Commit f5c977ee authored by John Hurley's avatar John Hurley Committed by David S. Miller

nfp: flower: detect potential pre-tunnel rules

Pre-tunnel rules are used when the tunnel end-point is on an 'internal
port'. These rules are used to direct the tunnelled packets (based on outer
header fields) to the internal port where they can be detunnelled. The
rule must send the packet to ingress the internal port at the TC layer.

Currently FW does not support an action to send to ingress so cannot
offload such rules. However, in preparation for populating the pre-tunnel
table to represent such rules, check for rules that send to the ingress of
an internal port and mark them as such. Further validation of such rules
is left to subsequent patches.
Signed-off-by: default avatarJohn Hurley <john.hurley@netronome.com>
Reviewed-by: default avatarSimon Horman <simon.horman@netronome.com>
Acked-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 4b10c53d
...@@ -173,7 +173,7 @@ nfp_fl_output(struct nfp_app *app, struct nfp_fl_output *output, ...@@ -173,7 +173,7 @@ nfp_fl_output(struct nfp_app *app, struct nfp_fl_output *output,
struct nfp_fl_payload *nfp_flow, struct nfp_fl_payload *nfp_flow,
bool last, struct net_device *in_dev, bool last, struct net_device *in_dev,
enum nfp_flower_tun_type tun_type, int *tun_out_cnt, enum nfp_flower_tun_type tun_type, int *tun_out_cnt,
struct netlink_ext_ack *extack) bool pkt_host, struct netlink_ext_ack *extack)
{ {
size_t act_size = sizeof(struct nfp_fl_output); size_t act_size = sizeof(struct nfp_fl_output);
struct nfp_flower_priv *priv = app->priv; struct nfp_flower_priv *priv = app->priv;
...@@ -218,6 +218,20 @@ nfp_fl_output(struct nfp_app *app, struct nfp_fl_output *output, ...@@ -218,6 +218,20 @@ nfp_fl_output(struct nfp_app *app, struct nfp_fl_output *output,
return gid; return gid;
} }
output->port = cpu_to_be32(NFP_FL_LAG_OUT | gid); output->port = cpu_to_be32(NFP_FL_LAG_OUT | gid);
} else if (nfp_flower_internal_port_can_offload(app, out_dev)) {
if (!(priv->flower_ext_feats & NFP_FL_FEATS_PRE_TUN_RULES)) {
NL_SET_ERR_MSG_MOD(extack, "unsupported offload: pre-tunnel rules not supported in loaded firmware");
return -EOPNOTSUPP;
}
if (nfp_flow->pre_tun_rule.dev || !pkt_host) {
NL_SET_ERR_MSG_MOD(extack, "unsupported offload: pre-tunnel rules require single egress dev and ptype HOST action");
return -EOPNOTSUPP;
}
nfp_flow->pre_tun_rule.dev = out_dev;
return 0;
} else { } else {
/* Set action output parameters. */ /* Set action output parameters. */
output->flags = cpu_to_be16(tmp_flags); output->flags = cpu_to_be16(tmp_flags);
...@@ -885,7 +899,7 @@ nfp_flower_output_action(struct nfp_app *app, ...@@ -885,7 +899,7 @@ nfp_flower_output_action(struct nfp_app *app,
struct nfp_fl_payload *nfp_fl, int *a_len, struct nfp_fl_payload *nfp_fl, int *a_len,
struct net_device *netdev, bool last, struct net_device *netdev, bool last,
enum nfp_flower_tun_type *tun_type, int *tun_out_cnt, enum nfp_flower_tun_type *tun_type, int *tun_out_cnt,
int *out_cnt, u32 *csum_updated, int *out_cnt, u32 *csum_updated, bool pkt_host,
struct netlink_ext_ack *extack) struct netlink_ext_ack *extack)
{ {
struct nfp_flower_priv *priv = app->priv; struct nfp_flower_priv *priv = app->priv;
...@@ -907,7 +921,7 @@ nfp_flower_output_action(struct nfp_app *app, ...@@ -907,7 +921,7 @@ nfp_flower_output_action(struct nfp_app *app,
output = (struct nfp_fl_output *)&nfp_fl->action_data[*a_len]; output = (struct nfp_fl_output *)&nfp_fl->action_data[*a_len];
err = nfp_fl_output(app, output, act, nfp_fl, last, netdev, *tun_type, err = nfp_fl_output(app, output, act, nfp_fl, last, netdev, *tun_type,
tun_out_cnt, extack); tun_out_cnt, pkt_host, extack);
if (err) if (err)
return err; return err;
