| Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/C/Linux/drivers/net/ethernet/intel/ice/ (Open Source Betriebssystem Version 6.17.9©) Datei vom 24.10.2025 mit Größe 64 kB |
|
Quelle ice_tc_lib.c Sprache: C |
|||||||||||||||
|
// SPDX-License-Identifier: GPL-2.0 /* Copyright (C) 2019-2021, Intel Corporation. */ #include "ice.h" #include "ice_tc_lib.h" #include "ice_fltr.h" #include "ice_lib.h" #include "ice_protocol_type.h" #define ICE_TC_METADATA_LKUP_IDX 0 /** * ice_tc_count_lkups - determine lookup count for switch filter * @flags: TC-flower flags * @fltr: Pointer to outer TC filter structure * * Return: lookup count based on TC flower input for a switch filter. */ static int ice_tc_count_lkups(u32 flags, struct ice_tc_flower_fltr *fltr) { int lkups_cnt = 1; /* 0th lookup is metadata */ /* Always add metadata as the 0th lookup. Included elements: * - Direction flag (always present) * - ICE_TC_FLWR_FIELD_VLAN_TPID (present if specified) * - Tunnel flag (present if tunnel) */ if (fltr->direction == ICE_ESWITCH_FLTR_EGRESS) lkups_cnt++; if (flags & ICE_TC_FLWR_FIELD_TENANT_ID) lkups_cnt++; if (flags & ICE_TC_FLWR_FIELD_ENC_DST_MAC) lkups_cnt++; if (flags & ICE_TC_FLWR_FIELD_GTP_OPTS) lkups_cnt++; if (flags & ICE_TC_FLWR_FIELD_PFCP_OPTS) lkups_cnt++; if (flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV4 | ICE_TC_FLWR_FIELD_ENC_DEST_IPV4 | ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 | ICE_TC_FLWR_FIELD_ENC_DEST_IPV6)) lkups_cnt++; if (flags & (ICE_TC_FLWR_FIELD_ENC_IP_TOS | ICE_TC_FLWR_FIELD_ENC_IP_TTL)) lkups_cnt++; if (flags & ICE_TC_FLWR_FIELD_ENC_DEST_L4_PORT) lkups_cnt++; if (flags & ICE_TC_FLWR_FIELD_ETH_TYPE_ID) lkups_cnt++; /* are MAC fields specified? */ if (flags & (ICE_TC_FLWR_FIELD_DST_MAC | ICE_TC_FLWR_FIELD_SRC_MAC)) lkups_cnt++; /* is VLAN specified? */ if (flags & (ICE_TC_FLWR_FIELD_VLAN | ICE_TC_FLWR_FIELD_VLAN_PRIO)) lkups_cnt++; /* is CVLAN specified? */ if (flags & (ICE_TC_FLWR_FIELD_CVLAN | ICE_TC_FLWR_FIELD_CVLAN_PRIO)) lkups_cnt++; /* are PPPoE options specified? */ if (flags & (ICE_TC_FLWR_FIELD_PPPOE_SESSID | ICE_TC_FLWR_FIELD_PPP_PROTO)) lkups_cnt++; /* are IPv[4|6] fields specified? */ if (flags & (ICE_TC_FLWR_FIELD_DEST_IPV4 | ICE_TC_FLWR_FIELD_SRC_IPV4 | ICE_TC_FLWR_FIELD_DEST_IPV6 | ICE_TC_FLWR_FIELD_SRC_IPV6)) lkups_cnt++; if (flags & (ICE_TC_FLWR_FIELD_IP_TOS | ICE_TC_FLWR_FIELD_IP_TTL)) lkups_cnt++; /* are L2TPv3 options specified? */ if (flags & ICE_TC_FLWR_FIELD_L2TPV3_SESSID) lkups_cnt++; /* is L4 (TCP/UDP/any other L4 protocol fields) specified? */ if (flags & (ICE_TC_FLWR_FIELD_DEST_L4_PORT | ICE_TC_FLWR_FIELD_SRC_L4_PORT)) lkups_cnt++; return lkups_cnt; } static enum ice_protocol_type ice_proto_type_from_mac(bool inner) { return inner ? ICE_MAC_IL : ICE_MAC_OFOS; } static enum ice_protocol_type ice_proto_type_from_etype(bool inner) { return inner ? ICE_ETYPE_IL : ICE_ETYPE_OL; } static enum ice_protocol_type ice_proto_type_from_ipv4(bool inner) { return inner ? ICE_IPV4_IL : ICE_IPV4_OFOS; } static enum ice_protocol_type ice_proto_type_from_ipv6(bool inner) { return inner ? ICE_IPV6_IL : ICE_IPV6_OFOS; } static enum ice_protocol_type ice_proto_type_from_l4_port(u16 ip_proto) { switch (ip_proto) { case IPPROTO_TCP: return ICE_TCP_IL; case IPPROTO_UDP: return ICE_UDP_ILOS; } return 0; } static enum ice_protocol_type ice_proto_type_from_tunnel(enum ice_tunnel_type type) { switch (type) { case TNL_VXLAN: return ICE_VXLAN; case TNL_GENEVE: return ICE_GENEVE; case TNL_GRETAP: return ICE_NVGRE; case TNL_GTPU: /* NO_PAY profiles will not work with GTP-U */ return ICE_GTP; case TNL_GTPC: return ICE_GTP_NO_PAY; case TNL_PFCP: return ICE_PFCP; default: return 0; } } static enum ice_sw_tunnel_type ice_sw_type_from_tunnel(enum ice_tunnel_type type) { switch (type) { case TNL_VXLAN: return ICE_SW_TUN_VXLAN; case TNL_GENEVE: return ICE_SW_TUN_GENEVE; case TNL_GRETAP: return ICE_SW_TUN_NVGRE; case TNL_GTPU: return ICE_SW_TUN_GTPU; case TNL_GTPC: return ICE_SW_TUN_GTPC; case TNL_PFCP: return ICE_SW_TUN_PFCP; default: return ICE_NON_TUN; } } static u16 ice_check_supported_vlan_tpid(u16 vlan_tpid) { switch (vlan_tpid) { case ETH_P_8021Q: case ETH_P_8021AD: case ETH_P_QINQ1: return vlan_tpid; default: return 0; } } static int ice_tc_fill_tunnel_outer(u32 flags, struct ice_tc_flower_fltr *fltr, struct ice_adv_lkup_elem *list, int i) { struct ice_tc_flower_lyr_2_4_hdrs *hdr = &fltr->outer_headers; if (flags & ICE_TC_FLWR_FIELD_TENANT_ID) { u32 tenant_id; list[i].type = ice_proto_type_from_tunnel(fltr->tunnel_type); switch (fltr->tunnel_type) { case TNL_VXLAN: case TNL_GENEVE: tenant_id = be32_to_cpu(fltr->tenant_id) << 8; list[i].h_u.tnl_hdr.vni = cpu_to_be32(tenant_id); memcpy(&list[i].m_u.tnl_hdr.vni, "\xff\xff\xff\x00", 4); i++; break; case TNL_GRETAP: list[i].h_u.nvgre_hdr.tni_flow = fltr->tenant_id; memcpy(&list[i].m_u.nvgre_hdr.tni_flow, "\xff\xff\xff\xff", 4); i++; break; case TNL_GTPC: case TNL_GTPU: list[i].h_u.gtp_hdr.teid = fltr->tenant_id; memcpy(&list[i].m_u.gtp_hdr.teid, "\xff\xff\xff\xff", 4); i++; break; default: break; } } if (flags & ICE_TC_FLWR_FIELD_ENC_DST_MAC) { list[i].type = ice_proto_type_from_mac(false); ether_addr_copy(list[i].h_u.eth_hdr.dst_addr, hdr->l2_key.dst_mac); ether_addr_copy(list[i].m_u.eth_hdr.dst_addr, hdr->l2_mask.dst_mac); i++; } if (flags & ICE_TC_FLWR_FIELD_GTP_OPTS) { list[i].type = ice_proto_type_from_tunnel(fltr->tunnel_type); if (fltr->gtp_pdu_info_masks.pdu_type) { list[i].h_u.gtp_hdr.pdu_type = fltr->gtp_pdu_info_keys.pdu_type << 4; memcpy(&list[i].m_u.gtp_hdr.pdu_type, "\xf0", 1); } if (fltr->gtp_pdu_info_masks.qfi) { list[i].h_u.gtp_hdr.qfi = fltr->gtp_pdu_info_keys.qfi; memcpy(&list[i].m_u.gtp_hdr.qfi, "\x3f", 1); } i++; } if (flags & ICE_TC_FLWR_FIELD_PFCP_OPTS) { struct ice_pfcp_hdr *hdr_h, *hdr_m; hdr_h = &list[i].h_u.pfcp_hdr; hdr_m = &list[i].m_u.pfcp_hdr; list[i].type = ICE_PFCP; hdr_h->flags = fltr->pfcp_meta_keys.type; hdr_m->flags = fltr->pfcp_meta_masks.type & 0x01; hdr_h->seid = fltr->pfcp_meta_keys.seid; hdr_m->seid = fltr->pfcp_meta_masks.seid; i++; } if (flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV4 | ICE_TC_FLWR_FIELD_ENC_DEST_IPV4)) { list[i].type = ice_proto_type_from_ipv4(false); if (flags & ICE_TC_FLWR_FIELD_ENC_SRC_IPV4) { list[i].h_u.ipv4_hdr.src_addr = hdr->l3_key.src_ipv4; list[i].m_u.ipv4_hdr.src_addr = hdr->l3_mask.src_ipv4; } if (flags & ICE_TC_FLWR_FIELD_ENC_DEST_IPV4) { list[i].h_u.ipv4_hdr.dst_addr = hdr->l3_key.dst_ipv4; list[i].m_u.ipv4_hdr.dst_addr = hdr->l3_mask.dst_ipv4; } i++; } if (flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 | ICE_TC_FLWR_FIELD_ENC_DEST_IPV6)) { list[i].type = ice_proto_type_from_ipv6(false); if (flags & ICE_TC_FLWR_FIELD_ENC_SRC_IPV6) { memcpy(&list[i].h_u.ipv6_hdr.src_addr, &hdr->l3_key.src_ipv6_addr, sizeof(hdr->l3_key.src_ipv6_addr)); memcpy(&list[i].m_u.ipv6_hdr.src_addr, &hdr->l3_mask.src_ipv6_addr, sizeof(hdr->l3_mask.src_ipv6_addr)); } if (flags & ICE_TC_FLWR_FIELD_ENC_DEST_IPV6) { memcpy(&list[i].h_u.ipv6_hdr.dst_addr, &hdr->l3_key.dst_ipv6_addr, sizeof(hdr->l3_key.dst_ipv6_addr)); memcpy(&list[i].m_u.ipv6_hdr.dst_addr, &hdr->l3_mask.dst_ipv6_addr, sizeof(hdr->l3_mask.dst_ipv6_addr)); } i++; } if (fltr->inner_headers.l2_key.n_proto == htons(ETH_P_IP) && (flags & (ICE_TC_FLWR_FIELD_ENC_IP_TOS | ICE_TC_FLWR_FIELD_ENC_IP_TTL))) { list[i].type = ice_proto_type_from_ipv4(false); if (flags & ICE_TC_FLWR_FIELD_ENC_IP_TOS) { list[i].h_u.ipv4_hdr.tos = hdr->l3_key.tos; list[i].m_u.ipv4_hdr.tos = hdr->l3_mask.tos; } if (flags & ICE_TC_FLWR_FIELD_ENC_IP_TTL) { list[i].h_u.ipv4_hdr.time_to_live = hdr->l3_key.ttl; list[i].m_u.ipv4_hdr.time_to_live = hdr->l3_mask.ttl; } i++; } if (fltr->inner_headers.l2_key.n_proto == htons(ETH_P_IPV6) && (flags & (ICE_TC_FLWR_FIELD_ENC_IP_TOS | ICE_TC_FLWR_FIELD_ENC_IP_TTL))) { struct ice_ipv6_hdr *hdr_h, *hdr_m; hdr_h = &list[i].h_u.ipv6_hdr; hdr_m = &list[i].m_u.ipv6_hdr; list[i].type = ice_proto_type_from_ipv6(false); if (flags & ICE_TC_FLWR_FIELD_ENC_IP_TOS) { be32p_replace_bits(&hdr_h->be_ver_tc_flow, hdr->l3_key.tos, ICE_IPV6_HDR_TC_MASK); be32p_replace_bits(&hdr_m->be_ver_tc_flow, hdr->l3_mask.tos, ICE_IPV6_HDR_TC_MASK); } if (flags & ICE_TC_FLWR_FIELD_ENC_IP_TTL) { hdr_h->hop_limit = hdr->l3_key.ttl; hdr_m->hop_limit = hdr->l3_mask.ttl; } i++; } if ((flags & ICE_TC_FLWR_FIELD_ENC_DEST_L4_PORT) && hdr->l3_key.ip_proto == IPPROTO_UDP) { list[i].type = ICE_UDP_OF; list[i].h_u.l4_hdr.dst_port = hdr->l4_key.dst_port; list[i].m_u.l4_hdr.dst_port = hdr->l4_mask.dst_port; i++; } /* always fill matching on tunneled packets in metadata */ ice_rule_add_tunnel_metadata(&list[ICE_TC_METADATA_LKUP_IDX]); return i; } /** * ice_tc_fill_rules - fill filter rules based on TC fltr * @hw: pointer to HW structure * @flags: tc flower field flags * @tc_fltr: pointer to TC flower filter * @list: list of advance rule elements * @rule_info: pointer to information about rule * @l4_proto: pointer to information such as L4 proto type * * Fill ice_adv_lkup_elem list based on TC flower flags and * TC flower headers. This list should be used to add * advance filter in hardware. */ static int ice_tc_fill_rules(struct ice_hw *hw, u32 flags, struct ice_tc_flower_fltr *tc_fltr, struct ice_adv_lkup_elem *list, struct ice_adv_rule_info *rule_info, u16 *l4_proto) { struct ice_tc_flower_lyr_2_4_hdrs *headers = &tc_fltr->outer_headers; bool inner = false; u16 vlan_tpid = 0; int i = 1; /* 0th lookup is metadata */ rule_info->vlan_type = vlan_tpid; /* Always add direction metadata */ ice_rule_add_direction_metadata(&list[ICE_TC_METADATA_LKUP_IDX]); if (tc_fltr->direction == ICE_ESWITCH_FLTR_EGRESS) { ice_rule_add_src_vsi_metadata(&list[i]); i++; } rule_info->tun_type = ice_sw_type_from_tunnel(tc_fltr->tunnel_type); if (tc_fltr->tunnel_type != TNL_LAST) { i = ice_tc_fill_tunnel_outer(flags, tc_fltr, list, i); /* PFCP is considered non-tunneled - don't swap headers. */ if (tc_fltr->tunnel_type != TNL_PFCP) { headers = &tc_fltr->inner_headers; inner = true; } } if (flags & ICE_TC_FLWR_FIELD_ETH_TYPE_ID) { list[i].type = ice_proto_type_from_etype(inner); list[i].h_u.ethertype.ethtype_id = headers->l2_key.n_proto; list[i].m_u.ethertype.ethtype_id = headers->l2_mask.n_proto; i++; } if (flags & (ICE_TC_FLWR_FIELD_DST_MAC | ICE_TC_FLWR_FIELD_SRC_MAC)) { struct ice_tc_l2_hdr *l2_key, *l2_mask; l2_key = &headers->l2_key; l2_mask = &headers->l2_mask; list[i].type = ice_proto_type_from_mac(inner); if (flags & ICE_TC_FLWR_FIELD_DST_MAC) { ether_addr_copy(list[i].h_u.eth_hdr.dst_addr, l2_key->dst_mac); ether_addr_copy(list[i].m_u.eth_hdr.dst_addr, l2_mask->dst_mac); } if (flags & ICE_TC_FLWR_FIELD_SRC_MAC) { ether_addr_copy(list[i].h_u.eth_hdr.src_addr, l2_key->src_mac); ether_addr_copy(list[i].m_u.eth_hdr.src_addr, l2_mask->src_mac); } i++; } /* copy VLAN info */ if (flags & (ICE_TC_FLWR_FIELD_VLAN | ICE_TC_FLWR_FIELD_VLAN_PRIO)) { if (flags & ICE_TC_FLWR_FIELD_CVLAN) list[i].type = ICE_VLAN_EX; else list[i].type = ICE_VLAN_OFOS; if (flags & ICE_TC_FLWR_FIELD_VLAN) { list[i].h_u.vlan_hdr.vlan = headers->vlan_hdr.vlan_id; list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0x0FFF); } if (flags & ICE_TC_FLWR_FIELD_VLAN_PRIO) { if (flags & ICE_TC_FLWR_FIELD_VLAN) { list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0xEFFF); } else { list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0xE000); list[i].h_u.vlan_hdr.vlan = 0; } list[i].h_u.vlan_hdr.vlan |= headers->vlan_hdr.vlan_prio; } i++; } if (flags & ICE_TC_FLWR_FIELD_VLAN_TPID) { vlan_tpid = be16_to_cpu(headers->vlan_hdr.vlan_tpid); rule_info->vlan_type = ice_check_supported_vlan_tpid(vlan_tpid); ice_rule_add_vlan_metadata(&list[ICE_TC_METADATA_LKUP_IDX]); } if (flags & (ICE_TC_FLWR_FIELD_CVLAN | ICE_TC_FLWR_FIELD_CVLAN_PRIO)) { list[i].type = ICE_VLAN_IN; if (flags & ICE_TC_FLWR_FIELD_CVLAN) { list[i].h_u.vlan_hdr.vlan = headers->cvlan_hdr.vlan_id; list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0x0FFF); } if (flags & ICE_TC_FLWR_FIELD_CVLAN_PRIO) { if (flags & ICE_TC_FLWR_FIELD_CVLAN) { list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0xEFFF); } else { list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0xE000); list[i].h_u.vlan_hdr.vlan = 0; } list[i].h_u.vlan_hdr.vlan |= headers->cvlan_hdr.vlan_prio; } i++; } if (flags & (ICE_TC_FLWR_FIELD_PPPOE_SESSID | ICE_TC_FLWR_FIELD_PPP_PROTO)) { struct ice_pppoe_hdr *vals, *masks; vals = &list[i].h_u.pppoe_hdr; masks = &list[i].m_u.pppoe_hdr; list[i].type = ICE_PPPOE; if (flags & ICE_TC_FLWR_FIELD_PPPOE_SESSID) { vals->session_id = headers->pppoe_hdr.session_id; masks->session_id = cpu_to_be16(0xFFFF); } if (flags & ICE_TC_FLWR_FIELD_PPP_PROTO) { vals->ppp_prot_id = headers->pppoe_hdr.ppp_proto; masks->ppp_prot_id = cpu_to_be16(0xFFFF); } i++; } /* copy L3 (IPv[4|6]: src, dest) address */ if (flags & (ICE_TC_FLWR_FIELD_DEST_IPV4 | ICE_TC_FLWR_FIELD_SRC_IPV4)) { struct ice_tc_l3_hdr *l3_key, *l3_mask; list[i].type = ice_proto_type_from_ipv4(inner); l3_key = &headers->l3_key; l3_mask = &headers->l3_mask; if (flags & ICE_TC_FLWR_FIELD_DEST_IPV4) { list[i].h_u.ipv4_hdr.dst_addr = l3_key->dst_ipv4; list[i].m_u.ipv4_hdr.dst_addr = l3_mask->dst_ipv4; } if (flags & ICE_TC_FLWR_FIELD_SRC_IPV4) { list[i].h_u.ipv4_hdr.src_addr = l3_key->src_ipv4; list[i].m_u.ipv4_hdr.src_addr = l3_mask->src_ipv4; } i++; } else if (flags & (ICE_TC_FLWR_FIELD_DEST_IPV6 | ICE_TC_FLWR_FIELD_SRC_IPV6)) { struct ice_ipv6_hdr *ipv6_hdr, *ipv6_mask; struct ice_tc_l3_hdr *l3_key, *l3_mask; list[i].type = ice_proto_type_from_ipv6(inner); ipv6_hdr = &list[i].h_u.ipv6_hdr; ipv6_mask = &list[i].m_u.ipv6_hdr; l3_key = &headers->l3_key; l3_mask = &headers->l3_mask; if (flags & ICE_TC_FLWR_FIELD_DEST_IPV6) { memcpy(&ipv6_hdr->dst_addr, &l3_key->dst_ipv6_addr, sizeof(l3_key->dst_ipv6_addr)); memcpy(&ipv6_mask->dst_addr, &l3_mask->dst_ipv6_addr, sizeof(l3_mask->dst_ipv6_addr)); } if (flags & ICE_TC_FLWR_FIELD_SRC_IPV6) { memcpy(&ipv6_hdr->src_addr, &l3_key->src_ipv6_addr, sizeof(l3_key->src_ipv6_addr)); memcpy(&ipv6_mask->src_addr, &l3_mask->src_ipv6_addr, sizeof(l3_mask->src_ipv6_addr)); } i++; } if (headers->l2_key.n_proto == htons(ETH_P_IP) && (flags & (ICE_TC_FLWR_FIELD_IP_TOS | ICE_TC_FLWR_FIELD_IP_TTL))) { list[i].type = ice_proto_type_from_ipv4(inner); if (flags & ICE_TC_FLWR_FIELD_IP_TOS) { list[i].h_u.ipv4_hdr.tos = headers->l3_key.tos; list[i].m_u.ipv4_hdr.tos = headers->l3_mask.tos; } if (flags & ICE_TC_FLWR_FIELD_IP_TTL) { list[i].h_u.ipv4_hdr.time_to_live = headers->l3_key.ttl; list[i].m_u.ipv4_hdr.time_to_live = headers->l3_mask.ttl; } i++; } if (headers->l2_key.n_proto == htons(ETH_P_IPV6) && (flags & (ICE_TC_FLWR_FIELD_IP_TOS | ICE_TC_FLWR_FIELD_IP_TTL))) { struct ice_ipv6_hdr *hdr_h, *hdr_m; hdr_h = &list[i].h_u.ipv6_hdr; hdr_m = &list[i].m_u.ipv6_hdr; list[i].type = ice_proto_type_from_ipv6(inner); if (flags & ICE_TC_FLWR_FIELD_IP_TOS) { be32p_replace_bits(&hdr_h->be_ver_tc_flow, headers->l3_key.tos, ICE_IPV6_HDR_TC_MASK); be32p_replace_bits(&hdr_m->be_ver_tc_flow, headers->l3_mask.tos, ICE_IPV6_HDR_TC_MASK); } if (flags & ICE_TC_FLWR_FIELD_IP_TTL) { hdr_h->hop_limit = headers->l3_key.ttl; hdr_m->hop_limit = headers->l3_mask.ttl; } i++; } if (flags & ICE_TC_FLWR_FIELD_L2TPV3_SESSID) { list[i].type = ICE_L2TPV3; list[i].h_u.l2tpv3_sess_hdr.session_id = headers->l2tpv3_hdr.session_id; list[i].m_u.l2tpv3_sess_hdr.session_id = cpu_to_be32(0xFFFFFFFF); i++; } /* copy L4 (src, dest) port */ if (flags & (ICE_TC_FLWR_FIELD_DEST_L4_PORT | ICE_TC_FLWR_FIELD_SRC_L4_PORT)) { struct ice_tc_l4_hdr *l4_key, *l4_mask; list[i].type = ice_proto_type_from_l4_port(headers->l3_key.ip_proto); l4_key = &headers->l4_key; l4_mask = &headers->l4_mask; if (flags & ICE_TC_FLWR_FIELD_DEST_L4_PORT) { list[i].h_u.l4_hdr.dst_port = l4_key->dst_port; list[i].m_u.l4_hdr.dst_port = l4_mask->dst_port; } if (flags & ICE_TC_FLWR_FIELD_SRC_L4_PORT) { list[i].h_u.l4_hdr.src_port = l4_key->src_port; list[i].m_u.l4_hdr.src_port = l4_mask->src_port; } i++; } return i; } /** * ice_tc_tun_get_type - get the tunnel type * @tunnel_dev: ptr to tunnel device * * This function detects appropriate tunnel_type if specified device is * tunnel device such as VXLAN/Geneve */ static int ice_tc_tun_get_type(struct net_device *tunnel_dev) { if (netif_is_vxlan(tunnel_dev)) return TNL_VXLAN; if (netif_is_geneve(tunnel_dev)) return TNL_GENEVE; if (netif_is_gretap(tunnel_dev) || netif_is_ip6gretap(tunnel_dev)) return TNL_GRETAP; /* Assume GTP-U by default in case of GTP netdev. * GTP-C may be selected later, based on enc_dst_port. */ if (netif_is_gtp(tunnel_dev)) return TNL_GTPU; if (netif_is_pfcp(tunnel_dev)) return TNL_PFCP; return TNL_LAST; } bool ice_is_tunnel_supported(struct net_device *dev) { return ice_tc_tun_get_type(dev) != TNL_LAST; } static bool ice_tc_is_dev_uplink(struct net_device *dev) { return netif_is_ice(dev) || ice_is_tunnel_supported(dev); } static int ice_tc_setup_action(struct net_device *filter_dev, struct ice_tc_flower_fltr *fltr, struct net_device *target_dev, enum ice_sw_fwd_act_type action) { struct ice_repr *repr; if (action != ICE_FWD_TO_VSI && action != ICE_MIRROR_PACKET) { NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported action to setup provided"); return -EINVAL; } fltr->action.fltr_act = action; if (ice_is_port_repr_netdev(filter_dev) && ice_is_port_repr_netdev(target_dev) && fltr->direction == ICE_ESWITCH_FLTR_EGRESS) { repr = ice_netdev_to_repr(target_dev); fltr->dest_vsi = repr->src_vsi; } else if (ice_is_port_repr_netdev(filter_dev) && ice_tc_is_dev_uplink(target_dev) && fltr->direction == ICE_ESWITCH_FLTR_EGRESS) { repr = ice_netdev_to_repr(filter_dev); fltr->dest_vsi = repr->src_vsi->back->eswitch.uplink_vsi; } else if (ice_tc_is_dev_uplink(filter_dev) && ice_is_port_repr_netdev(target_dev) && fltr->direction == ICE_ESWITCH_FLTR_INGRESS) { repr = ice_netdev_to_repr(target_dev); fltr->dest_vsi = repr->src_vsi; } else { NL_SET_ERR_MSG_MOD(fltr->extack, "The action is not supported for this netdevice"); return -EINVAL; } return 0; } static int ice_tc_setup_drop_action(struct net_device *filter_dev, struct ice_tc_flower_fltr *fltr) { fltr->action.fltr_act = ICE_DROP_PACKET; if (!ice_tc_is_dev_uplink(filter_dev) && !(ice_is_port_repr_netdev(filter_dev) && fltr->direction == ICE_ESWITCH_FLTR_INGRESS)) { NL_SET_ERR_MSG_MOD(fltr->extack, "The action is not supported for this netdevice"); return -EINVAL; } return 0; } static int ice_eswitch_tc_parse_action(struct net_device *filter_dev, struct ice_tc_flower_fltr *fltr, struct flow_action_entry *act) { int err; switch (act->id) { case FLOW_ACTION_DROP: err = ice_tc_setup_drop_action(filter_dev, fltr); if (err) return err; break; case FLOW_ACTION_REDIRECT: err = ice_tc_setup_action(filter_dev, fltr, act->dev, ICE_FWD_TO_VSI); if (err) return err; break; case FLOW_ACTION_MIRRED: err = ice_tc_setup_action(filter_dev, fltr, act->dev, ICE_MIRROR_PACKET); if (err) return err; break; default: NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported action in switchdev mode"); return -EINVAL; } return 0; } static bool ice_is_fltr_lldp(struct ice_tc_flower_fltr *fltr) { return fltr->outer_headers.l2_key.n_proto == htons(ETH_P_LLDP); } static bool ice_is_fltr_pf_tx_lldp(struct ice_tc_flower_fltr *fltr) { struct ice_vsi *vsi = fltr->src_vsi, *uplink; if (!ice_is_switchdev_running(vsi->back)) return false; uplink = vsi->back->eswitch.uplink_vsi; return vsi == uplink && fltr->action.fltr_act == ICE_DROP_PACKET && ice_is_fltr_lldp(fltr) && fltr->direction == ICE_ESWITCH_FLTR_EGRESS && fltr->flags == ICE_TC_FLWR_FIELD_ETH_TYPE_ID; } static bool ice_is_fltr_vf_tx_lldp(struct ice_tc_flower_fltr *fltr) { struct ice_vsi *vsi = fltr->src_vsi, *uplink; uplink = vsi->back->eswitch.uplink_vsi; return fltr->src_vsi->type == ICE_VSI_VF && ice_is_fltr_lldp(fltr) && fltr->direction == ICE_ESWITCH_FLTR_EGRESS && fltr->dest_vsi == uplink; } static struct ice_tc_flower_fltr * ice_find_pf_tx_lldp_fltr(struct ice_pf *pf) { struct ice_tc_flower_fltr *fltr; hlist_for_each_entry(fltr, &pf->tc_flower_fltr_list, tc_flower_node) if (ice_is_fltr_pf_tx_lldp(fltr)) return fltr; return NULL; } static bool ice_any_vf_lldp_tx_ena(struct ice_pf *pf) { struct ice_vf *vf; unsigned int bkt; ice_for_each_vf(pf, bkt, vf) if (vf->lldp_tx_ena) return true; return false; } int ice_pass_vf_tx_lldp(struct ice_vsi *vsi, bool deinit) { struct ice_rule_query_data remove_entry = { .rid = vsi->vf->lldp_recipe_id, .rule_id = vsi->vf->lldp_rule_id, .vsi_handle = vsi->idx, }; struct ice_pf *pf = vsi->back; int err; if (vsi->vf->lldp_tx_ena) return 0; if (!deinit && !ice_find_pf_tx_lldp_fltr(vsi->back)) return -EINVAL; if (!deinit && ice_any_vf_lldp_tx_ena(pf)) return -EINVAL; err = ice_rem_adv_rule_by_id(&pf->hw, &remove_entry); if (!err) vsi->vf->lldp_tx_ena = true; return err; } int ice_drop_vf_tx_lldp(struct ice_vsi *vsi, bool init) { struct ice_rule_query_data rule_added; struct ice_adv_rule_info rinfo = { .priority = 7, .src_vsi = vsi->idx, .sw_act = { .src = vsi->idx, .flag = ICE_FLTR_TX, .fltr_act = ICE_DROP_PACKET, .vsi_handle = vsi->idx, }, .flags_info.act_valid = true, }; struct ice_adv_lkup_elem list[3]; struct ice_pf *pf = vsi->back; int err; if (!init && !vsi->vf->lldp_tx_ena) return 0; memset(list, 0, sizeof(list)); ice_rule_add_direction_metadata(&list[0]); ice_rule_add_src_vsi_metadata(&list[1]); list[2].type = ICE_ETYPE_OL; list[2].h_u.ethertype.ethtype_id = htons(ETH_P_LLDP); list[2].m_u.ethertype.ethtype_id = htons(0xFFFF); err = ice_add_adv_rule(&pf->hw, list, ARRAY_SIZE(list), &rinfo, &rule_added); if (err) { dev_err(&pf->pdev->dev, "Failed to add an LLDP rule to VSI 0x%X: %d\n", vsi->idx, err); } else { vsi->vf->lldp_recipe_id = rule_added.rid; vsi->vf->lldp_rule_id = rule_added.rule_id; vsi->vf->lldp_tx_ena = false; } return err; } static void ice_handle_add_pf_lldp_drop_rule(struct ice_vsi *vsi) { struct ice_tc_flower_fltr *fltr; struct ice_pf *pf = vsi->back; hlist_for_each_entry(fltr, &pf->tc_flower_fltr_list, tc_flower_node) { if (!ice_is_fltr_vf_tx_lldp(fltr)) continue; ice_pass_vf_tx_lldp(fltr->src_vsi, true); break; } } static void ice_handle_del_pf_lldp_drop_rule(struct ice_pf *pf) { int i; /* Make the VF LLDP fwd to uplink rule dormant */ ice_for_each_vsi(pf, i) { struct ice_vsi *vf_vsi = pf->vsi[i]; if (vf_vsi && vf_vsi->type == ICE_VSI_VF) ice_drop_vf_tx_lldp(vf_vsi, false); } } static int ice_eswitch_add_tc_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr) { struct ice_adv_rule_info rule_info = { 0 }; struct ice_rule_query_data rule_added; struct ice_hw *hw = &vsi->back->hw; struct ice_adv_lkup_elem *list; u32 flags = fltr->flags; int lkups_cnt; int ret; int i; if (flags & ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT) { NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported encap field(s)"); return -EOPNOTSUPP; } if (ice_is_fltr_vf_tx_lldp(fltr)) return ice_pass_vf_tx_lldp(vsi, false); lkups_cnt = ice_tc_count_lkups(flags, fltr); list = kcalloc(lkups_cnt, sizeof(*list), GFP_ATOMIC); if (!list) return -ENOMEM; i = ice_tc_fill_rules(hw, flags, fltr, list, &rule_info, NULL); if (i != lkups_cnt) { ret = -EINVAL; goto exit; } rule_info.sw_act.fltr_act = fltr->action.fltr_act; if (fltr->action.fltr_act != ICE_DROP_PACKET) rule_info.sw_act.vsi_handle = fltr->dest_vsi->idx; /* For now, making priority to be highest, and it also becomes * the priority for recipe which will get created as a result of * new extraction sequence based on input set. * Priority '7' is max val for switch recipe, higher the number * results into order of switch rule evaluation. */ rule_info.priority = 7; rule_info.flags_info.act_valid = true; if (fltr->direction == ICE_ESWITCH_FLTR_INGRESS) { /* Uplink to VF */ rule_info.sw_act.flag |= ICE_FLTR_RX; rule_info.sw_act.src = hw->pf_id; rule_info.flags_info.act = ICE_SINGLE_ACT_LB_ENABLE; } else if (fltr->direction == ICE_ESWITCH_FLTR_EGRESS && !fltr->dest_vsi && vsi == vsi->back->eswitch.uplink_vsi) { /* PF to Uplink */ rule_info.sw_act.flag |= ICE_FLTR_TX; rule_info.sw_act.src = vsi->idx; } else if (fltr->direction == ICE_ESWITCH_FLTR_EGRESS && fltr->dest_vsi == vsi->back->eswitch.uplink_vsi) { /* VF to Uplink */ rule_info.sw_act.flag |= ICE_FLTR_TX; rule_info.sw_act.src = vsi->idx; rule_info.flags_info.act = ICE_SINGLE_ACT_LAN_ENABLE; /* This is a specific case. The destination VSI index is * overwritten by the source VSI index. This type of filter * should allow the packet to go to the LAN, not to the * VSI passed here. It should set LAN_EN bit only. However, * the VSI must be a valid one. Setting source VSI index * here is safe. Even if the result from switch is set LAN_EN * and LB_EN (which normally will pass the packet to this VSI) * packet won't be seen on the VSI, because local loopback is * turned off. */ rule_info.sw_act.vsi_handle = vsi->idx; } else { /* VF to VF */ rule_info.sw_act.flag |= ICE_FLTR_TX; rule_info.sw_act.src = vsi->idx; rule_info.flags_info.act = ICE_SINGLE_ACT_LB_ENABLE; } /* specify the cookie as filter_rule_id */ rule_info.fltr_rule_id = fltr->cookie; rule_info.src_vsi = vsi->idx; ret = ice_add_adv_rule(hw, list, lkups_cnt, &rule_info, &rule_added); if (ret == -EEXIST) { NL_SET_ERR_MSG_MOD(fltr->extack, "Unable to add filter because it already exist"); ret = -EINVAL; goto exit; } else if (ret == -ENOSPC) { NL_SET_ERR_MSG_MOD(fltr->extack, "Unable to add filter: insufficient space availab goto exit; } else if (ret) { NL_SET_ERR_MSG_MOD(fltr->extack, "Unable to add filter due to error"); goto exit; } if (ice_is_fltr_pf_tx_lldp(fltr)) ice_handle_add_pf_lldp_drop_rule(vsi); /* store the output params, which are needed later for removing * advanced switch filter */ fltr->rid = rule_added.rid; fltr->rule_id = rule_added.rule_id; fltr->dest_vsi_handle = rule_added.vsi_handle; exit: kfree(list); return ret; } /** * ice_locate_vsi_using_queue - locate VSI using queue (forward to queue action) * @vsi: Pointer to VSI * @queue: Queue index * * Locate the VSI using specified "queue". When ADQ is not enabled, * always return input VSI, otherwise locate corresponding * VSI based on per channel "offset" and "qcount" */ struct ice_vsi * ice_locate_vsi_using_queue(struct ice_vsi *vsi, int queue) { int num_tc, tc; /* if ADQ is not active, passed VSI is the candidate VSI */ if (!ice_is_adq_active(vsi->back)) return vsi; /* Locate the VSI (it could still be main PF VSI or CHNL_VSI depending * upon queue number) */ num_tc = vsi->mqprio_qopt.qopt.num_tc; for (tc = 0; tc < num_tc; tc++) { int qcount = vsi->mqprio_qopt.qopt.count[tc]; int offset = vsi->mqprio_qopt.qopt.offset[tc]; if (queue >= offset && queue < offset + qcount) { /* for non-ADQ TCs, passed VSI is the candidate VSI */ if (tc < ICE_CHNL_START_TC) return vsi; else return vsi->tc_map_vsi[tc]; } } return NULL; } static struct ice_rx_ring * ice_locate_rx_ring_using_queue(struct ice_vsi *vsi, struct ice_tc_flower_fltr *tc_fltr) { u16 queue = tc_fltr->action.fwd.q.queue; return queue < vsi->num_rxq ? vsi->rx_rings[queue] : NULL; } /** * ice_tc_forward_action - Determine destination VSI and queue for the action * @vsi: Pointer to VSI * @tc_fltr: Pointer to TC flower filter structure * * Validates the tc forward action and determines the destination VSI and queue * for the forward action. */ static struct ice_vsi * ice_tc_forward_action(struct ice_vsi *vsi, struct ice_tc_flower_fltr *tc_fltr) { struct ice_rx_ring *ring = NULL; struct ice_vsi *dest_vsi = NULL; struct ice_pf *pf = vsi->back; struct device *dev; u32 tc_class; int q; dev = ice_pf_to_dev(pf); /* Get the destination VSI and/or destination queue and validate them */ switch (tc_fltr->action.fltr_act) { case ICE_FWD_TO_VSI: tc_class = tc_fltr->action.fwd.tc.tc_class; /* Select the destination VSI */ if (tc_class < ICE_CHNL_START_TC) { NL_SET_ERR_MSG_MOD(tc_fltr->extack, "Unable to add filter because of unsupported destination"); return ERR_PTR(-EOPNOTSUPP); } /* Locate ADQ VSI depending on hw_tc number */ dest_vsi = vsi->tc_map_vsi[tc_class]; break; case ICE_FWD_TO_Q: /* Locate the Rx queue */ ring = ice_locate_rx_ring_using_queue(vsi, tc_fltr); if (!ring) { dev_err(dev, "Unable to locate Rx queue for action fwd_to_queue: %u\n", tc_fltr->action.fwd.q.queue); return ERR_PTR(-EINVAL); } /* Determine destination VSI even though the action is * FWD_TO_QUEUE, because QUEUE is associated with VSI */ q = tc_fltr->action.fwd.q.queue; dest_vsi = ice_locate_vsi_using_queue(vsi, q); break; default: dev_err(dev, "Unable to add filter because of unsupported action %u (supported actions: fwd t tc_fltr->action.fltr_act); return ERR_PTR(-EINVAL); } /* Must have valid dest_vsi (it could be main VSI or ADQ VSI) */ if (!dest_vsi) { dev_err(dev, "Unable to add filter because specified destination VSI doesn't exist\n"); return ERR_PTR(-EINVAL); } return dest_vsi; } /** * ice_add_tc_flower_adv_fltr - add appropriate filter rules * @vsi: Pointer to VSI * @tc_fltr: Pointer to TC flower filter structure * * based on filter parameters using Advance recipes supported * by OS package. */ static int ice_add_tc_flower_adv_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *tc_fltr) { struct ice_adv_rule_info rule_info = {0}; struct ice_rule_query_data rule_added; struct ice_adv_lkup_elem *list; struct ice_pf *pf = vsi->back; struct ice_hw *hw = &pf->hw; u32 flags = tc_fltr->flags; struct ice_vsi *dest_vsi; struct device *dev; u16 lkups_cnt = 0; u16 l4_proto = 0; int ret = 0; u16 i = 0; dev = ice_pf_to_dev(pf); if (ice_is_safe_mode(pf)) { NL_SET_ERR_MSG_MOD(tc_fltr->extack, "Unable to add filter because driver is in saf return -EOPNOTSUPP; } if (!flags || (flags & (ICE_TC_FLWR_FIELD_ENC_DEST_IPV4 | ICE_TC_FLWR_FIELD_ENC_SRC_IPV4 | ICE_TC_FLWR_FIELD_ENC_DEST_IPV6 | ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 | ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT))) { NL_SET_ERR_MSG_MOD(tc_fltr->extack, "Unsupported encap field(s)"); return -EOPNOTSUPP; } /* validate forwarding action VSI and queue */ if (ice_is_forward_action(tc_fltr->action.fltr_act)) { dest_vsi = ice_tc_forward_action(vsi, tc_fltr); if (IS_ERR(dest_vsi)) return PTR_ERR(dest_vsi); } lkups_cnt = ice_tc_count_lkups(flags, tc_fltr); list = kcalloc(lkups_cnt, sizeof(*list), GFP_ATOMIC); if (!list) return -ENOMEM; i = ice_tc_fill_rules(hw, flags, tc_fltr, list, &rule_info, &l4_proto); if (i != lkups_cnt) { ret = -EINVAL; goto exit; } rule_info.sw_act.fltr_act = tc_fltr->action.fltr_act; /* specify the cookie as filter_rule_id */ rule_info.fltr_rule_id = tc_fltr->cookie; switch (tc_fltr->action.fltr_act) { case ICE_FWD_TO_VSI: rule_info.sw_act.vsi_handle = dest_vsi->idx; rule_info.priority = ICE_SWITCH_FLTR_PRIO_VSI; rule_info.sw_act.src = hw->pf_id; dev_dbg(dev, "add switch rule for TC:%u vsi_idx:%u, lkups_cnt:%u\n", tc_fltr->action.fwd.tc.tc_class, rule_info.sw_act.vsi_handle, lkups_cnt); break; case ICE_FWD_TO_Q: /* HW queue number in global space */ rule_info.sw_act.fwd_id.q_id = tc_fltr->action.fwd.q.hw_queue; rule_info.sw_act.vsi_handle = dest_vsi->idx; rule_info.priority = ICE_SWITCH_FLTR_PRIO_QUEUE; rule_info.sw_act.src = hw->pf_id; dev_dbg(dev, "add switch rule action to forward to queue:%u (HW queue %u), lkups_ tc_fltr->action.fwd.q.queue, tc_fltr->action.fwd.q.hw_queue, lkups_cnt); break; case ICE_DROP_PACKET: if (tc_fltr->direction == ICE_ESWITCH_FLTR_EGRESS) { rule_info.sw_act.flag |= ICE_FLTR_TX; rule_info.sw_act.src = vsi->idx; } else { rule_info.sw_act.flag |= ICE_FLTR_RX; rule_info.sw_act.src = hw->pf_id; } rule_info.priority = ICE_SWITCH_FLTR_PRIO_VSI; break; default: ret = -EOPNOTSUPP; goto exit; } ret = ice_add_adv_rule(hw, list, lkups_cnt, &rule_info, &rule_added); if (ret == -EEXIST) { NL_SET_ERR_MSG_MOD(tc_fltr->extack, "Unable to add filter because it already exist"); ret = -EINVAL; goto exit; } else if (ret == -ENOSPC) { NL_SET_ERR_MSG_MOD(tc_fltr->extack, "Unable to add filter: insufficient space available."); goto exit; } else if (ret) { NL_SET_ERR_MSG_MOD(tc_fltr->extack, "Unable to add filter due to error"); goto exit; } /* store the output params, which are needed later for removing * advanced switch filter */ tc_fltr->rid = rule_added.rid; tc_fltr->rule_id = rule_added.rule_id; tc_fltr->dest_vsi_handle = rule_added.vsi_handle; if (tc_fltr->action.fltr_act == ICE_FWD_TO_VSI || tc_fltr->action.fltr_act == ICE_FWD_TO_Q) { tc_fltr->dest_vsi = dest_vsi; /* keep track of advanced switch filter for * destination VSI */ dest_vsi->num_chnl_fltr++; /* keeps track of channel filters for PF VSI */ if (vsi->type == ICE_VSI_PF && (flags & (ICE_TC_FLWR_FIELD_DST_MAC | ICE_TC_FLWR_FIELD_ENC_DST_MAC))) pf->num_dmac_chnl_fltrs++; } switch (tc_fltr->action.fltr_act) { case ICE_FWD_TO_VSI: dev_dbg(dev, "added switch rule (lkups_cnt %u, flags 0x%x), action is forward to lkups_cnt, flags, tc_fltr->action.fwd.tc.tc_class, rule_added.rid, rule_added.rule_id, rule_added.vsi_handle); break; case ICE_FWD_TO_Q: dev_dbg(dev, "added switch rule (lkups_cnt %u, flags 0x%x), action is forward to lkups_cnt, flags, tc_fltr->action.fwd.q.queue, tc_fltr->action.fwd.q.hw_queue, rule_added.rid, rule_added.rule_id); break; case ICE_DROP_PACKET: dev_dbg(dev, "added switch rule (lkups_cnt %u, flags 0x%x), action is drop, rid % lkups_cnt, flags, rule_added.rid, rule_added.rule_id); break; default: break; } exit: kfree(list); return ret; } /** * ice_tc_set_pppoe - Parse PPPoE fields from TC flower filter * @match: Pointer to flow match structure * @fltr: Pointer to filter structure * @headers: Pointer to outer header fields * @returns PPP protocol used in filter (ppp_ses or ppp_disc) */ static u16 ice_tc_set_pppoe(struct flow_match_pppoe *match, struct ice_tc_flower_fltr *fltr, struct ice_tc_flower_lyr_2_4_hdrs *headers) { if (match->mask->session_id) { fltr->flags |= ICE_TC_FLWR_FIELD_PPPOE_SESSID; headers->pppoe_hdr.session_id = match->key->session_id; } if (match->mask->ppp_proto) { fltr->flags |= ICE_TC_FLWR_FIELD_PPP_PROTO; headers->pppoe_hdr.ppp_proto = match->key->ppp_proto; } return be16_to_cpu(match->key->type); } /** * ice_tc_set_ipv4 - Parse IPv4 addresses from TC flower filter * @match: Pointer to flow match structure * @fltr: Pointer to filter structure * @headers: inner or outer header fields * @is_encap: set true for tunnel IPv4 address */ static int ice_tc_set_ipv4(struct flow_match_ipv4_addrs *match, struct ice_tc_flower_fltr *fltr, struct ice_tc_flower_lyr_2_4_hdrs *headers, bool is_encap) { if (match->key->dst) { if (is_encap) fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DEST_IPV4; else fltr->flags |= ICE_TC_FLWR_FIELD_DEST_IPV4; headers->l3_key.dst_ipv4 = match->key->dst; headers->l3_mask.dst_ipv4 = match->mask->dst; } if (match->key->src) { if (is_encap) fltr->flags |= ICE_TC_FLWR_FIELD_ENC_SRC_IPV4; else fltr->flags |= ICE_TC_FLWR_FIELD_SRC_IPV4; headers->l3_key.src_ipv4 = match->key->src; headers->l3_mask.src_ipv4 = match->mask->src; } return 0; } /** * ice_tc_set_ipv6 - Parse IPv6 addresses from TC flower filter * @match: Pointer to flow match structure * @fltr: Pointer to filter structure * @headers: inner or outer header fields * @is_encap: set true for tunnel IPv6 address */ static int ice_tc_set_ipv6(struct flow_match_ipv6_addrs *match, struct ice_tc_flower_fltr *fltr, struct ice_tc_flower_lyr_2_4_hdrs *headers, bool is_encap) { struct ice_tc_l3_hdr *l3_key, *l3_mask; /* src and dest IPV6 address should not be LOOPBACK * (0:0:0:0:0:0:0:1), which can be represented as ::1 */ if (ipv6_addr_loopback(&match->key->dst) || ipv6_addr_loopback(&match->key->src)) { NL_SET_ERR_MSG_MOD(fltr->extack, "Bad IPv6, addr is LOOPBACK"); return -EINVAL; } /* if src/dest IPv6 address is *,* error */ if (ipv6_addr_any(&match->mask->dst) && ipv6_addr_any(&match->mask->src)) { NL_SET_ERR_MSG_MOD(fltr->extack, "Bad src/dest IPv6, addr is any"); return -EINVAL; } if (!ipv6_addr_any(&match->mask->dst)) { if (is_encap) fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DEST_IPV6; else fltr->flags |= ICE_TC_FLWR_FIELD_DEST_IPV6; } if (!ipv6_addr_any(&match->mask->src)) { if (is_encap) fltr->flags |= ICE_TC_FLWR_FIELD_ENC_SRC_IPV6; else fltr->flags |= ICE_TC_FLWR_FIELD_SRC_IPV6; } l3_key = &headers->l3_key; l3_mask = &headers->l3_mask; if (fltr->flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 | ICE_TC_FLWR_FIELD_SRC_IPV6)) { memcpy(&l3_key->src_ipv6_addr, &match->key->src.s6_addr, sizeof(match->key->src.s6_addr)); memcpy(&l3_mask->src_ipv6_addr, &match->mask->src.s6_addr, sizeof(match->mask->src.s6_addr)); } if (fltr->flags & (ICE_TC_FLWR_FIELD_ENC_DEST_IPV6 | ICE_TC_FLWR_FIELD_DEST_IPV6)) { memcpy(&l3_key->dst_ipv6_addr, &match->key->dst.s6_addr, sizeof(match->key->dst.s6_addr)); memcpy(&l3_mask->dst_ipv6_addr, &match->mask->dst.s6_addr, sizeof(match->mask->dst.s6_addr)); } return 0; } /** * ice_tc_set_tos_ttl - Parse IP ToS/TTL from TC flower filter * @match: Pointer to flow match structure * @fltr: Pointer to filter structure * @headers: inner or outer header fields * @is_encap: set true for tunnel */ static void ice_tc_set_tos_ttl(struct flow_match_ip *match, struct ice_tc_flower_fltr *fltr, struct ice_tc_flower_lyr_2_4_hdrs *headers, bool is_encap) { if (match->mask->tos) { if (is_encap) fltr->flags |= ICE_TC_FLWR_FIELD_ENC_IP_TOS; else fltr->flags |= ICE_TC_FLWR_FIELD_IP_TOS; headers->l3_key.tos = match->key->tos; headers->l3_mask.tos = match->mask->tos; } if (match->mask->ttl) { if (is_encap) fltr->flags |= ICE_TC_FLWR_FIELD_ENC_IP_TTL; else fltr->flags |= ICE_TC_FLWR_FIELD_IP_TTL; headers->l3_key.ttl = match->key->ttl; headers->l3_mask.ttl = match->mask->ttl; } } /** * ice_tc_set_port - Parse ports from TC flower filter * @match: Flow match structure * @fltr: Pointer to filter structure * @headers: inner or outer header fields * @is_encap: set true for tunnel port */ static int ice_tc_set_port(struct flow_match_ports match, struct ice_tc_flower_fltr *fltr, struct ice_tc_flower_lyr_2_4_hdrs *headers, bool is_encap) { if (match.key->dst) { if (is_encap) fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DEST_L4_PORT; else fltr->flags |= ICE_TC_FLWR_FIELD_DEST_L4_PORT; headers->l4_key.dst_port = match.key->dst; headers->l4_mask.dst_port = match.mask->dst; } if (match.key->src) { if (is_encap) fltr->flags |= ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT; else fltr->flags |= ICE_TC_FLWR_FIELD_SRC_L4_PORT; headers->l4_key.src_port = match.key->src; headers->l4_mask.src_port = match.mask->src; } return 0; } static struct net_device * ice_get_tunnel_device(struct net_device *dev, struct flow_rule *rule) { struct flow_action_entry *act; int i; if (ice_is_tunnel_supported(dev)) return dev; flow_action_for_each(i, act, &rule->action) { if (act->id == FLOW_ACTION_REDIRECT && ice_is_tunnel_supported(act->dev)) return