 if (flags & ICE_TC_FLWR_FIELD_IP_TTL) {
542 list[i].h_u.ipv4_hdr.time_to_live =
543 headers->l3_key.ttl;
544 list[i].m_u.ipv4_hdr.time_to_live =
545 headers->l3_mask.ttl;
546 }
547
548 i++;
549 }
550
551 if (headers->l2_key.n_proto == htons(ETH_P_IPV6) &&
552 (flags & (ICE_TC_FLWR_FIELD_IP_TOS | ICE_TC_FLWR_FIELD_IP_TTL))) {
553 struct ice_ipv6_hdr *hdr_h, *hdr_m;
554
555 hdr_h = &list[i].h_u.ipv6_hdr;
556 hdr_m = &list[i].m_u.ipv6_hdr;
557 list[i].type = ice_proto_type_from_ipv6(inner);
558
559 if (flags & ICE_TC_FLWR_FIELD_IP_TOS) {
560 be32p_replace_bits(&hdr_h->be_ver_tc_flow,
561 headers->l3_key.tos,
562 ICE_IPV6_HDR_TC_MASK);
563 be32p_replace_bits(&hdr_m->be_ver_tc_flow,
564 headers->l3_mask.tos,
565 ICE_IPV6_HDR_TC_MASK);
566 }
567
568 if (flags & ICE_TC_FLWR_FIELD_IP_TTL) {
569 hdr_h->hop_limit = headers->l3_key.ttl;
570 hdr_m->hop_limit = headers->l3_mask.ttl;
571 }
572
573 i++;
574 }
575
576 if (flags & ICE_TC_FLWR_FIELD_L2TPV3_SESSID) {
577 list[i].type = ICE_L2TPV3;
578
579 list[i].h_u.l2tpv3_sess_hdr.session_id =
580 headers->l2tpv3_hdr.session_id;
581 list[i].m_u.l2tpv3_sess_hdr.session_id =
582 cpu_to_be32(0xFFFFFFFF);
583
584 i++;
585 }
586
587 /* copy L4 (src, dest) port */
588 if (flags & (ICE_TC_FLWR_FIELD_DEST_L4_PORT |
589 ICE_TC_FLWR_FIELD_SRC_L4_PORT)) {
590 struct ice_tc_l4_hdr *l4_key, *l4_mask;
591
592 list[i].type = ice_proto_type_from_l4_port(headers->l3_key.ip_proto);
593 l4_key = &headers->l4_key;
594 l4_mask = &headers->l4_mask;
595
596 if (flags & ICE_TC_FLWR_FIELD_DEST_L4_PORT) {
597 list[i].h_u.l4_hdr.dst_port = l4_key->dst_port;
598 list[i].m_u.l4_hdr.dst_port = l4_mask->dst_port;
599 }
600 if (flags & ICE_TC_FLWR_FIELD_SRC_L4_PORT) {
601 list[i].h_u.l4_hdr.src_port = l4_key->src_port;
602 list[i].m_u.l4_hdr.src_port = l4_mask->src_port;
603 }
604 i++;
605 }
606
607 return i;
608 }
609
610 /**
611 * ice_tc_tun_get_type - get the tunnel type
612 * @tunnel_dev: ptr to tunnel device
613 *
614 * This function detects appropriate tunnel_type if specified device is
615 * tunnel device such as VXLAN/Geneve
616 */
ice_tc_tun_get_type(struct net_device * tunnel_dev)617 static int ice_tc_tun_get_type(struct net_device *tunnel_dev)
618 {
619 if (netif_is_vxlan(tunnel_dev))
620 return TNL_VXLAN;
621 if (netif_is_geneve(tunnel_dev))
622 return TNL_GENEVE;
623 if (netif_is_gretap(tunnel_dev) ||
624 netif_is_ip6gretap(tunnel_dev))
625 return TNL_GRETAP;
626
627 /* Assume GTP-U by default in case of GTP netdev.
628 * GTP-C may be selected later, based on enc_dst_port.
629 */
630 if (netif_is_gtp(tunnel_dev))
631 return TNL_GTPU;
632 return TNL_LAST;
633 }
634
ice_is_tunnel_supported(struct net_device * dev)635 bool ice_is_tunnel_supported(struct net_device *dev)
636 {
637 return ice_tc_tun_get_type(dev) != TNL_LAST;
638 }
639
ice_tc_is_dev_uplink(struct net_device * dev)640 static bool ice_tc_is_dev_uplink(struct net_device *dev)
641 {
642 return netif_is_ice(dev) || ice_is_tunnel_supported(dev);
643 }
644
ice_tc_setup_redirect_action(struct net_device * filter_dev,struct ice_tc_flower_fltr * fltr,struct net_device * target_dev)645 static int ice_tc_setup_redirect_action(struct net_device *filter_dev,
646 struct ice_tc_flower_fltr *fltr,
647 struct net_device *target_dev)
648 {
649 struct ice_repr *repr;
650
651 fltr->action.fltr_act = ICE_FWD_TO_VSI;
652
653 if (ice_is_port_repr_netdev(filter_dev) &&
654 ice_is_port_repr_netdev(target_dev)) {
655 repr = ice_netdev_to_repr(target_dev);
656
657 fltr->dest_vsi = repr->src_vsi;
658 fltr->direction = ICE_ESWITCH_FLTR_EGRESS;
659 } else if (ice_is_port_repr_netdev(filter_dev) &&
660 ice_tc_is_dev_uplink(target_dev)) {
661 repr = ice_netdev_to_repr(filter_dev);
662
663 fltr->dest_vsi = repr->src_vsi->back->switchdev.uplink_vsi;
664 fltr->direction = ICE_ESWITCH_FLTR_EGRESS;
665 } else if (ice_tc_is_dev_uplink(filter_dev) &&
666 ice_is_port_repr_netdev(target_dev)) {
667 repr = ice_netdev_to_repr(target_dev);
668
669 fltr->dest_vsi = repr->src_vsi;
670 fltr->direction = ICE_ESWITCH_FLTR_INGRESS;
671 } else {
672 NL_SET_ERR_MSG_MOD(fltr->extack,
673 "Unsupported netdevice in switchdev mode");
674 return -EINVAL;
675 }
676
677 return 0;
678 }
679
680 static int
ice_tc_setup_drop_action(struct net_device * filter_dev,struct ice_tc_flower_fltr * fltr)681 ice_tc_setup_drop_action(struct net_device *filter_dev,
682 struct ice_tc_flower_fltr *fltr)
683 {
684 fltr->action.fltr_act = ICE_DROP_PACKET;
685
686 if (ice_is_port_repr_netdev(filter_dev)) {
687 fltr->direction = ICE_ESWITCH_FLTR_EGRESS;
688 } else if (ice_tc_is_dev_uplink(filter_dev)) {
689 fltr->direction = ICE_ESWITCH_FLTR_INGRESS;
690 } else {
691 NL_SET_ERR_MSG_MOD(fltr->extack,
692 "Unsupported netdevice in switchdev mode");
693 return -EINVAL;
694 }
695
696 return 0;
697 }
698
ice_eswitch_tc_parse_action(struct net_device * filter_dev,struct ice_tc_flower_fltr * fltr,struct flow_action_entry * act)699 static int ice_eswitch_tc_parse_action(struct net_device *filter_dev,
700 struct ice_tc_flower_fltr *fltr,
701 struct flow_action_entry *act)
702 {
703 int err;
704
705 switch (act->id) {
706 case FLOW_ACTION_DROP:
707 err = ice_tc_setup_drop_action(filter_dev, fltr);
708 if (err)
709 return err;
710
711 break;
712
713 case FLOW_ACTION_REDIRECT:
714 err = ice_tc_setup_redirect_action(filter_dev, fltr, act->dev);
715 if (err)
716 return err;
717
718 break;
719
720 default:
721 NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported action in switchdev mode");
722 return -EINVAL;
723 }
724
725 return 0;
726 }
727
728 static int
ice_eswitch_add_tc_fltr(struct ice_vsi * vsi,struct ice_tc_flower_fltr * fltr)729 ice_eswitch_add_tc_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr)
730 {
731 struct ice_tc_flower_lyr_2_4_hdrs *headers = &fltr->outer_headers;
732 struct ice_adv_rule_info rule_info = { 0 };
733 struct ice_rule_query_data rule_added;
734 struct ice_hw *hw = &vsi->back->hw;
735 struct ice_adv_lkup_elem *list;
736 u32 flags = fltr->flags;
737 int lkups_cnt;
738 int ret;
739 int i;
740
741 if (flags & ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT) {
742 NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported encap field(s)");
743 return -EOPNOTSUPP;
744 }
745
746 lkups_cnt = ice_tc_count_lkups(flags, headers, fltr);
747 list = kcalloc(lkups_cnt, sizeof(*list), GFP_ATOMIC);
748 if (!list)
749 return -ENOMEM;
750
751 i = ice_tc_fill_rules(hw, flags, fltr, list, &rule_info, NULL);
752 if (i != lkups_cnt) {
753 ret = -EINVAL;
754 goto exit;
755 }
756
757 rule_info.sw_act.fltr_act = fltr->action.fltr_act;
758 if (fltr->action.fltr_act != ICE_DROP_PACKET)
759 rule_info.sw_act.vsi_handle = fltr->dest_vsi->idx;
760 /* For now, making priority to be highest, and it also becomes
761 * the priority for recipe which will get created as a result of
762 * new extraction sequence based on input set.
763 * Priority '7' is max val for switch recipe, higher the number
764 * results into order of switch rule evaluation.
765 */
766 rule_info.priority = 7;
767 rule_info.flags_info.act_valid = true;
768
769 if (fltr->direction == ICE_ESWITCH_FLTR_INGRESS) {
770 /* Uplink to VF */
771 rule_info.sw_act.flag |= ICE_FLTR_RX;
772 rule_info.sw_act.src = hw->pf_id;
773 rule_info.flags_info.act = ICE_SINGLE_ACT_LB_ENABLE;
774 } else if (fltr->direction == ICE_ESWITCH_FLTR_EGRESS &&
775 fltr->dest_vsi == vsi->back->switchdev.uplink_vsi) {
776 /* VF to Uplink */
777 rule_info.sw_act.flag |= ICE_FLTR_TX;
778 rule_info.sw_act.src = vsi->idx;
779 rule_info.flags_info.act = ICE_SINGLE_ACT_LAN_ENABLE;
780 } else {
781 /* VF to VF */
782 rule_info.sw_act.flag |= ICE_FLTR_TX;
783 rule_info.sw_act.src = vsi->idx;
784 rule_info.flags_info.act = ICE_SINGLE_ACT_LB_ENABLE;
785 }
786
787 /* specify the cookie as filter_rule_id */
788 rule_info.fltr_rule_id = fltr->cookie;
789 rule_info.src_vsi = vsi->idx;
790
791 ret = ice_add_adv_rule(hw, list, lkups_cnt, &rule_info, &rule_added);
792 if (ret == -EEXIST) {
793 NL_SET_ERR_MSG_MOD(fltr->extack, "Unable to add filter because it already exist");
794 ret = -EINVAL;
795 goto exit;
796 } else if (ret) {
797 NL_SET_ERR_MSG_MOD(fltr->extack, "Unable to add filter due to error");
798 goto exit;
799 }
800
801 /* store the output params, which are needed later for removing
802 * advanced switch filter
803 */
804 fltr->rid = rule_added.rid;
805 fltr->rule_id = rule_added.rule_id;
806 fltr->dest_vsi_handle = rule_added.vsi_handle;
807
808 exit:
809 kfree(list);
810 return ret;
811 }
812
813 /**
814 * ice_locate_vsi_using_queue - locate VSI using queue (forward to queue action)
815 * @vsi: Pointer to VSI
816 * @queue: Queue index
817 *
818 * Locate the VSI using specified "queue". When ADQ is not enabled,
819 * always return input VSI, otherwise locate corresponding
820 * VSI based on per channel "offset" and "qcount"
821 */
822 struct ice_vsi *
ice_locate_vsi_using_queue(struct ice_vsi * vsi,int queue)823 ice_locate_vsi_using_queue(struct ice_vsi *vsi, int queue)
824 {
825 int num_tc, tc;
826
827 /* if ADQ is not active, passed VSI is the candidate VSI */
828 if (!ice_is_adq_active(vsi->back))
829 return vsi;
830
831 /* Locate the VSI (it could still be main PF VSI or CHNL_VSI depending
832 * upon queue number)
833 */
834 num_tc = vsi->mqprio_qopt.qopt.num_tc;
835
836 for (tc = 0; tc < num_tc; tc++) {
837 int qcount = vsi->mqprio_qopt.qopt.count[tc];
838 int offset = vsi->mqprio_qopt.qopt.offset[tc];
839
840 if (queue >= offset && queue < offset + qcount) {
841 /* for non-ADQ TCs, passed VSI is the candidate VSI */
842 if (tc < ICE_CHNL_START_TC)
843 return vsi;
844 else
845 return vsi->tc_map_vsi[tc];
846 }
847 }
848 return NULL;
849 }
850
851 static struct ice_rx_ring *
ice_locate_rx_ring_using_queue(struct ice_vsi * vsi,struct ice_tc_flower_fltr * tc_fltr)852 ice_locate_rx_ring_using_queue(struct ice_vsi *vsi,
853 struct ice_tc_flower_fltr *tc_fltr)
854 {
855 u16 queue = tc_fltr->action.fwd.q.queue;
856
857 return queue < vsi->num_rxq ? vsi->rx_rings[queue] : NULL;
858 }
859
860 /**
861 * ice_tc_forward_action - Determine destination VSI and queue for the action
862 * @vsi: Pointer to VSI
863 * @tc_fltr: Pointer to TC flower filter structure
864 *
865 * Validates the tc forward action and determines the destination VSI and queue
866 * for the forward action.
867 */
868 static struct ice_vsi *
ice_tc_forward_action(struct ice_vsi * vsi,struct ice_tc_flower_fltr * tc_fltr)869 ice_tc_forward_action(struct ice_vsi *vsi, struct ice_tc_flower_fltr *tc_fltr)
870 {
871 struct ice_rx_ring *ring = NULL;
872 struct ice_vsi *dest_vsi = NULL;
873 struct ice_pf *pf = vsi->back;
874 struct device *dev;
875 u32 tc_class;
876 int q;
877
878 dev = ice_pf_to_dev(pf);
879
880 /* Get the destination VSI and/or destination queue and validate them */
881 switch (tc_fltr->action.fltr_act) {
882 case ICE_FWD_TO_VSI:
883 tc_class = tc_fltr->action.fwd.tc.tc_class;
884 /* Select the destination VSI */
885 if (tc_class < ICE_CHNL_START_TC) {
886 NL_SET_ERR_MSG_MOD(tc_fltr->extack,
887 "Unable to add filter because of unsupported destination");
888 return ERR_PTR(-EOPNOTSUPP);
889 }
890 /* Locate ADQ VSI depending on hw_tc number */
891 dest_vsi = vsi->tc_map_vsi[tc_class];
892 break;
893 case ICE_FWD_TO_Q:
894 /* Locate the Rx queue */
895 ring = ice_locate_rx_ring_using_queue(vsi, tc_fltr);
896 if (!ring) {
897 dev_err(dev,
898 "Unable to locate Rx queue for action fwd_to_queue: %u\n",
899 tc_fltr->action.fwd.q.queue);
900 return ERR_PTR(-EINVAL);
901 }
902 /* Determine destination VSI even though the action is
903 * FWD_TO_QUEUE, because QUEUE is associated with VSI
904 */
905 q = tc_fltr->action.fwd.q.queue;
906 dest_vsi = ice_locate_vsi_using_queue(vsi, q);
907 break;
908 default:
909 dev_err(dev,
910 "Unable to add filter because of unsupported action %u (supported actions: fwd to tc, fwd to queue)\n",
911 tc_fltr->action.fltr_act);
912 return ERR_PTR(-EINVAL);
913 }
914 /* Must have valid dest_vsi (it could be main VSI or ADQ VSI) */
915 if (!dest_vsi) {
916 dev_err(dev,
917 "Unable to add filter because specified destination VSI doesn't exist\n");
918 return ERR_PTR(-EINVAL);
919 }
920 return dest_vsi;
921 }
922
923 /**
924 * ice_add_tc_flower_adv_fltr - add appropriate filter rules
925 * @vsi: Pointer to VSI
926 * @tc_fltr: Pointer to TC flower filter structure
927 *
928 * based on filter parameters using Advance recipes supported
929 * by OS package.
