1. 10 Jun, 2021 16 commits
    • Vlad Buslov's avatar
      net/mlx5: Bridge, add tracepoints · 9724fd5d
      Vlad Buslov authored
      Move private bridge structures to dedicated headers that is accessible to
      bridge tracepoint header. Implemented following tracepoints:
      
      - Initialize FDB entry.
      - Refresh FDB entry.
      - Cleanup FDB entry.
      - Create VLAN.
      - Cleanup VLAN.
      - Attach port to bridge.
      - Detach port from bridge.
      
      Usage example:
      
      ># cd /sys/kernel/debug/tracing
      ># echo mlx5:mlx5_esw_bridge_fdb_entry_init >> set_event
      ># cat trace
      ...
         kworker/u20:1-96      [001] ....   231.892503: mlx5_esw_bridge_fdb_entry_init: net_device=enp8s0f0_0 addr=e4:fd:05:08:00:02 vid=3 flags=0 lastuse=4294895695
      Signed-off-by: default avatarVlad Buslov <vladbu@nvidia.com>
      Reviewed-by: default avatarJianbo Liu <jianbol@nvidia.com>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
      9724fd5d
    • Vlad Buslov's avatar
      net/mlx5: Bridge, filter tagged packets that didn't match tagged fg · cc2987c4
      Vlad Buslov authored
      With support for pvid vlans in mlx5 bridge it is possible to have rules in
      untagged flow group when vlan filtering is enabled. However, such rules can
      also match tagged packets that didn't match anything in tagged flow group.
      Filter such packets by introducing additional flow group between tagged and
      untagged groups. When filtering is enabled on the bridge create additional
      flow in vlan filtering flow group and matches tagged packets with specified
      source MAC address and redirects them to new "skip" table. The skip table
      is new lowest-level empty table that is used to skip all further processing
      on packet in bridge priority.
      Signed-off-by: default avatarVlad Buslov <vladbu@nvidia.com>
      Reviewed-by: default avatarJianbo Liu <jianbol@nvidia.com>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
      cc2987c4
    • Vlad Buslov's avatar
      net/mlx5: Bridge, support pvid and untagged vlan configurations · 36e55079
      Vlad Buslov authored
      Implement support for pushing vlan header into untagged packet on ingress
      of port that has pvid configured and support for popping vlan on egress of
      port that has the matching vlan configured as untagged. To support such
      configurations packet reformat contexts of {INSERT|REMOVE}_HEADER types are
      created per such vlan and saved to struct mlx5_esw_bridge_vlan which allows
      all FDB entries on particular vlan to share single packet reformat
      instance. When initializing FDB entries with pvid or untagged vlan type set
      its mlx5_flow_act->pkt_reformat action accordingly.
      
      Flush all flows when removing vlan from port. This is necessary because
      even though software bridge removes all FDB entries before removing their
      vlan, mlx5 bridge implementation deletes their corresponding flow entries
      from hardware in asynchronous workqueue task, which will cause firmware
      error if vlan packet reformat context is deleted before all flows that
      point to it.
      Signed-off-by: default avatarVlad Buslov <vladbu@nvidia.com>
      Reviewed-by: default avatarJianbo Liu <jianbol@nvidia.com>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
      36e55079
    • Vlad Buslov's avatar
      net/mlx5: Bridge, match FDB entry vlan tag · ffc89ee5
      Vlad Buslov authored
      Add support for FDB vlan-tagged entries. Extend ingress and egress flow
      tables with flow groups to match packet vlan tag. Modify the flow creation
      code to include vlan tag, if vlan is configured on port and vlan
      configuration is supported for offload.
      Signed-off-by: default avatarVlad Buslov <vladbu@nvidia.com>
      Reviewed-by: default avatarJianbo Liu <jianbol@nvidia.com>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
      ffc89ee5
    • Vlad Buslov's avatar
      net/mlx5: Bridge, implement infrastructure for vlans · d75b9e80
      Vlad Buslov authored
      Establish all the necessary infrastructure for implementing vlan matching
      and vlan push/pop in following patches:
      
      - Add new per-vport struct mlx5_esw_bridge_port that is used to store
      metadata for all port vlans. Initialize and cleanup the instance of the
      structure when port representor is linked/unliked to bridge. Use xarray to
      allow quick vport metadata lookup by vport number.
      
      - Add new per-port-vlan struct mlx5_esw_bridge_vlan that is used to store
      vlan-specific data (vid, flags). Handle SWITCHDEV_PORT_OBJ_{ADD|DEL}
      switchdev blocking event for SWITCHDEV_OBJ_ID_PORT_VLAN object by
      creating/deleting the vlan structure and saving it in per-vport xarray for
      quick lookup.
      
      - Implement support for SWITCHDEV_ATTR_ID_BRIDGE_VLAN_FILTERING object
      attribute that is used to toggle vlan filtering. Remove all FDB entries
      from hardware when vlan filtering state is changed.
      Signed-off-by: default avatarVlad Buslov <vladbu@nvidia.com>
      Reviewed-by: default avatarJianbo Liu <jianbol@nvidia.com>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
      d75b9e80
    • Vlad Buslov's avatar
      net/mlx5: Bridge, dynamic entry ageing · c636a0f0
      Vlad Buslov authored
      Dynamic FDB entries require capability to age out unused entries. Such
      entries are either aged out by kernel software bridge implementation or by
      hardware switch that offloaded them (and notified the kernel to mark them
      as SWITCHDEV_FDB_ADD_TO_BRIDGE). Leaving ageing to kernel bridge would
      result it deleting offloaded dynamic FDB entries every ageing_time period
      due to packets being processed by hardware and, consecutively, 'used'
      timestamp for FDB entry not being updated. However, since hardware doesn't
      support ageing, software solution inside the driver is required.
      
      In order to emulate hardware ageing in driver, extend bridge FDB ingress
      flows with counter and create delayed br_offloads->update_work task on
      bridge offloads workqueue. Run the task every second, update 'used'
      timestamp in software bridge dynamic entry by sending
      SWITCHDEV_FDB_ADD_TO_BRIDGE for the entry, if it flow hardware counter
      lastuse field was changed since last update. If lastuse wasn't changed for
      ageing_time period, then delete the FDB entry and notify kernel bridge by
      sending SWITCHDEV_FDB_DEL_TO_BRIDGE notification.
      
      Register blocking switchdev notifier callback and handle attribute set
      SWITCHDEV_ATTR_ID_BRIDGE_AGEING_TIME event to allow user to dynamically
      configure bridge FDB entry ageing timeout. Save the value per-bridge in
      struct mlx5_esw_bridge. Silently ignore
      SWITCHDEV_ATTR_ID_PORT_{PRE_}BRIDGE_FLAGS switchdev event since mlx5 bridge
      implementation relies on software bridge for implementing necessary
      behavior for all of these flags.
      Signed-off-by: default avatarVlad Buslov <vladbu@nvidia.com>
      Reviewed-by: default avatarJianbo Liu <jianbol@nvidia.com>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
      c636a0f0
    • Vlad Buslov's avatar
      net/mlx5: Bridge, handle FDB events · 7cd6a54a
      Vlad Buslov authored
      Hardware supported by mlx5 driver doesn't provide learning and requires the
      driver to emulate all switch-like behavior in software. As such, all
      packets by default go through miss path, appear on representor and get to
      software bridge, if it is the upper device of the representor. This causes
      bridge to process packet in software, learn the MAC address to FDB and send
      SWITCHDEV_FDB_ADD_TO_DEVICE event to all subscribers.
      
      In order to offload FDB entries in mlx5, register switchdev notifier
      callback and implement support for both 'added_by_user' and dynamic FDB
      entry SWITCHDEV_FDB_ADD_TO_DEVICE events asynchronously using new
      mlx5_esw_bridge_offloads->wq ordered workqueue. In workqueue callback
      offload the ingress rule (matching FDB entry MAC as packet source MAC) and
      egress table rule (matching FDB entry MAC as destination MAC). For ingress
      table rule also match source vport to ensure that only traffic coming from
      expected bridge port is matched by offloaded rule. Save all the relevant
      FDB entry data in struct mlx5_esw_bridge_fdb_entry instance and insert the
      instance in new mlx5_esw_bridge->fdb_list list (for traversing all entries
      by software ageing implementation in following patch) and in new
      mlx5_esw_bridge->fdb_ht hash table for fast retrieval. Notify the bridge
      that FDB entry has been offloaded by sending SWITCHDEV_FDB_OFFLOADED
      notification.
      
      Delete FDB entry on reception of SWITCHDEV_FDB_DEL_TO_DEVICE event.
      Signed-off-by: default avatarVlad Buslov <vladbu@nvidia.com>
      Reviewed-by: default avatarJianbo Liu <jianbol@nvidia.com>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
      7cd6a54a
    • Vlad Buslov's avatar
      net/mlx5: Bridge, add offload infrastructure · 19e9bfa0
      Vlad Buslov authored
      Create new files bridge.{c|h} in en/rep directory that implement bridge
      interaction with representor netdevices and handle required
      events/notifications, bridge.{c|h} in esw directory that implement all
      necessary eswitch offloading infrastructure and works on vport/eswitch
      level. Provide new kconfig MLX5_BRIDGE which is automatically selected when
      both kernel bridge and mlx5 eswitch configs are enabled.
      
      Provide basic infrastructure for bridge offloads:
      
      - struct mlx5_esw_bridge_offloads - per-eswitch bridge offload structure
      that encapsulates generic bridge-offloads data (notifier blocks, ingress
      flow table/group, etc.) that is created/deleted on enable/disable eswitch
      offloads.
      
      - struct mlx5_esw_bridge - per-bridge structure that encapsulates
      per-bridge data (reference counter, FDB, egress flow table/group, etc.)
      that is created when first eswitch represetor is attached to new bridge and
      deleted when last representor is removed from the bridge as a result of
      NETDEV_CHANGEUPPER event.
      
      The bridge tables are created with new priority FDB_BR_OFFLOAD in FDB
      namespace. The new priority is between tc-miss and slow path priorities.
      Priority consist of two levels: the ingress table that is global per
      eswitch and matches incoming packets by src_mac/vid and redirects them to
      next level (egress table) that is chosen according to ingress port bridge
      membership and matches on dst_mac/vid in order to redirect packet to vport
      according to the following diagram:
      
                      +
                      |
            +---------v----------+
            |                    |
            |   FDB_TC_OFFLOAD   |
            |                    |
            +---------+----------+
                      |
                      |
            +---------v----------+
            |                    |
            |   FDB_FT_OFFLOAD   |
            |                    |
            +---------+----------+
                      |
                      |
            +---------v----------+
            |                    |
            |    FDB_TC_MISS     |
            |                    |
            +---------+----------+
                      |
      +--------------------------------------+
      |               |                      |
      |        +------+                      |
      |        |                             |
      | +------v--------+   FDB_BR_OFFLOAD   |
      | | INGRESS_TABLE |                    |
      | +------+---+----+                    |
      |        |   |      match              |
      |        |   +---------+               |
      |        |             |               |    +-------+
      |        |     +-------v-------+ match |    |       |
      |        |     | EGRESS_TABLE  +------------> vport |
      |        |     +-------+-------+       |    |       |
      |        |             |               |    +-------+
      |        |    miss     |               |
      |        +------+------+               |
      |               |                      |
      +--------------------------------------+
                      |
                      |
            +---------v----------+
            |                    |
            |   FDB_SLOW_PATH    |
            |                    |
            +---------+----------+
                      |
                      v
      Signed-off-by: default avatarVlad Buslov <vladbu@nvidia.com>
      Reviewed-by: default avatarJianbo Liu <jianbol@nvidia.com>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
      19e9bfa0
    • Vlad Buslov's avatar
      net/mlx5e: Refactor mlx5e_eswitch_{*}rep() helpers · 07810152
      Vlad Buslov authored
      Change the helper to functions to accept constant pointer to struct
      net_device. This is necessary for following patches in series that pass
      mlx5e_eswitch_rep() as a callback to kernel bridge infrastructure code.
      Signed-off-by: default avatarVlad Buslov <vladbu@nvidia.com>
      Reviewed-by: default avatarJianbo Liu <jianbol@nvidia.com>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
      07810152
    • Vlad Buslov's avatar
      net/mlx5: Create TC-miss priority and table · ec3be887
      Vlad Buslov authored
      In order to adhere to kernel software datapath model bridge offloads must
      come after TC and NF FDBs. Following patches in this series add new FDB
      priority for bridge after FDB_FT_OFFLOAD. However, since netfilter offload
      is implemented with unmanaged tables, its miss path is not automatically
      connected to next priority and requires the code to manually connect with
      slow table. To keep bridge offloads encapsulated and not mix it with
      eswitch offloads, create a new FDB_TC_MISS priority between FDB_FT_OFFLOAD
      and FDB_SLOW_PATH:
      
                +
                |
      +---------v----------+
      |                    |
      |   FDB_TC_OFFLOAD   |
      |                    |
      +---------+----------+
                |
                |
                |
      +---------v----------+
      |                    |
      |   FDB_FT_OFFLOAD   |
      |                    |
      +---------+----------+
                |
                |
                |
      +---------v----------+
      |                    |
      |    FDB_TC_MISS     |
      |                    |
      +---------+----------+
                |
                |
                |
      +---------v----------+
      |                    |
      |   FDB_SLOW_PATH    |
      |                    |
      +---------+----------+
                |
                v
      
