1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (C) 2019-2021, Intel Corporation. */
3
4 #include "ice.h"
5 #include "ice_tc_lib.h"
6 #include "ice_fltr.h"
7 #include "ice_lib.h"
8 #include "ice_protocol_type.h"
9
10 #define ICE_TC_METADATA_LKUP_IDX 0
11
12 /**
13 * ice_tc_count_lkups - determine lookup count for switch filter
14 * @flags: TC-flower flags
15 * @headers: Pointer to TC flower filter header structure
16 * @fltr: Pointer to outer TC filter structure
17 *
18 * Determine lookup count based on TC flower input for switch filter.
19 */
20 static int
ice_tc_count_lkups(u32 flags,struct ice_tc_flower_lyr_2_4_hdrs * headers,struct ice_tc_flower_fltr * fltr)21 ice_tc_count_lkups(u32 flags, struct ice_tc_flower_lyr_2_4_hdrs *headers,
22 struct ice_tc_flower_fltr *fltr)
23 {
24 int lkups_cnt = 1; /* 0th lookup is metadata */
25
26 /* Always add metadata as the 0th lookup. Included elements:
27 * - Direction flag (always present)
28 * - ICE_TC_FLWR_FIELD_VLAN_TPID (present if specified)
29 * - Tunnel flag (present if tunnel)
30 */
31
32 if (flags & ICE_TC_FLWR_FIELD_TENANT_ID)
33 lkups_cnt++;
34
35 if (flags & ICE_TC_FLWR_FIELD_ENC_DST_MAC)
36 lkups_cnt++;
37
38 if (flags & ICE_TC_FLWR_FIELD_ENC_OPTS)
39 lkups_cnt++;
40
41 if (flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV4 |
42 ICE_TC_FLWR_FIELD_ENC_DEST_IPV4 |
43 ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 |
44 ICE_TC_FLWR_FIELD_ENC_DEST_IPV6))
45 lkups_cnt++;
46
47 if (flags & (ICE_TC_FLWR_FIELD_ENC_IP_TOS |
48 ICE_TC_FLWR_FIELD_ENC_IP_TTL))
49 lkups_cnt++;
50
51 if (flags & ICE_TC_FLWR_FIELD_ENC_DEST_L4_PORT)
52 lkups_cnt++;
53
54 if (flags & ICE_TC_FLWR_FIELD_ETH_TYPE_ID)
55 lkups_cnt++;
56
57 /* are MAC fields specified? */
58 if (flags & (ICE_TC_FLWR_FIELD_DST_MAC | ICE_TC_FLWR_FIELD_SRC_MAC))
59 lkups_cnt++;
60
61 /* is VLAN specified? */
62 if (flags & (ICE_TC_FLWR_FIELD_VLAN | ICE_TC_FLWR_FIELD_VLAN_PRIO))
63 lkups_cnt++;
64
65 /* is CVLAN specified? */
66 if (flags & (ICE_TC_FLWR_FIELD_CVLAN | ICE_TC_FLWR_FIELD_CVLAN_PRIO))
67 lkups_cnt++;
68
69 /* are PPPoE options specified? */
70 if (flags & (ICE_TC_FLWR_FIELD_PPPOE_SESSID |
71 ICE_TC_FLWR_FIELD_PPP_PROTO))
72 lkups_cnt++;
73
74 /* are IPv[4|6] fields specified? */
75 if (flags & (ICE_TC_FLWR_FIELD_DEST_IPV4 | ICE_TC_FLWR_FIELD_SRC_IPV4 |
76 ICE_TC_FLWR_FIELD_DEST_IPV6 | ICE_TC_FLWR_FIELD_SRC_IPV6))
77 lkups_cnt++;
78
79 if (flags & (ICE_TC_FLWR_FIELD_IP_TOS | ICE_TC_FLWR_FIELD_IP_TTL))
80 lkups_cnt++;
81
82 /* are L2TPv3 options specified? */
83 if (flags & ICE_TC_FLWR_FIELD_L2TPV3_SESSID)
84 lkups_cnt++;
85
86 /* is L4 (TCP/UDP/any other L4 protocol fields) specified? */
87 if (flags & (ICE_TC_FLWR_FIELD_DEST_L4_PORT |
88 ICE_TC_FLWR_FIELD_SRC_L4_PORT))
89 lkups_cnt++;
90
91 return lkups_cnt;
92 }
93
ice_proto_type_from_mac(bool inner)94 static enum ice_protocol_type ice_proto_type_from_mac(bool inner)
95 {
96 return inner ? ICE_MAC_IL : ICE_MAC_OFOS;
97 }
98
ice_proto_type_from_etype(bool inner)99 static enum ice_protocol_type ice_proto_type_from_etype(bool inner)
100 {
101 return inner ? ICE_ETYPE_IL : ICE_ETYPE_OL;
102 }
103
ice_proto_type_from_ipv4(bool inner)104 static enum ice_protocol_type ice_proto_type_from_ipv4(bool inner)
105 {
106 return inner ? ICE_IPV4_IL : ICE_IPV4_OFOS;
107 }
108
ice_proto_type_from_ipv6(bool inner)109 static enum ice_protocol_type ice_proto_type_from_ipv6(bool inner)
110 {
111 return inner ? ICE_IPV6_IL : ICE_IPV6_OFOS;
112 }
113
ice_proto_type_from_l4_port(u16 ip_proto)114 static enum ice_protocol_type ice_proto_type_from_l4_port(u16 ip_proto)
115 {
116 switch (ip_proto) {
117 case IPPROTO_TCP:
118 return ICE_TCP_IL;
119 case IPPROTO_UDP:
120 return ICE_UDP_ILOS;
121 }
122
123 return 0;
124 }
125
126 static enum ice_protocol_type
ice_proto_type_from_tunnel(enum ice_tunnel_type type)127 ice_proto_type_from_tunnel(enum ice_tunnel_type type)
128 {
129 switch (type) {
130 case TNL_VXLAN:
131 return ICE_VXLAN;
132 case TNL_GENEVE:
133 return ICE_GENEVE;
134 case TNL_GRETAP:
135 return ICE_NVGRE;
136 case TNL_GTPU:
137 /* NO_PAY profiles will not work with GTP-U */
138 return ICE_GTP;
139 case TNL_GTPC:
140 return ICE_GTP_NO_PAY;
141 default:
142 return 0;
143 }
144 }
145
146 static enum ice_sw_tunnel_type
ice_sw_type_from_tunnel(enum ice_tunnel_type type)147 ice_sw_type_from_tunnel(enum ice_tunnel_type type)
148 {
149 switch (type) {
150 case TNL_VXLAN:
151 return ICE_SW_TUN_VXLAN;
152 case TNL_GENEVE:
153 return ICE_SW_TUN_GENEVE;
154 case TNL_GRETAP:
155 return ICE_SW_TUN_NVGRE;
156 case TNL_GTPU:
157 return ICE_SW_TUN_GTPU;
158 case TNL_GTPC:
159 return ICE_SW_TUN_GTPC;
160 default:
161 return ICE_NON_TUN;
162 }
163 }
164
ice_check_supported_vlan_tpid(u16 vlan_tpid)165 static u16 ice_check_supported_vlan_tpid(u16 vlan_tpid)
166 {
167 switch (vlan_tpid) {
168 case ETH_P_8021Q:
169 case ETH_P_8021AD:
170 case ETH_P_QINQ1:
171 return vlan_tpid;
172 default:
173 return 0;
174 }
175 }
176
177 static int
ice_tc_fill_tunnel_outer(u32 flags,struct ice_tc_flower_fltr * fltr,struct ice_adv_lkup_elem * list,int i)178 ice_tc_fill_tunnel_outer(u32 flags, struct ice_tc_flower_fltr *fltr,
179 struct ice_adv_lkup_elem *list, int i)
180 {
181 struct ice_tc_flower_lyr_2_4_hdrs *hdr = &fltr->outer_headers;
182
183 if (flags & ICE_TC_FLWR_FIELD_TENANT_ID) {
184 u32 tenant_id;
185
186 list[i].type = ice_proto_type_from_tunnel(fltr->tunnel_type);
187 switch (fltr->tunnel_type) {
188 case TNL_VXLAN:
189 case TNL_GENEVE:
190 tenant_id = be32_to_cpu(fltr->tenant_id) << 8;
191 list[i].h_u.tnl_hdr.vni = cpu_to_be32(tenant_id);
192 memcpy(&list[i].m_u.tnl_hdr.vni, "\xff\xff\xff\x00", 4);
193 i++;
194 break;
195 case TNL_GRETAP:
196 list[i].h_u.nvgre_hdr.tni_flow = fltr->tenant_id;
197 memcpy(&list[i].m_u.nvgre_hdr.tni_flow,
198 "\xff\xff\xff\xff", 4);
199 i++;
200 break;
201 case TNL_GTPC:
202 case TNL_GTPU:
203 list[i].h_u.gtp_hdr.teid = fltr->tenant_id;
204 memcpy(&list[i].m_u.gtp_hdr.teid,
205 "\xff\xff\xff\xff", 4);
206 i++;
207 break;
208 default:
209 break;
210 }
211 }
212
213 if (flags & ICE_TC_FLWR_FIELD_ENC_DST_MAC) {
214 list[i].type = ice_proto_type_from_mac(false);
215 ether_addr_copy(list[i].h_u.eth_hdr.dst_addr,
216 hdr->l2_key.dst_mac);
217 ether_addr_copy(list[i].m_u.eth_hdr.dst_addr,
218 hdr->l2_mask.dst_mac);
219 i++;
220 }
221
222 if (flags & ICE_TC_FLWR_FIELD_ENC_OPTS &&
223 (fltr->tunnel_type == TNL_GTPU || fltr->tunnel_type == TNL_GTPC)) {
224 list[i].type = ice_proto_type_from_tunnel(fltr->tunnel_type);
225
226 if (fltr->gtp_pdu_info_masks.pdu_type) {
227 list[i].h_u.gtp_hdr.pdu_type =
228 fltr->gtp_pdu_info_keys.pdu_type << 4;
229 memcpy(&list[i].m_u.gtp_hdr.pdu_type, "\xf0", 1);
230 }
231
232 if (fltr->gtp_pdu_info_masks.qfi) {
233 list[i].h_u.gtp_hdr.qfi = fltr->gtp_pdu_info_keys.qfi;
234 memcpy(&list[i].m_u.gtp_hdr.qfi, "\x3f", 1);
235 }
236
237 i++;
238 }
239
240 if (flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV4 |
241 ICE_TC_FLWR_FIELD_ENC_DEST_IPV4)) {
242 list[i].type = ice_proto_type_from_ipv4(false);
243
244 if (flags & ICE_TC_FLWR_FIELD_ENC_SRC_IPV4) {
245 list[i].h_u.ipv4_hdr.src_addr = hdr->l3_key.src_ipv4;
246 list[i].m_u.ipv4_hdr.src_addr = hdr->l3_mask.src_ipv4;
247 }
248 if (flags & ICE_TC_FLWR_FIELD_ENC_DEST_IPV4) {
249 list[i].h_u.ipv4_hdr.dst_addr = hdr->l3_key.dst_ipv4;
250 list[i].m_u.ipv4_hdr.dst_addr = hdr->l3_mask.dst_ipv4;
251 }
252 i++;
253 }
254
255 if (flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 |
256 ICE_TC_FLWR_FIELD_ENC_DEST_IPV6)) {
257 list[i].type = ice_proto_type_from_ipv6(false);
258
259 if (flags & ICE_TC_FLWR_FIELD_ENC_SRC_IPV6) {
260 memcpy(&list[i].h_u.ipv6_hdr.src_addr,
261 &hdr->l3_key.src_ipv6_addr,
262 sizeof(hdr->l3_key.src_ipv6_addr));
263 memcpy(&list[i].m_u.ipv6_hdr.src_addr,
264 &hdr->l3_mask.src_ipv6_addr,
265 sizeof(hdr->l3_mask.src_ipv6_addr));
266 }
267 if (flags & ICE_TC_FLWR_FIELD_ENC_DEST_IPV6) {
268 memcpy(&list[i].h_u.ipv6_hdr.dst_addr,
269 &hdr->l3_key.dst_ipv6_addr,
270 sizeof(hdr->l3_key.dst_ipv6_addr));
271 memcpy(&list[i].m_u.ipv6_hdr.dst_addr,
272 &hdr->l3_mask.dst_ipv6_addr,
273 sizeof(hdr->l3_mask.dst_ipv6_addr));
274 }
275 i++;
276 }
277
278 if (fltr->inner_headers.l2_key.n_proto == htons(ETH_P_IP) &&
279 (flags & (ICE_TC_FLWR_FIELD_ENC_IP_TOS |
280 ICE_TC_FLWR_FIELD_ENC_IP_TTL))) {
281 list[i].type = ice_proto_type_from_ipv4(false);
282
283 if (flags & ICE_TC_FLWR_FIELD_ENC_IP_TOS) {
284 list[i].h_u.ipv4_hdr.tos = hdr->l3_key.tos;
285 list[i].m_u.ipv4_hdr.tos = hdr->l3_mask.tos;
286 }
287
288 if (flags & ICE_TC_FLWR_FIELD_ENC_IP_TTL) {
289 list[i].h_u.ipv4_hdr.time_to_live = hdr->l3_key.ttl;
290 list[i].m_u.ipv4_hdr.time_to_live = hdr->l3_mask.ttl;
291 }
292
293 i++;
294 }
295
296 if (fltr->inner_headers.l2_key.n_proto == htons(ETH_P_IPV6) &&
297 (flags & (ICE_TC_FLWR_FIELD_ENC_IP_TOS |
298 ICE_TC_FLWR_FIELD_ENC_IP_TTL))) {
299 struct ice_ipv6_hdr *hdr_h, *hdr_m;
300
301 hdr_h = &list[i].h_u.ipv6_hdr;
302 hdr_m = &list[i].m_u.ipv6_hdr;
303 list[i].type = ice_proto_type_from_ipv6(false);
304
305 if (flags & ICE_TC_FLWR_FIELD_ENC_IP_TOS) {
306 be32p_replace_bits(&hdr_h->be_ver_tc_flow,
307 hdr->l3_key.tos,
308 ICE_IPV6_HDR_TC_MASK);
309 be32p_replace_bits(&hdr_m->be_ver_tc_flow,
310 hdr->l3_mask.tos,
311 ICE_IPV6_HDR_TC_MASK);
312 }
313
314 if (flags & ICE_TC_FLWR_FIELD_ENC_IP_TTL) {
315 hdr_h->hop_limit = hdr->l3_key.ttl;
316 hdr_m->hop_limit = hdr->l3_mask.ttl;
317 }
318
319 i++;
320 }
321
322 if ((flags & ICE_TC_FLWR_FIELD_ENC_DEST_L4_PORT) &&
323 hdr->l3_key.ip_proto == IPPROTO_UDP) {
324 list[i].type = ICE_UDP_OF;
325 list[i].h_u.l4_hdr.dst_port = hdr->l4_key.dst_port;
326 list[i].m_u.l4_hdr.dst_port = hdr->l4_mask.dst_port;
327 i++;
328 }
329
330 /* always fill matching on tunneled packets in metadata */
331 ice_rule_add_tunnel_metadata(&list[ICE_TC_METADATA_LKUP_IDX]);
332
333 return i;
334 }
335
336 /**
337 * ice_tc_fill_rules - fill filter rules based on TC fltr
338 * @hw: pointer to HW structure
339 * @flags: tc flower field flags
340 * @tc_fltr: pointer to TC flower filter
341 * @list: list of advance rule elements
342 * @rule_info: pointer to information about rule
343 * @l4_proto: pointer to information such as L4 proto type
344 *
345 * Fill ice_adv_lkup_elem list based on TC flower flags and
346 * TC flower headers. This list should be used to add
347 * advance filter in hardware.
348 */
349 static int
ice_tc_fill_rules(struct ice_hw * hw,u32 flags,struct ice_tc_flower_fltr * tc_fltr,struct ice_adv_lkup_elem * list,struct ice_adv_rule_info * rule_info,u16 * l4_proto)350 ice_tc_fill_rules(struct ice_hw *hw, u32 flags,
351 struct ice_tc_flower_fltr *tc_fltr,
352 struct ice_adv_lkup_elem *list,
353 struct ice_adv_rule_info *rule_info,
354 u16 *l4_proto)
355 {
356 struct ice_tc_flower_lyr_2_4_hdrs *headers = &tc_fltr->outer_headers;
357 bool inner = false;
358 u16 vlan_tpid = 0;
359 int i = 1; /* 0th lookup is metadata */
360
361 rule_info->vlan_type = vlan_tpid;
362
363 /* Always add direction metadata */
364 ice_rule_add_direction_metadata(&list[ICE_TC_METADATA_LKUP_IDX]);
365
366 rule_info->tun_type = ice_sw_type_from_tunnel(tc_fltr->tunnel_type);
367 if (tc_fltr->tunnel_type != TNL_LAST) {
368 i = ice_tc_fill_tunnel_outer(flags, tc_fltr, list, i);
369
370 headers = &tc_fltr->inner_headers;
371 inner = true;
372 }
373
374 if (flags & ICE_TC_FLWR_FIELD_ETH_TYPE_ID) {
375 list[i].type = ice_proto_type_from_etype(inner);
376 list[i].h_u.ethertype.ethtype_id = headers->l2_key.n_proto;
377 list[i].m_u.ethertype.ethtype_id = headers->l2_mask.n_proto;
378 i++;
379 }
380
381 if (flags & (ICE_TC_FLWR_FIELD_DST_MAC |
382 ICE_TC_FLWR_FIELD_SRC_MAC)) {
383 struct ice_tc_l2_hdr *l2_key, *l2_mask;
384
385 l2_key = &headers->l2_key;
386 l2_mask = &headers->l2_mask;
387
388 list[i].type = ice_proto_type_from_mac(inner);
389 if (flags & ICE_TC_FLWR_FIELD_DST_MAC) {
390 ether_addr_copy(list[i].h_u.eth_hdr.dst_addr,
391 l2_key->dst_mac);
392 ether_addr_copy(list[i].m_u.eth_hdr.dst_addr,
393 l2_mask->dst_mac);
394 }
395 if (flags & ICE_TC_FLWR_FIELD_SRC_MAC) {
396 ether_addr_copy(list[i].h_u.eth_hdr.src_addr,
397 l2_key->src_mac);
398 ether_addr_copy(list[i].m_u.eth_hdr.src_addr,
399 l2_mask->src_mac);
400 }
401 i++;
402 }
403
404 /* copy VLAN info */
405 if (flags & (ICE_TC_FLWR_FIELD_VLAN | ICE_TC_FLWR_FIELD_VLAN_PRIO)) {
406 if (flags & ICE_TC_FLWR_FIELD_CVLAN)
407 list[i].type = ICE_VLAN_EX;
408 else
409 list[i].type = ICE_VLAN_OFOS;
410
411 if (flags & ICE_TC_FLWR_FIELD_VLAN) {
412 list[i].h_u.vlan_hdr.vlan = headers->vlan_hdr.vlan_id;
413 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0x0FFF);
414 }
415
416 if (flags & ICE_TC_FLWR_FIELD_VLAN_PRIO) {
417 if (flags & ICE_TC_FLWR_FIELD_VLAN) {
418 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0xEFFF);
419 } else {
420 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0xE000);
421 list[i].h_u.vlan_hdr.vlan = 0;
422 }
423 list[i].h_u.vlan_hdr.vlan |=
424 headers->vlan_hdr.vlan_prio;
425 }
426
427 i++;
428 }
429
430 if (flags & ICE_TC_FLWR_FIELD_VLAN_TPID) {
431 vlan_tpid = be16_to_cpu(headers->vlan_hdr.vlan_tpid);
432 rule_info->vlan_type =
433 ice_check_supported_vlan_tpid(vlan_tpid);
434
435 ice_rule_add_vlan_metadata(&list[ICE_TC_METADATA_LKUP_IDX]);
436 }
437
438 if (flags & (ICE_TC_FLWR_FIELD_CVLAN | ICE_TC_FLWR_FIELD_CVLAN_PRIO)) {
439 list[i].type = ICE_VLAN_IN;
440
441 if (flags & ICE_TC_FLWR_FIELD_CVLAN) {
442 list[i].h_u.vlan_hdr.vlan = headers->cvlan_hdr.vlan_id;
443 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0x0FFF);
444 }
445
446 if (flags & ICE_TC_FLWR_FIELD_CVLAN_PRIO) {
447 if (flags & ICE_TC_FLWR_FIELD_CVLAN) {
448 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0xEFFF);
449 } else {
450 list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0xE000);
451 list[i].h_u.vlan_hdr.vlan = 0;
452 }
453 list[i].h_u.vlan_hdr.vlan |=
454 headers->cvlan_hdr.vlan_prio;
455 }
456
457 i++;
458 }
459
460 if (flags & (ICE_TC_FLWR_FIELD_PPPOE_SESSID |
461 ICE_TC_FLWR_FIELD_PPP_PROTO)) {
462 struct ice_pppoe_hdr *vals, *masks;
463
464 vals = &list[i].h_u.pppoe_hdr;
465 masks = &list[i].m_u.pppoe_hdr;
466
467 list[i].type = ICE_PPPOE;
468
469 if (flags & ICE_TC_FLWR_FIELD_PPPOE_SESSID) {
470 vals->session_id = headers->pppoe_hdr.session_id;
471 masks->session_id = cpu_to_be16(0xFFFF);
472 }
473
474 if (flags & ICE_TC_FLWR_FIELD_PPP_PROTO) {
475 vals->ppp_prot_id = headers->pppoe_hdr.ppp_proto;
476 masks->ppp_prot_id = cpu_to_be16(0xFFFF);
477 }
478
479 i++;
480 }
481
482 /* copy L3 (IPv[4|6]: src, dest) address */
483 if (flags & (ICE_TC_FLWR_FIELD_DEST_IPV4 |
484 ICE_TC_FLWR_FIELD_SRC_IPV4)) {
485 struct ice_tc_l3_hdr *l3_key, *l3_mask;
486
487 list[i].type = ice_proto_type_from_ipv4(inner);
488 l3_key = &headers->l3_key;
489 l3_mask = &headers->l3_mask;
490 if (flags & ICE_TC_FLWR_FIELD_DEST_IPV4) {
491 list[i].h_u.ipv4_hdr.dst_addr = l3_key->dst_ipv4;
492 list[i].m_u.ipv4_hdr.dst_addr = l3_mask->dst_ipv4;
493 }
494 if (flags & ICE_TC_FLWR_FIELD_SRC_IPV4) {
495 list[i].h_u.ipv4_hdr.src_addr = l3_key->src_ipv4;
496 list[i].m_u.ipv4_hdr.src_addr = l3_mask->src_ipv4;
497 }
498 i++;
499 } else if (flags & (ICE_TC_FLWR_FIELD_DEST_IPV6 |
500 ICE_TC_FLWR_FIELD_SRC_IPV6)) {
501 struct ice_ipv6_hdr *ipv6_hdr, *ipv6_mask;
502 struct ice_tc_l3_hdr *l3_key, *l3_mask;
503
504 list[i].type = ice_proto_type_from_ipv6(inner);
505 ipv6_hdr = &list[i].h_u.ipv6_hdr;
506 ipv6_mask = &list[i].m_u.ipv6_hdr;
507 l3_key = &headers->l3_key;
508 l3_mask = &headers->l3_mask;
509
510 if (flags & ICE_TC_FLWR_FIELD_DEST_IPV6) {