930 */
931 static int
ice_add_tc_flower_adv_fltr(struct ice_vsi * vsi,struct ice_tc_flower_fltr * tc_fltr)932 ice_add_tc_flower_adv_fltr(struct ice_vsi *vsi,
933 struct ice_tc_flower_fltr *tc_fltr)
934 {
935 struct ice_tc_flower_lyr_2_4_hdrs *headers = &tc_fltr->outer_headers;
936 struct ice_adv_rule_info rule_info = {0};
937 struct ice_rule_query_data rule_added;
938 struct ice_adv_lkup_elem *list;
939 struct ice_pf *pf = vsi->back;
940 struct ice_hw *hw = &pf->hw;
941 u32 flags = tc_fltr->flags;
942 struct ice_vsi *dest_vsi;
943 struct device *dev;
944 u16 lkups_cnt = 0;
945 u16 l4_proto = 0;
946 int ret = 0;
947 u16 i = 0;
948
949 dev = ice_pf_to_dev(pf);
950 if (ice_is_safe_mode(pf)) {
951 NL_SET_ERR_MSG_MOD(tc_fltr->extack, "Unable to add filter because driver is in safe mode");
952 return -EOPNOTSUPP;
953 }
954
955 if (!flags || (flags & (ICE_TC_FLWR_FIELD_ENC_DEST_IPV4 |
956 ICE_TC_FLWR_FIELD_ENC_SRC_IPV4 |
957 ICE_TC_FLWR_FIELD_ENC_DEST_IPV6 |
958 ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 |
959 ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT))) {
960 NL_SET_ERR_MSG_MOD(tc_fltr->extack, "Unsupported encap field(s)");
961 return -EOPNOTSUPP;
962 }
963
964 /* validate forwarding action VSI and queue */
965 if (ice_is_forward_action(tc_fltr->action.fltr_act)) {
966 dest_vsi = ice_tc_forward_action(vsi, tc_fltr);
967 if (IS_ERR(dest_vsi))
968 return PTR_ERR(dest_vsi);
969 }
970
971 lkups_cnt = ice_tc_count_lkups(flags, headers, tc_fltr);
972 list = kcalloc(lkups_cnt, sizeof(*list), GFP_ATOMIC);
973 if (!list)
974 return -ENOMEM;
975
976 i = ice_tc_fill_rules(hw, flags, tc_fltr, list, &rule_info, &l4_proto);
977 if (i != lkups_cnt) {
978 ret = -EINVAL;
979 goto exit;
980 }
981
982 rule_info.sw_act.fltr_act = tc_fltr->action.fltr_act;
983 /* specify the cookie as filter_rule_id */
984 rule_info.fltr_rule_id = tc_fltr->cookie;
985
986 switch (tc_fltr->action.fltr_act) {
987 case ICE_FWD_TO_VSI:
988 rule_info.sw_act.vsi_handle = dest_vsi->idx;
989 rule_info.priority = ICE_SWITCH_FLTR_PRIO_VSI;
990 rule_info.sw_act.src = hw->pf_id;
991 dev_dbg(dev, "add switch rule for TC:%u vsi_idx:%u, lkups_cnt:%u\n",
992 tc_fltr->action.fwd.tc.tc_class,
993 rule_info.sw_act.vsi_handle, lkups_cnt);
994 break;
995 case ICE_FWD_TO_Q:
996 /* HW queue number in global space */
997 rule_info.sw_act.fwd_id.q_id = tc_fltr->action.fwd.q.hw_queue;
998 rule_info.sw_act.vsi_handle = dest_vsi->idx;
999 rule_info.priority = ICE_SWITCH_FLTR_PRIO_QUEUE;
1000 rule_info.sw_act.src = hw->pf_id;
1001 dev_dbg(dev, "add switch rule action to forward to queue:%u (HW queue %u), lkups_cnt:%u\n",
1002 tc_fltr->action.fwd.q.queue,
1003 tc_fltr->action.fwd.q.hw_queue, lkups_cnt);
1004 break;
1005 case ICE_DROP_PACKET:
1006 rule_info.sw_act.flag |= ICE_FLTR_RX;
1007 rule_info.sw_act.src = hw->pf_id;
1008 rule_info.priority = ICE_SWITCH_FLTR_PRIO_VSI;
1009 break;
1010 default:
1011 ret = -EOPNOTSUPP;
1012 goto exit;
1013 }
1014
1015 ret = ice_add_adv_rule(hw, list, lkups_cnt, &rule_info, &rule_added);
1016 if (ret == -EEXIST) {
1017 NL_SET_ERR_MSG_MOD(tc_fltr->extack,
1018 "Unable to add filter because it already exist");
1019 ret = -EINVAL;
1020 goto exit;
1021 } else if (ret) {
1022 NL_SET_ERR_MSG_MOD(tc_fltr->extack,
1023 "Unable to add filter due to error");
1024 goto exit;
1025 }
1026
1027 /* store the output params, which are needed later for removing
1028 * advanced switch filter
1029 */
1030 tc_fltr->rid = rule_added.rid;
1031 tc_fltr->rule_id = rule_added.rule_id;
1032 tc_fltr->dest_vsi_handle = rule_added.vsi_handle;
1033 if (tc_fltr->action.fltr_act == ICE_FWD_TO_VSI ||
1034 tc_fltr->action.fltr_act == ICE_FWD_TO_Q) {
1035 tc_fltr->dest_vsi = dest_vsi;
1036 /* keep track of advanced switch filter for
1037 * destination VSI
1038 */
1039 dest_vsi->num_chnl_fltr++;
1040
1041 /* keeps track of channel filters for PF VSI */
1042 if (vsi->type == ICE_VSI_PF &&
1043 (flags & (ICE_TC_FLWR_FIELD_DST_MAC |
1044 ICE_TC_FLWR_FIELD_ENC_DST_MAC)))
1045 pf->num_dmac_chnl_fltrs++;
1046 }
1047 switch (tc_fltr->action.fltr_act) {
1048 case ICE_FWD_TO_VSI:
1049 dev_dbg(dev, "added switch rule (lkups_cnt %u, flags 0x%x), action is forward to TC %u, rid %u, rule_id %u, vsi_idx %u\n",
1050 lkups_cnt, flags,
1051 tc_fltr->action.fwd.tc.tc_class, rule_added.rid,
1052 rule_added.rule_id, rule_added.vsi_handle);
1053 break;
1054 case ICE_FWD_TO_Q:
1055 dev_dbg(dev, "added switch rule (lkups_cnt %u, flags 0x%x), action is forward to queue: %u (HW queue %u) , rid %u, rule_id %u\n",
1056 lkups_cnt, flags, tc_fltr->action.fwd.q.queue,
1057 tc_fltr->action.fwd.q.hw_queue, rule_added.rid,
1058 rule_added.rule_id);
1059 break;
1060 case ICE_DROP_PACKET:
1061 dev_dbg(dev, "added switch rule (lkups_cnt %u, flags 0x%x), action is drop, rid %u, rule_id %u\n",
1062 lkups_cnt, flags, rule_added.rid, rule_added.rule_id);
1063 break;
1064 default:
1065 break;
1066 }
1067 exit:
1068 kfree(list);
1069 return ret;
1070 }
1071
1072 /**
1073 * ice_tc_set_pppoe - Parse PPPoE fields from TC flower filter
1074 * @match: Pointer to flow match structure
1075 * @fltr: Pointer to filter structure
1076 * @headers: Pointer to outer header fields
1077 * @returns PPP protocol used in filter (ppp_ses or ppp_disc)
1078 */
1079 static u16
ice_tc_set_pppoe(struct flow_match_pppoe * match,struct ice_tc_flower_fltr * fltr,struct ice_tc_flower_lyr_2_4_hdrs * headers)1080 ice_tc_set_pppoe(struct flow_match_pppoe *match,
1081 struct ice_tc_flower_fltr *fltr,
1082 struct ice_tc_flower_lyr_2_4_hdrs *headers)
1083 {
1084 if (match->mask->session_id) {
1085 fltr->flags |= ICE_TC_FLWR_FIELD_PPPOE_SESSID;
1086 headers->pppoe_hdr.session_id = match->key->session_id;
1087 }
1088
1089 if (match->mask->ppp_proto) {
1090 fltr->flags |= ICE_TC_FLWR_FIELD_PPP_PROTO;
1091 headers->pppoe_hdr.ppp_proto = match->key->ppp_proto;
1092 }
1093
1094 return be16_to_cpu(match->key->type);
1095 }
1096
1097 /**
1098 * ice_tc_set_ipv4 - Parse IPv4 addresses from TC flower filter
1099 * @match: Pointer to flow match structure
1100 * @fltr: Pointer to filter structure
1101 * @headers: inner or outer header fields
1102 * @is_encap: set true for tunnel IPv4 address
1103 */
1104 static int
ice_tc_set_ipv4(struct flow_match_ipv4_addrs * match,struct ice_tc_flower_fltr * fltr,struct ice_tc_flower_lyr_2_4_hdrs * headers,bool is_encap)1105 ice_tc_set_ipv4(struct flow_match_ipv4_addrs *match,