act->dev; } return NULL; } /** * ice_parse_gtp_type - Sets GTP tunnel type to GTP-U or GTP-C * @match: Flow match structure * @fltr: Pointer to filter structure * * GTP-C/GTP-U is selected based on destination port number (enc_dst_port). * Before calling this funtcion, fltr->tunnel_type should be set to TNL_GTPU, * therefore making GTP-U the default choice (when destination port number is * not specified). */ static int ice_parse_gtp_type(struct flow_match_ports match, struct ice_tc_flower_fltr *fltr) { u16 dst_port; if (match.key->dst) { dst_port = be16_to_cpu(match.key->dst); switch (dst_port) { case 2152: break; case 2123: fltr->tunnel_type = TNL_GTPC; break; default: NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported GTP port number"); return -EINVAL; } } return 0; } static int ice_parse_tunnel_attr(struct net_device *dev, struct flow_rule *rule, struct ice_tc_flower_fltr *fltr) { struct ice_tc_flower_lyr_2_4_hdrs *headers = &fltr->outer_headers; struct netlink_ext_ack *extack = fltr->extack; struct flow_match_control enc_control; fltr->tunnel_type = ice_tc_tun_get_type(dev); headers->l3_key.ip_proto = IPPROTO_UDP; if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_KEYID)) { struct flow_match_enc_keyid enc_keyid; flow_rule_match_enc_keyid(rule, &enc_keyid); if (!enc_keyid.mask->keyid || enc_keyid.mask->keyid != cpu_to_be32(ICE_TC_FLOWER_MASK_32)) return -EINVAL; fltr->flags |= ICE_TC_FLWR_FIELD_TENANT_ID; fltr->tenant_id = enc_keyid.key->keyid; } flow_rule_match_enc_control(rule, &enc_control); if (flow_rule_has_enc_control_flags(enc_control.mask->flags, extack)) return -EOPNOTSUPP; if (enc_control.key->addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS) { struct flow_match_ipv4_addrs match; flow_rule_match_enc_ipv4_addrs(rule, &match); if (ice_tc_set_ipv4(&match, fltr, headers, true)) return -EINVAL; } else if (enc_control.key->addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS) { struct flow_match_ipv6_addrs match; flow_rule_match_enc_ipv6_addrs(rule, &match); if (ice_tc_set_ipv6(&match, fltr, headers, true)) return -EINVAL; } if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_IP)) { struct flow_match_ip match; flow_rule_match_enc_ip(rule, &match); ice_tc_set_tos_ttl(&match, fltr, headers, true); } if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_PORTS) && fltr->tunnel_type != TNL_VXLAN && fltr->tunnel_type != TNL_GENEVE) { struct flow_match_ports match; flow_rule_match_enc_ports(rule, &match); if (fltr->tunnel_type != TNL_GTPU) { if (ice_tc_set_port(match, fltr, headers, true)) return -EINVAL; } else { if (ice_parse_gtp_type(match, fltr)) return -EINVAL; } } if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_OPTS) && (fltr->tunnel_type == TNL_GTPU || fltr->tunnel_type == TNL_GTPC)) { struct flow_match_enc_opts match; flow_rule_match_enc_opts(rule, &match); memcpy(&fltr->gtp_pdu_info_keys, &match.key->data[0], sizeof(struct gtp_pdu_session_info)); memcpy(&fltr->gtp_pdu_info_masks, &match.mask->data[0], sizeof(struct gtp_pdu_session_info)); fltr->flags |= ICE_TC_FLWR_FIELD_GTP_OPTS; } if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_OPTS) && fltr->tunnel_type == TNL_PFCP) { struct flow_match_enc_opts match; flow_rule_match_enc_opts(rule, &match); memcpy(&fltr->pfcp_meta_keys, match.key->data, sizeof(struct pfcp_metadata)); memcpy(&fltr->pfcp_meta_masks, match.mask->data, sizeof(struct pfcp_metadata)); fltr->flags |= ICE_TC_FLWR_FIELD_PFCP_OPTS; } return 0; } /** * ice_parse_cls_flower - Parse TC flower filters provided by kernel * @vsi: Pointer to the VSI * @filter_dev: Pointer to device on which filter is being added * @f: Pointer to struct flow_cls_offload * @fltr: Pointer to filter structure * @ingress: if the rule is added to an ingress block * * Return: 0 if the flower was parsed successfully, -EINVAL if the flower * cannot be parsed, -EOPNOTSUPP if such filter cannot be configured * for the given VSI. */ static int ice_parse_cls_flower(struct net_device *filter_dev, struct ice_vsi *vsi, struct flow_cls_offload *f, struct ice_tc_flower_fltr *fltr, bool ingress) { struct ice_tc_flower_lyr_2_4_hdrs *headers = &fltr->outer_headers; struct flow_rule *rule = flow_cls_offload_flow_rule(f); u16 n_proto_mask = 0, n_proto_key = 0, addr_type = 0; struct flow_dissector *dissector; struct net_device *tunnel_dev; dissector = rule->match.dissector; if (dissector->used_keys & ~(BIT_ULL(FLOW_DISSECTOR_KEY_CONTROL) | BIT_ULL(FLOW_DISSECTOR_KEY_BASIC) | BIT_ULL(FLOW_DISSECTOR_KEY_ETH_ADDRS) | BIT_ULL(FLOW_DISSECTOR_KEY_VLAN) | BIT_ULL(FLOW_DISSECTOR_KEY_CVLAN) | BIT_ULL(FLOW_DISSECTOR_KEY_IPV4_ADDRS) | BIT_ULL(FLOW_DISSECTOR_KEY_IPV6_ADDRS) | BIT_ULL(FLOW_DISSECTOR_KEY_ENC_CONTROL) | BIT_ULL(FLOW_DISSECTOR_KEY_ENC_KEYID) | BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) | BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) | BIT_ULL(FLOW_DISSECTOR_KEY_ENC_PORTS) | BIT_ULL(FLOW_DISSECTOR_KEY_ENC_OPTS) | BIT_ULL(FLOW_DISSECTOR_KEY_IP) | BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IP) | BIT_ULL(FLOW_DISSECTOR_KEY_PORTS) | BIT_ULL(FLOW_DISSECTOR_KEY_PPPOE) | BIT_ULL(FLOW_DISSECTOR_KEY_L2TPV3))) { NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported key used"); return -EOPNOTSUPP; } tunnel_dev = ice_get_tunnel_device(filter_dev, rule); if (tunnel_dev) { int err; filter_dev = tunnel_dev; err = ice_parse_tunnel_attr(filter_dev, rule, fltr); if (err) { NL_SET_ERR_MSG_MOD(fltr->extack, "Failed to parse TC flower tunnel attributes"); return err; } /* PFCP is considered non-tunneled - don't swap headers. */ if (fltr->tunnel_type != TNL_PFCP) { /* Header pointers should point to the inner headers, * outer header were already set by * ice_parse_tunnel_attr(). */ headers = &fltr->inner_headers; } } else if (dissector->used_keys & (BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) | BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) | BIT_ULL(FLOW_DISSECTOR_KEY_ENC_KEYID) | BIT_ULL(FLOW_DISSECTOR_KEY_ENC_PORTS) | BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IP) | BIT_ULL(FLOW_DISSECTOR_KEY_ENC_OPTS) | BIT_ULL(FLOW_DISSECTOR_KEY_ENC_CONTROL))) { NL_SET_ERR_MSG_MOD(fltr->extack, "Tunnel key used, but device isn't a tunnel"); return -EOPNOTSUPP; } else { fltr->tunnel_type = TNL_LAST; } if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) { struct flow_match_basic match; flow_rule_match_basic(rule, &match); n_proto_key = ntohs(match.key->n_proto); n_proto_mask = ntohs(match.mask->n_proto); if (n_proto_key == ETH_P_ALL || n_proto_key == 0 || fltr->tunnel_type == TNL_GTPU || fltr->tunnel_type == TNL_GTPC) { n_proto_key = 0; n_proto_mask = 0; } else { fltr->flags |= ICE_TC_FLWR_FIELD_ETH_TYPE_ID; } if (!ingress) { bool switchdev = ice_is_eswitch_mode_switchdev(vsi->back); if (switchdev != (n_proto_key == ETH_P_LLDP)) { NL_SET_ERR_MSG_FMT_MOD(fltr->extack, "%sLLDP filtering is not supported on egress in %s mode", switchdev ? "Non-" : "", switchdev ? "switchdev" : "legacy"); return -EOPNOTSUPP; } } headers->l2_key.n_proto = cpu_to_be16(n_proto_key); headers->l2_mask.n_proto = cpu_to_be16(n_proto_mask); headers->l3_key.ip_proto = match.key->ip_proto; } if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ETH_ADDRS)) { struct flow_match_eth_addrs match; flow_rule_match_eth_addrs(rule, &match); if (!is_zero_ether_addr(match.key->dst)) { ether_addr_copy(headers->l2_key.dst_mac, match.key->dst); ether_addr_copy(headers->l2_mask.dst_mac, match.mask->dst); fltr->flags |= ICE_TC_FLWR_FIELD_DST_MAC; } if (!is_zero_ether_addr(match.key->src)) { ether_addr_copy(headers->l2_key.src_mac, match.key->src); ether_addr_copy(headers->l2_mask.src_mac, match.mask->src); fltr->flags |= ICE_TC_FLWR_FIELD_SRC_MAC; } } if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_VLAN) || is_vlan_dev(filter_dev)) { struct flow_dissector_key_vlan mask; struct flow_dissector_key_vlan key; struct flow_match_vlan match; if (is_vlan_dev(filter_dev)) { match.key = &key; match.key->vlan_id = vlan_dev_vlan_id(filter_dev); match.key->vlan_priority = 0; match.mask = &mask; memset(match.mask, 0xff, sizeof(*match.mask)); match.mask->vlan_priority = 0; } else { flow_rule_match_vlan(rule, &match); } if (match.mask->vlan_id) { if (match.mask->vlan_id == VLAN_VID_MASK) { fltr->flags |= ICE_TC_FLWR_FIELD_VLAN; headers->vlan_hdr.vlan_id = cpu_to_be16(match.key->vlan_id & VLAN_VID_MASK); } else { NL_SET_ERR_MSG_MOD(fltr->extack, "Bad VLAN mask"); return -EINVAL; } } if (match.mask->vlan_priority) { fltr->flags |= ICE_TC_FLWR_FIELD_VLAN_PRIO; headers->vlan_hdr.vlan_prio = be16_encode_bits(match.key->vlan_priority, VLAN_PRIO_MASK); } if (match.mask->vlan_tpid) { headers->vlan_hdr.vlan_tpid = match.key->vlan_tpid; fltr->flags |= ICE_TC_FLWR_FIELD_VLAN_TPID; } } if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CVLAN)) { struct flow_match_vlan match; if (!ice_is_dvm_ena(&vsi->back->hw)) { NL_SET_ERR_MSG_MOD(fltr->extack, "Double VLAN mode is not enabled"); return -EINVAL; } flow_rule_match_cvlan(rule, &match); if (match.mask->vlan_id) { if (match.mask->vlan_id == VLAN_VID_MASK) { fltr->flags |= ICE_TC_FLWR_FIELD_CVLAN; headers->cvlan_hdr.vlan_id = cpu_to_be16(match.key->vlan_id & VLAN_VID_MASK); } else { NL_SET_ERR_MSG_MOD(fltr->extack, "Bad CVLAN mask"); return -EINVAL; } } if (match.mask->vlan_priority) { fltr->flags |= ICE_TC_FLWR_FIELD_CVLAN_PRIO; headers->cvlan_hdr.vlan_prio = be16_encode_bits(match.key->vlan_priority, VLAN_PRIO_MASK); } } if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PPPOE)) { struct flow_match_pppoe match; flow_rule_match_pppoe(rule, &match); n_proto_key = ice_tc_set_pppoe(&match, fltr, headers); /* If ethertype equals ETH_P_PPP_SES, n_proto might be * overwritten by encapsulated protocol (ppp_proto field) or set * to 0. To correct this, flow_match_pppoe provides the type * field, which contains the actual ethertype (ETH_P_PPP_SES). */ headers->l2_key.n_proto = cpu_to_be16(n_proto_key); headers->l2_mask.n_proto = cpu_to_be16(0xFFFF); fltr->flags |= ICE_TC_FLWR_FIELD_ETH_TYPE_ID; } if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CONTROL)) { struct flow_match_control match; flow_rule_match_control(rule, &match); addr_type = match.key->addr_type; if (flow_rule_has_control_flags(match.mask->flags, fltr->extack)) return -EOPNOTSUPP; } if (addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS) { struct flow_match_ipv4_addrs match; flow_rule_match_ipv4_addrs(rule, &match); if (ice_tc_set_ipv4(&match, fltr, headers, false)) return -EINVAL; } if (addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS) { struct flow_match_ipv6_addrs match; flow_rule_match_ipv6_addrs(rule, &match); if (ice_tc_set_ipv6(&match, fltr, headers, false)) return -EINVAL; } if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IP)) { struct flow_match_ip match; flow_rule_match_ip(rule, &match); ice_tc_set_tos_ttl(&match, fltr, headers, false); } if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_L2TPV3)) { struct flow_match_l2tpv3 match; flow_rule_match_l2tpv3(rule, &match); fltr->flags |= ICE_TC_FLWR_FIELD_L2TPV3_SESSID; headers->l2tpv3_hdr.session_id = match.key->session_id; } if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS)) { struct flow_match_ports match; flow_rule_match_ports(rule, &match); if (ice_tc_set_port(match, fltr, headers, false)) return -EINVAL; switch (headers->l3_key.ip_proto) { case IPPROTO_TCP: case IPPROTO_UDP: break; default: NL_SET_ERR_MSG_MOD(fltr->extack, "Only UDP and TCP transport are supported"); return -EINVAL; } } /* Ingress filter on representor results in an egress filter in HW * and vice versa */ ingress = ice_is_port_repr_netdev(filter_dev) ? !ingress : ingress; fltr->direction = ingress ? ICE_ESWITCH_FLTR_INGRESS : ICE_ESWITCH_FLTR_EGRESS; return 0; } /** * ice_add_switch_fltr - Add TC flower filters * @vsi: Pointer to VSI * @fltr: Pointer to struct ice_tc_flower_fltr * * Add filter in HW switch block */ static int ice_add_switch_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr) { if (fltr->action.fltr_act == ICE_FWD_TO_QGRP) return -EOPNOTSUPP; if (ice_is_eswitch_mode_switchdev(vsi->back)) return ice_eswitch_add_tc_fltr(vsi, fltr); return ice_add_tc_flower_adv_fltr(vsi, fltr); } /** * ice_prep_adq_filter - Prepare ADQ filter with the required additional headers * @vsi: Pointer to VSI * @fltr: Pointer to TC flower filter structure * * Prepare ADQ filter with the required additional header fields */ static int ice_prep_adq_filter(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr) { if ((fltr->flags & ICE_TC_FLWR_FIELD_TENANT_ID) && (fltr->flags & (ICE_TC_FLWR_FIELD_DST_MAC | ICE_TC_FLWR_FIELD_SRC_MAC))) { NL_SET_ERR_MSG_MOD(fltr->extack, "Unable to add filter because filter using tunnel key and inner MAC is unsupport return -EOPNOTSUPP; } /* For ADQ, filter must include dest MAC address, otherwise unwanted * packets with unrelated MAC address get delivered to ADQ VSIs as long * as remaining filter criteria is satisfied such as dest IP address * and dest/src L4 port. Below code handles the following cases: * 1. For non-tunnel, if user specify MAC addresses, use them. * 2. For non-tunnel, if user didn't specify MAC address, add implicit * dest MAC to be lower netdev's active unicast MAC address * 3. For tunnel, as of now TC-filter through flower classifier doesn't * have provision for user to specify outer DMAC, hence driver to * implicitly add outer dest MAC to be lower netdev's active unicast * MAC address. */ if (fltr->tunnel_type != TNL_LAST && !(fltr->flags & ICE_TC_FLWR_FIELD_ENC_DST_MAC)) fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DST_MAC; if (fltr->tunnel_type == TNL_LAST && !(fltr->flags & ICE_TC_FLWR_FIELD_DST_MAC)) fltr->flags |= ICE_TC_FLWR_FIELD_DST_MAC; if (fltr->flags & (ICE_TC_FLWR_FIELD_DST_MAC | ICE_TC_FLWR_FIELD_ENC_DST_MAC)) { ether_addr_copy(fltr->outer_headers.l2_key.dst_mac, vsi->netdev->dev_addr); eth_broadcast_addr(fltr->outer_headers.l2_mask.dst_mac); } /* Make sure VLAN is already added to main VSI, before allowing ADQ to * add a VLAN based filter such as MAC + VLAN + L4 port. */ if (fltr->flags & ICE_TC_FLWR_FIELD_VLAN) { u16 vlan_id = be16_to_cpu(fltr->outer_headers.vlan_hdr.vlan_id); if (!ice_vlan_fltr_exist(&vsi->back->hw, vlan_id, vsi->idx)) { NL_SET_ERR_MSG_MOD(fltr->extack, "Unable to add filter because legacy VLAN filter for specified destination doesn return -EINVAL; } } return 0; } /** * ice_handle_tclass_action - Support directing to a traffic class * @vsi: Pointer to VSI * @cls_flower: Pointer to TC flower offload structure * @fltr: Pointer to TC flower filter structure * * Support directing traffic to a traffic class/queue-set */ static int ice_handle_tclass_action(struct ice_vsi *vsi, struct flow_cls_offload *cls_flower, struct ice_tc_flower_fltr *fltr) { int tc = tc_classid_to_hwtc(vsi->netdev, cls_flower->classid); /* user specified hw_tc (must be non-zero for ADQ TC), action is forward * to hw_tc (i.e. ADQ channel number) */ if (tc < ICE_CHNL_START_TC) { NL_SET_ERR_MSG_MOD(fltr->extack, "Unable to add filter because of unsupported destination"); return -EOPNOTSUPP; } if (!