Commit 2e0bc7f3 authored by John Hurley's avatar John Hurley Committed by David S. Miller

nfp: flower: encode mac indexes with pre-tunnel rule check

When a tunnel packet arrives on the NFP card, its destination MAC is
looked up and MAC index returned for it. This index can help verify the
tunnel by, for example, ensuring that the packet arrived on the expected
port. If the packet is destined for a known MAC that is not connected to a
given physical port then the mac index can have a global value (e.g. when
a series of bonded ports shared the same MAC).

If the packet is to be detunneled at a bridge device or internal port like
an Open vSwitch VLAN port, then it should first match a 'pre-tunnel' rule
to direct it to that internal port.

Use the MAC index to indicate if a packet should match a pre-tunnel rule
before decap is allowed. Do this by tracking the number of internal ports
associated with a MAC address and, if the number if >0, set a bit in the
mac_index to forward the packet to the pre-tunnel table before continuing
with decap.
Signed-off-by: default avatarJohn Hurley <john.hurley@netronome.com>
Reviewed-by: default avatarSimon Horman <simon.horman@netronome.com>
Acked-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 09aa811b
...@@ -17,6 +17,7 @@ ...@@ -17,6 +17,7 @@
#define NFP_TUN_PRE_TUN_RULE_LIMIT 32 #define NFP_TUN_PRE_TUN_RULE_LIMIT 32
#define NFP_TUN_PRE_TUN_RULE_DEL 0x1 #define NFP_TUN_PRE_TUN_RULE_DEL 0x1
#define NFP_TUN_PRE_TUN_IDX_BIT 0x8
/** /**
* struct nfp_tun_pre_run_rule - rule matched before decap * struct nfp_tun_pre_run_rule - rule matched before decap
...@@ -146,6 +147,7 @@ enum nfp_flower_mac_offload_cmd { ...@@ -146,6 +147,7 @@ enum nfp_flower_mac_offload_cmd {
* @index: Offloaded index for given MAC address * @index: Offloaded index for given MAC address
* @ref_count: Number of devs using this MAC address * @ref_count: Number of devs using this MAC address
* @repr_list: List of reprs sharing this MAC address * @repr_list: List of reprs sharing this MAC address
* @bridge_count: Number of bridge/internal devs with MAC
*/ */
struct nfp_tun_offloaded_mac { struct nfp_tun_offloaded_mac {
struct rhash_head ht_node; struct rhash_head ht_node;
...@@ -153,6 +155,7 @@ struct nfp_tun_offloaded_mac { ...@@ -153,6 +155,7 @@ struct nfp_tun_offloaded_mac {
u16 index; u16 index;
int ref_count; int ref_count;
struct list_head repr_list; struct list_head repr_list;
int bridge_count;
}; };
static const struct rhashtable_params offloaded_macs_params = { static const struct rhashtable_params offloaded_macs_params = {
...@@ -573,6 +576,8 @@ nfp_tunnel_offloaded_macs_inc_ref_and_link(struct nfp_tun_offloaded_mac *entry, ...@@ -573,6 +576,8 @@ nfp_tunnel_offloaded_macs_inc_ref_and_link(struct nfp_tun_offloaded_mac *entry,
list_del(&repr_priv->mac_list); list_del(&repr_priv->mac_list);
list_add_tail(&repr_priv->mac_list, &entry->repr_list); list_add_tail(&repr_priv->mac_list, &entry->repr_list);
} else if (nfp_flower_is_supported_bridge(netdev)) {
entry->bridge_count++;
} }
entry->ref_count++; entry->ref_count++;
...@@ -589,20 +594,35 @@ nfp_tunnel_add_shared_mac(struct nfp_app *app, struct net_device *netdev, ...@@ -589,20 +594,35 @@ nfp_tunnel_add_shared_mac(struct nfp_app *app, struct net_device *netdev,
entry = nfp_tunnel_lookup_offloaded_macs(app, netdev->dev_addr); entry = nfp_tunnel_lookup_offloaded_macs(app, netdev->dev_addr);
if (entry && nfp_tunnel_is_mac_idx_global(entry->index)) { if (entry && nfp_tunnel_is_mac_idx_global(entry->index)) {
nfp_tunnel_offloaded_macs_inc_ref_and_link(entry, netdev, mod); if (entry->bridge_count ||
!nfp_flower_is_supported_bridge(netdev)) {
nfp_tunnel_offloaded_macs_inc_ref_and_link(entry,
netdev, mod);
return 0; return 0;
} }
/* Assign a global index if non-repr or MAC address is now shared. */ /* MAC is global but matches need to go to pre_tun table. */
nfp_mac_idx = entry->index | NFP_TUN_PRE_TUN_IDX_BIT;
}
if (!nfp_mac_idx) {
/* Assign a global index if non-repr or MAC is now shared. */
if (entry || !port) { if (entry || !port) {
ida_idx = ida_simple_get(&priv->tun.mac_off_ids, 0, ida_idx = ida_simple_get(&priv->tun.mac_off_ids, 0,
NFP_MAX_MAC_INDEX, GFP_KERNEL); NFP_MAX_MAC_INDEX, GFP_KERNEL);
if (ida_idx < 0) if (ida_idx < 0)
return ida_idx; return ida_idx;
nfp_mac_idx = nfp_tunnel_get_global_mac_idx_from_ida(ida_idx); nfp_mac_idx =
nfp_tunnel_get_global_mac_idx_from_ida(ida_idx);
if (nfp_flower_is_supported_bridge(netdev))
nfp_mac_idx |= NFP_TUN_PRE_TUN_IDX_BIT;
} else { } else {
nfp_mac_idx = nfp_tunnel_get_mac_idx_from_phy_port_id(port); nfp_mac_idx =
nfp_tunnel_get_mac_idx_from_phy_port_id(port);
}
} }
if (!entry) { if (!entry) {
...@@ -671,6 +691,25 @@ nfp_tunnel_del_shared_mac(struct nfp_app *app, struct net_device *netdev, ...@@ -671,6 +691,25 @@ nfp_tunnel_del_shared_mac(struct nfp_app *app, struct net_device *netdev,
list_del(&repr_priv->mac_list); list_del(&repr_priv->mac_list);
} }
if (nfp_flower_is_supported_bridge(netdev)) {
entry->bridge_count--;
if (!entry->bridge_count && entry->ref_count) {
u16 nfp_mac_idx;
nfp_mac_idx = entry->index & ~NFP_TUN_PRE_TUN_IDX_BIT;
if (__nfp_tunnel_offload_mac(app, mac, nfp_mac_idx,
false)) {
nfp_flower_cmsg_warn(app, "MAC offload index revert failed on %s.\n",
netdev_name(netdev));
return 0;
}
entry->index = nfp_mac_idx;
return 0;
}
}
/* If MAC is now used by 1 repr set the offloaded MAC index to port. */ /* If MAC is now used by 1 repr set the offloaded MAC index to port. */
if (entry->ref_count == 1 && list_is_singular(&entry->repr_list)) { if (entry->ref_count == 1 && list_is_singular(&entry->repr_list)) {
u16 nfp_mac_idx; u16 nfp_mac_idx;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment