1 /*
2  * drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c
3  * Copyright (c) 2017 Mellanox Technologies. All rights reserved.
4  * Copyright (c) 2017 Jiri Pirko <jiri@mellanox.com>
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions are met:
8  *
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  * 3. Neither the names of the copyright holders nor the names of its
15  *    contributors may be used to endorse or promote products derived from
16  *    this software without specific prior written permission.
17  *
18  * Alternatively, this software may be distributed under the terms of the
19  * GNU General Public License ("GPL") version 2 as published by the Free
20  * Software Foundation.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
23  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
26  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32  * POSSIBILITY OF SUCH DAMAGE.
33  */
34 
35 #include <linux/kernel.h>
36 #include <linux/errno.h>
37 #include <linux/netdevice.h>
38 #include <net/net_namespace.h>
39 #include <net/flow_dissector.h>
40 #include <net/pkt_cls.h>
41 #include <net/tc_act/tc_gact.h>
42 #include <net/tc_act/tc_mirred.h>
43 #include <net/tc_act/tc_vlan.h>
44 
45 #include "spectrum.h"
46 #include "core_acl_flex_keys.h"
47 
48 static int mlxsw_sp_flower_parse_actions(struct mlxsw_sp *mlxsw_sp,
49 					 struct mlxsw_sp_acl_block *block,
50 					 struct mlxsw_sp_acl_rule_info *rulei,
51 					 struct tcf_exts *exts)
52 {
53 	const struct tc_action *a;
54 	LIST_HEAD(actions);
55 	int err;
56 
57 	if (!tcf_exts_has_actions(exts))
58 		return 0;
59 
60 	/* Count action is inserted first */
61 	err = mlxsw_sp_acl_rulei_act_count(mlxsw_sp, rulei);
62 	if (err)
63 		return err;
64 
65 	tcf_exts_to_list(exts, &actions);
66 	list_for_each_entry(a, &actions, list) {
67 		if (is_tcf_gact_ok(a)) {
68 			err = mlxsw_sp_acl_rulei_act_terminate(rulei);
69 			if (err)
70 				return err;
71 		} else if (is_tcf_gact_shot(a)) {
72 			err = mlxsw_sp_acl_rulei_act_drop(rulei);
73 			if (err)
74 				return err;
75 		} else if (is_tcf_gact_trap(a)) {
76 			err = mlxsw_sp_acl_rulei_act_trap(rulei);
77 			if (err)
78 				return err;
79 		} else if (is_tcf_gact_goto_chain(a)) {
80 			u32 chain_index = tcf_gact_goto_chain_index(a);
81 			struct mlxsw_sp_acl_ruleset *ruleset;
82 			u16 group_id;
83 
84 			ruleset = mlxsw_sp_acl_ruleset_lookup(mlxsw_sp, block,
85 							      chain_index,
86 							      MLXSW_SP_ACL_PROFILE_FLOWER);
87 			if (IS_ERR(ruleset))
88 				return PTR_ERR(ruleset);
89 
90 			group_id = mlxsw_sp_acl_ruleset_group_id(ruleset);
91 			err = mlxsw_sp_acl_rulei_act_jump(rulei, group_id);
92 			if (err)
93 				return err;
94 		} else if (is_tcf_mirred_egress_redirect(a)) {
95 			struct net_device *out_dev;
96 			struct mlxsw_sp_fid *fid;
97 			u16 fid_index;
98 
99 			fid = mlxsw_sp_acl_dummy_fid(mlxsw_sp);
100 			fid_index = mlxsw_sp_fid_index(fid);
101 			err = mlxsw_sp_acl_rulei_act_fid_set(mlxsw_sp, rulei,
102 							     fid_index);
103 			if (err)
104 				return err;
105 
106 			out_dev = tcf_mirred_dev(a);
107 			err = mlxsw_sp_acl_rulei_act_fwd(mlxsw_sp, rulei,
108 							 out_dev);
109 			if (err)