...@@ -939,7 +953,7 @@ nfp_flower_loop_action(struct nfp_app *app, const struct flow_action_entry *act, ...@@ -939,7 +953,7 @@ nfp_flower_loop_action(struct nfp_app *app, const struct flow_action_entry *act,
struct net_device *netdev, struct net_device *netdev,
enum nfp_flower_tun_type *tun_type, int *tun_out_cnt, enum nfp_flower_tun_type *tun_type, int *tun_out_cnt,
int *out_cnt, u32 *csum_updated, int *out_cnt, u32 *csum_updated,
struct nfp_flower_pedit_acts *set_act, struct nfp_flower_pedit_acts *set_act, bool *pkt_host,
struct netlink_ext_ack *extack, int act_idx) struct netlink_ext_ack *extack, int act_idx)
{ {
struct nfp_fl_set_ipv4_tun *set_tun; struct nfp_fl_set_ipv4_tun *set_tun;
...@@ -955,17 +969,21 @@ nfp_flower_loop_action(struct nfp_app *app, const struct flow_action_entry *act, ...@@ -955,17 +969,21 @@ nfp_flower_loop_action(struct nfp_app *app, const struct flow_action_entry *act,
case FLOW_ACTION_DROP: case FLOW_ACTION_DROP:
nfp_fl->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_DROP); nfp_fl->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_DROP);
break; break;
case FLOW_ACTION_REDIRECT_INGRESS:
case FLOW_ACTION_REDIRECT: case FLOW_ACTION_REDIRECT:
err = nfp_flower_output_action(app, act, nfp_fl, a_len, netdev, err = nfp_flower_output_action(app, act, nfp_fl, a_len, netdev,
true, tun_type, tun_out_cnt, true, tun_type, tun_out_cnt,
out_cnt, csum_updated, extack); out_cnt, csum_updated, *pkt_host,
extack);
if (err) if (err)
return err; return err;
break; break;
case FLOW_ACTION_MIRRED_INGRESS:
case FLOW_ACTION_MIRRED: case FLOW_ACTION_MIRRED:
err = nfp_flower_output_action(app, act, nfp_fl, a_len, netdev, err = nfp_flower_output_action(app, act, nfp_fl, a_len, netdev,
false, tun_type, tun_out_cnt, false, tun_type, tun_out_cnt,
out_cnt, csum_updated, extack); out_cnt, csum_updated, *pkt_host,
extack);
if (err) if (err)
return err; return err;
break; break;
...@@ -1095,6 +1113,13 @@ nfp_flower_loop_action(struct nfp_app *app, const struct flow_action_entry *act, ...@@ -1095,6 +1113,13 @@ nfp_flower_loop_action(struct nfp_app *app, const struct flow_action_entry *act,
nfp_fl_set_mpls(set_m, act); nfp_fl_set_mpls(set_m, act);
*a_len += sizeof(struct nfp_fl_set_mpls); *a_len += sizeof(struct nfp_fl_set_mpls);
break; break;
case FLOW_ACTION_PTYPE:
/* TC ptype skbedit sets PACKET_HOST for ingress redirect. */
if (act->ptype != PACKET_HOST)
return -EOPNOTSUPP;
*pkt_host = true;
break;
default: default:
/* Currently we do not handle any other actions. */ /* Currently we do not handle any other actions. */
NL_SET_ERR_MSG_MOD(extack, "unsupported offload: unsupported action in action list"); NL_SET_ERR_MSG_MOD(extack, "unsupported offload: unsupported action in action list");
...@@ -1150,6 +1175,7 @@ int nfp_flower_compile_action(struct nfp_app *app, ...@@ -1150,6 +1175,7 @@ int nfp_flower_compile_action(struct nfp_app *app,
struct nfp_flower_pedit_acts set_act; struct nfp_flower_pedit_acts set_act;
enum nfp_flower_tun_type tun_type; enum nfp_flower_tun_type tun_type;
struct flow_action_entry *act; struct flow_action_entry *act;
bool pkt_host = false;
u32 csum_updated = 0; u32 csum_updated = 0;
memset(nfp_flow->action_data, 0, NFP_FL_MAX_A_SIZ); memset(nfp_flow->action_data, 0, NFP_FL_MAX_A_SIZ);
...@@ -1166,7 +1192,7 @@ int nfp_flower_compile_action(struct nfp_app *app, ...@@ -1166,7 +1192,7 @@ int nfp_flower_compile_action(struct nfp_app *app,
err = nfp_flower_loop_action(app, act, flow, nfp_flow, &act_len, err = nfp_flower_loop_action(app, act, flow, nfp_flow, &act_len,
netdev, &tun_type, &tun_out_cnt, netdev, &tun_type, &tun_out_cnt,
&out_cnt, &csum_updated, &out_cnt, &csum_updated,
&set_act, extack, i); &set_act, &pkt_host, extack, i);
if (err) if (err)
return err; return err;
act_cnt++; act_cnt++;
......
