1 /* 2 * Copyright (C) 2017 Netronome Systems, Inc. 3 * 4 * This software is dual licensed under the GNU General License Version 2, 5 * June 1991 as shown in the file COPYING in the top-level directory of this 6 * source tree or the BSD 2-Clause License provided below. You have the 7 * option to license this software under the complete terms of either license. 8 * 9 * The BSD 2-Clause License: 10 * 11 * Redistribution and use in source and binary forms, with or 12 * without modification, are permitted provided that the following 13 * conditions are met: 14 * 15 * 1. Redistributions of source code must retain the above 16 * copyright notice, this list of conditions and the following 17 * disclaimer. 18 * 19 * 2. Redistributions in binary form must reproduce the above 20 * copyright notice, this list of conditions and the following 21 * disclaimer in the documentation and/or other materials 22 * provided with the distribution. 23 * 24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 25 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 26 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 27 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 28 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 29 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 30 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 31 * SOFTWARE. 32 */ 33 34 #include <linux/bitfield.h> 35 #include <net/pkt_cls.h> 36 #include <net/switchdev.h> 37 #include <net/tc_act/tc_gact.h> 38 #include <net/tc_act/tc_mirred.h> 39 #include <net/tc_act/tc_pedit.h> 40 #include <net/tc_act/tc_vlan.h> 41 #include <net/tc_act/tc_tunnel_key.h> 42 43 #include "cmsg.h" 44 #include "main.h" 45 #include "../nfp_net_repr.h" 46 47 static void nfp_fl_pop_vlan(struct nfp_fl_pop_vlan *pop_vlan) 48 { 49 size_t act_size = sizeof(struct nfp_fl_pop_vlan); 50 51 pop_vlan->head.jump_id = NFP_FL_ACTION_OPCODE_POP_VLAN; 52 pop_vlan->head.len_lw = act_size >> NFP_FL_LW_SIZ; 53 pop_vlan->reserved = 0; 54 } 55 56 static void 57 nfp_fl_push_vlan(struct nfp_fl_push_vlan *push_vlan, 58 const struct tc_action *action) 59 { 60 size_t act_size = sizeof(struct nfp_fl_push_vlan); 61 u16 tmp_push_vlan_tci; 62 63 push_vlan->head.jump_id = NFP_FL_ACTION_OPCODE_PUSH_VLAN; 64 push_vlan->head.len_lw = act_size >> NFP_FL_LW_SIZ; 65 push_vlan->reserved = 0; 66 push_vlan->vlan_tpid = tcf_vlan_push_proto(action); 67 68 tmp_push_vlan_tci = 69 FIELD_PREP(NFP_FL_PUSH_VLAN_PRIO, tcf_vlan_push_prio(action)) | 70 FIELD_PREP(NFP_FL_PUSH_VLAN_VID, tcf_vlan_push_vid(action)) | 71 NFP_FL_PUSH_VLAN_CFI; 72 push_vlan->vlan_tci = cpu_to_be16(tmp_push_vlan_tci); 73 } 74 75 static bool nfp_fl_netdev_is_tunnel_type(struct net_device *out_dev, 76 enum nfp_flower_tun_type tun_type) 77 { 78 if (!out_dev->rtnl_link_ops) 79 return false; 80 81 if (!strcmp(out_dev->rtnl_link_ops->kind, "vxlan")) 82 return tun_type == NFP_FL_TUNNEL_VXLAN; 83 84 