1 // SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB
2 /* Copyright (c) 2018 Mellanox Technologies. */
3 
4 #include <net/geneve.h>
5 #include "lib/geneve.h"
6 #include "en/tc_tun.h"
7 
8 #define MLX5E_GENEVE_VER 0
9 
mlx5e_tc_tun_can_offload_geneve(struct mlx5e_priv * priv)10 static bool mlx5e_tc_tun_can_offload_geneve(struct mlx5e_priv *priv)
11 {
12 	return !!(MLX5_CAP_GEN(priv->mdev, flex_parser_protocols) & MLX5_FLEX_PROTO_GENEVE);
13 }
14 
mlx5e_tc_tun_calc_hlen_geneve(struct mlx5e_encap_entry * e)15 static int mlx5e_tc_tun_calc_hlen_geneve(struct mlx5e_encap_entry *e)
16 {
17 	return sizeof(struct udphdr) +
18 	       sizeof(struct genevehdr) +
19 	       e->tun_info->options_len;
20 }
21 
mlx5e_tc_tun_check_udp_dport_geneve(struct mlx5e_priv * priv,struct flow_cls_offload * f)22 static int mlx5e_tc_tun_check_udp_dport_geneve(struct mlx5e_priv *priv,
23 					       struct flow_cls_offload *f)
24 {
25 	struct flow_rule *rule = flow_cls_offload_flow_rule(f);
26 	struct netlink_ext_ack *extack = f->common.extack;
27 	struct flow_match_ports enc_ports;
28 
29 	if (!flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_PORTS))
30 		return -EOPNOTSUPP;
31 
32 	flow_rule_match_enc_ports(rule, &enc_ports);
33 
34 	/* Currently we support only default GENEVE
35 	 * port, so udp dst port must match.
36 	 */
37 	if (be16_to_cpu(enc_ports.key->dst) != GENEVE_UDP_PORT) {
38 		NL_SET_ERR_MSG_MOD(extack,
39 				   "Matched UDP dst port is not registered as a GENEVE port");
40 		netdev_warn(priv->netdev,
41 			    "UDP port %d is not registered as a GENEVE port\n",
42 			    be16_to_cpu(enc_ports.key->dst));
43 		return -EOPNOTSUPP;
44 	}
45 
46 	return 0;
47 }
48 
mlx5e_tc_tun_parse_udp_ports_geneve(struct mlx5e_priv * priv,struct mlx5_flow_spec * spec,struct flow_cls_offload * f,void * headers_c,void * headers_v)49 static int mlx5e_tc_tun_parse_udp_ports_geneve(struct mlx5e_priv *priv,
50 					       struct mlx5_flow_spec *spec,
51 					       struct flow_cls_offload *f,
52 					       void *headers_c,
53 					       void *headers_v)
54 {
55 	int err;
56 
57 	err = mlx5e_tc_tun_parse_udp_ports(priv, spec, f, headers_c, headers_v);
58 	if (err)
59 		return err;
60 
61 	return mlx5e_tc_tun_check_udp_dport_geneve(priv, f);
62 }
63 
mlx5e_tc_tun_init_encap_attr_geneve(struct net_device * tunnel_dev,struct mlx5e_priv * priv,struct mlx5e_encap_entry * e,struct netlink_ext_ack * extack)64 static int mlx5e_tc_tun_init_encap_attr_geneve(struct net_device *tunnel_dev,
65 					       struct mlx5e_priv *priv,
66 					       struct mlx5e_encap_entry *e,
67 					       struct netlink_ext_ack *extack)
68 {
69 	e->tunnel = &geneve_tunnel;
70 
71 	/* Reformat type for GENEVE encap is similar to VXLAN:
72 	 * in both cases the HW adds in the same place a
73 	 * defined encapsulation header that the SW provides.
74 	 */
75 	e->reformat_type = MLX5_REFORMAT_TYPE_L2_TO_VXLAN;
76 	return 0;
77 }
78 
mlx5e_tunnel_id_to_vni(__be64 tun_id,__u8 * vni)79 static void mlx5e_tunnel_id_to_vni(__be64 tun_id, __u8 *vni)
80 {
81 #ifdef __BIG_ENDIAN
82 	vni[0] = (__force __u8)(tun_id >> 16);
83 	vni[1] = (__force __u8)(tun_id >> 8);
84 	vni[2] = (__force __u8)tun_id;
85 #else
86 	vni[0] = (__force __u8)((__force u64)tun_id >> 40);
87 	vni[1] = (__force __u8)((__force u64)tun_id >> 48);
88 	vni[2] = (__force __u8)((__force u64)tun_id >> 56);
89 #endif
90 }
91 
mlx5e_gen_ip_tunnel_header_geneve(char buf[],__u8 * ip_proto,struct mlx5e_encap_entry * e)92 static int mlx5e_gen_ip_tunnel_header_geneve(char buf[],
93 					     __u8 *ip_proto,
94 					     struct mlx5e_encap_entry *e)
95 {
96 	const struct ip_tunnel_info *tun_info = e->tun_info;
97 	struct udphdr *udp = (struct udphdr *)(buf);
98 	struct genevehdr *geneveh;
99 
100 	geneveh = (struct genevehdr *)((char *)udp + sizeof(struct udphdr));
101 
102 	*ip_proto = IPPROTO_UDP;
103 
104 	udp->dest = tun_info->key.tp_dst;
105 
106 	memset(geneveh, 0, sizeof(*geneveh));
107 	geneveh->ver = MLX5E_GENEVE_VER;
108 	geneveh->opt_len = tun_info->options_len / 4;
109 	geneveh->oam = !!(tun_info->key.tun_flags & TUNNEL_OAM);
110 	geneveh->critical = !!(tun_info->key.tun_flags & TUNNEL_CRIT_OPT);
111 	mlx5e_tunnel_id_to_vni(tun_info->key.tun_id, geneveh->vni);
112 	geneveh->proto_type = htons(ETH_P_TEB);
113 
114 	if (tun_info->key.tun_flags & TUNNEL_GENEVE_OPT) {
115 		if (!geneveh->opt_len)
116 			return -EOPNOTSUPP;
117 		ip_tunnel_info_opts_get(geneveh->options, tun_info);
118 	}
119 
120 	return 0;
121 }
122 
mlx5e_tc_tun_parse_geneve_vni(struct mlx5e_priv * priv,struct mlx5_flow_spec * spec,struct flow_cls_offload * f)123 static int mlx5e_tc_tun_parse_geneve_vni(struct mlx5e_priv *priv,
124 					 struct mlx5_flow_spec *spec,
125 					 struct flow_cls_offload *f)
126 {
127 	struct flow_rule *rule = flow_cls_offload_flow_rule(f);
128 	struct netlink_ext_ack *extack = f->common.extack;
129 	struct flow_match_enc_keyid enc_keyid;
130 	void *misc_c, *misc_v;
131 
132 	misc_c = MLX5_ADDR_OF(fte_match_param, spec->match_criteria, misc_parameters);
133 	misc_v = MLX5_ADDR_OF(fte_match_param, spec->match_value, misc_parameters);
134 
135 	if (!flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_KEYID))
136 		return 0;
137 
138 	flow_rule_match_enc_keyid(rule, &enc_keyid);
139 
140 	if (!enc_keyid.mask->keyid)
141 		return 0;
142 
143 	if (!MLX5_CAP_ESW_FLOWTABLE_FDB(priv->mdev, ft_field_support.outer_geneve_vni)) {
144 		NL_SET_ERR_MSG_MOD(extack, "Matching on GENEVE VNI is not supported");
145 		netdev_warn(priv->netdev, "Matching on GENEVE VNI is not supported\n");
146 		return -EOPNOTSUPP;
147 	}
148 
149 	MLX5_SET(fte_match_set_misc, misc_c, geneve_vni, be32_to_cpu(enc_keyid.mask->keyid));
150 	MLX5_SET(fte_match_set_misc, misc_v, geneve_vni, be32_to_cpu(enc_keyid.key->keyid));
151 
152 	return 0;
153 }
154 
mlx5e_tc_tun_parse_geneve_options(struct mlx5e_priv * priv,struct mlx5_flow_spec * spec,struct flow_cls_offload * f)155 static int mlx5e_tc_tun_parse_geneve_options(struct mlx5e_priv *priv,
156 					     struct mlx5_flow_spec *spec,
157 					     struct flow_cls_offload *f)
158 {
159 	u8 max_tlv_option_data_len = MLX5_CAP_GEN(priv->mdev, max_geneve_tlv_option_data_len);
160 	u8 max_tlv_options = MLX5_CAP_GEN(priv->mdev, max_geneve_tlv_options);
161 	struct flow_rule *rule = flow_cls_offload_flow_rule(f);
162 	struct netlink_ext_ack *extack = f->common.extack;
163 	void *misc_c, *misc_v, *misc_3_c, *misc_3_v;
164 	struct geneve_opt *option_key, *option_mask;
165 	__be32 opt_data_key = 0, opt_data_mask = 0;
166 	struct flow_match_enc_opts enc_opts;
167 	int res = 0;
168 
169 	misc_c = MLX5_ADDR_OF(fte_match_param, spec->match_criteria, misc_parameters);
170 	misc_v = MLX5_ADDR_OF(fte_match_param, spec->match_value, misc_parameters);
171 	misc_3_c = MLX5_ADDR_OF(fte_match_param, spec->match_criteria, misc_parameters_3);
172 	misc_3_v = MLX5_ADDR_OF(fte_match_param, spec->match_value, misc_parameters_3);
173 
174 	if (!flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_OPTS))
175 		return 0;
176 
177 	flow_rule_match_enc_opts(rule, &enc_opts);
178 
179 	if (memchr_inv(&enc_opts.mask->data, 0, sizeof(enc_opts.mask->data)) &&
180 	    !MLX5_CAP_ESW_FLOWTABLE_FDB(priv->mdev,
181 					ft_field_support.geneve_tlv_option_0_data)) {
182 		NL_SET_ERR_MSG_MOD(extack,
183 				   "Matching on GENEVE options is not supported");
184 		netdev_warn(priv->netdev,
185 			    "Matching on GENEVE options is not supported\n");
186 		return -EOPNOTSUPP;
187 	}
188 
189 	/* make sure that we're talking about GENEVE options */
190 
191 	if (enc_opts.key->dst_opt_type != TUNNEL_GENEVE_OPT) {
192 		NL_SET_ERR_MSG_MOD(extack,
193 				   "Matching on GENEVE options: option type is not GENEVE");
194 		netdev_warn(priv->netdev,
195 			    "Matching on GENEVE options: option type is not GENEVE\n");
196 		return -EOPNOTSUPP;
197 	}
198 
199 	if (enc_opts.mask->len &&
200 	    !MLX5_CAP_ESW_FLOWTABLE_FDB(priv->mdev,
201 					ft_field_support.outer_geneve_opt_len)) {
202 		NL_SET_ERR_MSG_MOD(extack, "Matching on GENEVE options len is not supported");
203 		netdev_warn(priv->netdev,
204 			    "Matching on GENEVE options len is not supported\n");
205 		return -EOPNOTSUPP;
206 	}
207 
208 	/* max_geneve_tlv_option_data_len comes in multiples of 4 bytes, and it
209 	 * doesn't include the TLV option header. 'geneve_opt_len' is a total
210 	 * len of all the options, including the headers, also multiples of 4
211 	 * bytes. Len that comes from the dissector is in bytes.