511 memcpy(&ipv6_hdr->dst_addr, &l3_key->dst_ipv6_addr,
512 sizeof(l3_key->dst_ipv6_addr));
513 memcpy(&ipv6_mask->dst_addr, &l3_mask->dst_ipv6_addr,
514 sizeof(l3_mask->dst_ipv6_addr));
515 }
516 if (flags & ICE_TC_FLWR_FIELD_SRC_IPV6) {
517 memcpy(&ipv6_hdr->src_addr, &l3_key->src_ipv6_addr,
518 sizeof(l3_key->src_ipv6_addr));
519 memcpy(&ipv6_mask->src_addr, &l3_mask->src_ipv6_addr,
520 sizeof(l3_mask->src_ipv6_addr));
521 }
522 i++;
523 }
524
525 if (headers->l2_key.n_proto == htons(ETH_P_IP) &&
526 (flags & (ICE_TC_FLWR_FIELD_IP_TOS | ICE_TC_FLWR_FIELD_IP_TTL))) {
527 list[i].type = ice_proto_type_from_ipv4(inner);
528
529 if (flags & ICE_TC_FLWR_FIELD_IP_TOS) {
530 list[i].h_u.ipv4_hdr.tos = headers->l3_key.tos;
531 list[i].m_u.ipv4_hdr.tos = headers->l3_mask.tos;
532 }
533
534 if (flags & ICE_TC_FLWR_FIELD_IP_TTL) {
535 list[i].h_u.ipv4_hdr.time_to_live =
536 headers->l3_key.ttl;
537 list[i].m_u.ipv4_hdr.time_to_live =
538 headers->l3_mask.ttl;
539 }
540
541 i++;
542 }
543
544 if (headers->l2_key.n_proto == htons(ETH_P_IPV6) &&
545 (flags & (ICE_TC_FLWR_FIELD_IP_TOS | ICE_TC_FLWR_FIELD_IP_TTL))) {
546 struct ice_ipv6_hdr *hdr_h, *hdr_m;
547
548 hdr_h = &list[i].h_u.ipv6_hdr;
549 hdr_m = &list[i].m_u.ipv6_hdr;
550 list[i].type = ice_proto_type_from_ipv6(inner);
551
552 if (flags & ICE_TC_FLWR_FIELD_IP_TOS) {
553 be32p_replace_bits(&hdr_h->be_ver_tc_flow,
554 headers->l3_key.tos,
555 ICE_IPV6_HDR_TC_MASK);
556 be32p_replace_bits(&hdr_m->be_ver_tc_flow,
557 headers->l3_mask.tos,
558 ICE_IPV6_HDR_TC_MASK);
559 }
560
561 if (flags & ICE_TC_FLWR_FIELD_IP_TTL) {
562 hdr_h->hop_limit = headers->l3_key.ttl;
563 hdr_m->hop_limit = headers->l3_mask.ttl;
564 }
565
566 i++;
567 }
568
569 if (flags & ICE_TC_FLWR_FIELD_L2TPV3_SESSID) {
570 list[i].type = ICE_L2TPV3;
571
572 list[i].h_u.l2tpv3_sess_hdr.session_id =
573 headers->l2tpv3_hdr.session_id;
574 list[i].m_u.l2tpv3_sess_hdr.session_id =
575 cpu_to_be32(0xFFFFFFFF);
576
577 i++;
578 }
579
580 /* copy L4 (src, dest) port */
581 if (flags & (ICE_TC_FLWR_FIELD_DEST_L4_PORT |
582 ICE_TC_FLWR_FIELD_SRC_L4_PORT)) {
583 struct ice_tc_l4_hdr *l4_key, *l4_mask;
584
585 list[i].type = ice_proto_type_from_l4_port(headers->l3_key.ip_proto);
586 l4_key = &headers->l4_key;
587 l4_mask = &headers->l4_mask;
588
589 if (flags & ICE_TC_FLWR_FIELD_DEST_L4_PORT) {
590 list[i].h_u.l4_hdr.dst_port = l4_key->dst_port;
591 list[i].m_u.l4_hdr.dst_port = l4_mask->dst_port;
592 }
593 if (flags & ICE_TC_FLWR_FIELD_SRC_L4_PORT) {
594 list[i].h_u.l4_hdr.src_port = l4_key->src_port;
595 list[i].m_u.l4_hdr.src_port = l4_mask->src_port;
596 }
597 i++;
598 }
599
600 return i;
601 }
602
603 /**
604 * ice_tc_tun_get_type - get the tunnel type
605 * @tunnel_dev: ptr to tunnel device
606 *
607 * This function detects appropriate tunnel_type if specified device is
608 * tunnel device such as VXLAN/Geneve
609 */
ice_tc_tun_get_type(struct net_device * tunnel_dev)610 static int ice_tc_tun_get_type(struct net_device *tunnel_dev)
611 {
612 if (netif_is_vxlan(tunnel_dev))
613 return TNL_VXLAN;
614 if (netif_is_geneve(tunnel_dev))
615 return TNL_GENEVE;
616 if (netif_is_gretap(tunnel_dev) ||
617 netif_is_ip6gretap(tunnel_dev))
618 return TNL_GRETAP;
619
620 /* Assume GTP-U by default in case of GTP netdev.
621 * GTP-C may be selected later, based on enc_dst_port.
622 */
623 if (netif_is_gtp(tunnel_dev))
624 return TNL_GTPU;
625 return TNL_LAST;
626 }
627
ice_is_tunnel_supported(struct net_device * dev)628 bool ice_is_tunnel_supported(struct net_device *dev)
629 {
630 return ice_tc_tun_get_type(dev) != TNL_LAST;
631 }
632
ice_tc_is_dev_uplink(struct net_device * dev)633 static bool ice_tc_is_dev_uplink(struct net_device *dev)
634 {
635 return netif_is_ice(dev) || ice_is_tunnel_supported(dev);
636 }
637
ice_tc_setup_redirect_action(struct net_device * filter_dev,struct ice_tc_flower_fltr * fltr,struct net_device * target_dev)638 static int ice_tc_setup_redirect_action(struct net_device *filter_dev,
639 struct ice_tc_flower_fltr *fltr,
640 struct net_device *target_dev)
641 {
642 struct ice_repr *repr;
643
644 fltr->action.fltr_act = ICE_FWD_TO_VSI;
645
646 if (ice_is_port_repr_netdev(filter_dev) &&
647 ice_is_port_repr_netdev(target_dev)) {
648 repr = ice_netdev_to_repr(target_dev);
649
650 fltr->dest_vsi = repr->src_vsi;
651 fltr->direction = ICE_ESWITCH_FLTR_EGRESS;
652 } else if (ice_is_port_repr_netdev(filter_dev) &&
653 ice_tc_is_dev_uplink(target_dev)) {
654 repr = ice_netdev_to_repr(filter_dev);
655
656 fltr->dest_vsi = repr->src_vsi->back->switchdev.uplink_vsi;
657 fltr->direction = ICE_ESWITCH_FLTR_EGRESS;
658 } else if (ice_tc_is_dev_uplink(filter_dev) &&
659 ice_is_port_repr_netdev(target_dev)) {
660 repr = ice_netdev_to_repr(target_dev);
661
662 fltr->dest_vsi = repr->src_vsi;
663 fltr->direction = ICE_ESWITCH_FLTR_INGRESS;
664 } else {
665 NL_SET_ERR_MSG_MOD(fltr->extack,
666 "Unsupported netdevice in switchdev mode");
667 return -EINVAL;
668 }
669
670 return 0;
671 }
672
673 static int
ice_tc_setup_drop_action(struct net_device * filter_dev,struct ice_tc_flower_fltr * fltr)674 ice_tc_setup_drop_action(struct net_device *filter_dev,
675 struct ice_tc_flower_fltr *fltr)
676 {
677 fltr->action.fltr_act = ICE_DROP_PACKET;
678
679 if (ice_is_port_repr_netdev(filter_dev)) {
680 fltr->direction = ICE_ESWITCH_FLTR_EGRESS;
681 } else if (ice_tc_is_dev_uplink(filter_dev)) {
682 fltr->direction = ICE_ESWITCH_FLTR_INGRESS;
683 } else {
684 NL_SET_ERR_MSG_MOD(fltr->extack,
685 "Unsupported netdevice in switchdev mode");
686 return -EINVAL;
687 }
688
689 return 0;
690 }
691
ice_eswitch_tc_parse_action(struct net_device * filter_dev,struct ice_tc_flower_fltr * fltr,struct flow_action_entry * act)692 static int ice_eswitch_tc_parse_action(struct net_device *filter_dev,
693 struct ice_tc_flower_fltr *fltr,
694 struct flow_action_entry *act)
695 {
696 int err;
697
698 switch (act->id) {
699 case FLOW_ACTION_DROP:
700 err = ice_tc_setup_drop_action(filter_dev, fltr);
701 if (err)
702 return err;
703
704 break;
705
706 case FLOW_ACTION_REDIRECT:
707 err = ice_tc_setup_redirect_action(filter_dev, fltr, act->dev);
708 if (err)
709 return err;
710
711 break;
712
713 default:
714 NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported action in switchdev mode");
715 return -EINVAL;
716 }
717
718 return 0;
719 }
720
721 static int
ice_eswitch_add_tc_fltr(struct ice_vsi * vsi,struct ice_tc_flower_fltr * fltr)722 ice_eswitch_add_tc_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr)
723 {
724 struct ice_tc_flower_lyr_2_4_hdrs *headers = &fltr->outer_headers;
725 struct ice_adv_rule_info rule_info = { 0 };
726 struct ice_rule_query_data rule_added;
727 struct ice_hw *hw = &vsi->back->hw;
728 struct ice_adv_lkup_elem *list;
729 u32 flags = fltr->flags;
730 int lkups_cnt;
731 int ret;
732 int i;
733
734 if (!flags || (flags & ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT)) {
735 NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported encap field(s)");
736 return -EOPNOTSUPP;
737 }
738
739 lkups_cnt = ice_tc_count_lkups(flags, headers, fltr);
740 list = kcalloc(lkups_cnt, sizeof(*list), GFP_ATOMIC);
741 if (!list)
742 return -ENOMEM;
743
744 i = ice_tc_fill_rules(hw, flags, fltr, list, &rule_info, NULL);
745 if (i != lkups_cnt) {
746 ret = -EINVAL;
747 goto exit;
748 }
749
750 rule_info.sw_act.fltr_act = fltr->action.fltr_act;
751 if (fltr->action.fltr_act != ICE_DROP_PACKET)
752 rule_info.sw_act.vsi_handle = fltr->dest_vsi->idx;
753 /* For now, making priority to be highest, and it also becomes
754 * the priority for recipe which will get created as a result of
755 * new extraction sequence based on input set.
756 * Priority '7' is max val for switch recipe, higher the number
757 * results into order of switch rule evaluation.