return false; 85 } 86 87 static int 88 nfp_fl_output(struct nfp_fl_output *output, const struct tc_action *action, 89 struct nfp_fl_payload *nfp_flow, bool last, 90 struct net_device *in_dev, enum nfp_flower_tun_type tun_type, 91 int *tun_out_cnt) 92 { 93 size_t act_size = sizeof(struct nfp_fl_output); 94 struct net_device *out_dev; 95 u16 tmp_flags; 96 int ifindex; 97 98 output->head.jump_id = NFP_FL_ACTION_OPCODE_OUTPUT; 99 output->head.len_lw = act_size >> NFP_FL_LW_SIZ; 100 101 ifindex = tcf_mirred_ifindex(action); 102 out_dev = __dev_get_by_index(dev_net(in_dev), ifindex); 103 if (!out_dev) 104 return -EOPNOTSUPP; 105 106 tmp_flags = last ? NFP_FL_OUT_FLAGS_LAST : 0; 107 108 if (tun_type) { 109 /* Verify the egress netdev matches the tunnel type. */ 110 if (!nfp_fl_netdev_is_tunnel_type(out_dev, tun_type)) 111 return -EOPNOTSUPP; 112 113 if (*tun_out_cnt) 114 return -EOPNOTSUPP; 115 (*tun_out_cnt)++; 116 117 output->flags = cpu_to_be16(tmp_flags | 118 NFP_FL_OUT_FLAGS_USE_TUN); 119 output->port = cpu_to_be32(NFP_FL_PORT_TYPE_TUN | tun_type); 120 } else { 121 /* Set action output parameters. */ 122 output->flags = cpu_to_be16(tmp_flags); 123 124 /* Only offload if egress ports are on the same device as the 125 * ingress port. 126 */ 127 if (!switchdev_port_same_parent_id(in_dev, out_dev)) 128 return -EOPNOTSUPP; 129 if (!nfp_netdev_is_nfp_repr(out_dev)) 130 return -EOPNOTSUPP; 131 132 output->port = cpu_to_be32(nfp_repr_get_port_id(out_dev)); 133 if (!output->port) 134 return -EOPNOTSUPP; 135 } 136 nfp_flow->meta.shortcut = output->port; 137 138 return 0; 139 } 140 141 static bool nfp_fl_supported_tun_port(const struct tc_action *action) 142 { 143 struct ip_tunnel_info *tun = tcf_tunnel_info(action); 144 145 return tun->key.tp_dst == htons(NFP_FL_VXLAN_PORT); 146 } 147 148 static struct nfp_fl_pre_tunnel *nfp_fl_pre_tunnel(char *act_data, int act_len) 149 { 150 size_t act_size = sizeof(struct nfp_fl_pre_tunnel); 151 struct nfp_fl_pre_tunnel *pre_tun_act; 152 153 /* Pre_tunnel action must be first on action list. 154 * If other actions already exist they need pushed forward. 155 */ 156 if (act_len) 157 memmove(act_data + act_size, act_data, act_len); 158 159 pre_tun_act = (struct nfp_fl_pre_tunnel *)act_data; 160 161 memset(pre_tun_act, 0, act_size); 162 163 pre_tun_act->head.jump_id = NFP_FL_ACTION_OPCODE_PRE_TUNNEL; 164 pre_tun_act->head.len_lw = act_size >> NFP_FL_LW_SIZ; 165 166 return pre_tun_act; 167 } 168 169 static int 170 nfp_fl_set_vxlan(struct nfp_fl_set_vxlan *set_vxlan, 171 const struct tc_action *action, 172 struct nfp_fl_pre_tunnel *pre_tun) 173 { 174 struct ip_tunnel_info *vxlan = tcf_tunnel_info(action); 175 size_t act_size = sizeof(struct nfp_fl_set_vxlan); 176 u32 tmp_set_vxlan_type_index = 0; 177 /* Currently support one pre-tunnel so index is always 0. */ 178 int pretun_idx = 0; 179 180 if (vxlan->options_len) { 181 /* Do not support options e.g. vxlan gpe. */ 182 return -EOPNOTSUPP; 183 } 184 185 set_vxlan->head.jump_id = NFP_FL_ACTION_OPCODE_SET_IPV4_TUNNEL; 186 set_vxlan->head.len_lw = act_size >> NFP_FL_LW_SIZ; 187 188 /* Set tunnel type and pre-tunnel index. */ 189 tmp_set_vxlan_type_index |= 190 FIELD_PREP(NFP_FL_IPV4_TUNNEL_TYPE, NFP_FL_TUNNEL_VXLAN) | 191 FIELD_PREP(NFP_FL_IPV4_PRE_TUN_INDEX, pretun_idx); 192 193 set_vxlan->tun_type_index = cpu_to_be32(tmp_set_vxlan_type_index); 194 195 set_vxlan->tun_id = vxlan->key.tun_id; 196 set_vxlan->tun_flags = vxlan->key.tun_flags; 197 set_vxlan->ipv4_ttl = vxlan->key.ttl; 198 set_vxlan->ipv4_tos = vxlan->key.tos; 199 200 /* Complete pre_tunnel action. */ 201 pre_tun->ipv4_dst = vxlan->key.u.ipv4.dst; 202 203 return 0; 204 } 205 206 static void nfp_fl_set_helper32(u32 value, u32 mask, u8 *p_exact, u8 *p_mask) 207 { 208 u32 oldvalue = get_unaligned((u32 *)p_exact); 209 u32 oldmask = get_unaligned((u32 *)p_mask); 210 211 value &= mask; 212 value |= oldvalue & ~mask; 213 214 put_unaligned(oldmask | mask, (u32 *)p_mask); 215 put_unaligned(value, (u32 *)p_exact); 216 } 217 218 static int 219 nfp_fl_set_eth(const struct tc_action *action, int idx, u32 off, 220 struct nfp_fl_set_eth *set_eth) 221 { 222 u32 exact, mask; 223 224 if (off + 4 > ETH_ALEN * 2) 225 return -EOPNOTSUPP; 226 227 mask = ~tcf_pedit_mask(action, idx); 228 exact = tcf_pedit_val(action, idx); 229 230 if (exact & ~mask) 231 return -EOPNOTSUPP; 232 233 nfp_fl_set_helper32(exact, mask, &set_eth->eth_addr_val[off], 234 &set_eth->eth_addr_mask[off]); 235 236 set_eth->reserved = cpu_to_be16(0); 237 set_eth->head.jump_id = NFP_FL_ACTION_OPCODE_SET_ETHERNET; 238 set_eth->head.len_lw = sizeof(*set_eth) >> NFP_FL_LW_SIZ; 239 240 return 0; 241 } 242 243 static int 244 nfp_fl_set_ip4(const struct tc_action *action, int idx, u32 off, 245 struct nfp_fl_set_ip4_addrs *set_ip_addr) 246 { 247 __be32 exact, mask; 248 249 /* We are expecting tcf_pedit to return a big endian value */ 250 mask = (__force __be32)~tcf_pedit_mask(action, idx); 251 exact = (__force __be32)tcf_pedit_val(action, idx); 252 253 if (exact & ~mask) 254 return -EOPNOTSUPP; 255 256 switch (off) { 257 case offsetof(struct iphdr, daddr): 258 set_ip_addr->ipv4_dst_mask = mask; 259 set_ip_addr->ipv4_dst = exact; 260 break; 261 case offsetof(struct iphdr, saddr): 262 set_ip_addr->ipv4_src_mask = mask; 263 set_ip_addr->ipv4_src = exact; 264 break; 265 default: 266 return -EOPNOTSUPP; 267 } 268 269 set_ip_addr->reserved = cpu_to_be16(0); 270 set_ip_addr->head.jump_id = NFP_FL_ACTION_OPCODE_SET_IPV4_ADDRS; 271 set_ip_addr->head.len_lw = sizeof(*set_ip_addr) >> NFP_FL_LW_SIZ; 272 273 return 0; 274 } 275 276 static void 277 nfp_fl_set_ip6_helper(int opcode_tag, int idx, __be32 exact, __be32 mask, 278 struct nfp_fl_set_ipv6_addr *ip6) 279 { 280 ip6->ipv6[idx % 4].mask = mask; 281 ip6->ipv6[idx % 4].exact = exact; 282 283 