1 /* 2 * Copyright (C) 2017 Netronome Systems, Inc. 3 * 4 * This software is dual licensed under the GNU General License Version 2, 5 * June 1991 as shown in the file COPYING in the top-level directory of this 6 * source tree or the BSD 2-Clause License provided below. You have the 7 * option to license this software under the complete terms of either license. 8 * 9 * The BSD 2-Clause License: 10 * 11 * Redistribution and use in source and binary forms, with or 12 * without modification, are permitted provided that the following 13 * conditions are met: 14 * 15 * 1. Redistributions of source code must retain the above 16 * copyright notice, this list of conditions and the following 17 * disclaimer. 18 * 19 * 2. Redistributions in binary form must reproduce the above 20 * copyright notice, this list of conditions and the following 21 * disclaimer in the documentation and/or other materials 22 * provided with the distribution. 23 * 24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 25 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 26 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 27 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 28 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 29 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 30 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 31 * SOFTWARE. 32 */ 33 34 #include <linux/skbuff.h> 35 #include <net/devlink.h> 36 #include <net/pkt_cls.h> 37 38 #include "cmsg.h" 39 #include "main.h" 40 #include "../nfpcore/nfp_cpp.h" 41 #include "../nfpcore/nfp_nsp.h" 42 #include "../nfp_app.h" 43 #include "../nfp_main.h" 44 #include "../nfp_net.h" 45 #include "../nfp_port.h" 46 47 #define NFP_FLOWER_WHITELIST_DISSECTOR \ 48 (BIT(FLOW_DISSECTOR_KEY_CONTROL) | \ 49 BIT(FLOW_DISSECTOR_KEY_BASIC) | \ 50 BIT(FLOW_DISSECTOR_KEY_IPV4_ADDRS) | \ 51 BIT(FLOW_DISSECTOR_KEY_IPV6_ADDRS) | \ 52 BIT(FLOW_DISSECTOR_KEY_PORTS) | \ 53 BIT(FLOW_DISSECTOR_KEY_ETH_ADDRS) | \ 54 BIT(FLOW_DISSECTOR_KEY_VLAN) | \ 55 BIT(FLOW_DISSECTOR_KEY_ENC_KEYID) | \ 56 BIT(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) | \ 57 BIT(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) | \ 58 BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \ 59 BIT(FLOW_DISSECTOR_KEY_ENC_PORTS) | \ 60 BIT(FLOW_DISSECTOR_KEY_MPLS) | \ 61 BIT(FLOW_DISSECTOR_KEY_IP)) 62 63 #define NFP_FLOWER_WHITELIST_TUN_DISSECTOR \ 64 (BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \ 65 BIT(FLOW_DISSECTOR_KEY_ENC_KEYID) | \ 66 BIT(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) | \ 67 BIT(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) | \ 68 BIT(FLOW_DISSECTOR_KEY_ENC_PORTS)) 69 70 #define NFP_FLOWER_WHITELIST_TUN_DISSECTOR_R \ 71 (BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) | \ 72 BIT(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) | \ 73 BIT(FLOW_DISSECTOR_KEY_ENC_PORTS)) 74 75 static int 76 nfp_flower_xmit_flow(struct net_device *netdev, 77 struct nfp_fl_payload *nfp_flow, u8 mtype) 78 { 79 u32 meta_len, key_len, mask_len, act_len, tot_len; 80 struct nfp_repr *priv = netdev_priv(netdev); 81 struct sk_buff *skb; 82 unsigned char *msg; 83 84 meta_len = sizeof(struct nfp_fl_rule_metadata); 85 key_len = nfp_flow->meta.key_len; 86 mask_len = nfp_flow->meta.mask_len; 87 act_len = nfp_flow->meta.act_len; 88 89 tot_len = meta_len + key_len + mask_len + act_len; 90 91 /* Convert to long words as firmware expects 92 * lengths in units of NFP_FL_LW_SIZ. 93 */ 94 nfp_flow->meta.key_len >>= NFP_FL_LW_SIZ; 95 nfp_flow->meta.mask_len >>= NFP_FL_LW_SIZ; 96 nfp_flow->meta.act_len >>= NFP_FL_LW_SIZ; 97 98 skb = nfp_flower_cmsg_alloc(priv->app, tot_len, mtype, GFP_KERNEL); 99 if (!skb) 100 return -ENOMEM; 101 102 msg = nfp_flower_cmsg_get_data(skb); 103 memcpy(msg, &nfp_flow->meta, meta_len); 104 memcpy(&msg[meta_len], nfp_flow->unmasked_data, key_len); 105 memcpy(&msg[meta_len + key_len], nfp_flow->mask_data, mask_len); 106 memcpy(&msg[meta_len + key_len + mask_len], 107 nfp_flow->action_data, act_len); 108 109 /* Convert back to bytes as software expects 110 * lengths in units of bytes. 111 */ 112 nfp_flow->meta.key_len <<= NFP_FL_LW_SIZ; 113 nfp_flow->meta.mask_len <<= NFP_FL_LW_SIZ; 114 nfp_flow->meta.act_len <<= NFP_FL_LW_SIZ; 115 116 nfp_ctrl_tx(priv->app->ctrl, skb); 117 118 return 0; 119 } 120 121 static bool nfp_flower_check_higher_than_mac(struct tc_cls_flower_offload *f) 122 { 123 return dissector_uses_key(f->dissector, 124 FLOW_DISSECTOR_KEY_IPV4_ADDRS) || 125 dissector_uses_key(f->dissector, 126 FLOW_DISSECTOR_KEY_IPV6_ADDRS) || 127 dissector_uses_key(f->dissector, 128 FLOW_DISSECTOR_KEY_PORTS) || 129 dissector_uses_key(f->dissector, FLOW_DISSECTOR_KEY_ICMP); 130 } 131 132 static int 133 nfp_flower_calculate_key_layers(struct nfp_fl_key_ls *ret_key_ls, 134 struct tc_cls_flower_offload *flow) 135 { 136 struct flow_dissector_key_basic *mask_basic = NULL; 137 struct flow_dissector_key_basic *key_basic = NULL; 138 u32 key_layer_two; 139 u8 key_layer; 140 int key_size; 141 142 if (flow->dissector->used_keys & ~NFP_FLOWER_WHITELIST_DISSECTOR) 143 return -EOPNOTSUPP; 144 145 /* If any tun dissector is used then the required set must be used. */ 146 if (flow->dissector->used_keys & NFP_FLOWER_WHITELIST_TUN_DISSECTOR && 147 (flow->dissector->used_keys & NFP_FLOWER_WHITELIST_TUN_DISSECTOR_R) 148 != NFP_FLOWER_WHITELIST_TUN_DISSECTOR_R) 149 return -EOPNOTSUPP; 150 151 key_layer_two = 0; 152 key_layer = NFP_FLOWER_LAYER_PORT | NFP_FLOWER_LAYER_MAC; 153 key_size = sizeof(struct nfp_flower_meta_one) + 154 sizeof(struct nfp_flower_in_port) + 155 sizeof(struct nfp_flower_mac_mpls); 156 157 if (dissector_uses_key(flow->dissector, 158 FLOW_DISSECTOR_KEY_ENC_CONTROL)) { 159 struct flow_dissector_key_ipv4_addrs *mask_ipv4 = NULL; 160 struct flow_dissector_key_ports *mask_enc_ports = NULL; 161 struct flow_dissector_key_ports *enc_ports = NULL; 162 struct flow_dissector_key_control *mask_enc_ctl = 163 skb_flow_dissector_target(flow->dissector, 164 FLOW_DISSECTOR_KEY_ENC_CONTROL, 165 flow->mask); 166 struct flow_dissector_key_control *enc_ctl = 167 skb_flow_dissector_target(flow->dissector, 168 FLOW_DISSECTOR_KEY_ENC_CONTROL, 169 flow->key); 170 if (mask_enc_ctl->addr_type != 0xffff || 171 enc_ctl->addr_type != FLOW_DISSECTOR_KEY_IPV4_ADDRS) 