110 				return err;
111 		} else if (is_tcf_mirred_egress_mirror(a)) {
112 			struct net_device *out_dev = tcf_mirred_dev(a);
113 
114 			err = mlxsw_sp_acl_rulei_act_mirror(mlxsw_sp, rulei,
115 							    block, out_dev);
116 			if (err)
117 				return err;
118 		} else if (is_tcf_vlan(a)) {
119 			u16 proto = be16_to_cpu(tcf_vlan_push_proto(a));
120 			u32 action = tcf_vlan_action(a);
121 			u8 prio = tcf_vlan_push_prio(a);
122 			u16 vid = tcf_vlan_push_vid(a);
123 
124 			return mlxsw_sp_acl_rulei_act_vlan(mlxsw_sp, rulei,
125 							   action, vid,
126 							   proto, prio);
127 		} else {
128 			dev_err(mlxsw_sp->bus_info->dev, "Unsupported action\n");
129 			return -EOPNOTSUPP;
130 		}
131 	}
132 	return 0;
133 }
134 
135 static void mlxsw_sp_flower_parse_ipv4(struct mlxsw_sp_acl_rule_info *rulei,
136 				       struct tc_cls_flower_offload *f)
137 {
138 	struct flow_dissector_key_ipv4_addrs *key =
139 		skb_flow_dissector_target(f->dissector,
140 					  FLOW_DISSECTOR_KEY_IPV4_ADDRS,
141 					  f->key);
142 	struct flow_dissector_key_ipv4_addrs *mask =
143 		skb_flow_dissector_target(f->dissector,
144 					  FLOW_DISSECTOR_KEY_IPV4_ADDRS,
145 					  f->mask);
146 
147 	mlxsw_sp_acl_rulei_keymask_u32(rulei, MLXSW_AFK_ELEMENT_SRC_IP4,
148 				       ntohl(key->src), ntohl(mask->src));
149 	mlxsw_sp_acl_rulei_keymask_u32(rulei, MLXSW_AFK_ELEMENT_DST_IP4,
150 				       ntohl(key->dst), ntohl(mask->dst));
151 }
152 
153 static void mlxsw_sp_flower_parse_ipv6(struct mlxsw_sp_acl_rule_info *rulei,
154 				       struct tc_cls_flower_offload *f)
155 {
156 	struct flow_dissector_key_ipv6_addrs *key =
157 		skb_flow_dissector_target(f->dissector,
158 					  FLOW_DISSECTOR_KEY_IPV6_ADDRS,
159 					  f->key);
160 	struct flow_dissector_key_ipv6_addrs *mask =
161 		skb_flow_dissector_target(f->dissector,
162 					  FLOW_DISSECTOR_KEY_IPV6_ADDRS,
163 					  f->mask);
164 	size_t addr_half_size = sizeof(key->src) / 2;
165 
166 	mlxsw_sp_acl_rulei_keymask_buf(rulei, MLXSW_AFK_ELEMENT_SRC_IP6_HI,
167 				       &key->src.s6_addr[0],
168 				       &mask->src.s6_addr[0],
169 				       addr_half_size);
170 	mlxsw_sp_acl_rulei_keymask_buf(rulei, MLXSW_AFK_ELEMENT_SRC_IP6_LO,
171 				       &key->src.s6_addr[addr_half_size],
172 				       &mask->src.s6_addr[addr_half_size],
173 				       addr_half_size);
174 	mlxsw_sp_acl_rulei_keymask_buf(rulei, MLXSW_AFK_ELEMENT_DST_IP6_HI,
175 				       &key->dst.s6_addr[0],
176 				       &mask->dst.s6_addr[0],
177 				       addr_half_size);
178 	mlxsw_sp_acl_rulei_keymask_buf(rulei, MLXSW_AFK_ELEMENT_DST_IP6_LO,
179 				       &key->dst.s6_addr[addr_half_size],
180 				       &mask->dst.s6_addr[addr_half_size],
181 				       addr_half_size);
182 }
183 
184 static int mlxsw_sp_flower_parse_ports(struct mlxsw_sp *mlxsw_sp,
185 				       struct mlxsw_sp_acl_rule_info *rulei,
186 				       struct tc_cls_flower_offload *f,
187 				       u8 ip_proto)
188 {
189 	struct flow_dissector_key_ports *key, *mask;
190 
191 	if (!dissector_uses_key(f->dissector, FLOW_DISSECTOR_KEY_PORTS))
192 		return 0;
193 
194 	if (ip_proto != IPPROTO_TCP && ip_proto != IPPROTO_UDP) {
195 		dev_err(mlxsw_sp->bus_info->dev, "Only UDP and TCP keys are supported\n");
196 		return -EINVAL;
197 	}
198 
199 	key = skb_flow_dissector_target(f->dissector,
200 					FLOW_DISSECTOR_KEY_PORTS,
201 					f->key);
202 	mask = skb_flow_dissector_target(f->dissector,
203 					 FLOW_DISSECTOR_KEY_PORTS,
204 					 f->mask);
205 	mlxsw_sp_acl_rulei_keymask_u32(rulei, MLXSW_AFK_ELEMENT_DST_L4_PORT,
206 				       ntohs(key->dst), ntohs(mask->dst));
207 	mlxsw_sp_acl_rulei_keymask_u32(rulei, MLXSW_AFK_ELEMENT_SRC_L4_PORT,
208 				       ntohs(key->src), ntohs(mask->src));
209 	return 0;
210 }
211 
212 static int mlxsw_sp_flower_parse_tcp(struct mlxsw_sp *mlxsw_sp,
213 				     struct mlxsw_sp_acl_rule_info *rulei,
214 				     struct tc_cls_flower_offload *f,
215 				     u8 ip_proto)
216 {
217 	struct flow_dissector_key_tcp *key, *mask;
218 
219 	if (!dissector_uses_key(f->dissector, FLOW_DISSECTOR_KEY_TCP))
220 		return 0;
221 
222 	if (ip_proto != IPPROTO_TCP) {
223 		dev_err(mlxsw_sp->bus_info->dev, "TCP keys supported only for TCP\n");
224 		return -EINVAL;
225 	}
226 
227 	key = skb_flow_dissector_target(f->dissector,
228 					FLOW_DISSECTOR_KEY_TCP,
229 					f->key);
230 	mask = skb_flow_dissector_target(f->dissector,
231 					 FLOW_DISSECTOR_KEY_TCP,
232 					 f->mask);
233 	mlxsw_sp_acl_rulei_keymask_u32(rulei, MLXSW_AFK_ELEMENT_TCP_FLAGS,
234 				       ntohs(key->flags), ntohs(mask->flags));
235 	return 0;
236 }
237 
238 static int mlxsw_sp_flower_parse_ip(struct mlxsw_sp *mlxsw_sp,
239 				    struct mlxsw_sp_acl_rule_info *rulei,
240 				    struct tc_cls_flower_offload *f,
241 				    u16 n_proto)
242 {
243 	struct flow_dissector_key_ip *key, *mask;
244 
245 	if (!dissector_uses_key(f->dissector, FLOW_DISSECTOR_KEY_IP))
246 		return 0;
247 
248 	if (n_proto != ETH_P_IP && n_proto != ETH_P_IPV6) {
249 		dev_err(mlxsw_sp->bus_info->dev, "IP keys supported only for IPv4/6\n");
250 		return -EINVAL;
251 	}
252 
253 	key = skb_flow_dissector_target(f->dissector,
254 					FLOW_DISSECTOR_KEY_IP,
255 					f->key);
256 	mask = skb_flow_dissector_target(f->dissector,
257 					 FLOW_DISSECTOR_KEY_IP,
258 					 f->mask);
259 	mlxsw_sp_acl_rulei_keymask_u32(rulei, MLXSW_AFK_ELEMENT_IP_TTL_,
260 				       key->ttl, mask->ttl);
261 
262 	mlxsw_sp_acl_rulei_keymask_u32(rulei, MLXSW_AFK_ELEMENT_IP_ECN,
263 				       key->tos & 0x3, mask->tos & 0x3);
264 
265 	mlxsw_sp_acl_rulei_keymask_u32(rulei, MLXSW_AFK_ELEMENT_IP_DSCP,
266 				       key->tos >> 6, mask->tos >> 6);
267 
268 	return 0;
269 }
270 
271 static int mlxsw_sp_flower_parse(struct mlxsw_sp *mlxsw_sp,
272 				 struct mlxsw_sp_acl_block *block,
273 				 struct mlxsw_sp_acl_rule_info *rulei,
274 				 struct tc_cls_flower_offload *f)
275 {
276 	u16 n_proto_mask = 0;
277 	u16 n_proto_key = 0;
278 	u16 addr_type = 0;
279 	u8 ip_proto = 0;
280 	int err;
281 
282 	if (f->dissector->used_keys &
283 	    ~(BIT(FLOW_DISSECTOR_KEY_CONTROL) |
284 	      BIT(FLOW_DISSECTOR_KEY_BASIC) |
285 	      BIT(FLOW_DISSECTOR_KEY_ETH_ADDRS) |
286 	      BIT(FLOW_DISSECTOR_KEY_IPV4_ADDRS) |
287 	      BIT(FLOW_DISSECTOR_KEY_IPV6_ADDRS) |
288 	      BIT(FLOW_DISSECTOR_KEY_PORTS) |
289 	      BIT(FLOW_DISSECTOR_KEY_TCP) |
290 	      BIT(FLOW_DISSECTOR_KEY_IP) |
291 	      BIT(FLOW_DISSECTOR_KEY_VLAN))) {
292 		dev_err(mlxsw_sp->bus_info->dev, "Unsupported key\n");
293 		return -EOPNOTSUPP;
294 	}
295 
296 	mlxsw_sp_acl_rulei_priority(rulei, f->common.prio);
297 
298 	if (dissector_uses_key(f->dissector, FLOW_DISSECTOR_KEY_CONTROL)) {
299 		struct flow_dissector_key_control *key =
300 			skb_flow_dissector_target(f->dissector,
301 						  FLOW_DISSECTOR_KEY_CONTROL,
302 						  f->key);
303 		addr_type = key->addr_type;
304 	}
305 
306 	if (dissector_uses_key(f->dissector, FLOW_DISSECTOR_KEY_BASIC)) {
307 		struct flow_dissector_key_basic *key =
308 			skb_flow_dissector_target(f->dissector,
309 						  FLOW_DISSECTOR_KEY_BASIC,
310 						  f->key);
311 		struct flow_dissector_key_basic *mask =
312 			skb_flow_dissector_target(f->dissector,
313 						  FLOW_DISSECTOR_KEY_BASIC,
314 						  f->mask);
315 		n_proto_key = ntohs(key->n_proto);
316 		n_proto_mask = ntohs(mask->n_proto);
317 
318 		if (n_proto_key == ETH_P_ALL) {
319 			n_proto_key = 0;
320 			n_proto_mask = 0;
321 		}
322 		mlxsw_sp_acl_rulei_keymask_u32(rulei,
323 					       MLXSW_AFK_ELEMENT_ETHERTYPE,
324 					       n_proto_key, n_proto_mask);
325 
326 		ip_proto = key->ip_proto;
327 		mlxsw_sp_acl_rulei_keymask_u32(rulei,
328 					       MLXSW_AFK_ELEMENT_IP_PROTO,
329 					       key->ip_proto, mask->ip_proto);
330 	}
331 
332 	if (dissector_uses_key(f->dissector, FLOW_DISSECTOR_KEY_ETH_ADDRS)) {
333 		struct flow_dissector_key_eth_addrs *key =
334 			skb_flow_dissector_target(f->dissector,
335 						  FLOW_DISSECTOR_KEY_ETH_ADDRS,
336 						  f->key);
337 		struct flow_dissector_key_eth_addrs *mask =
338 			skb_flow_dissector_target(f->dissector,
339 						  FLOW_DISSECTOR_KEY_ETH_ADDRS,
340 						  f->mask);
341 
342 		mlxsw_sp_acl_rulei_keymask_buf(rulei,
343 					       MLXSW_AFK_ELEMENT_DMAC,
344 					       key->dst, mask->dst,
345 					       sizeof(key->dst));
346 		mlxsw_sp_acl_rulei_keymask_buf(rulei,
347 					       MLXSW_AFK_ELEMENT_SMAC,
348 					       key->src, mask->src,
349 					       sizeof(key->src));
350 	}
351 
352 	if (dissector_uses_key(f->dissector, FLOW_DISSECTOR_KEY_VLAN)) {
353 		struct flow_dissector_key_vlan *key =
354 			skb_flow_dissector_target(f->dissector,
355 						  FLOW_DISSECTOR_KEY_VLAN,
356 						  f->key);
357 		struct flow_dissector_key_vlan *mask =
358 			skb_flow_dissector_target(f->dissector,
359 						  FLOW_DISSECTOR_KEY_VLAN,
360 						  f->mask);
361 		if (mask->vlan_id != 0)
362 			mlxsw_sp_acl_rulei_keymask_u32(rulei,
363 						       MLXSW_AFK_ELEMENT_VID,
364 						       key->vlan_id,
365 						       mask->vlan_id);
366 		if (mask->vlan_priority != 0)
367 			mlxsw_sp_acl_rulei_keymask_u32(rulei,
368 						       MLXSW_AFK_ELEMENT_PCP,
369 						       key->vlan_priority,
370 						       mask->vlan_priority);
371 	}
372 
373 	if (addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS)
374 		mlxsw_sp_flower_parse_ipv4(rulei, f);
375 
376 	if (addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS)
377 		mlxsw_sp_flower_parse_ipv6(rulei, f);
378 
379 	err = mlxsw_sp_flower_parse_ports(mlxsw_sp, rulei, f, ip_proto);
380 	if (err)
381 		return err;
382 	err = mlxsw_sp_flower_parse_tcp(mlxsw_sp, rulei, f, ip_proto);
383 	if (err)
384 		return err;
385 
386 	err = mlxsw_sp_flower_parse_ip(mlxsw_sp, rulei, f, n_proto_key & n_proto_mask);
387 	if (err)
388 		return err;
389 
390 	return mlxsw_sp_flower_parse_actions(mlxsw_sp, block, rulei, f->exts);
391 }
392 
393 int mlxsw_sp_flower_replace(struct mlxsw_sp *mlxsw_sp,
394 			    struct mlxsw_sp_acl_block *block,
395 			    struct tc_cls_flower_offload *f)
396 {
397 	struct mlxsw_sp_acl_rule_info *rulei;
398 	struct mlxsw_sp_acl_ruleset *ruleset;
399 	struct mlxsw_sp_acl_rule *rule;
400 	int err;
401 
402 	ruleset = mlxsw_sp_acl_ruleset_get(mlxsw_sp, block,
403 					   f->common.chain_index,
404 					   MLXSW_SP_ACL_PROFILE_FLOWER);
405 	if (IS_ERR(ruleset))
406 		return PTR_ERR(ruleset);
407 
408 	rule = mlxsw_sp_acl_rule_create(mlxsw_sp, ruleset, f->cookie);
409 	if (IS_ERR(rule)) {
410 		err = PTR_ERR(rule);
411 		goto err_rule_create;
412 	}
413 
414 	rulei = mlxsw_sp_acl_rule_rulei(rule);
415 	err = mlxsw_sp_flower_parse(mlxsw_sp, block, rulei, f);
416 	if (err)
417 		goto err_flower_parse;
418 
419 	err = mlxsw_sp_acl_rulei_commit(rulei);
420 	if (err)
421 		goto err_rulei_commit;
422 
423 	err = mlxsw_sp_acl_rule_add(mlxsw_sp, rule);
424 	if (err)
425 		goto err_rule_add;
426 
427 	mlxsw_sp_acl_ruleset_put(mlxsw_sp, ruleset);
428 	return 0;
429 
430 err_rule_add:
431 err_rulei_commit:
432 err_flower_parse:
433 	mlxsw_sp_acl_rule_destroy(mlxsw_sp, rule);
434 err_rule_create:
435 	mlxsw_sp_acl_ruleset_put(mlxsw_sp, ruleset);
436 	return err;
437 }
438 
439 void mlxsw_sp_flower_destroy(struct mlxsw_sp *mlxsw_sp,
440 			     struct mlxsw_sp_acl_block *block,
441 			     struct tc_cls_flower_offload *f)
442 {
443 	struct mlxsw_sp_acl_ruleset *ruleset;
444 	struct mlxsw_sp_acl_rule *rule;
445 
446 	ruleset = mlxsw_sp_acl_ruleset_get(mlxsw_sp, block,
447 					   f->common.chain_index,
448 					   MLXSW_SP_ACL_PROFILE_FLOWER);
449 	if (IS_ERR(ruleset))
450 		return;
451 
452 	rule = mlxsw_sp_acl_rule_lookup(mlxsw_sp, ruleset, f->cookie);
453 	if (rule) {
454 		mlxsw_sp_acl_rule_del(mlxsw_sp, rule);
455 		mlxsw_sp_acl_rule_destroy(mlxsw_sp, rule);
456 	}
457 
458 	mlxsw_sp_acl_ruleset_put(mlxsw_sp, ruleset);
459 }
460 
461 int mlxsw_sp_flower_stats(struct mlxsw_sp *mlxsw_sp,
462 			  struct mlxsw_sp_acl_block *block,
463 			  struct tc_cls_flower_offload *f)
464 {
465 	struct mlxsw_sp_acl_ruleset *ruleset;
466 	struct mlxsw_sp_acl_rule *rule;
467 	u64 packets;
468 	u64 lastuse;
469 	u64 bytes;
470 	int err;
471 
472 	ruleset = mlxsw_sp_acl_ruleset_get(mlxsw_sp, block,
473 					   f->common.chain_index,
474 					   MLXSW_SP_ACL_PROFILE_FLOWER);
475 	if (WARN_ON(IS_ERR(ruleset)))
476 		return -EINVAL;
477 
478 	rule = mlxsw_sp_acl_rule_lookup(mlxsw_sp, ruleset, f->cookie);
479 	if (!rule)
480 		return -EINVAL;
481 
482 	err = mlxsw_sp_acl_rule_get_stats(mlxsw_sp, rule, &packets, &bytes,
483 					  &lastuse);
484 	if (err)
485 		goto err_rule_get_stats;
486 
487 	tcf_exts_stats_update(f->exts, bytes, packets, lastuse);
488 
489 	mlxsw_sp_acl_ruleset_put(mlxsw_sp, ruleset);
490 	return 0;
491 
492 err_rule_get_stats:
493 	mlxsw_sp_acl_ruleset_put(mlxsw_sp, ruleset);
494 	return err;
495 }
496