1 /* 2 * Copyright (C) 2017 Netronome Systems, Inc. 3 * 4 * This software is dual licensed under the GNU General License Version 2, 5 * June 1991 as shown in the file COPYING in the top-level directory of this 6 * source tree or the BSD 2-Clause License provided below. You have the 7 * option to license this software under the complete terms of either license. 8 * 9 * The BSD 2-Clause License: 10 * 11 * Redistribution and use in source and binary forms, with or 12 * without modification, are permitted provided that the following 13 * conditions are met: 14 * 15 * 1. Redistributions of source code must retain the above 16 * copyright notice, this list of conditions and the following 17 * disclaimer. 18 * 19 * 2. Redistributions in binary form must reproduce the above 20 * copyright notice, this list of conditions and the following 21 * disclaimer in the documentation and/or other materials 22 * provided with the distribution. 23 * 24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 25 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 26 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 27 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 28 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 29 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 30 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 31 * SOFTWARE. 32 */ 33 34 #include <linux/bitfield.h> 35 #include <net/pkt_cls.h> 36 #include <net/switchdev.h> 37 #include <net/tc_act/tc_gact.h> 38 #include <net/tc_act/tc_mirred.h> 39 #include <net/tc_act/tc_pedit.h> 40 #include <net/tc_act/tc_vlan.h> 41 #include <net/tc_act/tc_tunnel_key.h> 42 43 #include "cmsg.h" 44 #include "main.h" 45 #include "../nfp_net_repr.h" 46 47 static void nfp_fl_pop_vlan(struct nfp_fl_pop_vlan *pop_vlan) 48 { 49 size_t act_size = sizeof(struct nfp_fl_pop_vlan); 50 51 pop_vlan->head.jump_id = NFP_FL_ACTION_OPCODE_POP_VLAN; 52 pop_vlan->head.len_lw = act_size >> NFP_FL_LW_SIZ; 53 pop_vlan->reserved = 0; 54 } 55 56 static void 57 nfp_fl_push_vlan(struct nfp_fl_push_vlan *push_vlan, 58 const struct tc_action *action) 59 { 60 size_t act_size = sizeof(struct nfp_fl_push_vlan); 61 struct tcf_vlan *vlan = to_vlan(action); 62 u16 tmp_push_vlan_tci; 63 64 push_vlan->head.jump_id = NFP_FL_ACTION_OPCODE_PUSH_VLAN; 65 push_vlan->head.len_lw = act_size >> NFP_FL_LW_SIZ; 66 push_vlan->reserved = 0; 67 push_vlan->vlan_tpid = tcf_vlan_push_proto(action); 68 69 tmp_push_vlan_tci = 70 FIELD_PREP(NFP_FL_PUSH_VLAN_PRIO, vlan->tcfv_push_prio) | 71 FIELD_PREP(NFP_FL_PUSH_VLAN_VID, vlan->tcfv_push_vid) | 72 NFP_FL_PUSH_VLAN_CFI; 73 push_vlan->vlan_tci = cpu_to_be16(tmp_push_vlan_tci); 74 } 75 76 static bool nfp_fl_netdev_is_tunnel_type(struct net_device *out_dev, 77 enum nfp_flower_tun_type tun_type) 78 { 79 if (!out_dev->rtnl_link_ops) 80 return false; 81 82 if (!strcmp(out_dev->rtnl_link_ops->kind, "vxlan")) 83 return tun_type == NFP_FL_TUNNEL_VXLAN; 84 85 return false; 86 } 87 88 static int 89 nfp_fl_output(struct nfp_fl_output *output, const struct tc_action *action, 90 struct nfp_fl_payload *nfp_flow, bool last, 91 struct net_device *in_dev, enum nfp_flower_tun_type tun_type, 92 int *tun_out_cnt) 93 { 94 size_t act_size = sizeof(struct nfp_fl_output); 95 struct net_device *out_dev; 96 u16 tmp_flags; 97 int ifindex; 98 99 output->head.jump_id = NFP_FL_ACTION_OPCODE_OUTPUT; 100 output->head.len_lw = act_size >> NFP_FL_LW_SIZ; 101 102 ifindex = tcf_mirred_ifindex(action); 103 out_dev = __dev_get_by_index(dev_net(in_dev), ifindex); 104 if (!out_dev) 105 return -EOPNOTSUPP; 106 107 tmp_flags = last ? NFP_FL_OUT_FLAGS_LAST : 0; 108 109 if (tun_type) { 110 /* Verify the egress netdev matches the tunnel type. */ 111 if (!nfp_fl_netdev_is_tunnel_type(out_dev, tun_type)) 112 return -EOPNOTSUPP; 113 114 if (*tun_out_cnt) 115 return -EOPNOTSUPP; 116 (*tun_out_cnt)++; 117 118 output->flags = cpu_to_be16(tmp_flags | 119 NFP_FL_OUT_FLAGS_USE_TUN); 120 output->port = cpu_to_be32(NFP_FL_PORT_TYPE_TUN | tun_type); 121 } else { 122 /* Set action output parameters. */ 123 output->flags = cpu_to_be16(tmp_flags); 124 125 /* Only offload if egress ports are on the same device as the 126 * ingress port. 127 */ 128 if (!switchdev_port_same_parent_id(in_dev, out_dev)) 129 return -EOPNOTSUPP; 130 if (!nfp_netdev_is_nfp_repr(out_dev)) 131 return -EOPNOTSUPP; 132 133 output->port = cpu_to_be32(nfp_repr_get_port_id(out_dev)); 134 if (!output->port) 135 return -EOPNOTSUPP; 136 } 137 nfp_flow->meta.shortcut = output->port; 138 139 return 0; 140 } 141 142 static bool nfp_fl_supported_tun_port(const struct tc_action *action) 143 { 144 struct ip_tunnel_info *tun = tcf_tunnel_info(action); 145 146 return tun->key.tp_dst == htons(NFP_FL_VXLAN_PORT); 147 } 148 149 static struct nfp_fl_pre_tunnel *nfp_fl_pre_tunnel(char *act_data, int act_len) 150 { 151 size_t act_size = sizeof(struct nfp_fl_pre_tunnel); 152 struct nfp_fl_pre_tunnel *pre_tun_act; 153 154 /* Pre_tunnel action must be first on action list. 155 * If other actions already exist they need pushed forward. 156 */ 157 if (act_len) 158 memmove(act_data + act_size, act_data, act_len); 159 160 pre_tun_act = (struct nfp_fl_pre_tunnel *)act_data; 161 162 memset(pre_tun_act, 0, act_size); 163 164 pre_tun_act->head.jump_id = NFP_FL_ACTION_OPCODE_PRE_TUNNEL; 165 pre_tun_act->head.len_lw = act_size >> NFP_FL_LW_SIZ; 166 167 return pre_tun_act; 168 } 169 170 static int 171 nfp_fl_set_vxlan(struct nfp_fl_set_vxlan *set_vxlan, 172 const struct tc_action *action, 173 struct nfp_fl_pre_tunnel *pre_tun) 174 { 175 struct ip_tunnel_info *vxlan = tcf_tunnel_info(action); 176 size_t act_size = sizeof(struct nfp_fl_set_vxlan); 177 u32 tmp_set_vxlan_type_index = 0; 178 /* Currently support one pre-tunnel so index is always 0. */ 179 int pretun_idx = 0; 180 181 if (vxlan->options_len) { 182 /* Do not support options e.g. vxlan gpe. */ 183 return -EOPNOTSUPP; 184 } 185 186 set_vxlan->head.jump_id = NFP_FL_ACTION_OPCODE_SET_IPV4_TUNNEL; 187 set_vxlan->head.len_lw = act_size >> NFP_FL_LW_SIZ; 188 189 /* Set tunnel type and pre-tunnel index. */ 190 tmp_set_vxlan_type_index |= 191 FIELD_PREP(NFP_FL_IPV4_TUNNEL_TYPE, NFP_FL_TUNNEL_VXLAN) | 192 FIELD_PREP(NFP_FL_IPV4_PRE_TUN_INDEX, pretun_idx); 193 194 set_vxlan->tun_type_index = cpu_to_be32(tmp_set_vxlan_type_index); 195 196 set_vxlan->tun_id = vxlan->key.tun_id; 197 set_vxlan->tun_flags = vxlan->key.tun_flags; 198 set_vxlan->ipv4_ttl = vxlan->key.ttl; 199 set_vxlan->ipv4_tos = vxlan->key.tos; 200 201 /* Complete pre_tunnel action. */ 202 pre_tun->ipv4_dst = vxlan->key.u.ipv4.dst; 203 204 return 0; 205 } 206 207 static void nfp_fl_set_helper32(u32 value, u32 mask, u8 *p_exact, u8 *p_mask) 208 { 209 u32 oldvalue = get_unaligned((u32 *)p_exact); 210 u32 oldmask = get_unaligned((u32 *)p_mask); 211 212 value &= mask; 213 value |= oldvalue & ~mask; 214 215 put_unaligned(oldmask | mask, (u32 *)p_mask); 216 put_unaligned(value, (u32 *)p_exact); 217 } 218 219 static int 220 nfp_fl_set_eth(const struct tc_action *action, int idx, u32 off, 221 struct nfp_fl_set_eth *set_eth) 222 { 223 u32 exact, mask; 224 225 if (off + 4 > ETH_ALEN * 2) 226 return -EOPNOTSUPP; 227 228 mask = ~tcf_pedit_mask(action, idx); 229 exact = tcf_pedit_val(action, idx); 230 231 if (exact & ~mask) 232 return -EOPNOTSUPP; 233 234 nfp_fl_set_helper32(exact, mask, &set_eth->eth_addr_val[off], 235 &set_eth->eth_addr_mask[off]); 236 237 set_eth->reserved = cpu_to_be16(0); 238 set_eth->head.jump_id = NFP_FL_ACTION_OPCODE_SET_ETHERNET; 239 set_eth->head.len_lw = sizeof(*set_eth) >> NFP_FL_LW_SIZ; 240 241 return 0; 242 } 243 244 static int 245 nfp_fl_set_ip4(const struct tc_action *action, int idx, u32 off, 246 struct nfp_fl_set_ip4_addrs *set_ip_addr) 247 { 248 __be32 exact, mask; 249 250 /* We are expecting tcf_pedit to return a big endian value */ 251 mask = (__force __be32)~tcf_pedit_mask(action, idx); 252 exact = (__force __be32)tcf_pedit_val(action, idx); 253 254 if (exact & ~mask) 255 return -EOPNOTSUPP; 256 257 switch (off) { 258 case offsetof(struct iphdr, daddr): 259 set_ip_addr->ipv4_dst_mask = mask; 260 set_ip_addr->ipv4_dst = exact; 261 break; 262 case offsetof(struct iphdr, saddr): 263 set_ip_addr->ipv4_src_mask = mask; 264 set_ip_addr->ipv4_src = exact; 265 break; 266 default: 267 return -EOPNOTSUPP; 268 } 269 270 set_ip_addr->reserved = cpu_to_be16(0); 271 set_ip_addr->head.jump_id = NFP_FL_ACTION_OPCODE_SET_IPV4_ADDRS; 272 set_ip_addr->head.len_lw = sizeof(*set_ip_addr) >> NFP_FL_LW_SIZ; 273 274 return 0; 275 } 276 277 static void 278 nfp_fl_set_ip6_helper(int opcode_tag, int idx, __be32 exact, __be32 mask, 279 struct nfp_fl_set_ipv6_addr *ip6) 280 { 281 ip6->ipv6[idx % 4].mask = mask; 282 ip6->ipv6[idx % 4].exact = exact; 283 284 ip6->reserved = cpu_to_be16(0); 285 ip6->head.jump_id = opcode_tag; 286 ip6->head.len_lw = sizeof(*ip6) >> NFP_FL_LW_SIZ; 287 } 288 289 static int 290 nfp_fl_set_ip6(const struct tc_action *action, int idx, u32 off, 291 struct nfp_fl_set_ipv6_addr *ip_dst, 292 struct nfp_fl_set_ipv6_addr *ip_src) 293 { 294 __be32 exact, mask; 295 296 /* We are expecting tcf_pedit to return a big endian value */ 297 mask = (__force __be32)~tcf_pedit_mask(action, idx); 298 exact = (__force __be32)tcf_pedit_val(action, idx); 299 300 if (exact & ~mask) 301 return -EOPNOTSUPP; 302 303 if (off < offsetof(struct ipv6hdr, saddr)) 304 return -EOPNOTSUPP; 305 else if (off < offsetof(struct ipv6hdr, daddr)) 306 nfp_fl_set_ip6_helper(NFP_FL_ACTION_OPCODE_SET_IPV6_SRC, idx, 307 exact, mask, ip_src); 308 else if (off < offsetof(struct ipv6hdr, daddr) + 309 sizeof(struct in6_addr)) 310 nfp_fl_set_ip6_helper(NFP_FL_ACTION_OPCODE_SET_IPV6_DST, idx, 311 exact, mask, ip_dst); 312 else 313 return -EOPNOTSUPP; 314 315 return 0; 316 } 317 318 static int 319 nfp_fl_set_tport(const struct tc_action *action, int idx, u32 off, 320 struct nfp_fl_set_tport *set_tport, int opcode) 321 { 322 u32 exact, mask; 323 324 if (off) 325 return -EOPNOTSUPP; 326 327 mask = ~tcf_pedit_mask(action, idx); 328 exact = tcf_pedit_val(action, idx); 329 330 if (exact & ~mask) 331 return -EOPNOTSUPP; 332 333 nfp_fl_set_helper32(exact, mask, set_tport->tp_port_val, 334 set_tport->tp_port_mask); 335 336 set_tport->reserved = cpu_to_be16(0); 337 set_tport->head.jump_id = opcode; 338 set_tport->head.len_lw = sizeof(*set_tport) >> NFP_FL_LW_SIZ; 339 340 return 0; 341 } 342 343 static int 344 nfp_fl_pedit(const struct tc_action *action, char *nfp_action, int *a_len) 345 { 346 struct nfp_fl_set_ipv6_addr set_ip6_dst, set_ip6_src; 347 struct nfp_fl_set_ip4_addrs set_ip_addr; 348 struct nfp_fl_set_tport set_tport; 349 struct nfp_fl_set_eth set_eth; 350 enum pedit_header_type htype; 351 int idx, nkeys, err; 352 size_t act_size; 353 u32 offset, cmd; 354 355 memset(&set_ip6_dst, 0, sizeof(set_ip6_dst)); 356 memset(&set_ip6_src, 0, sizeof(set_ip6_src)); 357 memset(&set_ip_addr, 0, sizeof(set_ip_addr)); 358 memset(&set_tport, 0, sizeof(set_tport)); 359 memset(&set_eth, 0, sizeof(set_eth)); 360 nkeys = tcf_pedit_nkeys(action); 361 362 for (idx = 0; idx < nkeys; idx++) { 363 cmd = tcf_pedit_cmd(action, idx); 364 htype = tcf_pedit_htype(action, idx); 365 offset = tcf_pedit_offset(action, idx); 366 367 if (cmd != TCA_PEDIT_KEY_EX_CMD_SET) 368 return -EOPNOTSUPP; 369 370 switch (htype) { 371 case TCA_PEDIT_KEY_EX_HDR_TYPE_ETH: 372 err = nfp_fl_set_eth(action, idx, offset, &set_eth); 373 break; 374 case TCA_PEDIT_KEY_EX_HDR_TYPE_IP4: 375 err = nfp_fl_set_ip4(action, idx, offset, &set_ip_addr); 376 break; 377 case TCA_PEDIT_KEY_EX_HDR_TYPE_IP6: 378 err = nfp_fl_set_ip6(action, idx, offset, &set_ip6_dst, 379 &set_ip6_src); 380 break; 