758 */
759 rule_info.priority = 7;
760 rule_info.flags_info.act_valid = true;
761
762 if (fltr->direction == ICE_ESWITCH_FLTR_INGRESS) {
763 /* Uplink to VF */
764 rule_info.sw_act.flag |= ICE_FLTR_RX;
765 rule_info.sw_act.src = hw->pf_id;
766 rule_info.flags_info.act = ICE_SINGLE_ACT_LB_ENABLE;
767 } else if (fltr->direction == ICE_ESWITCH_FLTR_EGRESS &&
768 fltr->dest_vsi == vsi->back->switchdev.uplink_vsi) {
769 /* VF to Uplink */
770 rule_info.sw_act.flag |= ICE_FLTR_TX;
771 rule_info.sw_act.src = vsi->idx;
772 rule_info.flags_info.act = ICE_SINGLE_ACT_LAN_ENABLE;
773 } else {
774 /* VF to VF */
775 rule_info.sw_act.flag |= ICE_FLTR_TX;
776 rule_info.sw_act.src = vsi->idx;
777 rule_info.flags_info.act = ICE_SINGLE_ACT_LB_ENABLE;
778 }
779
780 /* specify the cookie as filter_rule_id */
781 rule_info.fltr_rule_id = fltr->cookie;
782
783 ret = ice_add_adv_rule(hw, list, lkups_cnt, &rule_info, &rule_added);
784 if (ret == -EEXIST) {
785 NL_SET_ERR_MSG_MOD(fltr->extack, "Unable to add filter because it already exist");
786 ret = -EINVAL;
787 goto exit;
788 } else if (ret) {
789 NL_SET_ERR_MSG_MOD(fltr->extack, "Unable to add filter due to error");
790 goto exit;
791 }
792
793 /* store the output params, which are needed later for removing
794 * advanced switch filter
795 */
796 fltr->rid = rule_added.rid;
797 fltr->rule_id = rule_added.rule_id;
798 fltr->dest_vsi_handle = rule_added.vsi_handle;
799
800 exit:
801 kfree(list);
802 return ret;
803 }
804
805 /**
806 * ice_locate_vsi_using_queue - locate VSI using queue (forward to queue action)
807 * @vsi: Pointer to VSI
808 * @queue: Queue index
809 *
810 * Locate the VSI using specified "queue". When ADQ is not enabled,
811 * always return input VSI, otherwise locate corresponding
812 * VSI based on per channel "offset" and "qcount"
813 */
814 struct ice_vsi *
ice_locate_vsi_using_queue(struct ice_vsi * vsi,int queue)815 ice_locate_vsi_using_queue(struct ice_vsi *vsi, int queue)
816 {
817 int num_tc, tc;
818
819 /* if ADQ is not active, passed VSI is the candidate VSI */
820 if (!ice_is_adq_active(vsi->back))
821 return vsi;
822
823 /* Locate the VSI (it could still be main PF VSI or CHNL_VSI depending
824 * upon queue number)
825 */
826 num_tc = vsi->mqprio_qopt.qopt.num_tc;
827
828 for (tc = 0; tc < num_tc; tc++) {
829 int qcount = vsi->mqprio_qopt.qopt.count[tc];
830 int offset = vsi->mqprio_qopt.qopt.offset[tc];
831
832 if (queue >= offset && queue < offset + qcount) {
833 /* for non-ADQ TCs, passed VSI is the candidate VSI */
834 if (tc < ICE_CHNL_START_TC)
835 return vsi;
836 else
837 return vsi->tc_map_vsi[tc];
838 }
839 }
840 return NULL;
841 }
842
843 static struct ice_rx_ring *
ice_locate_rx_ring_using_queue(struct ice_vsi * vsi,struct ice_tc_flower_fltr * tc_fltr)844 ice_locate_rx_ring_using_queue(struct ice_vsi *vsi,
845 struct ice_tc_flower_fltr *tc_fltr)
846 {
847 u16 queue = tc_fltr->action.fwd.q.queue;
848
849 return queue < vsi->num_rxq ? vsi->rx_rings[queue] : NULL;
850 }
851
852 /**
853 * ice_tc_forward_action - Determine destination VSI and queue for the action
854 * @vsi: Pointer to VSI
855 * @tc_fltr: Pointer to TC flower filter structure
856 *
857 * Validates the tc forward action and determines the destination VSI and queue
858 * for the forward action.
859 */
860 static struct ice_vsi *
ice_tc_forward_action(struct ice_vsi * vsi,struct ice_tc_flower_fltr * tc_fltr)861 ice_tc_forward_action(struct ice_vsi *vsi, struct ice_tc_flower_fltr *tc_fltr)
862 {
863 struct ice_rx_ring *ring = NULL;
864 struct ice_vsi *dest_vsi = NULL;
865 struct ice_pf *pf = vsi->back;
866 struct device *dev;
867 u32 tc_class;
868 int q;
869
870 dev = ice_pf_to_dev(pf);
871
872 /* Get the destination VSI and/or destination queue and validate them */
873 switch (tc_fltr->action.fltr_act) {
874 case ICE_FWD_TO_VSI:
875 tc_class = tc_fltr->action.fwd.tc.tc_class;
876 /* Select the destination VSI */
877 if (tc_class < ICE_CHNL_START_TC) {
878 NL_SET_ERR_MSG_MOD(tc_fltr->extack,
879 "Unable to add filter because of unsupported destination");
880 return ERR_PTR(-EOPNOTSUPP);
881 }
882 /* Locate ADQ VSI depending on hw_tc number */
883 dest_vsi = vsi->tc_map_vsi[tc_class];
884 break;
885 case ICE_FWD_TO_Q:
886 /* Locate the Rx queue */
887 ring = ice_locate_rx_ring_using_queue(vsi, tc_fltr);
888 if (!ring) {
889 dev_err(dev,
890 "Unable to locate Rx queue for action fwd_to_queue: %u\n",
891 tc_fltr->action.fwd.q.queue);
892 return ERR_PTR(-EINVAL);
893 }
894 /* Determine destination VSI even though the action is
895 * FWD_TO_QUEUE, because QUEUE is associated with VSI
896 */
897 q = tc_fltr->action.fwd.q.queue;
898 dest_vsi = ice_locate_vsi_using_queue(vsi, q);
899 break;
900 default:
901 dev_err(dev,
902 "Unable to add filter because of unsupported action %u (supported actions: fwd to tc, fwd to queue)\n",
903 tc_fltr->action.fltr_act);
904 return ERR_PTR(-EINVAL);
905 }
906 /* Must have valid dest_vsi (it could be main VSI or ADQ VSI) */
907 if (!dest_vsi) {
908 dev_err(dev,
909 "Unable to add filter because specified destination VSI doesn't exist\n");
910 return ERR_PTR(-EINVAL);
911 }
912 return dest_vsi;
913 }
914
915 /**
916 * ice_add_tc_flower_adv_fltr - add appropriate filter rules
917 * @vsi: Pointer to VSI
918 * @tc_fltr: Pointer to TC flower filter structure
919 *
920 * based on filter parameters using Advance recipes supported
921 * by OS package.
922 */
923 static int
ice_add_tc_flower_adv_fltr(struct ice_vsi * vsi,struct ice_tc_flower_fltr * tc_fltr)924 ice_add_tc_flower_adv_fltr(struct ice_vsi *vsi,
925 struct ice_tc_flower_fltr *tc_fltr)
926 {
927 struct ice_tc_flower_lyr_2_4_hdrs *headers = &tc_fltr->outer_headers;
928 struct ice_adv_rule_info rule_info = {0};
929 struct ice_rule_query_data rule_added;
930 struct ice_adv_lkup_elem *list;
931 struct ice_pf *pf = vsi->back;
932 struct ice_hw *hw = &pf->hw;
933 u32 flags = tc_fltr->flags;
934 struct ice_vsi *dest_vsi;
935 struct device *dev;
936 u16 lkups_cnt = 0;
937 u16 l4_proto = 0;
938 int ret = 0;
939 u16 i = 0;
940
941 dev = ice_pf_to_dev(pf);
942 if (ice_is_safe_mode(pf)) {
943 NL_SET_ERR_MSG_MOD(tc_fltr->extack, "Unable to add filter because driver is in safe mode");
944 return -EOPNOTSUPP;
945 }
946
947 if (!flags || (flags & (ICE_TC_FLWR_FIELD_ENC_DEST_IPV4 |
948 ICE_TC_FLWR_FIELD_ENC_SRC_IPV4 |
949 ICE_TC_FLWR_FIELD_ENC_DEST_IPV6 |
950 ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 |
951 ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT))) {
952 NL_SET_ERR_MSG_MOD(tc_fltr->extack, "Unsupported encap field(s)");
953 return -EOPNOTSUPP;
954 }
955
956 /* validate forwarding action VSI and queue */
957 if (ice_is_forward_action(tc_fltr->action.fltr_act)) {
958 dest_vsi = ice_tc_forward_action(vsi, tc_fltr);
959 if (IS_ERR(dest_vsi))
960 return PTR_ERR(dest_vsi);
961 }
962
963 lkups_cnt = ice_tc_count_lkups(flags, headers, tc_fltr);
964 list = kcalloc(lkups_cnt, sizeof(*list), GFP_ATOMIC);
965 if (!list)
966 return -ENOMEM;
967
968 i = ice_tc_fill_rules(hw, flags, tc_fltr, list, &rule_info, &l4_proto);
969 if (i != lkups_cnt) {
970 ret = -EINVAL;
971 goto exit;
972 }
973
974 rule_info.sw_act.fltr_act = tc_fltr->action.fltr_act;
975 /* specify the cookie as filter_rule_id */
976 rule_info.fltr_rule_id = tc_fltr->cookie;
977
978 switch (tc_fltr->action.fltr_act) {
979 case ICE_FWD_TO_VSI:
980 rule_info.sw_act.vsi_handle = dest_vsi->idx;
981 rule_info.priority = ICE_SWITCH_FLTR_PRIO_VSI;
982 rule_info.sw_act.src = hw->pf_id;
983 dev_dbg(dev, "add switch rule for TC:%u vsi_idx:%u, lkups_cnt:%u\n",
984 tc_fltr->action.fwd.tc.tc_class,
985 rule_info.sw_act.vsi_handle, lkups_cnt);
986 break;
987 case ICE_FWD_TO_Q:
988 /* HW queue number in global space */
989 rule_info.sw_act.fwd_id.q_id = tc_fltr->action.fwd.q.hw_queue;
990 rule_info.sw_act.vsi_handle = dest_vsi->idx;
991 rule_info.priority = ICE_SWITCH_FLTR_PRIO_QUEUE;
992 rule_info.sw_act.src = hw->pf_id;
993 dev_dbg(dev, "add switch rule action to forward to queue:%u (HW queue %u), lkups_cnt:%u\n",
994 tc_fltr->action.fwd.q.queue,
995 tc_fltr->action.fwd.q.hw_queue, lkups_cnt);
996 break;
997 case ICE_DROP_PACKET:
998 rule_info.sw_act.flag |= ICE_FLTR_RX;
999 rule_info.sw_act.src = hw->pf_id;
1000 rule_info.priority = ICE_SWITCH_FLTR_PRIO_VSI;
1001 break;
1002 default:
1003 ret = -EOPNOTSUPP;
1004 goto exit;
1005 }
1006
1007 ret = ice_add_adv_rule(hw, list, lkups_cnt, &rule_info, &rule_added);
1008 if (ret == -EEXIST) {
1009 NL_SET_ERR_MSG_MOD(tc_fltr->extack,
1010 "Unable to add filter because it already exist");
1011 ret = -EINVAL;
1012 goto exit;
1013 } else if (ret) {
1014 NL_SET_ERR_MSG_MOD(tc_fltr->extack,
1015 "Unable to add filter due to error");
1016 goto exit;
1017 }
1018
1019 /* store the output params, which are needed later for removing
1020 * advanced switch filter
1021 */
1022 tc_fltr->rid = rule_added.rid;
1023 tc_fltr->rule_id = rule_added.rule_id;
1024 tc_fltr->dest_vsi_handle = rule_added.vsi_handle;
1025 if (tc_fltr->action.fltr_act == ICE_FWD_TO_VSI ||
1026 tc_fltr->action.fltr_act == ICE_FWD_TO_Q) {
1027 tc_fltr->dest_vsi = dest_vsi;
1028 /* keep track of advanced switch filter for
1029 * destination VSI
1030 */
1031 dest_vsi->num_chnl_fltr++;
1032
1033 /* keeps track of channel filters for PF VSI */
1034 if (vsi->type == ICE_VSI_PF &&
1035 (flags & (ICE_TC_FLWR_FIELD_DST_MAC |
1036 ICE_TC_FLWR_FIELD_ENC_DST_MAC)))
1037 pf->num_dmac_chnl_fltrs++;
1038 }
1039 switch (tc_fltr->action.fltr_act) {
1040 case ICE_FWD_TO_VSI:
1041 dev_dbg(dev, "added switch rule (lkups_cnt %u, flags 0x%x), action is forward to TC %u, rid %u, rule_id %u, vsi_idx %u\n",
1042 lkups_cnt, flags,
1043 tc_fltr->action.fwd.tc.tc_class, rule_added.rid,
1044 rule_added.rule_id, rule_added.vsi_handle);
1045 break;
1046 case ICE_FWD_TO_Q:
1047 dev_dbg(dev, "added switch rule (lkups_cnt %u, flags 0x%x), action is forward to queue: %u (HW queue %u) , rid %u, rule_id %u\n",
1048 lkups_cnt, flags, tc_fltr->action.fwd.q.queue,
1049 tc_fltr->action.fwd.q.hw_queue, rule_added.rid,
1050 rule_added.rule_id);
1051 break;
1052 case ICE_DROP_PACKET:
1053 dev_dbg(dev, "added switch rule (lkups_cnt %u, flags 0x%x), action is drop, rid %u, rule_id %u\n",
1054 lkups_cnt, flags, rule_added.rid, rule_added.rule_id);
1055 break;
1056 default:
1057 break;
1058 }
1059 exit:
1060 kfree(list);
1061 return ret;
1062 }
1063
1064 /**
1065 * ice_tc_set_pppoe - Parse PPPoE fields from TC flower filter
1066 * @match: Pointer to flow match structure
1067 * @fltr: Pointer to filter structure
1068 * @headers: Pointer to outer header fields
1069 * @returns PPP protocol used in filter (ppp_ses or ppp_disc)
1070 */
1071 static u16
ice_tc_set_pppoe(struct flow_match_pppoe * match,struct ice_tc_flower_fltr * fltr,struct ice_tc_flower_lyr_2_4_hdrs * headers)1072 ice_tc_set_pppoe(struct flow_match_pppoe *match,
1073 struct ice_tc_flower_fltr *fltr,
1074 struct ice_tc_flower_lyr_2_4_hdrs *headers)
1075 {
1076 if (match->mask->session_id) {
1077 fltr->flags |= ICE_TC_FLWR_FIELD_PPPOE_SESSID;
1078 headers->pppoe_hdr.session_id = match->key->session_id;
1079 }
1080
1081 if (match->mask->ppp_proto) {
1082 fltr->flags |= ICE_TC_FLWR_FIELD_PPP_PROTO;
1083 headers->pppoe_hdr.ppp_proto = match->key->ppp_proto;
1084 }
1085
1086 return be16_to_cpu(match->key->type);
1087 }
1088
1089 /**
1090 * ice_tc_set_ipv4 - Parse IPv4 addresses from TC flower filter
1091 * @match: Pointer to flow match structure
1092 * @fltr: Pointer to filter structure
1093 * @headers: inner or outer header fields
1094 * @is_encap: set true for tunnel IPv4 address
1095 */
1096 static int
ice_tc_set_ipv4(struct flow_match_ipv4_addrs * match,struct ice_tc_flower_fltr * fltr,struct ice_tc_flower_lyr_2_4_hdrs * headers,bool is_encap)1097 ice_tc_set_ipv4(struct flow_match_ipv4_addrs *match,
1098 struct ice_tc_flower_fltr *fltr,
1099 struct ice_tc_flower_lyr_2_4_hdrs *headers, bool is_encap)
1100 {
1101 if (match->key->dst) {
1102 if (is_encap)
1103 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DEST_IPV4;
1104 else
1105 fltr->flags |= ICE_TC_FLWR_FIELD_DEST_IPV4;
1106 headers->l3_key.dst_ipv4 = match->key->dst;
1107 headers->l3_mask.dst_ipv4 = match->mask->dst;
1108 }
1109 if (match->key->src) {
1110 if (is_encap)
1111 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_SRC_IPV4;
1112 else
1113 fltr->flags |= ICE_TC_FLWR_FIELD_SRC_IPV4;
1114 headers->l3_key.src_ipv4 = match->key->src;
1115 headers->l3_mask.src_ipv4 = match->mask->src;
1116 }
1117 return 0;
1118 }
1119
1120 /**
1121 * ice_tc_set_ipv6 - Parse IPv6 addresses from TC flower filter
1122 * @match: Pointer to flow match structure
1123 * @fltr: Pointer to filter structure
1124 * @headers: inner or outer header fields
1125 * @is_encap: set true for tunnel IPv6 address
1126 */
1127 static int
ice_tc_set_ipv6(struct flow_match_ipv6_addrs * match,struct ice_tc_flower_fltr * fltr,struct ice_tc_flower_lyr_2_4_hdrs * headers,bool is_encap)1128 ice_tc_set_ipv6(struct flow_match_ipv6_addrs *match,
1129 struct ice_tc_flower_fltr *fltr,
1130 struct ice_tc_flower_lyr_2_4_hdrs *headers, bool is_encap)
1131 {
1132 struct ice_tc_l3_hdr *l3_key, *l3_mask;
1133
1134 /* src and dest IPV6 address should not be LOOPBACK
1135 * (0:0:0:0:0:0:0:1), which can be represented as ::1
1136 */
1137 if (ipv6_addr_loopback(&match->key->dst) ||
1138 ipv6_addr_loopback(&match->key->src)) {
1139 NL_SET_ERR_MSG_MOD(fltr->extack, "Bad IPv6, addr is LOOPBACK");
1140 return -EINVAL;
1141 }
1142 /* if src/dest IPv6 address is *,* error */
1143 if (ipv6_addr_any(&match->mask->dst) &&
1144 ipv6_addr_any(&match->mask->src)) {
1145 NL_SET_ERR_MSG_MOD(fltr->extack, "Bad src/dest IPv6, addr is any");
1146 return -EINVAL;
1147 }
1148 if (!ipv6_addr_any(&match->mask->dst)) {
1149 if (is_encap)
1150 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DEST_IPV6;
1151 else
1152 fltr->flags |= ICE_TC_FLWR_FIELD_DEST_IPV6;
1153 }
1154 if (!ipv6_addr_any(&match->mask->src)) {
1155 if (is_encap)
1156 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_SRC_IPV6;
1157 else
1158 fltr->flags |= ICE_TC_FLWR_FIELD_SRC_IPV6;
1159 }
1160
1161 l3_key = &headers->l3_key;
1162 l3_mask = &headers->l3_mask;
1163
1164 if (fltr->flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 |
1165 ICE_TC_FLWR_FIELD_SRC_IPV6)) {
1166 memcpy(&l3_key->src_ipv6_addr, &match->key->src.s6_addr,
1167 sizeof(match->key->src.s6_addr));
1168 memcpy(&l3_mask->src_ipv6_addr, &match->mask->src.s6_addr,
1169 sizeof(match->mask->src.s6_addr));
1170 }
1171 if (fltr->flags & (ICE_TC_FLWR_FIELD_ENC_DEST_IPV6 |
1172 ICE_TC_FLWR_FIELD_DEST_IPV6)) {
1173 memcpy(&l3_key->dst_ipv6_addr, &match->key->dst.s6_addr,
1174 sizeof(match->key->dst.s6_addr));
1175 memcpy(&l3_mask->dst_ipv6_addr, &match->mask->dst.s6_addr,
1176 sizeof(match->mask->dst.s6_addr));
1177 }
1178
1179 return 0;
1180 }
1181
1182 /**
1183 * ice_tc_set_tos_ttl - Parse IP ToS/TTL from TC flower filter
1184 * @match: Pointer to flow match structure
1185 * @fltr: Pointer to filter structure
1186 * @headers: inner or outer header fields
1187 * @is_encap: set true for tunnel
1188 */
1189 static void
ice_tc_set_tos_ttl(struct flow_match_ip * match,struct ice_tc_flower_fltr * fltr,struct ice_tc_flower_lyr_2_4_hdrs * headers,bool is_encap)1190 ice_tc_set_tos_ttl(struct flow_match_ip *match,
1191 struct ice_tc_flower_fltr *fltr,
1192 struct ice_tc_flower_lyr_2_4_hdrs *headers,
1193 bool is_encap)
1194 {
1195 if (match->mask->tos) {
1196 if (is_encap)
1197 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_IP_TOS;
1198 else
1199 fltr->flags |= ICE_TC_FLWR_FIELD_IP_TOS;
1200
1201 headers->l3_key.tos = match->key->tos;
1202 headers->l3_mask.tos = match->mask->tos;
1203 }
1204
1205 if (match->mask->ttl) {
1206 if (is_encap)
1207 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_IP_TTL;
1208 else
1209 fltr->flags |= ICE_TC_FLWR_FIELD_IP_TTL;
1210
1211 headers->l3_key.ttl = match->key->ttl;
1212 headers->l3_mask.ttl = match->mask->ttl;
1213 }
1214 }
1215
1216 /**
1217 * ice_tc_set_port - Parse ports from TC flower filter
1218 * @match: Flow match structure
1219 * @fltr: Pointer to filter structure
1220 * @headers: inner or outer header fields
1221 * @is_encap: set true for tunnel port
1222 */
1223 static int
ice_tc_set_port(struct flow_match_ports match,struct ice_tc_flower_fltr * fltr,struct ice_tc_flower_lyr_2_4_hdrs * headers,bool is_encap)1224 ice_tc_set_port(struct flow_match_ports match,
1225 struct ice_tc_flower_fltr *fltr,
1226 struct ice_tc_flower_lyr_2_4_hdrs *headers, bool is_encap)
1227 {
1228 if (match.key->dst) {
1229 if (is_encap)
1230 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DEST_L4_PORT;
1231 else
1232 fltr->flags |= ICE_TC_FLWR_FIELD_DEST_L4_PORT;
1233
1234 headers->l4_key.dst_port = match.key->dst;
1235 headers->l4_mask.dst_port = match.mask->dst;
1236 }
1237 if (match.key->src) {
1238 if (is_encap)
1239 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT;
1240 else
1241 fltr->flags |= ICE_TC_FLWR_FIELD_SRC_L4_PORT;
1242
1243 headers->l4_key.src_port = match.key->src;
1244 headers->l4_mask.src_port = match.mask->src;
1245 }
1246 return 0;
1247 }
1248
1249 static struct net_device *
ice_get_tunnel_device(struct net_device * dev,struct flow_rule * rule)1250 ice_get_tunnel_device(struct net_device *dev, struct flow_rule *rule)
1251 {
1252 struct flow_action_entry *act;
1253 int i;
1254
1255 if (ice_is_tunnel_supported(dev))
1256 return dev;
1257
1258 flow_action_for_each(i, act, &rule->action) {
1259 if (act->id == FLOW_ACTION_REDIRECT &&
1260 ice_is_tunnel_supported(act->dev))
1261 return act->dev;
1262 }
1263
1264 return NULL;
1265 }
1266
1267 /**
1268 * ice_parse_gtp_type - Sets GTP tunnel type to GTP-U or GTP-C
1269 * @match: Flow match structure
1270 * @fltr: Pointer to filter structure
1271 *
1272 * GTP-C/GTP-U is selected based on destination port number (enc_dst_port).
1273 * Before calling this funtcion, fltr->tunnel_type should be set to TNL_GTPU,
1274 * therefore making GTP-U the default choice (when destination port number is
1275 * not specified).
1276 */
1277 static int
ice_parse_gtp_type(struct flow_match_ports match,struct ice_tc_flower_fltr * fltr)1278 ice_parse_gtp_type(struct flow_match_ports match,
1279 struct ice_tc_flower_fltr *fltr)
1280 {
1281 u16 dst_port;
1282
1283 if (match.key->dst) {
1284 dst_port = be16_to_cpu(match.key->dst);
1285
1286 switch (dst_port) {
1287 case 2152:
1288 break;
1289 case 2123:
1290 fltr->tunnel_type = TNL_GTPC;
1291 break;
1292 default:
1293 NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported GTP port number");
1294 return -EINVAL;
1295 }
1296 }
1297
1298 return 0;
1299 }
1300
1301 static int
ice_parse_tunnel_attr(struct net_device * dev,struct flow_rule * rule,struct ice_tc_flower_fltr * fltr)1302 ice_parse_tunnel_attr(struct net_device *dev, struct flow_rule *rule,
1303 struct ice_tc_flower_fltr *fltr)
1304 {
1305 struct ice_tc_flower_lyr_2_4_hdrs *headers = &fltr->outer_headers;
1306 struct flow_match_control enc_control;
1307
1308 fltr->tunnel_type = ice_tc_tun_get_type(dev);
1309 headers->l3_key.ip_proto = IPPROTO_UDP;
1310
1311 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_KEYID)) {
1312 struct flow_match_enc_keyid enc_keyid;
1313
1314 flow_rule_match_enc_keyid(rule, &enc_keyid);
1315
1316 if (!enc_keyid.mask->keyid ||
1317 enc_keyid.mask->keyid != cpu_to_be32(ICE_TC_FLOWER_MASK_32))
1318 return -EINVAL;
1319
1320 fltr->flags |= ICE_TC_FLWR_FIELD_TENANT_ID;
1321 fltr->tenant_id = enc_keyid.key->keyid;
1322 }
1323
1324 flow_rule_match_enc_control(rule, &enc_control);
1325
1326 if (enc_control.key->addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS) {
1327 struct flow_match_ipv4_addrs match;
1328
1329 flow_rule_match_enc_ipv4_addrs(rule, &match);
1330 if (ice_tc_set_ipv4(&match, fltr, headers, true))
1331 return -EINVAL;
1332 } else if (enc_control.key->addr_type ==
1333 FLOW_DISSECTOR_KEY_IPV6_ADDRS) {
1334 struct flow_match_ipv6_addrs match;
1335
1336 flow_rule_match_enc_ipv6_addrs(rule, &match);
1337 if (ice_tc_set_ipv6(&match, fltr, headers, true))
1338 return -EINVAL;
1339 }
1340
1341 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_IP)) {
1342 struct flow_match_ip match;
1343
1344 flow_rule_match_enc_ip(rule, &match);
1345 ice_tc_set_tos_ttl(&match, fltr, headers, true);
1346 }
1347
1348 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_PORTS) &&
1349 fltr->tunnel_type != TNL_VXLAN && fltr->tunnel_type != TNL_GENEVE) {
1350 struct flow_match_ports match;
1351
1352 flow_rule_match_enc_ports(rule, &match);
1353
1354 if (fltr->tunnel_type != TNL_GTPU) {
1355 if (ice_tc_set_port(match, fltr, headers, true))
1356 return -EINVAL;
1357 } else {
1358 if (ice_parse_gtp_type(match, fltr))
1359 return -EINVAL;
1360 }
1361 }
1362
1363 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_OPTS)) {
1364 struct flow_match_enc_opts match;
1365
1366 flow_rule_match_enc_opts(rule, &match);
1367
1368 memcpy(&fltr->gtp_pdu_info_keys, &match.key->data[0],
1369 sizeof(struct gtp_pdu_session_info));
1370
1371 memcpy(&fltr->gtp_pdu_info_masks, &match.mask->data[0],
1372 sizeof(struct gtp_pdu_session_info));
1373
1374 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_OPTS;
1375 }
1376
1377 return 0;
1378 }
1379
1380 /**
1381 * ice_parse_cls_flower - Parse TC flower filters provided by kernel
1382 * @vsi: Pointer to the VSI
1383 * @filter_dev: Pointer to device on which filter is being added
1384 * @f: Pointer to struct flow_cls_offload
1385 * @fltr: Pointer to filter structure
1386 */
1387 static int
ice_parse_cls_flower(struct net_device * filter_dev,struct ice_vsi * vsi,struct flow_cls_offload * f,struct ice_tc_flower_fltr * fltr)1388 ice_parse_cls_flower(struct net_device *filter_dev, struct ice_vsi *vsi,
1389 struct flow_cls_offload *f,
1390 struct ice_tc_flower_fltr *fltr)
1391 {
1392 struct ice_tc_flower_lyr_2_4_hdrs *headers = &fltr->outer_headers;
1393 struct flow_rule *rule = flow_cls_offload_flow_rule(f);
1394 u16 n_proto_mask = 0, n_proto_key = 0, addr_type = 0;
1395 struct flow_dissector *dissector;
1396 struct net_device *tunnel_dev;
1397
1398 dissector = rule->match.dissector;
1399
1400 if (dissector->used_keys &
1401 ~(BIT_ULL(FLOW_DISSECTOR_KEY_CONTROL) |
1402 BIT_ULL(FLOW_DISSECTOR_KEY_BASIC) |
1403 BIT_ULL(FLOW_DISSECTOR_KEY_ETH_ADDRS) |
1404 BIT_ULL(FLOW_DISSECTOR_KEY_VLAN) |
1405 BIT_ULL(FLOW_DISSECTOR_KEY_CVLAN) |
1406 BIT_ULL(FLOW_DISSECTOR_KEY_IPV4_ADDRS) |
1407 BIT_ULL(FLOW_DISSECTOR_KEY_IPV6_ADDRS) |
1408 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_CONTROL) |
1409 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_KEYID) |
1410 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) |
1411 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) |
1412 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_PORTS) |
1413 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_OPTS) |
1414 BIT_ULL(FLOW_DISSECTOR_KEY_IP) |
1415 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IP) |
1416 BIT_ULL(FLOW_DISSECTOR_KEY_PORTS) |
1417 BIT_ULL(FLOW_DISSECTOR_KEY_PPPOE) |
1418 BIT_ULL(FLOW_DISSECTOR_KEY_L2TPV3))) {
1419 NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported key used");
1420 return -EOPNOTSUPP;
1421 }
1422
1423 tunnel_dev = ice_get_tunnel_device(filter_dev, rule);
1424 if (tunnel_dev) {
1425 int err;
1426
1427 filter_dev = tunnel_dev;
1428
1429 err = ice_parse_tunnel_attr(filter_dev, rule, fltr);
1430 if (err) {
1431 NL_SET_ERR_MSG_MOD(fltr->extack, "Failed to parse TC flower tunnel attributes");
1432 return err;
1433 }
1434
1435 /* header pointers should point to the inner headers, outer
1436 * header were already set by ice_parse_tunnel_attr
1437 */
1438 headers = &fltr->inner_headers;
1439 } else if (dissector->used_keys &
1440 (BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) |
1441 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) |
1442 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_KEYID) |
1443 BIT_ULL(FLOW_DISSECTOR_KEY_ENC_PORTS))) {
1444 NL_SET_ERR_MSG_MOD(fltr->extack, "Tunnel key used, but device isn't a tunnel");
1445 return -EOPNOTSUPP;
1446 } else {
1447 fltr->tunnel_type = TNL_LAST;
1448 }
1449
1450 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) {
1451 struct flow_match_basic match;
1452
1453 flow_rule_match_basic(rule, &match);
1454
1455 n_proto_key = ntohs(match.key->n_proto);
1456 n_proto_mask = ntohs(match.mask->n_proto);
1457
1458 if (n_proto_key == ETH_P_ALL || n_proto_key == 0 ||
1459 fltr->tunnel_type == TNL_GTPU ||
1460 fltr->tunnel_type == TNL_GTPC) {
1461 n_proto_key = 0;
1462 n_proto_mask = 0;
1463 } else {
1464 fltr->flags |= ICE_TC_FLWR_FIELD_ETH_TYPE_ID;
1465 }
1466
1467 headers->l2_key.n_proto = cpu_to_be16(n_proto_key);
1468 headers->l2_mask.n_proto = cpu_to_be16(n_proto_mask);
1469 headers->l3_key.ip_proto = match.key->ip_proto;
1470 }
1471
1472 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ETH_ADDRS)) {
1473 struct flow_match_eth_addrs match;
1474
1475 flow_rule_match_eth_addrs(rule, &match);
1476
1477 if (!is_zero_ether_addr(match.key->dst)) {
1478 ether_addr_copy(headers->l2_key.dst_mac,
1479 match.key->dst);
1480 ether_addr_copy(headers->l2_mask.dst_mac,
1481 match.mask->dst);
1482 fltr->flags |= ICE_TC_FLWR_FIELD_DST_MAC;
1483 }
1484
1485 if (!is_zero_ether_addr(match.key->src)) {
1486 ether_addr_copy(headers->l2_key.src_mac,
1487 match.key->src);
1488 ether_addr_copy(headers->l2_mask.src_mac,
1489 match.mask->src);
1490 fltr->flags |= ICE_TC_FLWR_FIELD_SRC_MAC;
1491 }
1492 }
1493
1494 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_VLAN) ||
1495 is_vlan_dev(filter_dev)) {
1496 struct flow_dissector_key_vlan mask;
1497 struct flow_dissector_key_vlan key;
1498 struct flow_match_vlan match;
1499
1500 if (is_vlan_dev(filter_dev)) {
1501 match.key = &key;
1502 match.key->vlan_id = vlan_dev_vlan_id(filter_dev);
1503 match.key->vlan_priority = 0;
1504 match.mask = &mask;
1505 memset(match.mask, 0xff, sizeof(*match.mask));
1506 match.mask->vlan_priority = 0;
1507 } else {
1508 flow_rule_match_vlan(rule, &match);
1509 }
1510
1511 if (match.mask->vlan_id) {
1512 if (match.mask->vlan_id == VLAN_VID_MASK) {
1513 fltr->flags |= ICE_TC_FLWR_FIELD_VLAN;
1514 headers->vlan_hdr.vlan_id =
1515 cpu_to_be16(match.key->vlan_id &
1516 VLAN_VID_MASK);
1517 } else {
1518 NL_SET_ERR_MSG_MOD(fltr->extack, "Bad VLAN mask");
1519 return -EINVAL;
1520 }
1521 }
1522
1523 if (match.mask->vlan_priority) {
1524 fltr->flags |= ICE_TC_FLWR_FIELD_VLAN_PRIO;
1525 headers->vlan_hdr.vlan_prio =
1526 be16_encode_bits(match.key->vlan_priority,
1527 VLAN_PRIO_MASK);
1528 }
1529
1530 if (match.mask->vlan_tpid) {
1531 headers->vlan_hdr.vlan_tpid = match.key->vlan_tpid;
1532 fltr->flags |= ICE_TC_FLWR_FIELD_VLAN_TPID;
1533 }
1534 }
1535
1536 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CVLAN)) {
1537 struct flow_match_vlan match;
1538
1539 if (!ice_is_dvm_ena(&vsi->back->hw)) {
1540 NL_SET_ERR_MSG_MOD(fltr->extack, "Double VLAN mode is not enabled");
1541 return -EINVAL;
1542 }
1543
1544 flow_rule_match_cvlan(rule, &match);
1545
1546 if (match.mask->vlan_id) {
1547 if (match.mask->vlan_id == VLAN_VID_MASK) {
1548 fltr->flags |= ICE_TC_FLWR_FIELD_CVLAN;
1549 headers->cvlan_hdr.vlan_id =
1550 cpu_to_be16(match.key->vlan_id &
1551 VLAN_VID_MASK);
1552 } else {
1553 NL_SET_ERR_MSG_MOD(fltr->extack,
1554 "Bad CVLAN mask");
1555 return -EINVAL;
1556 }
1557 }
1558
1559 if (match.mask->vlan_priority) {
1560 fltr->flags |= ICE_TC_FLWR_FIELD_CVLAN_PRIO;
1561 headers->cvlan_hdr.vlan_prio =
1562 be16_encode_bits(match.key->vlan_priority,
1563 VLAN_PRIO_MASK);
1564 }
1565 }
1566
1567 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PPPOE)) {
1568 struct flow_match_pppoe match;
1569
1570 flow_rule_match_pppoe(rule, &match);
1571 n_proto_key = ice_tc_set_pppoe(&match, fltr, headers);
1572
1573 /* If ethertype equals ETH_P_PPP_SES, n_proto might be
1574 * overwritten by encapsulated protocol (ppp_proto field) or set
1575 * to 0. To correct this, flow_match_pppoe provides the type
1576 * field, which contains the actual ethertype (ETH_P_PPP_SES).
1577 */
1578 headers->l2_key.n_proto = cpu_to_be16(n_proto_key);
1579 headers->l2_mask.n_proto = cpu_to_be16(0xFFFF);
1580 fltr->flags |= ICE_TC_FLWR_FIELD_ETH_TYPE_ID;
1581 }
1582
1583 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CONTROL)) {
1584 struct flow_match_control match;
1585
1586 flow_rule_match_control(rule, &match);
1587
1588 addr_type = match.key->addr_type;
1589 }
1590
1591 if (addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS) {
1592 struct flow_match_ipv4_addrs match;
1593
1594 flow_rule_match_ipv4_addrs(rule, &match);
1595 if (ice_tc_set_ipv4(&match, fltr, headers, false))
1596 return -EINVAL;
1597 }
1598
1599 if (addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS) {
1600 struct flow_match_ipv6_addrs match;
1601
1602 flow_rule_match_ipv6_addrs(rule, &match);
1603 if (ice_tc_set_ipv6(&match, fltr, headers, false))
1604 return -EINVAL;
1605 }
1606
1607 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_IP)) {
1608 struct flow_match_ip match;
1609
1610 flow_rule_match_ip(rule, &match);
1611 ice_tc_set_tos_ttl(&match, fltr, headers, false);
1612 }
1613
1614 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_L2TPV3)) {
1615 struct flow_match_l2tpv3 match;
1616
1617 flow_rule_match_l2tpv3(rule, &match);
1618
1619 fltr->flags |= ICE_TC_FLWR_FIELD_L2TPV3_SESSID;
1620 headers->l2tpv3_hdr.session_id = match.key->session_id;
1621 }
1622
1623 if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS)) {
1624 struct flow_match_ports match;
1625
1626 flow_rule_match_ports(rule, &match);
1627 if (ice_tc_set_port(match, fltr, headers, false))
1628 return -EINVAL;
1629 switch (headers->l3_key.ip_proto) {
1630 case IPPROTO_TCP:
1631 case IPPROTO_UDP:
1632 break;
1633 default:
1634 NL_SET_ERR_MSG_MOD(fltr->extack, "Only UDP and TCP transport are supported");
1635 return -EINVAL;
1636 }
1637 }
1638 return 0;
1639 }
1640
1641 /**
1642 * ice_add_switch_fltr - Add TC flower filters
1643 * @vsi: Pointer to VSI
1644 * @fltr: Pointer to struct ice_tc_flower_fltr
1645 *
1646 * Add filter in HW switch block
1647 */
1648 static int
ice_add_switch_fltr(struct ice_vsi * vsi,struct ice_tc_flower_fltr * fltr)1649 ice_add_switch_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr)
1650 {
1651 if (fltr->action.fltr_act == ICE_FWD_TO_QGRP)
1652 return -EOPNOTSUPP;
1653
1654 if (ice_is_eswitch_mode_switchdev(vsi->back))
1655 return ice_eswitch_add_tc_fltr(vsi, fltr);
1656
1657 return ice_add_tc_flower_adv_fltr(vsi, fltr);
1658 }
1659
1660 /**
1661 * ice_prep_adq_filter - Prepare ADQ filter with the required additional headers
1662 * @vsi: Pointer to VSI
1663 * @fltr: Pointer to TC flower filter structure
1664 *
1665 * Prepare ADQ filter with the required additional header fields
1666 */
1667 static int
ice_prep_adq_filter(struct ice_vsi * vsi,struct ice_tc_flower_fltr * fltr)1668 ice_prep_adq_filter(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr)
1669 {
1670 if ((fltr->flags & ICE_TC_FLWR_FIELD_TENANT_ID) &&
1671 (fltr->flags & (ICE_TC_FLWR_FIELD_DST_MAC |
1672 ICE_TC_FLWR_FIELD_SRC_MAC))) {
1673 NL_SET_ERR_MSG_MOD(fltr->extack,
1674 "Unable to add filter because filter using tunnel key and inner MAC is unsupported combination");
1675 return -EOPNOTSUPP;
1676 }
1677
1678 /* For ADQ, filter must include dest MAC address, otherwise unwanted
1679 * packets with unrelated MAC address get delivered to ADQ VSIs as long
1680 * as remaining filter criteria is satisfied such as dest IP address
1681 * and dest/src L4 port. Below code handles the following cases:
1682 * 1. For non-tunnel, if user specify MAC addresses, use them.
1683 * 2. For non-tunnel, if user didn't specify MAC address, add implicit
1684 * dest MAC to be lower netdev's active unicast MAC address
1685 * 3. For tunnel, as of now TC-filter through flower classifier doesn't
1686 * have provision for user to specify outer DMAC, hence driver to
1687 * implicitly add outer dest MAC to be lower netdev's active unicast
1688 * MAC address.
1689 */
1690 if (fltr->tunnel_type != TNL_LAST &&
1691 !(fltr->flags & ICE_TC_FLWR_FIELD_ENC_DST_MAC))
1692 fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DST_MAC;
1693
1694 if (fltr->tunnel_type == TNL_LAST &&
1695 !(fltr->flags & ICE_TC_FLWR_FIELD_DST_MAC))
1696 fltr->flags |= ICE_TC_FLWR_FIELD_DST_MAC;
1697
1698 if (fltr->flags & (ICE_TC_FLWR_FIELD_DST_MAC |
1699 ICE_TC_FLWR_FIELD_ENC_DST_MAC)) {
1700 ether_addr_copy(fltr->outer_headers.l2_key.dst_mac,
1701 vsi->netdev->dev_addr);
1702 eth_broadcast_addr(fltr->outer_headers.l2_mask.dst_mac);
1703 }
1704
1705 /* Make sure VLAN is already added to main VSI, before allowing ADQ to
1706 * add a VLAN based filter such as MAC + VLAN + L4 port.