172 return -EOPNOTSUPP; 173 174 /* These fields are already verified as used. */ 175 mask_ipv4 = 176 skb_flow_dissector_target(flow->dissector, 177 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, 178 flow->mask); 179 if (mask_ipv4->dst != cpu_to_be32(~0)) 180 return -EOPNOTSUPP; 181 182 mask_enc_ports = 183 skb_flow_dissector_target(flow->dissector, 184 FLOW_DISSECTOR_KEY_ENC_PORTS, 185 flow->mask); 186 enc_ports = 187 skb_flow_dissector_target(flow->dissector, 188 FLOW_DISSECTOR_KEY_ENC_PORTS, 189 flow->key); 190 191 if (mask_enc_ports->dst != cpu_to_be16(~0) || 192 enc_ports->dst != htons(NFP_FL_VXLAN_PORT)) 193 return -EOPNOTSUPP; 194 195 key_layer |= NFP_FLOWER_LAYER_VXLAN; 196 key_size += sizeof(struct nfp_flower_vxlan); 197 } 198 199 if (dissector_uses_key(flow->dissector, FLOW_DISSECTOR_KEY_BASIC)) { 200 mask_basic = skb_flow_dissector_target(flow->dissector, 201 FLOW_DISSECTOR_KEY_BASIC, 202 flow->mask); 203 204 key_basic = skb_flow_dissector_target(flow->dissector, 205 FLOW_DISSECTOR_KEY_BASIC, 206 flow->key); 207 } 208 209 if (mask_basic && mask_basic->n_proto) { 210 /* Ethernet type is present in the key. */ 211 switch (key_basic->n_proto) { 212 case cpu_to_be16(ETH_P_IP): 213 key_layer |= NFP_FLOWER_LAYER_IPV4; 214 key_size += sizeof(struct nfp_flower_ipv4); 215 break; 216 217 case cpu_to_be16(ETH_P_IPV6): 218 key_layer |= NFP_FLOWER_LAYER_IPV6; 219 key_size += sizeof(struct nfp_flower_ipv6); 220 break; 221 222 /* Currently we do not offload ARP 223 * because we rely on it to get to the host. 224 */ 225 case cpu_to_be16(ETH_P_ARP): 226 return -EOPNOTSUPP; 227 228 /* Will be included in layer 2. */ 229 case cpu_to_be16(ETH_P_8021Q): 230 break; 231 232 default: 233 /* Other ethtype - we need check the masks for the 234 * remainder of the key to ensure we can offload. 235 */ 236 if (nfp_flower_check_higher_than_mac(flow)) 237 return -EOPNOTSUPP; 238 break; 239 } 240 } 241 242 if (mask_basic && mask_basic->ip_proto) { 243 /* Ethernet type is present in the key. */ 244 switch (key_basic->ip_proto) { 245 case IPPROTO_TCP: 246 case IPPROTO_UDP: 247 case IPPROTO_SCTP: 248 case IPPROTO_ICMP: 249 case IPPROTO_ICMPV6: 250 key_layer |= NFP_FLOWER_LAYER_TP; 251 key_size += sizeof(struct nfp_flower_tp_ports); 252 break; 253 default: 254 /* Other ip proto - we need check the masks for the 255 * remainder of the key to ensure we can offload. 256 */ 257 return -EOPNOTSUPP; 258 } 259 } 260 261 ret_key_ls->key_layer = key_layer; 262 ret_key_ls->key_layer_two = key_layer_two; 263 ret_key_ls->key_size = key_size; 264 265 return 0; 266 } 267 268 static struct nfp_fl_payload * 269 nfp_flower_allocate_new(struct nfp_fl_key_ls *key_layer) 270 { 271 struct nfp_fl_payload *flow_pay; 272 273 flow_pay = kmalloc(sizeof(*flow_pay), GFP_KERNEL); 274 if (!flow_pay) 275 return NULL; 276 277 flow_pay->meta.key_len = key_layer->key_size; 278 flow_pay->unmasked_data = kmalloc(key_layer->key_size, GFP_KERNEL); 279 if (!flow_pay->unmasked_data) 280 goto err_free_flow; 281 282 flow_pay->meta.mask_len = key_layer->key_size; 283 flow_pay->mask_data = kmalloc(key_layer->key_size, GFP_KERNEL); 284 if (!flow_pay->mask_data) 285 goto err_free_unmasked; 286 287 flow_pay->action_data = kmalloc(NFP_FL_MAX_A_SIZ, GFP_KERNEL); 288 if (!flow_pay->action_data) 289 goto err_free_mask; 290 291 flow_pay->nfp_tun_ipv4_addr = 0; 292 flow_pay->meta.flags = 0; 293 spin_lock_init(&flow_pay->lock); 294 295 return flow_pay; 296 297 err_free_mask: 298 kfree(flow_pay->mask_data); 299 err_free_unmasked: 300 kfree(flow_pay->unmasked_data); 301 err_free_flow: 302 kfree(flow_pay); 303 return NULL; 304 } 305 306 /** 307 * nfp_flower_add_offload() - Adds a new flow to hardware. 308 * @app: Pointer to the APP handle 309 * @netdev: netdev structure. 310 * @flow: TC flower classifier offload structure. 311 * 312 * Adds a new flow to the repeated hash structure and action payload. 313 * 314 * Return: negative value on error, 0 if configured successfully. 315 */ 316 static int 317 nfp_flower_add_offload(struct nfp_app *app, struct net_device *netdev, 318 struct tc_cls_flower_offload *flow) 319 { 320 struct nfp_flower_priv *priv = app->priv; 321 struct nfp_fl_payload *flow_pay; 322 struct nfp_fl_key_ls *key_layer; 323 int err; 324 325 key_layer = kmalloc(sizeof(*key_layer), GFP_KERNEL); 326 if (!key_layer) 327 return -ENOMEM; 328 329 err = nfp_flower_calculate_key_layers(key_layer, flow); 330 if (err) 331 goto err_free_key_ls; 332 333 flow_pay = nfp_flower_allocate_new(key_layer); 334 if (!flow_pay) { 335 err = -ENOMEM; 336 goto err_free_key_ls; 337 } 338 339 err = nfp_flower_compile_flow_match(flow, key_layer, netdev, flow_pay); 340 if (err) 341 goto err_destroy_flow; 342 343 err = nfp_flower_compile_action(flow, netdev, flow_pay); 344 if (err) 345 goto err_destroy_flow; 346 347 err = nfp_compile_flow_metadata(app, flow, flow_pay); 348 if (err) 349 goto err_destroy_flow; 350 351 err = nfp_flower_xmit_flow(netdev, flow_pay, 352 NFP_FLOWER_CMSG_TYPE_FLOW_ADD); 353 if (err) 354 goto err_destroy_flow; 355 356 INIT_HLIST_NODE(&flow_pay->link); 357 flow_pay->tc_flower_cookie = flow->cookie; 358 hash_add_rcu(priv->flow_table, &flow_pay->link, flow->cookie); 359 360 /* Deallocate flow payload when flower rule has been destroyed. */ 361 kfree(key_layer); 362 363 return 0; 364 365 err_destroy_flow: 366 kfree(flow_pay->action_data); 367 kfree(flow_pay->mask_data); 368 kfree(flow_pay->unmasked_data); 369 kfree(flow_pay); 370 err_free_key_ls: 371 kfree(key_layer); 372 return err; 373 } 374 375 /** 376 * nfp_flower_del_offload() - Removes a flow from hardware. 377 * @app: Pointer to the APP handle 378 * @netdev: netdev structure. 379 * @flow: TC flower classifier offload structure 380 * 381 * Removes a flow from the repeated hash structure and clears the 382 * action payload. 383 * 384 * Return: negative value on error, 0 if removed successfully. 385 */ 386 static int 387 nfp_flower_del_offload(struct nfp_app *app, struct net_device *netdev, 388 struct tc_cls_flower_offload *flow) 389 { 390 struct nfp_fl_payload *nfp_flow; 391 int err; 392 393 nfp_flow = nfp_flower_search_fl_table(app, flow->cookie); 394 if (!nfp_flow) 395 return -ENOENT; 396 397 err = nfp_modify_flow_metadata(app, nfp_flow); 398 if (err) 399 goto err_free_flow; 400 401 if (nfp_flow->nfp_tun_ipv4_addr) 402 nfp_tunnel_del_ipv4_off(app, nfp_flow->nfp_tun_ipv4_addr); 403 404 err = nfp_flower_xmit_flow(netdev, nfp_flow, 405 NFP_FLOWER_CMSG_TYPE_FLOW_DEL); 406 if (err) 407 goto err_free_flow; 408 409 err_free_flow: 410 hash_del_rcu(&nfp_flow->link); 411 kfree(nfp_flow->action_data); 412 kfree(nfp_flow->mask_data); 413 kfree(nfp_flow->unmasked_data); 414 kfree_rcu(nfp_flow, rcu); 415 return err; 416 } 417 418 /** 419 * nfp_flower_get_stats() - Populates flow stats obtained from hardware. 420 * @app: Pointer to the APP handle 421 * @flow: TC flower classifier offload structure 422 * 423 * Populates a flow statistics structure which which corresponds to a 424 * specific flow. 425 * 426 * Return: negative value on error, 0 if stats populated successfully. 427 */ 428 static int 429 nfp_flower_get_stats(struct nfp_app *app, struct tc_cls_flower_offload *flow) 430 { 431 struct nfp_fl_payload *nfp_flow; 432 433 nfp_flow = nfp_flower_search_fl_table(app, flow->cookie); 434 if (!nfp_flow) 435 return -EINVAL; 436 437 spin_lock_bh(&nfp_flow->lock); 438 tcf_exts_stats_update(flow->exts, nfp_flow->stats.bytes, 439 nfp_flow->stats.pkts, nfp_flow->stats.used); 440 441 nfp_flow->stats.pkts = 0; 442 nfp_flow->stats.bytes = 0; 443 spin_unlock_bh(&nfp_flow->lock); 444 445 return 0; 446 } 447 448 static int 449 nfp_flower_repr_offload(struct nfp_app *app, struct net_device *netdev, 450 struct tc_cls_flower_offload *flower) 451 { 452 if (!eth_proto_is_802_3(flower->common.protocol) || 453 flower->common.chain_index) 454 return -EOPNOTSUPP; 455 456 switch (flower->command) { 457 case TC_CLSFLOWER_REPLACE: 458 return nfp_flower_add_offload(app, netdev, flower); 459 case TC_CLSFLOWER_DESTROY: 460 return nfp_flower_del_offload(app, netdev, flower); 461 case TC_CLSFLOWER_STATS: 462 return nfp_flower_get_stats(app, flower); 463 } 464 465 return -EOPNOTSUPP; 466 } 467 468 static int nfp_flower_setup_tc_block_cb(enum tc_setup_type type, 469 void *type_data, void *cb_priv) 470 { 471 struct nfp_repr *repr = cb_priv; 472 473 if (!tc_can_offload(repr->netdev)) 474 return -EOPNOTSUPP; 475 476 switch (type) { 477 case TC_SETUP_CLSFLOWER: 478 return nfp_flower_repr_offload(repr->app, repr->netdev, 479 type_data); 480 default: 481 return -EOPNOTSUPP; 482 } 483 } 484 485 static int nfp_flower_setup_tc_block(struct net_device *netdev, 486 struct tc_block_offload *f) 487 { 488 struct nfp_repr *repr = netdev_priv(netdev); 489 490 if (f->binder_type != TCF_BLOCK_BINDER_TYPE_CLSACT_INGRESS) 491 return -EOPNOTSUPP; 492 493 switch (f->command) { 494 case TC_BLOCK_BIND: 495 return tcf_block_cb_register(f->block, 496 nfp_flower_setup_tc_block_cb, 497 repr, repr); 498 case TC_BLOCK_UNBIND: 499 tcf_block_cb_unregister(f->block, 500 nfp_flower_setup_tc_block_cb, 501 repr); 502 return 0; 503 default: 504 return -EOPNOTSUPP; 505 } 506 } 507 508 int nfp_flower_setup_tc(struct nfp_app *app, struct net_device *netdev, 509 enum tc_setup_type type, void *type_data) 510 { 511 switch (type) { 512 case TC_SETUP_BLOCK: 513 return nfp_flower_setup_tc_block(netdev, type_data); 514 default: 515 return -EOPNOTSUPP; 516 } 517 } 518