1106 struct ice_tc_flower_fltr *fltr,
1107 struct ice_tc_flower_lyr_2_4_hdrs *headers, bool is_encap)
1108 {
1109 if (match->key->dst) {
1110 if (is_encap)
1111 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DEST_IPV4;
1112 else
1113 fltr->flags |= ICE_TC_FLWR_FIELD_DEST_IPV4;
1114 headers->l3_key.dst_ipv4 = match->key->dst;
1115 headers->l3_mask.dst_ipv4 = match->mask->dst;
1116 }
1117 if (match->key->src) {
1118 if (is_encap)
1119 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_SRC_IPV4;
1120 else
1121 fltr->flags |= ICE_TC_FLWR_FIELD_SRC_IPV4;
1122 headers->l3_key.src_ipv4 = match->key->src;
1123 headers->l3_mask.src_ipv4 = match->mask->src;
1124 }
1125 return 0;
1126 }
1127
1128 /**
1129 * ice_tc_set_ipv6 - Parse IPv6 addresses from TC flower filter
1130 * @match: Pointer to flow match structure
1131 * @fltr: Pointer to filter structure
1132 * @headers: inner or outer header fields
1133 * @is_encap: set true for tunnel IPv6 address
1134 */
1135 static int
ice_tc_set_ipv6(struct flow_match_ipv6_addrs * match,struct ice_tc_flower_fltr * fltr,struct ice_tc_flower_lyr_2_4_hdrs * headers,bool is_encap)1136 ice_tc_set_ipv6(struct flow_match_ipv6_addrs *match,
1137 struct ice_tc_flower_fltr *fltr,
1138 struct ice_tc_flower_lyr_2_4_hdrs *headers, bool is_encap)
1139 {
1140 struct ice_tc_l3_hdr *l3_key, *l3_mask;
1141
1142 /* src and dest IPV6 address should not be LOOPBACK
1143 * (0:0:0:0:0:0:0:1), which can be represented as ::1
1144 */
1145 if (ipv6_addr_loopback(&match->key->dst) ||
1146 ipv6_addr_loopback(&match->key->src)) {
1147 NL_SET_ERR_MSG_MOD(fltr->extack, "Bad IPv6, addr is LOOPBACK");
1148 return -EINVAL;
1149 }
1150 /* if src/dest IPv6 address is *,* error */
1151 if (ipv6_addr_any(&match->mask->dst) &&
1152 ipv6_addr_any(&match->mask->src)) {
1153 NL_SET_ERR_MSG_MOD(fltr->extack, "Bad src/dest IPv6, addr is any");
1154 return -EINVAL;
1155 }
1156 if (!ipv6_addr_any(&match->mask->dst)) {
1157 if (is_encap)
1158 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DEST_IPV6;
1159 else
1160 fltr->flags |= ICE_TC_FLWR_FIELD_DEST_IPV6;
1161 }
1162 if (!ipv6_addr_any(&match->mask->src)) {
1163 if (is_encap)
1164 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_SRC_IPV6;
1165 else
1166 fltr->flags |= ICE_TC_FLWR_FIELD_SRC_IPV6;
1167 }
1168
1169 l3_key = &headers->l3_key;
1170 l3_mask = &headers->l3_mask;
1171
1172 if (fltr->flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 |
1173 ICE_TC_FLWR_FIELD_SRC_IPV6)) {
1174 memcpy(&l3_key->src_ipv6_addr, &match->key->src.s6_addr,
1175 sizeof(match->key->src.s6_addr));
1176 memcpy(&l3_mask->src_ipv6_addr, &match->mask->src.s6_addr,
1177 sizeof(match->mask->src.s6_addr));
1178 }
1179 if (fltr->flags & (ICE_TC_FLWR_FIELD_ENC_DEST_IPV6 |
1180 ICE_TC_FLWR_FIELD_DEST_IPV6)) {
1181 memcpy(&l3_key->dst_ipv6_addr, &match->key->dst.s6_addr,
1182 sizeof(match->key->dst.s6_addr));
1183 memcpy(&l3_mask->dst_ipv6_addr, &match->mask->dst.s6_addr,
1184 sizeof(match->mask->dst.s6_addr));
1185 }
1186
1187 return 0;
1188 }
1189
1190 /**
1191 * ice_tc_set_tos_ttl - Parse IP ToS/TTL from TC flower filter
1192 * @match: Pointer to flow match structure
1193 * @fltr: Pointer to filter structure
1194 * @headers: inner or outer header fields
1195 * @is_encap: set true for tunnel
1196 */
1197 static void
ice_tc_set_tos_ttl(struct flow_match_ip * match,struct ice_tc_flower_fltr * fltr,struct ice_tc_flower_lyr_2_4_hdrs * headers,bool is_encap)1198 ice_tc_set_tos_ttl(struct flow_match_ip *match,
1199 struct ice_tc_flower_fltr *fltr,
1200 struct ice_tc_flower_lyr_2_4_hdrs *headers,
1201 bool is_encap)
1202 {
1203 if (match->mask->tos) {
1204 if (is_encap)
1205 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_IP_TOS;
1206 else
1207 fltr->flags |= ICE_TC_FLWR_FIELD_IP_TOS;
1208
1209 headers->l3_key.tos = match->key->tos;
1210 headers->l3_mask.tos = match->mask->tos;
1211 }
1212
1213 if (match->mask->ttl) {
1214 if (is_encap)
1215 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_IP_TTL;
1216 else
1217 fltr->flags |= ICE_TC_FLWR_FIELD_IP_TTL;
1218
1219 headers->l3_key.ttl = match->key->ttl;
1220 headers->l3_mask.ttl = match->mask->ttl;
1221 }
1222 }
1223
1224 /**
1225 * ice_tc_set_port - Parse ports from TC flower filter
1226 * @match: Flow match structure
1227 * @fltr: Pointer to filter structure
1228 * @headers: inner or outer header fields
1229 * @is_encap: set true for tunnel port
1230 */
1231 static int
ice_tc_set_port(struct flow_match_ports match,struct ice_tc_flower_fltr * fltr,struct ice_tc_flower_lyr_2_4_hdrs * headers,bool is_encap)1232 ice_tc_set_port(struct flow_match_ports match,
1233 struct ice_tc_flower_fltr *fltr,
1234 struct ice_tc_flower_lyr_2_4_hdrs *headers, bool is_encap)
1235 {
1236 if (match.key->dst) {
1237 if (is_encap)
1238 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DEST_L4_PORT;
1239 else
1240 fltr->flags |= ICE_TC_FLWR_FIELD_DEST_L4_PORT;
1241
1242 headers->l4_key.dst_port = match.key->dst;
1243 headers->l4_mask.dst_port = match.mask->dst;
1244 }
1245 if (match.key->src) {
1246 if (is_encap)
1247 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT;
1248 else
1249 fltr->flags |= ICE_TC_FLWR_FIELD_SRC_L4_PORT;
1250
1251 headers->l4_key.src_port = match.key->src;
1252 headers->l4_mask.src_port = match.mask->src;
1253 }
1254 return 0;
1255 }
1256
1257 static struct net_device *
ice_get_tunnel_device(struct net_device * dev,struct flow_rule * rule)1258 ice_get_tunnel_device(struct net_device *dev, struct flow_rule *rule)
1259 {
1260 struct flow_action_entry *act;
1261 int i;
1262
1263 if (ice_is_tunnel_supported(dev))
1264 return dev;
1265
1266 flow_action_for_each(i, act, &rule->action) {
1267 if (act->id == FLOW_ACTION_REDIRECT &&
1268 ice_is_tunnel_supported(act->dev))
1269 return act->dev;
1270 }
1271
1272 return NULL;
1273 }
1274
1275 /**
1276 * ice_parse_gtp_type - Sets GTP tunnel type to GTP-U or GTP-C
1277 * @match: Flow match structure
1278 * @fltr: Pointer to filter structure
1279 *
1280 * GTP-C/GTP-U is selected based on destination port number (enc_dst_port).
1281 * Before calling this funtcion, fltr->tunnel_type should be set to TNL_GTPU,
1282 * therefore making GTP-U the default choice (when destination port number is
1283 * not specified).
1284 */
1285 static int
ice_parse_gtp_type(struct flow_match_ports match,struct ice_tc_flower_fltr * fltr)1286 ice_parse_gtp_type(struct flow_match_ports match,
1287 struct ice_tc_flower_fltr *fltr)
1288 {
1289 u16 dst_port;
1290
1291 if (match.key->dst) {
1292 dst_port = be16_to_cpu(match.key->dst);
1293
1294 switch (dst_port) {
1295 case 2152:
1296 break;
1297 case 2123:
1298 fltr->tunnel_type = TNL_GTPC;
1299 break;
1300 default:
1301 NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported GTP port number");
1302 return -EINVAL;
1303 }
1304 }
1305
1306 return 0;
1307 }
1308
1309 static int
ice_parse_tunnel_attr(struct net_device * dev,struct flow_rule * rule,struct ice_tc_flower_fltr * fltr)1310 ice_parse_tunnel_attr(struct net_device *dev, struct flow_rule *rule,
1311 struct ice_tc_flower_fltr *fltr)
1312 {
1313 struct ice_tc_flower_lyr_2_4_hdrs *headers = &fltr->outer_headers;
1314 struct flow_match_control enc_control;
1315
1316 fltr->tunnel_type = ice_tc_tun_get_type(dev);
1317 headers->l3_key.ip_proto = IPPROTO_UDP;
1318
1319 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_KEYID)) {
1320 struct flow_match_enc_keyid enc_keyid;
1321
1322 flow_rule_match_enc_keyid(rule, &enc_keyid);
1323
1324 if (!enc_keyid.mask->keyid ||
1325 enc_keyid.mask->keyid != cpu_to_be32(ICE_TC_FLOWER_MASK_32))
1326 return -EINVAL;
1327
1328 fltr->flags |= ICE_TC_FLWR_FIELD_TENANT_ID;
1329 fltr->tenant_id = enc_keyid.key->keyid;
1330 }
1331
1332 flow_rule_match_enc_control(rule, &enc_control);
1333
1334 if (enc_control.key->addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS) {
1335 struct flow_match_ipv4_addrs match;
1336
1337 flow_rule_match_enc_ipv4_addrs(rule, &match);
1338 if (ice_tc_set_ipv4(&match, fltr, headers, true))
1339 return -EINVAL;
1340 } else if (enc_control.key->addr_type ==
1341 FLOW_DISSECTOR_KEY_IPV6_ADDRS) {
1342 struct flow_match_ipv6_addrs match;
1343
1344 flow_rule_match_enc_ipv6_addrs(rule, &match);
1345 if (ice_tc_set_ipv6(&match, fltr, headers, true))
1346 return -EINVAL;
1347 }
1348
1349 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_IP)) {
1350 struct flow_match_ip match;
1351
1352 flow_rule_match_enc_ip(rule, &match);
1353 ice_tc_set_tos_ttl(&match, fltr, headers, true);
1354 }
1355
1356 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_PORTS) &&
1357 fltr->tunnel_type != TNL_VXLAN && fltr->tunnel_type != TNL_GENEVE) {
1358 struct flow_match_ports match;
1359
1360 flow_rule_match_enc_ports(rule, &match);
1361
1362 if (fltr->tunnel_type != TNL_GTPU) {
1363 if (ice_tc_set_port(match, fltr, headers, true))
1364 return -EINVAL;
1365 } else {
1366 if (ice_parse_gtp_type(match, fltr))
1367 return -EINVAL;
1368 }
1369 }
1370
1371 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_OPTS)) {
1372 struct flow_match_enc_opts match;
1373
1374 flow_rule_match_enc_opts(rule, &match);
1375
1376 memcpy(&fltr->gtp_pdu_info_keys, &match.key->data[0],
1377 sizeof(struct gtp_pdu_session_info));
1378
1379 memcpy(&fltr->gtp_pdu_info_masks, &match.mask->data[0],
1380 sizeof(struct gtp_pdu_session_info));
1381
1382 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_OPTS;
1383 }
1384
1385 return 0;
1386 }
1387
1388 /**
1389 * ice_parse_cls_flower - Parse TC flower filters provided by kernel
1390 * @vsi: Pointer to the VSI
1391 * @filter_dev: Pointer to device on which filter is being added
1392 * @f: Pointer to struct flow_cls_offload
1393 * @fltr: Pointer to filter structure
1394 */
1395 static int
ice_parse_cls_flower(struct net_device * filter_dev,struct ice_vsi * vsi,struct flow_cls_offload * f,struct ice_tc_flower_fltr * fltr)1396 ice_parse_cls_flower(struct net_device *filter_dev, struct ice_vsi *vsi,
1397 struct flow_cls_offload *f,
1398 struct ice_tc_flower_fltr *fltr)
1399 {
1400 struct ice_tc_flower_lyr_2_4_hdrs *headers = &fltr->outer_headers;
1401 struct flow_rule *rule = flow_cls_offload_flow_rule(f);
1402 u16 n_proto_mask = 0, n_proto_key = 0, addr_type = 0;
1403 struct flow_dissector *dissector;
1404 struct net_device *tunnel_dev;
1405
1406 dissector = rule->match.dissector;
1407
1408 if (dissector->used_keys &
1409 ~(BIT_ULL(FLOW_DISSECTOR_KEY_CONTROL) |
1410 BIT_ULL(FLOW_DISSECTOR_KEY_BASIC) |
1411 BIT_ULL(FLOW_DISSECTOR_KEY_ETH_ADDRS) |
1412 BIT_ULL(FLOW_DISSECTOR_KEY_VLAN) |
1413 BIT_ULL(FLOW_DISSECTOR_KEY_CVLAN) |
1414 BIT_ULL(FLOW_DISSECTOR_KEY_IPV4_ADDRS) |
1415 BIT_ULL(FLOW_DISSECTOR_KEY_IPV6_ADDRS) |
1416 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_CONTROL) |
1417 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_KEYID) |
1418 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) |
1419 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) |
1420 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_PORTS) |
1421 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_OPTS) |
1422 BIT_ULL(FLOW_DISSECTOR_KEY_IP) |
1423 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IP) |
1424 BIT_ULL(FLOW_DISSECTOR_KEY_PORTS) |
1425 BIT_ULL(FLOW_DISSECTOR_KEY_PPPOE) |
1426 BIT_ULL(FLOW_DISSECTOR_KEY_L2TPV3))) {
1427 NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported key used");
1428 return -EOPNOTSUPP;
1429 }
1430
1431 tunnel_dev = ice_get_tunnel_device(filter_dev, rule);
1432 if (tunnel_dev) {
1433 int err;
1434
1435 filter_dev = tunnel_dev;
1436
1437 err = ice_parse_tunnel_attr(filter_dev, rule, fltr);
1438 if (err) {
1439 NL_SET_ERR_MSG_MOD(fltr->extack, "Failed to parse TC flower tunnel attributes");
1440 return err;
1441 }
1442
1443 /* header pointers should point to the inner headers, outer
1444 * header were already set by ice_parse_tunnel_attr
1445 */
1446 headers = &fltr->inner_headers;
1447 } else if (dissector->used_keys &
1448 (BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) |
1449 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) |
1450 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_KEYID) |
1451 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_PORTS) |
1452 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IP) |
1453 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_OPTS) |
1454 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_CONTROL))) {
1455 NL_SET_ERR_MSG_MOD(fltr->extack, "Tunnel key used, but device isn't a tunnel");
1456 return -EOPNOTSUPP;
1457 } else {
1458 fltr->tunnel_type = TNL_LAST;
1459 }
1460
1461 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) {
1462 struct flow_match_basic match;
1463
1464 flow_rule_match_basic(rule, &match);
1465
1466 n_proto_key = ntohs(match.key->n_proto);
1467 n_proto_mask = ntohs(match.mask->n_proto);
1468
1469 if (n_proto_key == ETH_P_ALL || n_proto_key == 0 ||
1470 fltr->tunnel_type == TNL_GTPU ||
1471 fltr->tunnel_type == TNL_GTPC) {
1472 n_proto_key = 0;
1473 n_proto_mask = 0;
1474 } else {
1475 fltr->flags |= ICE_TC_FLWR_FIELD_ETH_TYPE_ID;
1476 }
1477
1478 headers->l2_key.n_proto = cpu_to_be16(n_proto_key);
1479 headers->l2_mask.n_proto = cpu_to_be16(n_proto_mask);
1480 headers->l3_key.ip_proto = match.key->ip_proto;
1481 }
1482
1483 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ETH_ADDRS)) {
1484 struct flow_match_eth_addrs match;
1485
1486 flow_rule_match_eth_addrs(rule, &match);
1487
1488 if (!is_zero_ether_addr(match.key->dst)) {
1489 ether_addr_copy(headers->l2_key.dst_mac,
1490 match.key->dst);
1491 ether_addr_copy(headers->l2_mask.dst_mac,
1492 match.mask->dst);
1493 fltr->flags |= ICE_TC_FLWR_FIELD_DST_MAC;
1494 }
1495
1496 if (!is_zero_ether_addr(match.key->src)) {
1497 ether_addr_copy(headers->l2_key.src_mac,
1498 match.key->src);
1499 ether_addr_copy(headers->l2_mask.src_mac,
1500 match.mask->src);
1501 fltr->flags |= ICE_TC_FLWR_FIELD_SRC_MAC;
1502 }
1503 }
1504
1505 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_VLAN) ||
1506 is_vlan_dev(filter_dev)) {
1507 struct flow_dissector_key_vlan mask;
1508 struct flow_dissector_key_vlan key;
1509 struct flow_match_vlan match;
1510
1511 if (is_vlan_dev(filter_dev)) {
1512 match.key = &key;
1513 match.key->vlan_id = vlan_dev_vlan_id(filter_dev);
1514 match.key->vlan_priority = 0;
1515 match.mask = &mask;
1516 memset(match.mask, 0xff, sizeof(*match.mask));
1517 match.mask->vlan_priority = 0;
1518 } else {
1519 flow_rule_match_vlan(rule, &match);
1520 }
1521
1522 if (match.mask->vlan_id) {
1523 if (match.mask->vlan_id == VLAN_VID_MASK) {
1524 fltr->flags |= ICE_TC_FLWR_FIELD_VLAN;
1525 headers->vlan_hdr.vlan_id =
1526 cpu_to_be16(match.key->vlan_id &
1527 VLAN_VID_MASK);
1528 } else {
1529 NL_SET_ERR_MSG_MOD(fltr->extack, "Bad VLAN mask");
1530 return -EINVAL;
1531 }
1532 }
1533
1534 if (match.mask->vlan_priority) {
1535 fltr->flags |= ICE_TC_FLWR_FIELD_VLAN_PRIO;
1536 headers->vlan_hdr.vlan_prio =
1537 be16_encode_bits(match.key->vlan_priority,
1538 VLAN_PRIO_MASK);
1539 }
1540
1541 if (match.mask->vlan_tpid) {
1542 headers->vlan_hdr.vlan_tpid = match.key->vlan_tpid;
1543 fltr->flags |= ICE_TC_FLWR_FIELD_VLAN_TPID;
1544 }
1545 }
1546
1547 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CVLAN)) {
1548 struct flow_match_vlan match;
1549
1550 if (!ice_is_dvm_ena(&vsi->back->hw)) {
1551 NL_SET_ERR_MSG_MOD(fltr->extack, "Double VLAN mode is not enabled");
1552 return -EINVAL;
1553 }
1554
1555 flow_rule_match_cvlan(rule, &match);
1556
1557 if (match.mask->vlan_id) {
1558 if (match.mask->vlan_id == VLAN_VID_MASK) {
1559 fltr->flags |= ICE_TC_FLWR_FIELD_CVLAN;
1560 headers->cvlan_hdr.vlan_id =
1561 cpu_to_be16(match.key->vlan_id &
1562 VLAN_VID_MASK);
1563 } else {
1564 NL_SET_ERR_MSG_MOD(fltr->extack,
1565 "Bad CVLAN mask");
1566 return -EINVAL;
1567 }
1568 }
1569
1570 if (match.mask->vlan_priority) {
1571 fltr->flags |= ICE_TC_FLWR_FIELD_CVLAN_PRIO;
1572 headers->cvlan_hdr.vlan_prio =
1573 be16_encode_bits(match.key->vlan_priority,
1574 VLAN_PRIO_MASK);
1575 }
1576 }
1577
1578 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PPPOE)) {
1579 struct flow_match_pppoe match;
1580
1581 flow_rule_match_pppoe(rule, &match);
1582 n_proto_key = ice_tc_set_pppoe(&match, fltr, headers);
1583
1584 /* If ethertype equals ETH_P_PPP_SES, n_proto might be
1585 * overwritten by encapsulated protocol (ppp_proto field) or set
1586 * to 0. To correct this, flow_match_pppoe provides the type
1587 * field, which contains the actual ethertype (ETH_P_PPP_SES).
1588 */
1589 headers->l2_key.n_proto = cpu_to_be16(n_proto_key);
1590 headers->l2_mask.n_proto = cpu_to_be16(0xFFFF);
1591 fltr->flags |= ICE_TC_FLWR_FIELD_ETH_TYPE_ID;
1592 }
1593
1594 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CONTROL)) {
1595 struct flow_match_control match;
1596
1597 flow_rule_match_control(rule, &match);
1598
1599 addr_type = match.key->addr_type;
1600 }
1601
1602 if (addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS) {
1603 struct flow_match_ipv4_addrs match;
1604
1605 flow_rule_match_ipv4_addrs(rule, &match);
1606 if (ice_tc_set_ipv4(&match, fltr, headers, false))
1607 return -EINVAL;
1608 }
1609
1610 if (addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS) {
1611 struct flow_match_ipv6_addrs match;
1612
1613 flow_rule_match_ipv6_addrs(rule, &match);
1614 if (ice_tc_set_ipv6(&match, fltr, headers, false))
1615 return -EINVAL;
1616 }
1617
1618 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IP)) {
1619 struct flow_match_ip match;
1620
1621 flow_rule_match_ip(rule, &match);
1622 ice_tc_set_tos_ttl(&match, fltr, headers, false);
1623 }
1624
1625 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_L2TPV3)) {
1626 struct flow_match_l2tpv3 match;
1627
1628 flow_rule_match_l2tpv3(rule, &match);
1629
1630 fltr->flags |= ICE_TC_FLWR_FIELD_L2TPV3_SESSID;
1631 headers->l2tpv3_hdr.session_id = match.key->session_id;
1632 }
1633
1634 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS)) {
1635 struct flow_match_ports match;
1636
1637 flow_rule_match_ports(rule, &match);
1638 if (ice_tc_set_port(match, fltr, headers, false))
1639 return -EINVAL;
1640 switch (headers->l3_key.ip_proto) {
1641 case IPPROTO_TCP:
1642 case IPPROTO_UDP:
1643 break;
1644 default:
1645 NL_SET_ERR_MSG_MOD(fltr->extack, "Only UDP and TCP transport are supported");
1646 return -EINVAL;
1647 }
1648 }
1649 return 0;
1650 }
1651
1652 /**
1653 * ice_add_switch_fltr - Add TC flower filters
1654 * @vsi: Pointer to VSI
1655 * @fltr: Pointer to struct ice_tc_flower_fltr
1656 *
1657 * Add filter in HW switch block
1658 */
1659 static int
ice_add_switch_fltr(struct ice_vsi * vsi,struct ice_tc_flower_fltr * fltr)1660 ice_add_switch_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr)
1661 {
1662 if (fltr->action.fltr_act == ICE_FWD_TO_QGRP)
1663 return -EOPNOTSUPP;
1664
1665 if (ice_is_eswitch_mode_switchdev(vsi->back))
1666 return ice_eswitch_add_tc_fltr(vsi, fltr);
1667
1668 return ice_add_tc_flower_adv_fltr(vsi, fltr);
1669 }
1670
1671 /**
1672 * ice_prep_adq_filter - Prepare ADQ filter with the required additional headers
1673 * @vsi: Pointer to VSI
1674 * @fltr: Pointer to TC flower filter structure
1675 *
1676 * Prepare ADQ filter with the required additional header fields
1677 */
1678 static int
ice_prep_adq_filter(struct ice_vsi * vsi,struct ice_tc_flower_fltr * fltr)1679 ice_prep_adq_filter(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr)
1680 {
1681 if ((fltr->flags & ICE_TC_FLWR_FIELD_TENANT_ID) &&
1682 (fltr->flags & (ICE_TC_FLWR_FIELD_DST_MAC |
1683 ICE_TC_FLWR_FIELD_SRC_MAC))) {
1684 NL_SET_ERR_MSG_MOD(fltr->extack,
1685 "Unable to add filter because filter using tunnel key and inner MAC is unsupported combination");
1686 return -EOPNOTSUPP;
1687 }
1688
1689 /* For ADQ, filter must include dest MAC address, otherwise unwanted
1690 * packets with unrelated MAC address get delivered to ADQ VSIs as long
1691 * as remaining filter criteria is satisfied such as dest IP address
1692 * and dest/src L4 port. Below code handles the following cases:
1693 * 1. For non-tunnel, if user specify MAC addresses, use them.
1694 * 2. For non-tunnel, if user didn't specify MAC address, add implicit
1695 * dest MAC to be lower netdev's active unicast MAC address
1696 * 3. For tunnel, as of now TC-filter through flower classifier doesn't
1697 * have provision for user to specify outer DMAC, hence driver to
1698 * implicitly add outer dest MAC to be lower netdev's active unicast
1699 * MAC address.
1700 */
1701 if (fltr->tunnel_type != TNL_LAST &&
1702 !(fltr->flags & ICE_TC_FLWR_FIELD_ENC_DST_MAC))
1703 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DST_MAC;
1704
1705 if (fltr->tunnel_type == TNL_LAST &&
1706 !(fltr->flags & ICE_TC_FLWR_FIELD_DST_MAC))
1707 fltr->flags |= ICE_TC_FLWR_FIELD_DST_MAC;
1708
1709 if (fltr->flags & (ICE_TC_FLWR_FIELD_DST_MAC |
1710 ICE_TC_FLWR_FIELD_ENC_DST_MAC)) {
1711 ether_addr_copy(fltr->outer_headers.l2_key.dst_mac,
1712 vsi->netdev->dev_addr);
1713 eth_broadcast_addr(fltr->outer_headers.l2_mask.dst_mac);
1714 }
1715
1716 /* Make sure VLAN is already added to main VSI, before allowing ADQ to
1717 * add a VLAN based filter such as MAC + VLAN + L4 port.
1718 */
1719 if (fltr->flags & ICE_TC_FLWR_FIELD_VLAN) {
1720 u16 vlan_id = be16_to_cpu(fltr->outer_headers.vlan_hdr.vlan_id);
1721
1722 if (!ice_vlan_fltr_exist(&vsi->back->hw, vlan_id, vsi->idx)) {
1723 NL_SET_ERR_MSG_MOD(fltr->extack,
1724 "Unable to add filter because legacy VLAN filter for specified destination doesn't exist");
1725 return -EINVAL;
1726 }
1727 }
1728 return 0;
1729 }
1730
1731 /**
1732 * ice_handle_tclass_action - Support directing to a traffic class
1733 * @vsi: Pointer to VSI
1734 * @cls_flower: Pointer to TC flower offload structure
1735 * @fltr: Pointer to TC flower filter structure
1736 *
1737 * Support directing traffic to a traffic class/queue-set
1738 */
1739 static int
ice_handle_tclass_action(struct ice_vsi * vsi,struct flow_cls_offload * cls_flower,struct ice_tc_flower_fltr * fltr)1740 ice_handle_tclass_action(struct ice_vsi *vsi,
1741 struct flow_cls_offload *cls_flower,
1742 struct ice_tc_flower_fltr *fltr)
1743 {
1744 int tc = tc_classid_to_hwtc(vsi->netdev, cls_flower->classid);
1745
1746 /* user specified hw_tc (must be non-zero for ADQ TC), action is forward
1747 * to hw_tc (i.e. ADQ channel number)
1748 */
1749 if (tc < ICE_CHNL_START_TC) {
1750 NL_SET_ERR_MSG_MOD(fltr->extack,
1751 "Unable to add filter because of unsupported destination");
1752 return -EOPNOTSUPP;
1753 }
1754 if (!(vsi->all_enatc & BIT(tc))) {
1755 NL_SET_ERR_MSG_MOD(fltr->extack,
1756 "Unable to add filter because of non-existence destination");
1757 return -EINVAL;
1758 }
1759 fltr->action.fltr_act = ICE_FWD_TO_VSI;
1760 fltr->action.fwd.tc.tc_class = tc;
1761
1762 return ice_prep_adq_filter(vsi, fltr);
1763 }
1764
1765 static int
ice_tc_forward_to_queue(struct ice_vsi * vsi,struct ice_tc_flower_fltr * fltr,struct flow_action_entry * act)1766 ice_tc_forward_to_queue(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr,
1767 struct flow_action_entry *act)
1768 {
1769 struct ice_vsi *ch_vsi = NULL;
1770 u16 queue = act->rx_queue;
1771
1772 if (queue >= vsi->num_rxq) {
1773 NL_SET_ERR_MSG_MOD(fltr->extack,
1774 "Unable to add filter because specified queue is invalid");
1775 return -EINVAL;
1776 }
1777 fltr->action.fltr_act = ICE_FWD_TO_Q;
1778 fltr->action.fwd.q.queue = queue;
1779 /* determine corresponding HW queue */
1780 fltr->action.fwd.q.hw_queue = vsi->rxq_map[queue];
1781
1782 /* If ADQ is configured, and the queue belongs to ADQ VSI, then prepare
1783 * ADQ switch filter
1784 */
1785 ch_vsi = ice_locate_vsi_using_queue(vsi, fltr->action.fwd.q.queue);
1786 if (!ch_vsi)
1787 return -EINVAL;
1788 fltr->dest_vsi = ch_vsi;
1789 if (!ice_is_chnl_fltr(fltr))
1790 return 0;
1791
1792 return ice_prep_adq_filter(vsi, fltr);
1793 }
1794
1795 static int
ice_tc_parse_action(struct ice_vsi * vsi,struct ice_tc_flower_fltr * fltr,struct flow_action_entry * act)1796 ice_tc_parse_action(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr,
1797 struct flow_action_entry *act)
1798 {
1799 switch (act->id) {
1800 case FLOW_ACTION_RX_QUEUE_MAPPING:
1801 /* forward to queue */
1802 return ice_tc_forward_to_queue(vsi, fltr, act);
1803 case FLOW_ACTION_DROP:
1804 fltr->action.fltr_act = ICE_DROP_PACKET;
1805 return 0;
1806 default:
1807 NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported TC action");
1808 return -EOPNOTSUPP;
1809 }
1810 }
1811
1812 /**
1813 * ice_parse_tc_flower_actions - Parse the actions for a TC filter
1814 * @filter_dev: Pointer to device on which filter is being added
1815 * @vsi: Pointer to VSI
1816 * @cls_flower: Pointer to TC flower offload structure
1817 * @fltr: Pointer to TC flower filter structure
1818 *
1819 * Parse the actions for a TC filter
1820 */
ice_parse_tc_flower_actions(struct net_device * filter_dev,struct ice_vsi * vsi,struct flow_cls_offload * cls_flower,struct ice_tc_flower_fltr * fltr)1821 static int ice_parse_tc_flower_actions(struct net_device *filter_dev,
1822 struct ice_vsi *vsi,
1823 struct flow_cls_offload *cls_flower,
1824 struct ice_tc_flower_fltr *fltr)
1825 {
1826 struct flow_rule *rule = flow_cls_offload_flow_rule(cls_flower);
1827 struct flow_action *flow_action = &rule->action;
1828 struct flow_action_entry *act;
1829 int i, err;
1830
1831 if (cls_flower->classid)
1832 return ice_handle_tclass_action(vsi, cls_flower, fltr);
1833
1834 if (!flow_action_has_entries(flow_action))
1835 return -EINVAL;
1836
1837 flow_action_for_each(i, act, flow_action) {
1838 if (ice_is_eswitch_mode_switchdev(vsi->back))
1839 err = ice_eswitch_tc_parse_action(filter_dev, fltr, act);
1840 else
1841 err = ice_tc_parse_action(vsi, fltr, act);
1842 if (err)
1843 return err;
1844 continue;
1845 }
1846 return 0;
1847 }
1848
1849 /**
1850 * ice_del_tc_fltr - deletes a filter from HW table
1851 * @vsi: Pointer to VSI
1852 * @fltr: Pointer to struct ice_tc_flower_fltr
1853 *
1854 * This function deletes a filter from HW table and manages book-keeping
1855 */
ice_del_tc_fltr(struct ice_vsi * vsi,struct ice_tc_flower_fltr * fltr)1856 static int ice_del_tc_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr)
1857 {
1858 struct ice_rule_query_data rule_rem;
1859 struct ice_pf *pf = vsi->back;
1860 int err;
1861
1862 rule_rem.rid = fltr->rid;
1863 rule_rem.rule_id = fltr->rule_id;
1864 rule_rem.vsi_handle = fltr->dest_vsi_handle;
1865 err = ice_rem_adv_rule_by_id(&pf->hw, &rule_rem);
1866 if (err) {
1867 if (err == -ENOENT) {
1868 NL_SET_ERR_MSG_MOD(fltr->extack, "Filter does not exist");
1869 return -ENOENT;
1870 }
1871 NL_SET_ERR_MSG_MOD(fltr->extack, "Failed to delete TC flower filter");
1872 return -EIO;
1873 }
1874
1875 /* update advanced switch filter count for destination
1876 * VSI if filter destination was VSI
1877 */
1878 if (fltr->dest_vsi) {
1879 if (fltr->dest_vsi->type == ICE_VSI_CHNL) {
1880 fltr->dest_vsi->num_chnl_fltr--;
1881
1882 /* keeps track of channel filters for PF VSI */
1883 if (vsi->type == ICE_VSI_PF &&
1884 (fltr->flags & (ICE_TC_FLWR_FIELD_DST_MAC |
1885 ICE_TC_FLWR_FIELD_ENC_DST_MAC)))
1886 pf->num_dmac_chnl_fltrs--;
1887 }
1888 }
1889 return 0;
1890 }
1891
1892 /**
1893 * ice_add_tc_fltr - adds a TC flower filter
1894 * @netdev: Pointer to netdev
1895 * @vsi: Pointer to VSI
1896 * @f: Pointer to flower offload structure
1897 * @__fltr: Pointer to struct ice_tc_flower_fltr
1898 *
1899 * This function parses TC-flower input fields, parses action,
1900 * and adds a filter.
1901 */
1902 static int
ice_add_tc_fltr(struct net_device * netdev,struct ice_vsi * vsi,struct flow_cls_offload * f,struct ice_tc_flower_fltr ** __fltr)1903 ice_add_tc_fltr(struct net_device *netdev, struct ice_vsi *vsi,
1904 struct flow_cls_offload *f,
1905 struct ice_tc_flower_fltr **__fltr)
1906 {
1907 struct ice_tc_flower_fltr *fltr;
1908 int err;
1909
1910 /* by default, set output to be INVALID */
1911 *__fltr = NULL;
1912
1913 fltr = kzalloc(sizeof(*fltr), GFP_KERNEL);
1914 if (!fltr)
1915 return -ENOMEM;
1916
1917 fltr->cookie = f->cookie;
1918 fltr->extack = f->common.extack;
1919 fltr->src_vsi = vsi;
1920 INIT_HLIST_NODE(&fltr->tc_flower_node);
1921
1922 err = ice_parse_cls_flower(netdev, vsi, f, fltr);
1923 if (err < 0)
1924 goto err;
1925
1926 err = ice_parse_tc_flower_actions(netdev, vsi, f, fltr);
1927 if (err < 0)
1928 goto err;
1929
1930 err = ice_add_switch_fltr(vsi, fltr);
1931 if (err < 0)
1932 goto err;
1933
1934 /* return the newly created filter */
1935 *__fltr = fltr;
1936
1937 return 0;
1938 err:
1939 kfree(fltr);
1940 return err;
1941 }
1942
1943 /**
1944 * ice_find_tc_flower_fltr - Find the TC flower filter in the list
1945 * @pf: Pointer to PF
1946 * @cookie: filter specific cookie
1947 */
1948 static struct ice_tc_flower_fltr *
ice_find_tc_flower_fltr(struct ice_pf * pf,unsigned long cookie)1949 ice_find_tc_flower_fltr(struct ice_pf *pf, unsigned long cookie)
1950 {
1951 struct ice_tc_flower_fltr *fltr;
1952
1953 hlist_for_each_entry(fltr, &pf->tc_flower_fltr_list, tc_flower_node)
1954 if (cookie == fltr->cookie)
1955 return fltr;
1956
1957 return NULL;
1958 }
1959
1960 /**
1961 * ice_add_cls_flower - add TC flower filters
1962 * @netdev: Pointer to filter device
1963 * @vsi: Pointer to VSI
1964 * @cls_flower: Pointer to flower offload structure
1965 */
1966 int
ice_add_cls_flower(struct net_device * netdev,struct ice_vsi * vsi,struct flow_cls_offload * cls_flower)1967 ice_add_cls_flower(struct net_device *netdev, struct ice_vsi *vsi,
1968 struct flow_cls_offload *cls_flower)
1969 {
1970 struct netlink_ext_ack *extack = cls_flower->common.extack;
1971 struct net_device *vsi_netdev = vsi->netdev;
1972 struct ice_tc_flower_fltr *fltr;
1973 struct ice_pf *pf = vsi->back;
1974 int err;
1975
1976 if (ice_is_reset_in_progress(pf->state))
1977 return -EBUSY;
1978 if (test_bit(ICE_FLAG_FW_LLDP_AGENT, pf->flags))
1979 return -EINVAL;
1980
1981 if (ice_is_port_repr_netdev(netdev))
1982 vsi_netdev = netdev;
1983
1984 if (!(vsi_netdev->features & NETIF_F_HW_TC) &&
1985 !test_bit(ICE_FLAG_CLS_FLOWER, pf->flags)) {
1986 /* Based on TC indirect notifications from kernel, all ice
1987 * devices get an instance of rule from higher level device.
1988 * Avoid triggering explicit error in this case.
1989 */
1990 if (netdev == vsi_netdev)
1991 NL_SET_ERR_MSG_MOD(extack, "can't apply TC flower filters, turn ON hw-tc-offload and try again");
1992 return -EINVAL;
1993 }
1994
1995 /* avoid duplicate entries, if exists - return error */
1996 fltr = ice_find_tc_flower_fltr(pf, cls_flower->cookie);
1997 if (fltr) {
1998 NL_SET_ERR_MSG_MOD(extack, "filter cookie already exists, ignoring");
1999 return -EEXIST;
2000 }
2001
2002 /* prep and add TC-flower filter in HW */
2003 err = ice_add_tc_fltr(netdev, vsi, cls_flower, &fltr);
2004 if (err)
2005 return err;
2006
2007 /* add filter into an ordered list */
2008 hlist_add_head(&fltr->tc_flower_node, &pf->tc_flower_fltr_list);
2009 return 0;
2010 }
2011
2012 /**
2013 * ice_del_cls_flower - delete TC flower filters
2014 * @vsi: Pointer to VSI
2015 * @cls_flower: Pointer to struct flow_cls_offload
2016 */
2017 int
ice_del_cls_flower(struct ice_vsi * vsi,struct flow_cls_offload * cls_flower)2018 ice_del_cls_flower(struct ice_vsi *vsi, struct flow_cls_offload *cls_flower)
2019 {
2020 struct ice_tc_flower_fltr *fltr;
2021 struct ice_pf *pf = vsi->back;
2022 int err;
2023
2024 /* find filter */
2025 fltr = ice_find_tc_flower_fltr(pf, cls_flower->cookie);
2026 if (!fltr) {
2027 if (!test_bit(ICE_FLAG_TC_MQPRIO, pf->flags) &&
2028 hlist_empty(&pf->tc_flower_fltr_list))
2029 return 0;
2030
2031 NL_SET_ERR_MSG_MOD(cls_flower->common.extack, "failed to delete TC flower filter because unable to find it");
2032 return -EINVAL;
2033 }
2034
2035 fltr->extack = cls_flower->common.extack;
2036 /* delete filter from HW */
2037 err = ice_del_tc_fltr(vsi, fltr);
2038 if (err)
2039 return err;
2040
2041 /* delete filter from an ordered list */
2042 hlist_del(&fltr->tc_flower_node);
2043
2044 /* free the filter node */
2045 kfree(fltr);
2046
2047 return 0;
2048 }
2049
2050 /**
2051 * ice_replay_tc_fltrs - replay TC filters
2052 * @pf: pointer to PF struct
2053 */
ice_replay_tc_fltrs(struct ice_pf * pf)2054 void ice_replay_tc_fltrs(struct ice_pf *pf)
2055 {
2056 struct ice_tc_flower_fltr *fltr;
2057 struct hlist_node *node;
2058
2059 hlist_for_each_entry_safe(fltr, node,
2060 &pf->tc_flower_fltr_list,
2061 tc_flower_node) {
2062 fltr->extack = NULL;
2063 ice_add_switch_fltr(fltr->src_vsi, fltr);
2064 }
2065 }
2066