(vsi->all_enatc & BIT(tc))) { NL_SET_ERR_MSG_MOD(fltr->extack, "Unable to add filter because of non-existence destination"); return -EINVAL; } fltr->action.fltr_act = ICE_FWD_TO_VSI; fltr->action.fwd.tc.tc_class = tc; return ice_prep_adq_filter(vsi, fltr); } static int ice_tc_forward_to_queue(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr, struct flow_action_entry *act) { struct ice_vsi *ch_vsi = NULL; u16 queue = act->rx_queue; if (queue >= vsi->num_rxq) { NL_SET_ERR_MSG_MOD(fltr->extack, "Unable to add filter because specified queue is invalid"); return -EINVAL; } fltr->action.fltr_act = ICE_FWD_TO_Q; fltr->action.fwd.q.queue = queue; /* determine corresponding HW queue */ fltr->action.fwd.q.hw_queue = vsi->rxq_map[queue]; /* If ADQ is configured, and the queue belongs to ADQ VSI, then prepare * ADQ switch filter */ ch_vsi = ice_locate_vsi_using_queue(vsi, fltr->action.fwd.q.queue); if (!ch_vsi) return -EINVAL; fltr->dest_vsi = ch_vsi; if (!ice_is_chnl_fltr(fltr)) return 0; return ice_prep_adq_filter(vsi, fltr); } static int ice_tc_parse_action(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr, struct flow_action_entry *act) { switch (act->id) { case FLOW_ACTION_RX_QUEUE_MAPPING: /* forward to queue */ return ice_tc_forward_to_queue(vsi, fltr, act); case FLOW_ACTION_DROP: fltr->action.fltr_act = ICE_DROP_PACKET; return 0; default: NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported TC action"); return -EOPNOTSUPP; } } /** * ice_parse_tc_flower_actions - Parse the actions for a TC filter * @filter_dev: Pointer to device on which filter is being added * @vsi: Pointer to VSI * @cls_flower: Pointer to TC flower offload structure * @fltr: Pointer to TC flower filter structure * * Parse the actions for a TC filter */ static int ice_parse_tc_flower_actions(struct net_device *filter_dev, struct ice_vsi *vsi, struct flow_cls_offload *cls_flower, struct ice_tc_flower_fltr *fltr) { struct flow_rule *rule = flow_cls_offload_flow_rule(cls_flower); struct flow_action *flow_action = &rule->action; struct flow_action_entry *act; int i, err; if (cls_flower->classid) return ice_handle_tclass_action(vsi, cls_flower, fltr); if (!flow_action_has_entries(flow_action)) return -EINVAL; flow_action_for_each(i, act, flow_action) { if (ice_is_eswitch_mode_switchdev(vsi->back)) err = ice_eswitch_tc_parse_action(filter_dev, fltr, act); else err = ice_tc_parse_action(vsi, fltr, act); if (err) return err; continue; } return 0; } /** * ice_del_tc_fltr - deletes a filter from HW table * @vsi: Pointer to VSI * @fltr: Pointer to struct ice_tc_flower_fltr * * This function deletes a filter from HW table and manages book-keeping */ static int ice_del_tc_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr) { struct ice_rule_query_data rule_rem; struct ice_pf *pf = vsi->back; int err; if (ice_is_fltr_pf_tx_lldp(fltr)) ice_handle_del_pf_lldp_drop_rule(pf); if (ice_is_fltr_vf_tx_lldp(fltr)) return ice_drop_vf_tx_lldp(vsi, false); rule_rem.rid = fltr->rid; rule_rem.rule_id = fltr->rule_id; rule_rem.vsi_handle = fltr->dest_vsi_handle; err = ice_rem_adv_rule_by_id(&pf->hw, &rule_rem); if (err) { if (err == -ENOENT) { NL_SET_ERR_MSG_MOD(fltr->extack, "Filter does not exist"); return -ENOENT; } NL_SET_ERR_MSG_MOD(fltr->extack, "Failed to delete TC flower filter"); return -EIO; } /* update advanced switch filter count for destination * VSI if filter destination was VSI */ if (fltr->dest_vsi) { if (fltr->dest_vsi->type == ICE_VSI_CHNL) { fltr->dest_vsi->num_chnl_fltr--; /* keeps track of channel filters for PF VSI */ if (vsi->type == ICE_VSI_PF && (fltr->flags & (ICE_TC_FLWR_FIELD_DST_MAC | ICE_TC_FLWR_FIELD_ENC_DST_MAC))) pf->num_dmac_chnl_fltrs--; } } return 0; } /** * ice_add_tc_fltr - adds a TC flower filter * @netdev: Pointer to netdev * @vsi: Pointer to VSI * @f: Pointer to flower offload structure * @__fltr: Pointer to struct ice_tc_flower_fltr * @ingress: if the rule is added to an ingress block * * This function parses TC-flower input fields, parses action, * and adds a filter. * * Return: 0 if the filter was successfully added, * negative error code otherwise. */ static int ice_add_tc_fltr(struct net_device *netdev, struct ice_vsi *vsi, struct flow_cls_offload *f, struct ice_tc_flower_fltr **__fltr, bool ingress) { struct ice_tc_flower_fltr *fltr; int err; /* by default, set output to be INVALID */ *__fltr = NULL; fltr = kzalloc(sizeof(*fltr), GFP_KERNEL); if (!fltr) return -ENOMEM; fltr->cookie = f->cookie; fltr->extack = f->common.extack; fltr->src_vsi = vsi; INIT_HLIST_NODE(&fltr->tc_flower_node); err = ice_parse_cls_flower(netdev, vsi, f, fltr, ingress); if (err < 0) goto err; err = ice_parse_tc_flower_actions(netdev, vsi, f, fltr); if (err < 0) goto err; err = ice_add_switch_fltr(vsi, fltr); if (err < 0) goto err; /* return the newly created filter */ *__fltr = fltr; return 0; err: kfree(fltr); return err; } /** * ice_find_tc_flower_fltr - Find the TC flower filter in the list * @pf: Pointer to PF * @cookie: filter specific cookie */ static struct ice_tc_flower_fltr * ice_find_tc_flower_fltr(struct ice_pf *pf, unsigned long cookie) { struct ice_tc_flower_fltr *fltr; hlist_for_each_entry(fltr, &pf->tc_flower_fltr_list, tc_flower_node) if (cookie == fltr->cookie) return fltr; return NULL; } /** * ice_add_cls_flower - add TC flower filters * @netdev: Pointer to filter device * @vsi: Pointer to VSI * @cls_flower: Pointer to flower offload structure * @ingress: if the rule is added to an ingress block * * Return: 0 if the flower was successfully added, * negative error code otherwise. */ int ice_add_cls_flower(struct net_device *netdev, struct ice_vsi *vsi, struct flow_cls_offload *cls_flower, bool ingress) { struct netlink_ext_ack *extack = cls_flower->common.extack; struct net_device *vsi_netdev = vsi->netdev; struct ice_tc_flower_fltr *fltr; struct ice_pf *pf = vsi->back; int err; if (ice_is_reset_in_progress(pf->state)) return -EBUSY; if (test_bit(ICE_FLAG_FW_LLDP_AGENT, pf->flags)) return -EINVAL; if (ice_is_port_repr_netdev(netdev)) vsi_netdev = netdev; if (!(vsi_netdev->features & NETIF_F_HW_TC) && !test_bit(ICE_FLAG_CLS_FLOWER, pf->flags)) { /* Based on TC indirect notifications from kernel, all ice * devices get an instance of rule from higher level device. * Avoid triggering explicit error in this case. */ if (netdev == vsi_netdev) NL_SET_ERR_MSG_MOD(extack, "can't apply TC flower filters, turn ON hw-tc-offload return -EINVAL; } /* avoid duplicate entries, if exists - return error */ fltr = ice_find_tc_flower_fltr(pf, cls_flower->cookie); if (fltr) { NL_SET_ERR_MSG_MOD(extack, "filter cookie already exists, ignoring"); return -EEXIST; } /* prep and add TC-flower filter in HW */ err = ice_add_tc_fltr(netdev, vsi, cls_flower, &fltr, ingress); if (err) return err; /* add filter into an ordered list */ hlist_add_head(&fltr->tc_flower_node, &pf->tc_flower_fltr_list); return 0; } /** * ice_del_cls_flower - delete TC flower filters * @vsi: Pointer to VSI * @cls_flower: Pointer to struct flow_cls_offload */ int ice_del_cls_flower(struct ice_vsi *vsi, struct flow_cls_offload *cls_flower) { struct ice_tc_flower_fltr *fltr; struct ice_pf *pf = vsi->back; int err; /* find filter */ fltr = ice_find_tc_flower_fltr(pf, cls_flower->cookie); if (!fltr) { if (!test_bit(ICE_FLAG_TC_MQPRIO, pf->flags) && hlist_empty(&pf->tc_flower_fltr_list)) return 0; NL_SET_ERR_MSG_MOD(cls_flower->common.extack, "failed to delete TC flower filter b return -EINVAL; } fltr->extack = cls_flower->common.extack; /* delete filter from HW */ err = ice_del_tc_fltr(vsi, fltr); if (err) return err; /* delete filter from an ordered list */ hlist_del(&fltr->tc_flower_node); /* free the filter node */ kfree(fltr); return 0; } /** * ice_replay_tc_fltrs - replay TC filters * @pf: pointer to PF struct */ void ice_replay_tc_fltrs(struct ice_pf *pf) { struct ice_tc_flower_fltr *fltr; struct hlist_node *node; --> -------------------- --> maximum size reached --> --------------------
¤ Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.0.24Bemerkung: (vorverarbeitet) ¤*Bot Zugriff |
|
||||||||||||||
2026-04-04