381 case TCA_PEDIT_KEY_EX_HDR_TYPE_TCP: 382 err = nfp_fl_set_tport(action, idx, offset, &set_tport, 383 NFP_FL_ACTION_OPCODE_SET_TCP); 384 break; 385 case TCA_PEDIT_KEY_EX_HDR_TYPE_UDP: 386 err = nfp_fl_set_tport(action, idx, offset, &set_tport, 387 NFP_FL_ACTION_OPCODE_SET_UDP); 388 break; 389 default: 390 return -EOPNOTSUPP; 391 } 392 if (err) 393 return err; 394 } 395 396 if (set_eth.head.len_lw) { 397 act_size = sizeof(set_eth); 398 memcpy(nfp_action, &set_eth, act_size); 399 *a_len += act_size; 400 } else if (set_ip_addr.head.len_lw) { 401 act_size = sizeof(set_ip_addr); 402 memcpy(nfp_action, &set_ip_addr, act_size); 403 *a_len += act_size; 404 } else if (set_ip6_dst.head.len_lw && set_ip6_src.head.len_lw) { 405 /* TC compiles set src and dst IPv6 address as a single action, 406 * the hardware requires this to be 2 separate actions. 407 */ 408 act_size = sizeof(set_ip6_src); 409 memcpy(nfp_action, &set_ip6_src, act_size); 410 *a_len += act_size; 411 412 act_size = sizeof(set_ip6_dst); 413 memcpy(&nfp_action[sizeof(set_ip6_src)], &set_ip6_dst, 414 act_size); 415 *a_len += act_size; 416 } else if (set_ip6_dst.head.len_lw) { 417 act_size = sizeof(set_ip6_dst); 418 memcpy(nfp_action, &set_ip6_dst, act_size); 419 *a_len += act_size; 420 } else if (set_ip6_src.head.len_lw) { 421 act_size = sizeof(set_ip6_src); 422 memcpy(nfp_action, &set_ip6_src, act_size); 423 *a_len += act_size; 424 } else if (set_tport.head.len_lw) { 425 act_size = sizeof(set_tport); 426 memcpy(nfp_action, &set_tport, act_size); 427 *a_len += act_size; 428 } 429 430 return 0; 431 } 432 433 static int 434 nfp_flower_loop_action(const struct tc_action *a, 435 struct nfp_fl_payload *nfp_fl, int *a_len, 436 struct net_device *netdev, 437 enum nfp_flower_tun_type *tun_type, int *tun_out_cnt) 438 { 439 struct nfp_fl_pre_tunnel *pre_tun; 440 struct nfp_fl_set_vxlan *s_vxl; 441 struct nfp_fl_push_vlan *psh_v; 442 struct nfp_fl_pop_vlan *pop_v; 443 struct nfp_fl_output *output; 444 int err; 445 446 if (is_tcf_gact_shot(a)) { 447 nfp_fl->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_DROP); 448 } else if (is_tcf_mirred_egress_redirect(a)) { 449 if (*a_len + sizeof(struct nfp_fl_output) > NFP_FL_MAX_A_SIZ) 450 return -EOPNOTSUPP; 451 452 output = (struct nfp_fl_output *)&nfp_fl->action_data[*a_len]; 453 err = nfp_fl_output(output, a, nfp_fl, true, netdev, *tun_type, 454 tun_out_cnt); 455 if (err) 456 return err; 457 458 *a_len += sizeof(struct nfp_fl_output); 459 } else if (is_tcf_mirred_egress_mirror(a)) { 460 if (*a_len + sizeof(struct nfp_fl_output) > NFP_FL_MAX_A_SIZ) 461 return -EOPNOTSUPP; 462 463 output = (struct nfp_fl_output *)&nfp_fl->action_data[*a_len]; 464 err = nfp_fl_output(output, a, nfp_fl, false, netdev, *tun_type, 465 tun_out_cnt); 466 if (err) 467 return err; 468 469 *a_len += sizeof(struct nfp_fl_output); 470 } else if (is_tcf_vlan(a) && tcf_vlan_action(a) == TCA_VLAN_ACT_POP) { 