...@@ -42,6 +42,7 @@ struct nfp_app; ...@@ -42,6 +42,7 @@ struct nfp_app;
#define NFP_FL_FEATS_VLAN_PCP BIT(3) #define NFP_FL_FEATS_VLAN_PCP BIT(3)
#define NFP_FL_FEATS_VF_RLIM BIT(4) #define NFP_FL_FEATS_VF_RLIM BIT(4)
#define NFP_FL_FEATS_FLOW_MOD BIT(5) #define NFP_FL_FEATS_FLOW_MOD BIT(5)
#define NFP_FL_FEATS_PRE_TUN_RULES BIT(6)
#define NFP_FL_FEATS_FLOW_MERGE BIT(30) #define NFP_FL_FEATS_FLOW_MERGE BIT(30)
#define NFP_FL_FEATS_LAG BIT(31) #define NFP_FL_FEATS_LAG BIT(31)
...@@ -280,6 +281,9 @@ struct nfp_fl_payload { ...@@ -280,6 +281,9 @@ struct nfp_fl_payload {
char *action_data; char *action_data;
struct list_head linked_flows; struct list_head linked_flows;
bool in_hw; bool in_hw;
struct {
struct net_device *dev;
} pre_tun_rule;
}; };
struct nfp_fl_payload_link { struct nfp_fl_payload_link {
......
...@@ -489,6 +489,7 @@ nfp_flower_allocate_new(struct nfp_fl_key_ls *key_layer) ...@@ -489,6 +489,7 @@ nfp_flower_allocate_new(struct nfp_fl_key_ls *key_layer)
flow_pay->meta.flags = 0; flow_pay->meta.flags = 0;
INIT_LIST_HEAD(&flow_pay->linked_flows); INIT_LIST_HEAD(&flow_pay->linked_flows);
flow_pay->in_hw = false; flow_pay->in_hw = false;
flow_pay->pre_tun_rule.dev = NULL;
return flow_pay; return flow_pay;
...@@ -996,6 +997,24 @@ int nfp_flower_merge_offloaded_flows(struct nfp_app *app, ...@@ -996,6 +997,24 @@ int nfp_flower_merge_offloaded_flows(struct nfp_app *app,
return err; return err;
} }
/**
* nfp_flower_validate_pre_tun_rule()
* @app: Pointer to the APP handle
* @flow: Pointer to NFP flow representation of rule
* @extack: Netlink extended ACK report
*
* Verifies the flow as a pre-tunnel rule.
*
* Return: negative value on error, 0 if verified.
*/
static int
nfp_flower_validate_pre_tun_rule(struct nfp_app *app,
struct nfp_fl_payload *flow,
struct netlink_ext_ack *extack)
{
return -EOPNOTSUPP;
}
/** /**
* nfp_flower_add_offload() - Adds a new flow to hardware. * nfp_flower_add_offload() - Adds a new flow to hardware.
* @app: Pointer to the APP handle * @app: Pointer to the APP handle
...@@ -1046,6 +1065,12 @@ nfp_flower_add_offload(struct nfp_app *app, struct net_device *netdev, ...@@ -1046,6 +1065,12 @@ nfp_flower_add_offload(struct nfp_app *app, struct net_device *netdev,
if (err) if (err)
goto err_destroy_flow; goto err_destroy_flow;
if (flow_pay->pre_tun_rule.dev) {
err = nfp_flower_validate_pre_tun_rule(app, flow_pay, extack);
if (err)
goto err_destroy_flow;
}
err = nfp_compile_flow_metadata(app, flow, flow_pay, netdev, extack); err = nfp_compile_flow_metadata(app, flow, flow_pay, netdev, extack);
if (err) if (err)
goto err_destroy_flow; goto err_destroy_flow;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment