This source file includes following definitions.
- mlx5e_get_tc_tun
- get_route_and_out_devs
- mlx5e_route_lookup_ipv4
- mlx5e_netdev_kind
- mlx5e_route_lookup_ipv6
- mlx5e_gen_ip_tunnel_header
- gen_eth_tnl_hdr
- mlx5e_tc_tun_create_header_ipv4
- mlx5e_tc_tun_create_header_ipv6
- mlx5e_tc_tun_device_to_offload
- mlx5e_tc_tun_init_encap_attr
- mlx5e_tc_tun_parse
- mlx5e_tc_tun_parse_udp_ports
1
2
3
4 #include <net/vxlan.h>
5 #include <net/gre.h>
6 #include <net/geneve.h>
7 #include "en/tc_tun.h"
8 #include "en_tc.h"
9
10 struct mlx5e_tc_tunnel *mlx5e_get_tc_tun(struct net_device *tunnel_dev)
11 {
12 if (netif_is_vxlan(tunnel_dev))
13 return &vxlan_tunnel;
14 else if (netif_is_geneve(tunnel_dev))
15 return &geneve_tunnel;
16 else if (netif_is_gretap(tunnel_dev) ||
17 netif_is_ip6gretap(tunnel_dev))
18 return &gre_tunnel;
19 else
20 return NULL;
21 }
22
23 static int get_route_and_out_devs(struct mlx5e_priv *priv,
24 struct net_device *dev,
25 struct net_device **route_dev,
26 struct net_device **out_dev)
27 {
28 struct net_device *uplink_dev, *uplink_upper, *real_dev;
29 struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
30 bool dst_is_lag_dev;
31
32 real_dev = is_vlan_dev(dev) ? vlan_dev_real_dev(dev) : dev;
33 uplink_dev = mlx5_eswitch_uplink_get_proto_dev(esw, REP_ETH);
34
35 rcu_read_lock();
36 uplink_upper = netdev_master_upper_dev_get_rcu(uplink_dev);
37
38
39
40
41 if (uplink_upper)
42 dev_hold(uplink_upper);
43 rcu_read_unlock();
44
45 dst_is_lag_dev = (uplink_upper &&
46 netif_is_lag_master(uplink_upper) &&
47 real_dev == uplink_upper &&
48 mlx5_lag_is_sriov(priv->mdev));
49 if (uplink_upper)
50 dev_put(uplink_upper);
51
52
53
54
55 *route_dev = dev;
56 if (!netdev_port_same_parent_id(priv->netdev, real_dev) ||
57 dst_is_lag_dev || is_vlan_dev(*route_dev))
58 *out_dev = uplink_dev;
59 else if (mlx5e_eswitch_rep(dev) &&
60 mlx5e_is_valid_eswitch_fwd_dev(priv, dev))
61 *out_dev = *route_dev;
62 else
63 return -EOPNOTSUPP;
64
65 if (!(mlx5e_eswitch_rep(*out_dev) &&
66 mlx5e_is_uplink_rep(netdev_priv(*out_dev))))
67 return -EOPNOTSUPP;
68
69 return 0;
70 }
71
72 static int mlx5e_route_lookup_ipv4(struct mlx5e_priv *priv,
73 struct net_device *mirred_dev,
74 struct net_device **out_dev,
75 struct net_device **route_dev,
76 struct flowi4 *fl4,
77 struct neighbour **out_n,
78 u8 *out_ttl)
79 {
80 struct rtable *rt;
81 struct neighbour *n = NULL;
82
83 #if IS_ENABLED(CONFIG_INET)
84 struct mlx5_core_dev *mdev = priv->mdev;
85 struct net_device *uplink_dev;
86 int ret;
87
88 if (mlx5_lag_is_multipath(mdev)) {
89 struct mlx5_eswitch *esw = mdev->priv.eswitch;
90
91 uplink_dev = mlx5_eswitch_uplink_get_proto_dev(esw, REP_ETH);
92 fl4->flowi4_oif = uplink_dev->ifindex;
93 }
94
95 rt = ip_route_output_key(dev_net(mirred_dev), fl4);
96 ret = PTR_ERR_OR_ZERO(rt);
97 if (ret)
98 return ret;
99
100 if (mlx5_lag_is_multipath(mdev) && rt->rt_gw_family != AF_INET) {
101 ip_rt_put(rt);
102 return -ENETUNREACH;
103 }
104 #else
105 return -EOPNOTSUPP;
106 #endif
107
108 ret = get_route_and_out_devs(priv, rt->dst.dev, route_dev, out_dev);
109 if (ret < 0) {
110 ip_rt_put(rt);
111 return ret;
112 }
113
114 if (!(*out_ttl))
115 *out_ttl = ip4_dst_hoplimit(&rt->dst);
116 n = dst_neigh_lookup(&rt->dst, &fl4->daddr);
117 ip_rt_put(rt);
118 if (!n)
119 return -ENOMEM;
120
121 *out_n = n;
122 return 0;
123 }
124
125 static const char *mlx5e_netdev_kind(struct net_device *dev)
126 {
127 if (dev->rtnl_link_ops)
128 return dev->rtnl_link_ops->kind;
129 else
130 return "unknown";
131 }
132
133 static int mlx5e_route_lookup_ipv6(struct mlx5e_priv *priv,
134 struct net_device *mirred_dev,
135 struct net_device **out_dev,
136 struct net_device **route_dev,
137 struct flowi6 *fl6,
138 struct neighbour **out_n,
139 u8 *out_ttl)
140 {
141 struct neighbour *n = NULL;
142 struct dst_entry *dst;
143
144 #if IS_ENABLED(CONFIG_INET) && IS_ENABLED(CONFIG_IPV6)
145 int ret;
146
147 dst = ipv6_stub->ipv6_dst_lookup_flow(dev_net(mirred_dev), NULL, fl6,
148 NULL);
149 if (IS_ERR(dst))
150 return PTR_ERR(dst);
151
152 if (!(*out_ttl))
153 *out_ttl = ip6_dst_hoplimit(dst);
154
155 ret = get_route_and_out_devs(priv, dst->dev, route_dev, out_dev);
156 if (ret < 0) {
157 dst_release(dst);
158 return ret;
159 }
160 #else
161 return -EOPNOTSUPP;
162 #endif
163
164 n = dst_neigh_lookup(dst, &fl6->daddr);
165 dst_release(dst);
166 if (!n)
167 return -ENOMEM;
168
169 *out_n = n;
170 return 0;
171 }
172
173 static int mlx5e_gen_ip_tunnel_header(char buf[], __u8 *ip_proto,
174 struct mlx5e_encap_entry *e)
175 {
176 if (!e->tunnel) {
177 pr_warn("mlx5: Cannot generate tunnel header for this tunnel\n");
178 return -EOPNOTSUPP;
179 }
180
181 return e->tunnel->generate_ip_tun_hdr(buf, ip_proto, e);
182 }
183
184 static char *gen_eth_tnl_hdr(char *buf, struct net_device *dev,
185 struct mlx5e_encap_entry *e,
186 u16 proto)
187 {
188 struct ethhdr *eth = (struct ethhdr *)buf;
189 char *ip;
190
191 ether_addr_copy(eth->h_dest, e->h_dest);
192 ether_addr_copy(eth->h_source, dev->dev_addr);
193 if (is_vlan_dev(dev)) {
194 struct vlan_hdr *vlan = (struct vlan_hdr *)
195 ((char *)eth + ETH_HLEN);
196 ip = (char *)vlan + VLAN_HLEN;
197 eth->h_proto = vlan_dev_vlan_proto(dev);
198 vlan->h_vlan_TCI = htons(vlan_dev_vlan_id(dev));
199 vlan->h_vlan_encapsulated_proto = htons(proto);
200 } else {
201 eth->h_proto = htons(proto);
202 ip = (char *)eth + ETH_HLEN;
203 }
204
205 return ip;
206 }
207
208 int mlx5e_tc_tun_create_header_ipv4(struct mlx5e_priv *priv,
209 struct net_device *mirred_dev,
210 struct mlx5e_encap_entry *e)
211 {
212 int max_encap_size = MLX5_CAP_ESW(priv->mdev, max_encap_header_size);
213 const struct ip_tunnel_key *tun_key = &e->tun_info->key;
214 struct net_device *out_dev, *route_dev;
215 struct neighbour *n = NULL;
216 struct flowi4 fl4 = {};
217 int ipv4_encap_size;
218 char *encap_header;
219 u8 nud_state, ttl;
220 struct iphdr *ip;
221 int err;
222
223
224 fl4.flowi4_tos = tun_key->tos;
225 fl4.daddr = tun_key->u.ipv4.dst;
226 fl4.saddr = tun_key->u.ipv4.src;
227 ttl = tun_key->ttl;
228
229 err = mlx5e_route_lookup_ipv4(priv, mirred_dev, &out_dev, &route_dev,
230 &fl4, &n, &ttl);
231 if (err)
232 return err;
233
234 ipv4_encap_size =
235 (is_vlan_dev(route_dev) ? VLAN_ETH_HLEN : ETH_HLEN) +
236 sizeof(struct iphdr) +
237 e->tunnel->calc_hlen(e);
238
239 if (max_encap_size < ipv4_encap_size) {
240 mlx5_core_warn(priv->mdev, "encap size %d too big, max supported is %d\n",
241 ipv4_encap_size, max_encap_size);
242 err = -EOPNOTSUPP;
243 goto out;
244 }
245
246 encap_header = kzalloc(ipv4_encap_size, GFP_KERNEL);
247 if (!encap_header) {
248 err = -ENOMEM;
249 goto out;
250 }
251
252
253
254
255 e->m_neigh.dev = n->dev;
256 e->m_neigh.family = n->ops->family;
257 memcpy(&e->m_neigh.dst_ip, n->primary_key, n->tbl->key_len);
258 e->out_dev = out_dev;
259 e->route_dev = route_dev;
260
261
262
263
264
265
266 err = mlx5e_rep_encap_entry_attach(netdev_priv(out_dev), e);
267 if (err)
268 goto free_encap;
269
270 read_lock_bh(&n->lock);
271 nud_state = n->nud_state;
272 ether_addr_copy(e->h_dest, n->ha);
273 read_unlock_bh(&n->lock);
274
275
276 ip = (struct iphdr *)gen_eth_tnl_hdr(encap_header, route_dev, e,
277 ETH_P_IP);
278
279
280 ip->tos = tun_key->tos;
281 ip->version = 0x4;
282 ip->ihl = 0x5;
283 ip->ttl = ttl;
284 ip->daddr = fl4.daddr;
285 ip->saddr = fl4.saddr;
286
287
288 err = mlx5e_gen_ip_tunnel_header((char *)ip + sizeof(struct iphdr),
289 &ip->protocol, e);
290 if (err)
291 goto destroy_neigh_entry;
292
293 e->encap_size = ipv4_encap_size;
294 e->encap_header = encap_header;
295
296 if (!(nud_state & NUD_VALID)) {
297 neigh_event_send(n, NULL);
298
299
300
301 goto out;
302 }
303 e->pkt_reformat = mlx5_packet_reformat_alloc(priv->mdev,
304 e->reformat_type,
305 ipv4_encap_size, encap_header,
306 MLX5_FLOW_NAMESPACE_FDB);
307 if (IS_ERR(e->pkt_reformat)) {
308 err = PTR_ERR(e->pkt_reformat);
309 goto destroy_neigh_entry;
310 }
311
312 e->flags |= MLX5_ENCAP_ENTRY_VALID;
313 mlx5e_rep_queue_neigh_stats_work(netdev_priv(out_dev));
314 neigh_release(n);
315 return err;
316
317 destroy_neigh_entry:
318 mlx5e_rep_encap_entry_detach(netdev_priv(e->out_dev), e);
319 free_encap:
320 kfree(encap_header);
321 out:
322 if (n)
323 neigh_release(n);
324 return err;
325 }
326
327 int mlx5e_tc_tun_create_header_ipv6(struct mlx5e_priv *priv,
328 struct net_device *mirred_dev,
329 struct mlx5e_encap_entry *e)
330 {
331 int max_encap_size = MLX5_CAP_ESW(priv->mdev, max_encap_header_size);
332 const struct ip_tunnel_key *tun_key = &e->tun_info->key;
333 struct net_device *out_dev, *route_dev;
334 struct neighbour *n = NULL;
335 struct flowi6 fl6 = {};
336 struct ipv6hdr *ip6h;
337 int ipv6_encap_size;
338 char *encap_header;
339 u8 nud_state, ttl;
340 int err;
341
342 ttl = tun_key->ttl;
343
344 fl6.flowlabel = ip6_make_flowinfo(RT_TOS(tun_key->tos), tun_key->label);
345 fl6.daddr = tun_key->u.ipv6.dst;
346 fl6.saddr = tun_key->u.ipv6.src;
347
348 err = mlx5e_route_lookup_ipv6(priv, mirred_dev, &out_dev, &route_dev,
349 &fl6, &n, &ttl);
350 if (err)
351 return err;
352
353 ipv6_encap_size =
354 (is_vlan_dev(route_dev) ? VLAN_ETH_HLEN : ETH_HLEN) +
355 sizeof(struct ipv6hdr) +
356 e->tunnel->calc_hlen(e);
357
358 if (max_encap_size < ipv6_encap_size) {
359 mlx5_core_warn(priv->mdev, "encap size %d too big, max supported is %d\n",
360 ipv6_encap_size, max_encap_size);
361 err = -EOPNOTSUPP;
362 goto out;
363 }
364
365 encap_header = kzalloc(ipv6_encap_size, GFP_KERNEL);
366 if (!encap_header) {
367 err = -ENOMEM;
368 goto out;
369 }
370
371
372
373
374 e->m_neigh.dev = n->dev;
375 e->m_neigh.family = n->ops->family;
376 memcpy(&e->m_neigh.dst_ip, n->primary_key, n->tbl->key_len);
377 e->out_dev = out_dev;
378 e->route_dev = route_dev;
379
380
381
382
383
384
385 err = mlx5e_rep_encap_entry_attach(netdev_priv(out_dev), e);
386 if (err)
387 goto free_encap;
388
389 read_lock_bh(&n->lock);
390 nud_state = n->nud_state;
391 ether_addr_copy(e->h_dest, n->ha);
392 read_unlock_bh(&n->lock);
393
394
395 ip6h = (struct ipv6hdr *)gen_eth_tnl_hdr(encap_header, route_dev, e,
396 ETH_P_IPV6);
397
398
399 ip6_flow_hdr(ip6h, tun_key->tos, 0);
400
401 ip6h->hop_limit = ttl;
402 ip6h->daddr = fl6.daddr;
403 ip6h->saddr = fl6.saddr;
404
405
406 err = mlx5e_gen_ip_tunnel_header((char *)ip6h + sizeof(struct ipv6hdr),
407 &ip6h->nexthdr, e);
408 if (err)
409 goto destroy_neigh_entry;
410
411 e->encap_size = ipv6_encap_size;
412 e->encap_header = encap_header;
413
414 if (!(nud_state & NUD_VALID)) {
415 neigh_event_send(n, NULL);
416
417
418
419 goto out;
420 }
421
422 e->pkt_reformat = mlx5_packet_reformat_alloc(priv->mdev,
423 e->reformat_type,
424 ipv6_encap_size, encap_header,
425 MLX5_FLOW_NAMESPACE_FDB);
426 if (IS_ERR(e->pkt_reformat)) {
427 err = PTR_ERR(e->pkt_reformat);
428 goto destroy_neigh_entry;
429 }
430
431 e->flags |= MLX5_ENCAP_ENTRY_VALID;
432 mlx5e_rep_queue_neigh_stats_work(netdev_priv(out_dev));
433 neigh_release(n);
434 return err;
435
436 destroy_neigh_entry:
437 mlx5e_rep_encap_entry_detach(netdev_priv(e->out_dev), e);
438 free_encap:
439 kfree(encap_header);
440 out:
441 if (n)
442 neigh_release(n);
443 return err;
444 }
445
446 bool mlx5e_tc_tun_device_to_offload(struct mlx5e_priv *priv,
447 struct net_device *netdev)
448 {
449 struct mlx5e_tc_tunnel *tunnel = mlx5e_get_tc_tun(netdev);
450
451 if (tunnel && tunnel->can_offload(priv))
452 return true;
453 else
454 return false;
455 }
456
457 int mlx5e_tc_tun_init_encap_attr(struct net_device *tunnel_dev,
458 struct mlx5e_priv *priv,
459 struct mlx5e_encap_entry *e,
460 struct netlink_ext_ack *extack)
461 {
462 struct mlx5e_tc_tunnel *tunnel = mlx5e_get_tc_tun(tunnel_dev);
463
464 if (!tunnel) {
465 e->reformat_type = -1;
466 return -EOPNOTSUPP;
467 }
468
469 return tunnel->init_encap_attr(tunnel_dev, priv, e, extack);
470 }
471
472 int mlx5e_tc_tun_parse(struct net_device *filter_dev,
473 struct mlx5e_priv *priv,
474 struct mlx5_flow_spec *spec,
475 struct flow_cls_offload *f,
476 void *headers_c,
477 void *headers_v, u8 *match_level)
478 {
479 struct mlx5e_tc_tunnel *tunnel = mlx5e_get_tc_tun(filter_dev);
480 int err = 0;
481
482 if (!tunnel) {
483 netdev_warn(priv->netdev,
484 "decapsulation offload is not supported for %s net device\n",
485 mlx5e_netdev_kind(filter_dev));
486 err = -EOPNOTSUPP;
487 goto out;
488 }
489
490 *match_level = tunnel->match_level;
491
492 if (tunnel->parse_udp_ports) {
493 err = tunnel->parse_udp_ports(priv, spec, f,
494 headers_c, headers_v);
495 if (err)
496 goto out;
497 }
498
499 if (tunnel->parse_tunnel) {
500 err = tunnel->parse_tunnel(priv, spec, f,
501 headers_c, headers_v);
502 if (err)
503 goto out;
504 }
505
506 out:
507 return err;
508 }
509
510 int mlx5e_tc_tun_parse_udp_ports(struct mlx5e_priv *priv,
511 struct mlx5_flow_spec *spec,
512 struct flow_cls_offload *f,
513 void *headers_c,
514 void *headers_v)
515 {
516 struct flow_rule *rule = flow_cls_offload_flow_rule(f);
517 struct netlink_ext_ack *extack = f->common.extack;
518 struct flow_match_ports enc_ports;
519
520
521
522 if (!flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_PORTS)) {
523 NL_SET_ERR_MSG_MOD(extack,
524 "UDP tunnel decap filter must include enc_dst_port condition");
525 netdev_warn(priv->netdev,
526 "UDP tunnel decap filter must include enc_dst_port condition\n");
527 return -EOPNOTSUPP;
528 }
529
530 flow_rule_match_enc_ports(rule, &enc_ports);
531
532 if (memchr_inv(&enc_ports.mask->dst, 0xff,
533 sizeof(enc_ports.mask->dst))) {
534 NL_SET_ERR_MSG_MOD(extack,
535 "UDP tunnel decap filter must match enc_dst_port fully");
536 netdev_warn(priv->netdev,
537 "UDP tunnel decap filter must match enc_dst_port fully\n");
538 return -EOPNOTSUPP;
539 }
540
541
542
543 MLX5_SET_TO_ONES(fte_match_set_lyr_2_4, headers_c, ip_protocol);
544 MLX5_SET(fte_match_set_lyr_2_4, headers_v, ip_protocol, IPPROTO_UDP);
545
546 MLX5_SET(fte_match_set_lyr_2_4, headers_c, udp_dport,
547 ntohs(enc_ports.mask->dst));
548 MLX5_SET(fte_match_set_lyr_2_4, headers_v, udp_dport,
549 ntohs(enc_ports.key->dst));
550
551
552
553
554
555
556 MLX5_SET(fte_match_set_lyr_2_4, headers_c, udp_sport,
557 ntohs(enc_ports.mask->src));
558 MLX5_SET(fte_match_set_lyr_2_4, headers_v, udp_sport,
559 ntohs(enc_ports.key->src));
560
561 return 0;
562 }