1707 */
1708 if (fltr->flags & ICE_TC_FLWR_FIELD_VLAN) {
1709 u16 vlan_id = be16_to_cpu(fltr->outer_headers.vlan_hdr.vlan_id);
1710
1711 if (!ice_vlan_fltr_exist(&vsi->back->hw, vlan_id, vsi->idx)) {
1712 NL_SET_ERR_MSG_MOD(fltr->extack,
1713 "Unable to add filter because legacy VLAN filter for specified destination doesn't exist");
1714 return -EINVAL;
1715 }
1716 }
1717 return 0;
1718 }
1719
1720 /**
1721 * ice_handle_tclass_action - Support directing to a traffic class
1722 * @vsi: Pointer to VSI
1723 * @cls_flower: Pointer to TC flower offload structure
1724 * @fltr: Pointer to TC flower filter structure
1725 *
1726 * Support directing traffic to a traffic class/queue-set
1727 */
1728 static int
ice_handle_tclass_action(struct ice_vsi * vsi,struct flow_cls_offload * cls_flower,struct ice_tc_flower_fltr * fltr)1729 ice_handle_tclass_action(struct ice_vsi *vsi,
1730 struct flow_cls_offload *cls_flower,
1731 struct ice_tc_flower_fltr *fltr)
1732 {
1733 int tc = tc_classid_to_hwtc(vsi->netdev, cls_flower->classid);
1734
1735 /* user specified hw_tc (must be non-zero for ADQ TC), action is forward
1736 * to hw_tc (i.e. ADQ channel number)
1737 */
1738 if (tc < ICE_CHNL_START_TC) {
1739 NL_SET_ERR_MSG_MOD(fltr->extack,
1740 "Unable to add filter because of unsupported destination");
1741 return -EOPNOTSUPP;
1742 }
1743 if (!(vsi->all_enatc & BIT(tc))) {
1744 NL_SET_ERR_MSG_MOD(fltr->extack,
1745 "Unable to add filter because of non-existence destination");
1746 return -EINVAL;
1747 }
1748 fltr->action.fltr_act = ICE_FWD_TO_VSI;
1749 fltr->action.fwd.tc.tc_class = tc;
1750
1751 return ice_prep_adq_filter(vsi, fltr);
1752 }
1753
1754 static int
ice_tc_forward_to_queue(struct ice_vsi * vsi,struct ice_tc_flower_fltr * fltr,struct flow_action_entry * act)1755 ice_tc_forward_to_queue(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr,
1756 struct flow_action_entry *act)
1757 {
1758 struct ice_vsi *ch_vsi = NULL;
1759 u16 queue = act->rx_queue;
1760
1761 if (queue >= vsi->num_rxq) {
1762 NL_SET_ERR_MSG_MOD(fltr->extack,
1763 "Unable to add filter because specified queue is invalid");
1764 return -EINVAL;
1765 }
1766 fltr->action.fltr_act = ICE_FWD_TO_Q;
1767 fltr->action.fwd.q.queue = queue;
1768 /* determine corresponding HW queue */
1769 fltr->action.fwd.q.hw_queue = vsi->rxq_map[queue];
1770
1771 /* If ADQ is configured, and the queue belongs to ADQ VSI, then prepare
1772 * ADQ switch filter
1773 */
1774 ch_vsi = ice_locate_vsi_using_queue(vsi, fltr->action.fwd.q.queue);
1775 if (!ch_vsi)
1776 return -EINVAL;
1777 fltr->dest_vsi = ch_vsi;
1778 if (!ice_is_chnl_fltr(fltr))
1779 return 0;
1780
1781 return ice_prep_adq_filter(vsi, fltr);
1782 }
1783
1784 static int
ice_tc_parse_action(struct ice_vsi * vsi,struct ice_tc_flower_fltr * fltr,struct flow_action_entry * act)1785 ice_tc_parse_action(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr,
1786 struct flow_action_entry *act)
1787 {
1788 switch (act->id) {
1789 case FLOW_ACTION_RX_QUEUE_MAPPING:
1790 /* forward to queue */
1791 return ice_tc_forward_to_queue(vsi, fltr, act);
1792 case FLOW_ACTION_DROP:
1793 fltr->action.fltr_act = ICE_DROP_PACKET;
1794 return 0;
1795 default:
1796 NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported TC action");
1797 return -EOPNOTSUPP;
1798 }
1799 }
1800
1801 /**
1802 * ice_parse_tc_flower_actions - Parse the actions for a TC filter
1803 * @filter_dev: Pointer to device on which filter is being added
1804 * @vsi: Pointer to VSI
1805 * @cls_flower: Pointer to TC flower offload structure
1806 * @fltr: Pointer to TC flower filter structure
1807 *
1808 * Parse the actions for a TC filter
1809 */
ice_parse_tc_flower_actions(struct net_device * filter_dev,struct ice_vsi * vsi,struct flow_cls_offload * cls_flower,struct ice_tc_flower_fltr * fltr)1810 static int ice_parse_tc_flower_actions(struct net_device *filter_dev,
1811 struct ice_vsi *vsi,
1812 struct flow_cls_offload *cls_flower,
1813 struct ice_tc_flower_fltr *fltr)
1814 {
1815 struct flow_rule *rule = flow_cls_offload_flow_rule(cls_flower);
1816 struct flow_action *flow_action = &rule->action;
1817 struct flow_action_entry *act;
1818 int i, err;
1819
1820 if (cls_flower->classid)
1821 return ice_handle_tclass_action(vsi, cls_flower, fltr);
1822
1823 if (!flow_action_has_entries(flow_action))
1824 return -EINVAL;
1825
1826 flow_action_for_each(i, act, flow_action) {
1827 if (ice_is_eswitch_mode_switchdev(vsi->back))
1828 err = ice_eswitch_tc_parse_action(filter_dev, fltr, act);
1829 else
1830 err = ice_tc_parse_action(vsi, fltr, act);
1831 if (err)
1832 return err;
1833 continue;
1834 }
1835 return 0;
1836 }
1837
1838 /**
1839 * ice_del_tc_fltr - deletes a filter from HW table
1840 * @vsi: Pointer to VSI
1841 * @fltr: Pointer to struct ice_tc_flower_fltr
1842 *
1843 * This function deletes a filter from HW table and manages book-keeping
1844 */
ice_del_tc_fltr(struct ice_vsi * vsi,struct ice_tc_flower_fltr * fltr)1845 static int ice_del_tc_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr)
1846 {
1847 struct ice_rule_query_data rule_rem;
1848 struct ice_pf *pf = vsi->back;
1849 int err;
1850
1851 rule_rem.rid = fltr->rid;
1852 rule_rem.rule_id = fltr->rule_id;
1853 rule_rem.vsi_handle = fltr->dest_vsi_handle;
1854 err = ice_rem_adv_rule_by_id(&pf->hw, &rule_rem);
1855 if (err) {
1856 if (err == -ENOENT) {
1857 NL_SET_ERR_MSG_MOD(fltr->extack, "Filter does not exist");
1858 return -ENOENT;
1859 }
1860 NL_SET_ERR_MSG_MOD(fltr->extack, "Failed to delete TC flower filter");
1861 return -EIO;
1862 }
1863
1864 /* update advanced switch filter count for destination
1865 * VSI if filter destination was VSI
1866 */
1867 if (fltr->dest_vsi) {
1868 if (fltr->dest_vsi->type == ICE_VSI_CHNL) {
1869 fltr->dest_vsi->num_chnl_fltr--;
1870
1871 /* keeps track of channel filters for PF VSI */
1872 if (vsi->type == ICE_VSI_PF &&
1873 (fltr->flags & (ICE_TC_FLWR_FIELD_DST_MAC |
1874 ICE_TC_FLWR_FIELD_ENC_DST_MAC)))
1875 pf->num_dmac_chnl_fltrs--;
1876 }
1877 }
1878 return 0;
1879 }
1880
1881 /**
1882 * ice_add_tc_fltr - adds a TC flower filter
1883 * @netdev: Pointer to netdev
1884 * @vsi: Pointer to VSI
1885 * @f: Pointer to flower offload structure
1886 * @__fltr: Pointer to struct ice_tc_flower_fltr
1887 *
1888 * This function parses TC-flower input fields, parses action,
1889 * and adds a filter.
1890 */
1891 static int
ice_add_tc_fltr(struct net_device * netdev,struct ice_vsi * vsi,struct flow_cls_offload * f,struct ice_tc_flower_fltr ** __fltr)1892 ice_add_tc_fltr(struct net_device *netdev, struct ice_vsi *vsi,
1893 struct flow_cls_offload *f,
1894 struct ice_tc_flower_fltr **__fltr)
1895 {
1896 struct ice_tc_flower_fltr *fltr;
1897 int err;
1898
1899 /* by default, set output to be INVALID */
1900 *__fltr = NULL;
1901
1902 fltr = kzalloc(sizeof(*fltr), GFP_KERNEL);
1903 if (!fltr)
1904 return -ENOMEM;
1905
1906 fltr->cookie = f->cookie;
1907 fltr->extack = f->common.extack;
1908 fltr->src_vsi = vsi;
1909 INIT_HLIST_NODE(&fltr->tc_flower_node);
1910
1911 err = ice_parse_cls_flower(netdev, vsi, f, fltr);
1912 if (err < 0)
1913 goto err;
1914
1915 err = ice_parse_tc_flower_actions(netdev, vsi, f, fltr);
1916 if (err < 0)
1917 goto err;
1918
1919 err = ice_add_switch_fltr(vsi, fltr);
1920 if (err < 0)
1921 goto err;
1922
1923 /* return the newly created filter */
1924 *__fltr = fltr;
1925
1926 return 0;
1927 err:
1928 kfree(fltr);
1929 return err;
1930 }
1931
1932 /**
1933 * ice_find_tc_flower_fltr - Find the TC flower filter in the list
1934 * @pf: Pointer to PF
1935 * @cookie: filter specific cookie
1936 */
1937 static struct ice_tc_flower_fltr *
ice_find_tc_flower_fltr(struct ice_pf * pf,unsigned long cookie)1938 ice_find_tc_flower_fltr(struct ice_pf *pf, unsigned long cookie)
1939 {
1940 struct ice_tc_flower_fltr *fltr;
1941
1942 hlist_for_each_entry(fltr, &pf->tc_flower_fltr_list, tc_flower_node)
1943 if (cookie == fltr->cookie)
1944 return fltr;
1945
1946 return NULL;
1947 }
1948
1949 /**
1950 * ice_add_cls_flower - add TC flower filters
1951 * @netdev: Pointer to filter device
1952 * @vsi: Pointer to VSI
1953 * @cls_flower: Pointer to flower offload structure
1954 */
1955 int
ice_add_cls_flower(struct net_device * netdev,struct ice_vsi * vsi,struct flow_cls_offload * cls_flower)1956 ice_add_cls_flower(struct net_device *netdev, struct ice_vsi *vsi,
1957 struct flow_cls_offload *cls_flower)
1958 {
1959 struct netlink_ext_ack *extack = cls_flower->common.extack;
1960 struct net_device *vsi_netdev = vsi->netdev;
1961 struct ice_tc_flower_fltr *fltr;
1962 struct ice_pf *pf = vsi->back;
1963 int err;
1964
1965 if (ice_is_reset_in_progress(pf->state))
1966 return -EBUSY;
1967 if (test_bit(ICE_FLAG_FW_LLDP_AGENT, pf->flags))
1968 return -EINVAL;
1969
1970 if (ice_is_port_repr_netdev(netdev))
1971 vsi_netdev = netdev;
1972
1973 if (!(vsi_netdev->features & NETIF_F_HW_TC) &&
1974 !test_bit(ICE_FLAG_CLS_FLOWER, pf->flags)) {
1975 /* Based on TC indirect notifications from kernel, all ice
1976 * devices get an instance of rule from higher level device.
1977 * Avoid triggering explicit error in this case.
1978 */
1979 if (netdev == vsi_netdev)
1980 NL_SET_ERR_MSG_MOD(extack, "can't apply TC flower filters, turn ON hw-tc-offload and try again");
1981 return -EINVAL;
1982 }
1983
1984 /* avoid duplicate entries, if exists - return error */
1985 fltr = ice_find_tc_flower_fltr(pf, cls_flower->cookie);
1986 if (fltr) {
1987 NL_SET_ERR_MSG_MOD(extack, "filter cookie already exists, ignoring");
1988 return -EEXIST;
1989 }
1990
1991 /* prep and add TC-flower filter in HW */
1992 err = ice_add_tc_fltr(netdev, vsi, cls_flower, &fltr);
1993 if (err)
1994 return err;
1995
1996 /* add filter into an ordered list */
1997 hlist_add_head(&fltr->tc_flower_node, &pf->tc_flower_fltr_list);
1998 return 0;
1999 }
2000
2001 /**
2002 * ice_del_cls_flower - delete TC flower filters
2003 * @vsi: Pointer to VSI
2004 * @cls_flower: Pointer to struct flow_cls_offload
2005 */
2006 int
ice_del_cls_flower(struct ice_vsi * vsi,struct flow_cls_offload * cls_flower)2007 ice_del_cls_flower(struct ice_vsi *vsi, struct flow_cls_offload *cls_flower)
2008 {
2009 struct ice_tc_flower_fltr *fltr;
2010 struct ice_pf *pf = vsi->back;
2011 int err;
2012
2013 /* find filter */
2014 fltr = ice_find_tc_flower_fltr(pf, cls_flower->cookie);
2015 if (!fltr) {
2016 if (!test_bit(ICE_FLAG_TC_MQPRIO, pf->flags) &&
2017 hlist_empty(&pf->tc_flower_fltr_list))
2018 return 0;
2019
2020 NL_SET_ERR_MSG_MOD(cls_flower->common.extack, "failed to delete TC flower filter because unable to find it");
2021 return -EINVAL;
2022 }
2023
2024 fltr->extack = cls_flower->common.extack;
2025 /* delete filter from HW */
2026 err = ice_del_tc_fltr(vsi, fltr);
2027 if (err)
2028 return err;
2029
2030 /* delete filter from an ordered list */
2031 hlist_del(&fltr->tc_flower_node);
2032
2033 /* free the filter node */
2034 kfree(fltr);
2035
2036 return 0;
2037 }
2038
2039 /**
2040 * ice_replay_tc_fltrs - replay TC filters
2041 * @pf: pointer to PF struct
2042 */
ice_replay_tc_fltrs(struct ice_pf * pf)2043 void ice_replay_tc_fltrs(struct ice_pf *pf)
2044 {
2045 struct ice_tc_flower_fltr *fltr;
2046 struct hlist_node *node;
2047
2048 hlist_for_each_entry_safe(fltr, node,
2049 &pf->tc_flower_fltr_list,
2050 tc_flower_node) {
2051 fltr->extack = NULL;
2052 ice_add_switch_fltr(fltr->src_vsi, fltr);
2053 }
2054 }
2055