LXR linux/drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun

   1// SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB
   2/* Copyright (c) 2018 Mellanox Technologies. */
   3
   4#include <net/geneve.h>
   5#include "lib/geneve.h"
   6#include "en/tc_tun.h"
   7
   8#define MLX5E_GENEVE_VER 0
   9
  10static bool mlx5e_tc_tun_can_offload_geneve(struct mlx5e_priv *priv)
  11{
  12        return !!(MLX5_CAP_GEN(priv->mdev, flex_parser_protocols) & MLX5_FLEX_PROTO_GENEVE);
  13}
  14
  15static int mlx5e_tc_tun_calc_hlen_geneve(struct mlx5e_encap_entry *e)
  16{
  17        return sizeof(struct udphdr) +
  18               sizeof(struct genevehdr) +
  19               e->tun_info->options_len;
  20}
  21
  22static int mlx5e_tc_tun_check_udp_dport_geneve(struct mlx5e_priv *priv,
  23                                               struct flow_cls_offload *f)
  24{
  25        struct flow_rule *rule = flow_cls_offload_flow_rule(f);
  26        struct netlink_ext_ack *extack = f->common.extack;
  27        struct flow_match_ports enc_ports;
  28
  29        if (!flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_PORTS))
  30                return -EOPNOTSUPP;
  31
  32        flow_rule_match_enc_ports(rule, &enc_ports);
  33
  34        /* Currently we support only default GENEVE
  35         * port, so udp dst port must match.
  36         */
  37        if (be16_to_cpu(enc_ports.key->dst) != GENEVE_UDP_PORT) {
  38                NL_SET_ERR_MSG_MOD(extack,
  39                                   "Matched UDP dst port is not registered as a GENEVE port");
  40                netdev_warn(priv->netdev,
  41                            "UDP port %d is not registered as a GENEVE port\n",
  42                            be16_to_cpu(enc_ports.key->dst));
  43                return -EOPNOTSUPP;
  44        }
  45
  46        return 0;
  47}
  48
  49static int mlx5e_tc_tun_parse_udp_ports_geneve(struct mlx5e_priv *priv,
  50                                               struct mlx5_flow_spec *spec,
  51                                               struct flow_cls_offload *f,
  52                                               void *headers_c,
  53                                               void *headers_v)
  54{
  55        int err;
  56
  57        err = mlx5e_tc_tun_parse_udp_ports(priv, spec, f, headers_c, headers_v);
  58        if (err)
  59                return err;
  60
  61        return mlx5e_tc_tun_check_udp_dport_geneve(priv, f);
  62}
  63
  64static int mlx5e_tc_tun_init_encap_attr_geneve(struct net_device *tunnel_dev,
  65                                               struct mlx5e_priv *priv,
  66                                               struct mlx5e_encap_entry *e,
  67                                               struct netlink_ext_ack *extack)
  68{
  69        e->tunnel = &geneve_tunnel;
  70
  71        /* Reformat type for GENEVE encap is similar to VXLAN:
  72         * in both cases the HW adds in the same place a
  73         * defined encapsulation header that the SW provides.
  74         */
  75        e->reformat_type = MLX5_REFORMAT_TYPE_L2_TO_VXLAN;
  76        return 0;
  77}
  78
  79static void mlx5e_tunnel_id_to_vni(__be64 tun_id, __u8 *vni)
  80{
  81#ifdef __BIG_ENDIAN
  82        vni[0] = (__force __u8)(tun_id >> 16);
  83        vni[1] = (__force __u8)(tun_id >> 8);
  84        vni[2] = (__force __u8)tun_id;
  85#else
  86        vni[0] = (__force __u8)((__force u64)tun_id >> 40);
  87        vni[1] = (__force __u8)((__force u64)tun_id >> 48);
  88        vni[2] = (__force __u8)((__force u64)tun_id >> 56);
  89#endif
  90}
  91
  92static int mlx5e_gen_ip_tunnel_header_geneve(char buf[],
  93                                             __u8 *ip_proto,
  94                                             struct mlx5e_encap_entry *e)
  95{
  96        const struct ip_tunnel_info *tun_info = e->tun_info;
  97        struct udphdr *udp = (struct udphdr *)(buf);
  98        struct genevehdr *geneveh;
  99
 100        geneveh = (struct genevehdr *)((char *)udp + sizeof(struct udphdr));
 101
 102        *ip_proto = IPPROTO_UDP;
 103
 104        udp->dest = tun_info->key.tp_dst;
 105
 106        memset(geneveh, 0, sizeof(*geneveh));
 107        geneveh->ver = MLX5E_GENEVE_VER;
 108        geneveh->opt_len = tun_info->options_len / 4;
 109        geneveh->oam = !!(tun_info->key.tun_flags & TUNNEL_OAM);
 110        geneveh->critical = !!(tun_info->key.tun_flags & TUNNEL_CRIT_OPT);
 111        mlx5e_tunnel_id_to_vni(tun_info->key.tun_id, geneveh->vni);
 112        geneveh->proto_type = htons(ETH_P_TEB);
 113
 114        if (tun_info->key.tun_flags & TUNNEL_GENEVE_OPT) {
 115                if (!geneveh->opt_len)
 116                        return -EOPNOTSUPP;
 117                ip_tunnel_info_opts_get(geneveh->options, tun_info);
 118        }
 119
 120        return 0;
 121}
 122
 123static int mlx5e_tc_tun_parse_geneve_vni(struct mlx5e_priv *priv,
 124                                         struct mlx5_flow_spec *spec,
 125                                         struct flow_cls_offload *f)
 126{
 127        struct flow_rule *rule = flow_cls_offload_flow_rule(f);
 128        struct netlink_ext_ack *extack = f->common.extack;
 129        struct flow_match_enc_keyid enc_keyid;
 130        void *misc_c, *misc_v;
 131
 132        misc_c = MLX5_ADDR_OF(fte_match_param, spec->match_criteria, misc_parameters);
 133        misc_v = MLX5_ADDR_OF(fte_match_param, spec->match_value, misc_parameters);
 134
 135        if (!flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_KEYID))
 136                return 0;
 137
 138        flow_rule_match_enc_keyid(rule, &enc_keyid);
 139
 140        if (!enc_keyid.mask->keyid)
 141                return 0;
 142
 143        if (!MLX5_CAP_ESW_FLOWTABLE_FDB(priv->mdev, ft_field_support.outer_geneve_vni)) {
 144                NL_SET_ERR_MSG_MOD(extack, "Matching on GENEVE VNI is not supported");
 145                netdev_warn(priv->netdev, "Matching on GENEVE VNI is not supported\n");
 146                return -EOPNOTSUPP;
 147        }
 148
 149        MLX5_SET(fte_match_set_misc, misc_c, geneve_vni, be32_to_cpu(enc_keyid.mask->keyid));
 150        MLX5_SET(fte_match_set_misc, misc_v, geneve_vni, be32_to_cpu(enc_keyid.key->keyid));
 151
 152        return 0;
 153}
 154
 155static int mlx5e_tc_tun_parse_geneve_options(struct mlx5e_priv *priv,
 156                                             struct mlx5_flow_spec *spec,
 157                                             struct flow_cls_offload *f)
 158{
 159        u8 max_tlv_option_data_len = MLX5_CAP_GEN(priv->mdev, max_geneve_tlv_option_data_len);
 160        u8 max_tlv_options = MLX5_CAP_GEN(priv->mdev, max_geneve_tlv_options);
 161        struct flow_rule *rule = flow_cls_offload_flow_rule(f);
 162        struct netlink_ext_ack *extack = f->common.extack;
 163        void *misc_c, *misc_v, *misc_3_c, *misc_3_v;
 164        struct geneve_opt *option_key, *option_mask;
 165        __be32 opt_data_key = 0, opt_data_mask = 0;
 166        struct flow_match_enc_opts enc_opts;
 167        int res = 0;
 168
 169        misc_c = MLX5_ADDR_OF(fte_match_param, spec->match_criteria, misc_parameters);
 170        misc_v = MLX5_ADDR_OF(fte_match_param, spec->match_value, misc_parameters);
 171        misc_3_c = MLX5_ADDR_OF(fte_match_param, spec->match_criteria, misc_parameters_3);
 172        misc_3_v = MLX5_ADDR_OF(fte_match_param, spec->match_value, misc_parameters_3);
 173
 174        if (!flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_OPTS))
 175                return 0;
 176
 177        flow_rule_match_enc_opts(rule, &enc_opts);
 178
 179        if (memchr_inv(&enc_opts.mask->data, 0, sizeof(enc_opts.mask->data)) &&
 180            !MLX5_CAP_ESW_FLOWTABLE_FDB(priv->mdev,
 181                                        ft_field_support.geneve_tlv_option_0_data)) {
 182                NL_SET_ERR_MSG_MOD(extack,
 183                                   "Matching on GENEVE options is not supported");
 184                netdev_warn(priv->netdev,
 185                            "Matching on GENEVE options is not supported\n");
 186                return -EOPNOTSUPP;
 187        }
 188
 189        /* make sure that we're talking about GENEVE options */
 190
 191        if (enc_opts.key->dst_opt_type != TUNNEL_GENEVE_OPT) {
 192                NL_SET_ERR_MSG_MOD(extack,
 193                                   "Matching on GENEVE options: option type is not GENEVE");
 194                netdev_warn(priv->netdev,
 195                            "Matching on GENEVE options: option type is not GENEVE\n");
 196                return -EOPNOTSUPP;
 197        }
 198
 199        if (enc_opts.mask->len &&
 200            !MLX5_CAP_ESW_FLOWTABLE_FDB(priv->mdev,
 201                                        ft_field_support.outer_geneve_opt_len)) {
 202                NL_SET_ERR_MSG_MOD(extack, "Matching on GENEVE options len is not supported");
 203                netdev_warn(priv->netdev,
 204                            "Matching on GENEVE options len is not supported\n");
 205                return -EOPNOTSUPP;
 206        }
 207
 208        /* max_geneve_tlv_option_data_len comes in multiples of 4 bytes, and it
 209         * doesn't include the TLV option header. 'geneve_opt_len' is a total
 210         * len of all the options, including the headers, also multiples of 4
 211         * bytes. Len that comes from the dissector is in bytes.
 212         */
 213
 214        if ((enc_opts.key->len / 4) > ((max_tlv_option_data_len + 1) * max_tlv_options)) {
 215                NL_SET_ERR_MSG_MOD(extack,
 216                                   "Matching on GENEVE options: unsupported options len");
 217                netdev_warn(priv->netdev,
 218                            "Matching on GENEVE options: unsupported options len (len=%d)\n",
 219                            enc_opts.key->len);
 220                return -EOPNOTSUPP;
 221        }
 222
 223        MLX5_SET(fte_match_set_misc, misc_c, geneve_opt_len, enc_opts.mask->len / 4);
 224        MLX5_SET(fte_match_set_misc, misc_v, geneve_opt_len, enc_opts.key->len / 4);
 225
 226        /* we support matching on one option only, so just get it */
 227        option_key = (struct geneve_opt *)&enc_opts.key->data[0];
 228        option_mask = (struct geneve_opt *)&enc_opts.mask->data[0];
 229
 230        if (option_mask->opt_class == 0 && option_mask->type == 0 &&
 231            !memchr_inv(option_mask->opt_data, 0, option_mask->length * 4))
 232                return 0;
 233
 234        if (option_key->length > max_tlv_option_data_len) {
 235                NL_SET_ERR_MSG_MOD(extack,
 236                                   "Matching on GENEVE options: unsupported option len");
 237                netdev_warn(priv->netdev,
 238                            "Matching on GENEVE options: unsupported option len (key=%d, mask=%d)\n",
 239                            option_key->length, option_mask->length);
 240                return -EOPNOTSUPP;
 241        }
 242
 243        /* data can't be all 0 - fail to offload such rule */
 244        if (!memchr_inv(option_key->opt_data, 0, option_key->length * 4)) {
 245                NL_SET_ERR_MSG_MOD(extack,
 246                                   "Matching on GENEVE options: can't match on 0 data field");
 247                netdev_warn(priv->netdev,
 248                            "Matching on GENEVE options: can't match on 0 data field\n");
 249                return -EOPNOTSUPP;
 250        }
 251
 252        /* add new GENEVE TLV options object */
 253        res = mlx5_geneve_tlv_option_add(priv->mdev->geneve, option_key);
 254        if (res) {
 255                NL_SET_ERR_MSG_MOD(extack,
 256                                   "Matching on GENEVE options: failed creating TLV opt object");
 257                netdev_warn(priv->netdev,
 258                            "Matching on GENEVE options: failed creating TLV opt object (class:type:len = 0x%x:0x%x:%d)\n",
 259                            be16_to_cpu(option_key->opt_class),
 260                            option_key->type, option_key->length);
 261                return res;
 262        }
 263
 264        /* In general, after creating the object, need to query it
 265         * in order to check which option data to set in misc3.
 266         * But we support only geneve_tlv_option_0_data, so no
 267         * point querying at this stage.
 268         */
 269
 270        memcpy(&opt_data_key, option_key->opt_data, option_key->length * 4);
 271        memcpy(&opt_data_mask, option_mask->opt_data, option_mask->length * 4);
 272        MLX5_SET(fte_match_set_misc3, misc_3_v,
 273                 geneve_tlv_option_0_data, be32_to_cpu(opt_data_key));
 274        MLX5_SET(fte_match_set_misc3, misc_3_c,
 275                 geneve_tlv_option_0_data, be32_to_cpu(opt_data_mask));
 276
 277        spec->match_criteria_enable |= MLX5_MATCH_MISC_PARAMETERS_3;
 278
 279        return 0;
 280}
 281
 282static int mlx5e_tc_tun_parse_geneve_params(struct mlx5e_priv *priv,
 283                                            struct mlx5_flow_spec *spec,
 284                                            struct flow_cls_offload *f)
 285{
 286        void *misc_c = MLX5_ADDR_OF(fte_match_param, spec->match_criteria, misc_parameters);
 287        void *misc_v = MLX5_ADDR_OF(fte_match_param, spec->match_value,  misc_parameters);
 288        struct netlink_ext_ack *extack = f->common.extack;
 289
 290        /* match on OAM - packets with OAM bit on should NOT be offloaded */
 291
 292        if (!MLX5_CAP_ESW_FLOWTABLE_FDB(priv->mdev, ft_field_support.outer_geneve_oam)) {
 293                NL_SET_ERR_MSG_MOD(extack, "Matching on GENEVE OAM is not supported");
 294                netdev_warn(priv->netdev, "Matching on GENEVE OAM is not supported\n");
 295                return -EOPNOTSUPP;
 296        }
 297        MLX5_SET_TO_ONES(fte_match_set_misc, misc_c, geneve_oam);
 298        MLX5_SET(fte_match_set_misc, misc_v, geneve_oam, 0);
 299
 300        /* Match on GENEVE protocol. We support only Transparent Eth Bridge. */
 301
 302        if (MLX5_CAP_ESW_FLOWTABLE_FDB(priv->mdev,
 303                                       ft_field_support.outer_geneve_protocol_type)) {
 304                MLX5_SET_TO_ONES(fte_match_set_misc, misc_c, geneve_protocol_type);
 305                MLX5_SET(fte_match_set_misc, misc_v, geneve_protocol_type, ETH_P_TEB);
 306        }
 307
 308        spec->match_criteria_enable |= MLX5_MATCH_MISC_PARAMETERS;
 309
 310        return 0;
 311}
 312
 313static int mlx5e_tc_tun_parse_geneve(struct mlx5e_priv *priv,
 314                                     struct mlx5_flow_spec *spec,
 315                                     struct flow_cls_offload *f,
 316                                     void *headers_c,
 317                                     void *headers_v)
 318{
 319        int err;
 320
 321        err = mlx5e_tc_tun_parse_geneve_params(priv, spec, f);
 322        if (err)
 323                return err;
 324
 325        err = mlx5e_tc_tun_parse_geneve_vni(priv, spec, f);
 326        if (err)
 327                return err;
 328
 329        return mlx5e_tc_tun_parse_geneve_options(priv, spec, f);
 330}
 331
 332static bool mlx5e_tc_tun_encap_info_equal_geneve(struct mlx5e_encap_key *a,
 333                                                 struct mlx5e_encap_key *b)
 334{
 335        struct ip_tunnel_info *a_info;
 336        struct ip_tunnel_info *b_info;
 337        bool a_has_opts, b_has_opts;
 338
 339        if (!mlx5e_tc_tun_encap_info_equal_generic(a, b))
 340                return false;
 341
 342        a_has_opts = !!(a->ip_tun_key->tun_flags & TUNNEL_GENEVE_OPT);
 343        b_has_opts = !!(b->ip_tun_key->tun_flags & TUNNEL_GENEVE_OPT);
 344
 345        /* keys are equal when both don't have any options attached */
 346        if (!a_has_opts && !b_has_opts)
 347                return true;
 348
 349        if (a_has_opts != b_has_opts)
 350                return false;
 351
 352        /* geneve options stored in memory next to ip_tunnel_info struct */
 353        a_info = container_of(a->ip_tun_key, struct ip_tunnel_info, key);
 354        b_info = container_of(b->ip_tun_key, struct ip_tunnel_info, key);
 355
 356        return a_info->options_len == b_info->options_len &&
 357                memcmp(a_info + 1, b_info + 1, a_info->options_len) == 0;
 358}
 359
 360struct mlx5e_tc_tunnel geneve_tunnel = {
 361        .tunnel_type          = MLX5E_TC_TUNNEL_TYPE_GENEVE,
 362        .match_level          = MLX5_MATCH_L4,
 363        .can_offload          = mlx5e_tc_tun_can_offload_geneve,
 364        .calc_hlen            = mlx5e_tc_tun_calc_hlen_geneve,
 365        .init_encap_attr      = mlx5e_tc_tun_init_encap_attr_geneve,
 366        .generate_ip_tun_hdr  = mlx5e_gen_ip_tunnel_header_geneve,
 367        .parse_udp_ports      = mlx5e_tc_tun_parse_udp_ports_geneve,
 368        .parse_tunnel         = mlx5e_tc_tun_parse_geneve,
 369        .encap_info_equal     = mlx5e_tc_tun_encap_info_equal_geneve,
 370};
 371