471 if (*a_len + sizeof(struct nfp_fl_pop_vlan) > NFP_FL_MAX_A_SIZ) 472 return -EOPNOTSUPP; 473 474 pop_v = (struct nfp_fl_pop_vlan *)&nfp_fl->action_data[*a_len]; 475 nfp_fl->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_POPV); 476 477 nfp_fl_pop_vlan(pop_v); 478 *a_len += sizeof(struct nfp_fl_pop_vlan); 479 } else if (is_tcf_vlan(a) && tcf_vlan_action(a) == TCA_VLAN_ACT_PUSH) { 480 if (*a_len + sizeof(struct nfp_fl_push_vlan) > NFP_FL_MAX_A_SIZ) 481 return -EOPNOTSUPP; 482 483 psh_v = (struct nfp_fl_push_vlan *)&nfp_fl->action_data[*a_len]; 484 nfp_fl->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_NULL); 485 486 nfp_fl_push_vlan(psh_v, a); 487 *a_len += sizeof(struct nfp_fl_push_vlan); 488 } else if (is_tcf_tunnel_set(a) && nfp_fl_supported_tun_port(a)) { 489 /* Pre-tunnel action is required for tunnel encap. 490 * This checks for next hop entries on NFP. 491 * If none, the packet falls back before applying other actions. 492 */ 493 if (*a_len + sizeof(struct nfp_fl_pre_tunnel) + 494 sizeof(struct nfp_fl_set_vxlan) > NFP_FL_MAX_A_SIZ) 495 return -EOPNOTSUPP; 496 497 *tun_type = NFP_FL_TUNNEL_VXLAN; 498 pre_tun = nfp_fl_pre_tunnel(nfp_fl->action_data, *a_len); 499 nfp_fl->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_NULL); 500 *a_len += sizeof(struct nfp_fl_pre_tunnel); 501 502 s_vxl = (struct nfp_fl_set_vxlan *)&nfp_fl->action_data[*a_len]; 503 err = nfp_fl_set_vxlan(s_vxl, a, pre_tun); 504 if (err) 505 return err; 506 507 *a_len += sizeof(struct nfp_fl_set_vxlan); 508 } else if (is_tcf_tunnel_release(a)) { 509 /* Tunnel decap is handled by default so accept action. */ 510 return 0; 511 } else if (is_tcf_pedit(a)) { 512 if (nfp_fl_pedit(a, &nfp_fl->action_data[*a_len], a_len)) 513 return -EOPNOTSUPP; 514 } else { 515 /* Currently we do not handle any other actions. */ 516 return -EOPNOTSUPP; 517 } 518 519 return 0; 520 } 521 522 int nfp_flower_compile_action(struct tc_cls_flower_offload *flow, 523 struct net_device *netdev, 524 struct nfp_fl_payload *nfp_flow) 525 { 526 int act_len, act_cnt, err, tun_out_cnt; 527 enum nfp_flower_tun_type tun_type; 528 const struct tc_action *a; 529 LIST_HEAD(actions); 530 531 memset(nfp_flow->action_data, 0, NFP_FL_MAX_A_SIZ); 532 nfp_flow->meta.act_len = 0; 533 tun_type = NFP_FL_TUNNEL_NONE; 534 act_len = 0; 535 act_cnt = 0; 536 tun_out_cnt = 0; 537 538 tcf_exts_to_list(flow->exts, &actions); 539 list_for_each_entry(a, &actions, list) { 540 err = nfp_flower_loop_action(a, nfp_flow, &act_len, netdev, 541 &tun_type, &tun_out_cnt); 542 if (err) 543 return err; 544 act_cnt++; 545 } 546 547 /* We optimise when the action list is small, this can unfortunately 548 * not happen once we have more than one action in the action list. 549 */ 550 if (act_cnt > 1) 551 nfp_flow->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_NULL); 552 553 nfp_flow->meta.act_len = act_len; 554 555 return 0; 556 } 557