212 	 */
213 
214 	if ((enc_opts.key->len / 4) > ((max_tlv_option_data_len + 1) * max_tlv_options)) {
215 		NL_SET_ERR_MSG_MOD(extack,
216 				   "Matching on GENEVE options: unsupported options len");
217 		netdev_warn(priv->netdev,
218 			    "Matching on GENEVE options: unsupported options len (len=%d)\n",
219 			    enc_opts.key->len);
220 		return -EOPNOTSUPP;
221 	}
222 
223 	MLX5_SET(fte_match_set_misc, misc_c, geneve_opt_len, enc_opts.mask->len / 4);
224 	MLX5_SET(fte_match_set_misc, misc_v, geneve_opt_len, enc_opts.key->len / 4);
225 
226 	/* we support matching on one option only, so just get it */
227 	option_key = (struct geneve_opt *)&enc_opts.key->data[0];
228 	option_mask = (struct geneve_opt *)&enc_opts.mask->data[0];
229 
230 	if (option_mask->opt_class == 0 && option_mask->type == 0 &&
231 	    !memchr_inv(option_mask->opt_data, 0, option_mask->length * 4))
232 		return 0;
233 
234 	if (option_key->length > max_tlv_option_data_len) {
235 		NL_SET_ERR_MSG_MOD(extack,
236 				   "Matching on GENEVE options: unsupported option len");
237 		netdev_warn(priv->netdev,
238 			    "Matching on GENEVE options: unsupported option len (key=%d, mask=%d)\n",
239 			    option_key->length, option_mask->length);
240 		return -EOPNOTSUPP;
241 	}
242 
243 	/* data can't be all 0 - fail to offload such rule */
244 	if (!memchr_inv(option_key->opt_data, 0, option_key->length * 4)) {
245 		NL_SET_ERR_MSG_MOD(extack,
246 				   "Matching on GENEVE options: can't match on 0 data field");
247 		netdev_warn(priv->netdev,
248 			    "Matching on GENEVE options: can't match on 0 data field\n");
249 		return -EOPNOTSUPP;
250 	}
251 
252 	/* add new GENEVE TLV options object */
253 	res = mlx5_geneve_tlv_option_add(priv->mdev->geneve, option_key);
254 	if (res) {
255 		NL_SET_ERR_MSG_MOD(extack,
256 				   "Matching on GENEVE options: failed creating TLV opt object");
257 		netdev_warn(priv->netdev,
258 			    "Matching on GENEVE options: failed creating TLV opt object (class:type:len = 0x%x:0x%x:%d)\n",
259 			    be16_to_cpu(option_key->opt_class),
260 			    option_key->type, option_key->length);
261 		return res;
262 	}
263 
264 	/* In general, after creating the object, need to query it
265 	 * in order to check which option data to set in misc3.
266 	 * But we support only geneve_tlv_option_0_data, so no
267 	 * point querying at this stage.
268 	 */
269 
270 	memcpy(&opt_data_key, option_key->opt_data, option_key->length * 4);
271 	memcpy(&opt_data_mask, option_mask->opt_data, option_mask->length * 4);
272 	MLX5_SET(fte_match_set_misc3, misc_3_v,
273 		 geneve_tlv_option_0_data, be32_to_cpu(opt_data_key));
274 	MLX5_SET(fte_match_set_misc3, misc_3_c,
275 		 geneve_tlv_option_0_data, be32_to_cpu(opt_data_mask));
276 	if (MLX5_CAP_ESW_FLOWTABLE_FDB(priv->mdev,
277 				       ft_field_support.geneve_tlv_option_0_exist)) {
278 		MLX5_SET_TO_ONES(fte_match_set_misc, misc_c, geneve_tlv_option_0_exist);
279 		MLX5_SET_TO_ONES(fte_match_set_misc, misc_v, geneve_tlv_option_0_exist);
280 	}
281 
282 	spec->match_criteria_enable |= MLX5_MATCH_MISC_PARAMETERS_3;
283 
284 	return 0;
285 }
286 
mlx5e_tc_tun_parse_geneve_params(struct mlx5e_priv * priv,struct mlx5_flow_spec * spec,struct flow_cls_offload * f)287 static int mlx5e_tc_tun_parse_geneve_params(struct mlx5e_priv *priv,
288 					    struct mlx5_flow_spec *spec,
289 					    struct flow_cls_offload *f)
290 {