      Initialize the new priority with single default empty managed table and use
      the table as TC/NF miss patch instead of slow table. This approach allows
      bridge offloads to be created as new FDB namespace priority between
      FDB_TC_MISS and FDB_SLOW_PATH without exposing its internal tables to any
      other modules since miss path of managed TC-miss table is automatically
      wired to next priority.
      Signed-off-by: default avatarVlad Buslov <vladbu@nvidia.com>
      Reviewed-by: default avatarJianbo Liu <jianbol@nvidia.com>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
      ec3be887
    • Yevgeny Kliteynik's avatar
      net/mlx5: DR, Support EMD tag in modify header for STEv1 · ded6a877
      Yevgeny Kliteynik authored
      Add support for EMD tag in modify header set/copy actions
      on device that supports STEv1.
      Signed-off-by: default avatarYevgeny Kliteynik <kliteyn@nvidia.com>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
      ded6a877
    • Yevgeny Kliteynik's avatar
      net/mlx5: DR, Added support for INSERT_HEADER reformat type · 7ea9b398
      Yevgeny Kliteynik authored
      Add support for INSERT_HEADER packet reformat context type
      Signed-off-by: default avatarYevgeny Kliteynik <kliteyn@nvidia.com>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
      7ea9b398
    • Yevgeny Kliteynik's avatar
      net/mlx5: Added new parameters to reformat context · 3f3f05ab
      Yevgeny Kliteynik authored
      Adding new reformat context type (INSERT_HEADER) requires adding two new
      parameters to reformat context - reformat_param_0 and reformat_param_1.
      As defined by HW spec, these parameters have different meaning for
      different reformat context type.
      
      The first parameter (reformat_param_0) is not new to HW spec, but it
      wasn't used by any of the supported reformats. The second parameter
      (reformat_param_1) is new to the HW spec - it was added to allow
      supporting INSERT_HEADER.
      
      For NSERT_HEADER, reformat_param_0 indicates the header used to
      reference the location of the inserted header, and reformat_param_1
      indicates the offset of the inserted header from the reference point
      defined by reformat_param_0.
      Signed-off-by: default avatarYevgeny Kliteynik <kliteyn@nvidia.com>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
      3f3f05ab
    • Yevgeny Kliteynik's avatar
      net/mlx5: DR, Allow encap action for RX for supporting devices · d7418b4e
      Yevgeny Kliteynik authored
      Encap actions on RX flow were not supported on older devices.
      However, this is no longer the case in devices that support STEv1.
      This patch adds support for encap l3/l2 on RX flow for supported
      devices: update actions state machine by adding the newely supported
      transitions and add the required support in STEv0/1 files.
      The new transitions that are supported are:
       - from decap/modify-header/pop-vlan to encap
       - from encap to termination table
      Signed-off-by: default avatarErez Shitrit <erezsh@nvidia.com>
      Signed-off-by: default avatarYevgeny Kliteynik <kliteyn@nvidia.com>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
      d7418b4e
    • Yevgeny Kliteynik's avatar
      net/mlx5: DR, Split reformat state to Encap and Decap · 28de41a4
      Yevgeny Kliteynik authored
      Split single reformat state into two separate states for encap and decap.
      This will allow adding actions to the specific domain, such as encap on RX.
      Signed-off-by: default avatarErez Shitrit <erezsh@nvidia.com>
      Signed-off-by: default avatarYevgeny Kliteynik <kliteyn@nvidia.com>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
      28de41a4
    • Yevgeny Kliteynik's avatar
      net/mlx5: mlx5_ifc support for header insert/remove · 67133eaa
      Yevgeny Kliteynik authored
      Add support for HCA caps 2 that contains capabilities for the new
      insert/remove header actions.
      
      Added the required definitions for supporting the new reformat type:
      added packet reformat parameters, reformat anchors and definitions
      to allow copy/set into the inserted EMD (Embedded MetaData) tag.
      Signed-off-by: default avatarYevgeny Kliteynik <kliteyn@nvidia.com>
      Signed-off-by: default avatarVlad Buslov <vladbu@nvidia.com>
      Reviewed-by: default avatarJianbo Liu <jianbol@nvidia.com>
      Signed-off-by: default avatarSaeed Mahameed <saeedm@nvidia.com>
      67133eaa
  2. 09 Jun, 2021 24 commits