ip6->reserved = cpu_to_be16(0); 284 ip6->head.jump_id = opcode_tag; 285 ip6->head.len_lw = sizeof(*ip6) >> NFP_FL_LW_SIZ; 286 } 287 288 static int 289 nfp_fl_set_ip6(const struct tc_action *action, int idx, u32 off, 290 struct nfp_fl_set_ipv6_addr *ip_dst, 291 struct nfp_fl_set_ipv6_addr *ip_src) 292 { 293 __be32 exact, mask; 294 295 /* We are expecting tcf_pedit to return a big endian value */ 296 mask = (__force __be32)~tcf_pedit_mask(action, idx); 297 exact = (__force __be32)tcf_pedit_val(action, idx); 298 299 if (exact & ~mask) 300 return -EOPNOTSUPP; 301 302 if (off < offsetof(struct ipv6hdr, saddr)) 303 return -EOPNOTSUPP; 304 else if (off < offsetof(struct ipv6hdr, daddr)) 305 nfp_fl_set_ip6_helper(NFP_FL_ACTION_OPCODE_SET_IPV6_SRC, idx, 306 exact, mask, ip_src); 307 else if (off < offsetof(struct ipv6hdr, daddr) + 308 sizeof(struct in6_addr)) 309 nfp_fl_set_ip6_helper(NFP_FL_ACTION_OPCODE_SET_IPV6_DST, idx, 310 exact, mask, ip_dst); 311 else 312 return -EOPNOTSUPP; 313 314 return 0; 315 } 316 317 static int 318 nfp_fl_set_tport(const struct tc_action *action, int idx, u32 off, 319 struct nfp_fl_set_tport *set_tport, int opcode) 320 { 321 u32 exact, mask; 322 323 if (off) 324 return -EOPNOTSUPP; 325 326 mask = ~tcf_pedit_mask(action, idx); 327 exact = tcf_pedit_val(action, idx); 328 329 if (exact & ~mask) 330 return -EOPNOTSUPP; 331 332 nfp_fl_set_helper32(exact, mask, set_tport->tp_port_val, 333 set_tport->tp_port_mask); 334 335 set_tport->reserved = cpu_to_be16(0); 336 set_tport->head.jump_id = opcode; 337 set_tport->head.len_lw = sizeof(*set_tport) >> NFP_FL_LW_SIZ; 338 339 return 0; 340 } 341 342 static int 343 nfp_fl_pedit(const struct tc_action *action, char *nfp_action, int *a_len) 344 { 345 struct nfp_fl_set_ipv6_addr set_ip6_dst, set_ip6_src; 346 struct nfp_fl_set_ip4_addrs set_ip_addr; 347 struct nfp_fl_set_tport set_tport; 348 struct nfp_fl_set_eth set_eth; 349 enum pedit_header_type htype; 350 int idx, nkeys, err; 351 size_t act_size; 352 u32 offset, cmd; 353 354 memset(&set_ip6_dst, 0, sizeof(set_ip6_dst)); 355 memset(&set_ip6_src, 0, sizeof(set_ip6_src)); 356 memset(&set_ip_addr, 0, sizeof(set_ip_addr)); 357 memset(&set_tport, 0, sizeof(set_tport)); 358 memset(&set_eth, 0, sizeof(set_eth)); 359 nkeys = tcf_pedit_nkeys(action); 360 361 for (idx = 0; idx < nkeys; idx++) { 362 cmd = tcf_pedit_cmd(action, idx); 363 htype = tcf_pedit_htype(action, idx); 364 offset = tcf_pedit_offset(action, idx); 365 366 if (cmd != TCA_PEDIT_KEY_EX_CMD_SET) 367 return -EOPNOTSUPP; 368 369 switch (htype) { 370 case TCA_PEDIT_KEY_EX_HDR_TYPE_ETH: 371 err = nfp_fl_set_eth(action, idx, offset, &set_eth); 372 break; 373 case TCA_PEDIT_KEY_EX_HDR_TYPE_IP4: 374 err = nfp_fl_set_ip4(action, idx, offset, &set_ip_addr); 375 break; 376 case TCA_PEDIT_KEY_EX_HDR_TYPE_IP6: 377 err = nfp_fl_set_ip6(action, idx, offset, &set_ip6_dst, 378 &set_ip6_src); 379 break; 380 case TCA_PEDIT_KEY_EX_HDR_TYPE_TCP: 381 err = nfp_fl_set_tport(action, idx, offset, &set_tport, 382 NFP_FL_ACTION_OPCODE_SET_TCP); 383 break; 384 case TCA_PEDIT_KEY_EX_HDR_TYPE_UDP: 385 err = nfp_fl_set_tport(action, idx, offset, &set_tport, 386 NFP_FL_ACTION_OPCODE_SET_UDP); 387 break; 388 default: 389 return -EOPNOTSUPP; 390 } 391 if (err) 392 return err; 393 } 394 395 if (set_eth.head.len_lw) { 396 act_size = sizeof(set_eth); 397 memcpy(nfp_action, &set_eth, act_size); 398 *a_len += act_size; 399 } else if (set_ip_addr.head.len_lw) { 400 act_size = sizeof(set_ip_addr); 401 memcpy(nfp_action, &set_ip_addr, act_size); 402 *a_len += act_size; 403 } else if (set_ip6_dst.head.len_lw && set_ip6_src.head.len_lw) { 404 /* TC compiles set src and dst IPv6 address as a single action, 405 * the hardware requires this to be 2 separate actions. 406 */ 407 act_size = sizeof(set_ip6_src); 408 memcpy(nfp_action, &set_ip6_src, act_size); 409 *a_len += act_size; 410 411 act_size = sizeof(set_ip6_dst); 412 memcpy(&nfp_action[sizeof(set_ip6_src)], &set_ip6_dst, 413 act_size); 414 *a_len += act_size; 415 } else if (set_ip6_dst.head.len_lw) { 416 act_size = sizeof(set_ip6_dst); 417 memcpy(nfp_action, &set_ip6_dst, act_size); 418 *a_len += act_size; 419 } else if (set_ip6_src.head.len_lw) { 420 act_size = sizeof(set_ip6_src); 421 memcpy(nfp_action, &set_ip6_src, act_size); 422 *a_len += act_size; 423 } else if (set_tport.head.len_lw) { 424 act_size = sizeof(set_tport); 425 memcpy(nfp_action, &set_tport, act_size); 426 *a_len += act_size; 427 } 428 429 return 0; 430 } 431 432 static int 433 nfp_flower_loop_action(const struct tc_action *a, 434 struct nfp_fl_payload *nfp_fl, int *a_len, 435 struct net_device *netdev, 436 enum nfp_flower_tun_type *tun_type, int *tun_out_cnt) 437 { 438 struct nfp_fl_pre_tunnel *pre_tun; 439 struct nfp_fl_set_vxlan *s_vxl; 440 struct nfp_fl_push_vlan *psh_v; 441 struct nfp_fl_pop_vlan *pop_v; 442 struct nfp_fl_output *output; 443 int err; 444 445 if (is_tcf_gact_shot(a)) { 446 nfp_fl->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_DROP); 447 } else if (is_tcf_mirred_egress_redirect(a)) { 448 if (*a_len + sizeof(struct nfp_fl_output) > NFP_FL_MAX_A_SIZ) 449 return -EOPNOTSUPP; 450 451 output = (struct nfp_fl_output *)&nfp_fl->action_data[*a_len]; 452 err = nfp_fl_output(output, a, nfp_fl, true, netdev, *tun_type, 453 tun_out_cnt); 454 if (err) 455 return err; 456 457 *a_len += sizeof(struct nfp_fl_output); 458 } else if (is_tcf_mirred_egress_mirror(a)) { 459 if (*a_len + sizeof(struct nfp_fl_output) > NFP_FL_MAX_A_SIZ) 460 return -EOPNOTSUPP; 461 462 output = (struct nfp_fl_output *)&nfp_fl->action_data[*a_len]; 463 err = nfp_fl_output(output, a, nfp_fl, false, netdev, *tun_type, 464 tun_out_cnt); 465 if (err) 466 return err; 467 468 *a_len += sizeof(struct nfp_fl_output); 469 } else if (is_tcf_vlan(a) && tcf_vlan_action(a) == TCA_VLAN_ACT_POP) { 470 if (*a_len + sizeof(struct nfp_fl_pop_vlan) > NFP_FL_MAX_A_SIZ) 471 return -EOPNOTSUPP; 472 473 pop_v = (struct nfp_fl_pop_vlan *)&nfp_fl->action_data[*a_len]; 474 nfp_fl->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_POPV); 475 476 nfp_fl_pop_vlan(pop_v); 477 *a_len += sizeof(struct nfp_fl_pop_vlan); 478 } else if (is_tcf_vlan(a) && tcf_vlan_action(a) == TCA_VLAN_ACT_PUSH) { 479 if (*a_len + sizeof(struct nfp_fl_push_vlan) > NFP_FL_MAX_A_SIZ) 480 return -EOPNOTSUPP; 481 482 psh_v = (struct nfp_fl_push_vlan *)&nfp_fl->action_data[*a_len]; 483 nfp_fl->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_NULL); 484 485 nfp_fl_push_vlan(psh_v, a); 486 *a_len += sizeof(struct nfp_fl_push_vlan); 487 } else if (is_tcf_tunnel_set(a) && nfp_fl_supported_tun_port(a)) { 488 /* Pre-tunnel action is required for tunnel encap. 489 * This checks for next hop entries on NFP. 490 * If none, the packet falls back before applying other actions. 491 */ 492 if (*a_len + sizeof(struct nfp_fl_pre_tunnel) + 493 sizeof(struct nfp_fl_set_vxlan) > NFP_FL_MAX_A_SIZ) 494 return -EOPNOTSUPP; 495 496 *tun_type = NFP_FL_TUNNEL_VXLAN; 497 pre_tun = nfp_fl_pre_tunnel(nfp_fl->action_data, *a_len); 498 nfp_fl->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_NULL); 499 *a_len += sizeof(struct nfp_fl_pre_tunnel); 500 501 s_vxl = (struct nfp_fl_set_vxlan *)&nfp_fl->action_data[*a_len]; 502 err = nfp_fl_set_vxlan(s_vxl, a, pre_tun); 503 if (err) 504 return err; 505 506 *a_len += sizeof(struct nfp_fl_set_vxlan); 507 } else if (is_tcf_tunnel_release(a)) { 508 /* Tunnel decap is handled by default so accept action. */ 509 return 0; 510 } else if (is_tcf_pedit(a)) { 511 if (nfp_fl_pedit(a, &nfp_fl->action_data[*a_len], a_len)) 512 return -EOPNOTSUPP; 513 } else { 514 /* Currently we do not handle any other actions. */ 515 return -EOPNOTSUPP; 516 } 517 518 return 0; 519 } 520 521 int nfp_flower_compile_action(struct tc_cls_flower_offload *flow, 522 struct net_device *netdev, 523 struct nfp_fl_payload *nfp_flow) 524 { 525 int act_len, act_cnt, err, tun_out_cnt; 526 enum nfp_flower_tun_type tun_type; 527 const struct tc_action *a; 528 LIST_HEAD(actions); 529 530 memset(nfp_flow->action_data, 0, NFP_FL_MAX_A_SIZ); 531 nfp_flow->meta.act_len = 0; 532 tun_type = NFP_FL_TUNNEL_NONE; 533 act_len = 0; 534 act_cnt = 0; 535 tun_out_cnt = 0; 536 537 tcf_exts_to_list(flow->exts, &actions); 538 list_for_each_entry(a, &actions, list) { 539 err = nfp_flower_loop_action(a, nfp_flow, &act_len, netdev, 540 &tun_type, &tun_out_cnt); 541 if (err) 542 return err; 543 act_cnt++; 544 } 545 546 /* We optimise when the action list is small, this can unfortunately 547 * not happen once we have more than one action in the action list. 548 */ 549 if (act_cnt > 1) 550 nfp_flow->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_NULL); 551 552 nfp_flow->meta.act_len = act_len; 553 554 return 0; 555 } 556