291 	void *misc_c = MLX5_ADDR_OF(fte_match_param, spec->match_criteria, misc_parameters);
292 	void *misc_v = MLX5_ADDR_OF(fte_match_param, spec->match_value,  misc_parameters);
293 	struct netlink_ext_ack *extack = f->common.extack;
294 
295 	/* match on OAM - packets with OAM bit on should NOT be offloaded */
296 
297 	if (!MLX5_CAP_ESW_FLOWTABLE_FDB(priv->mdev, ft_field_support.outer_geneve_oam)) {
298 		NL_SET_ERR_MSG_MOD(extack, "Matching on GENEVE OAM is not supported");
299 		netdev_warn(priv->netdev, "Matching on GENEVE OAM is not supported\n");
300 		return -EOPNOTSUPP;
301 	}
302 	MLX5_SET_TO_ONES(fte_match_set_misc, misc_c, geneve_oam);
303 	MLX5_SET(fte_match_set_misc, misc_v, geneve_oam, 0);
304 
305 	/* Match on GENEVE protocol. We support only Transparent Eth Bridge. */
306 
307 	if (MLX5_CAP_ESW_FLOWTABLE_FDB(priv->mdev,
308 				       ft_field_support.outer_geneve_protocol_type)) {
309 		MLX5_SET_TO_ONES(fte_match_set_misc, misc_c, geneve_protocol_type);
310 		MLX5_SET(fte_match_set_misc, misc_v, geneve_protocol_type, ETH_P_TEB);
311 	}
312 
313 	spec->match_criteria_enable |= MLX5_MATCH_MISC_PARAMETERS;
314 
315 	return 0;
316 }
317 
mlx5e_tc_tun_parse_geneve(struct mlx5e_priv * priv,struct mlx5_flow_spec * spec,struct flow_cls_offload * f,void * headers_c,void * headers_v)318 static int mlx5e_tc_tun_parse_geneve(struct mlx5e_priv *priv,
319 				     struct mlx5_flow_spec *spec,
320 				     struct flow_cls_offload *f,
321 				     void *headers_c,
322 				     void *headers_v)
323 {
324 	int err;
325 
326 	err = mlx5e_tc_tun_parse_geneve_params(priv, spec, f);
327 	if (err)
328 		return err;
329 
330 	err = mlx5e_tc_tun_parse_geneve_vni(priv, spec, f);
331 	if (err)
332 		return err;
333 
334 	return mlx5e_tc_tun_parse_geneve_options(priv, spec, f);
335 }
336 
mlx5e_tc_tun_encap_info_equal_geneve(struct mlx5e_encap_key * a,struct mlx5e_encap_key * b)337 static bool mlx5e_tc_tun_encap_info_equal_geneve(struct mlx5e_encap_key *a,
338 						 struct mlx5e_encap_key *b)
339 {
340 	struct ip_tunnel_info *a_info;
341 	struct ip_tunnel_info *b_info;
342 	bool a_has_opts, b_has_opts;
343 
344 	if (!mlx5e_tc_tun_encap_info_equal_generic(a, b))
345 		return false;
346 
347 	a_has_opts = !!(a->ip_tun_key->tun_flags & TUNNEL_GENEVE_OPT);
348 	b_has_opts = !!(b->ip_tun_key->tun_flags & TUNNEL_GENEVE_OPT);
349 
350 	/* keys are equal when both don't have any options attached */
351 	if (!a_has_opts && !b_has_opts)
352 		return true;
353 
354 	if (a_has_opts != b_has_opts)
355 		return false;
356 
357 	/* geneve options stored in memory next to ip_tunnel_info struct */
358 	a_info = container_of(a->ip_tun_key, struct ip_tunnel_info, key);
359 	b_info = container_of(b->ip_tun_key, struct ip_tunnel_info, key);
360 
361 	return a_info->options_len == b_info->options_len &&
362 		memcmp(a_info + 1, b_info + 1, a_info->options_len) == 0;
363 }
364 
365 struct mlx5e_tc_tunnel geneve_tunnel = {
366 	.tunnel_type          = MLX5E_TC_TUNNEL_TYPE_GENEVE,
367 	.match_level          = MLX5_MATCH_L4,
368 	.can_offload          = mlx5e_tc_tun_can_offload_geneve,
369 	.calc_hlen            = mlx5e_tc_tun_calc_hlen_geneve,
370 	.init_encap_attr      = mlx5e_tc_tun_init_encap_attr_geneve,
371 	.generate_ip_tun_hdr  = mlx5e_gen_ip_tunnel_header_geneve,
372 	.parse_udp_ports      = mlx5e_tc_tun_parse_udp_ports_geneve,
373 	.parse_tunnel         = mlx5e_tc_tun_parse_geneve,
374 	.encap_info_equal     = mlx5e_tc_tun_encap_info_equal_geneve,
375 };
376