1 // SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB 2 /* Copyright (c) 2018 Mellanox Technologies. */ 3 4 #include <net/geneve.h> 5 #include "lib/geneve.h" 6 #include "en/tc_tun.h" 7 8 #define MLX5E_GENEVE_VER 0 9 10 static bool mlx5e_tc_tun_can_offload_geneve(struct mlx5e_priv *priv) 11 { 12 return !!(MLX5_CAP_GEN(priv->mdev, flex_parser_protocols) & MLX5_FLEX_PROTO_GENEVE); 13 } 14 15 static int mlx5e_tc_tun_calc_hlen_geneve(struct mlx5e_encap_entry *e) 16 { 17 return sizeof(struct udphdr) + 18 sizeof(struct genevehdr) + 19 e->tun_info->options_len; 20 } 21 22 static int mlx5e_tc_tun_check_udp_dport_geneve(struct mlx5e_priv *priv, 23 struct flow_cls_offload *f) 24 { 25 struct flow_rule *rule = flow_cls_offload_flow_rule(f); 26 struct netlink_ext_ack *extack = f->common.extack; 27 struct flow_match_ports enc_ports; 28 29 if (!flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_PORTS)) 30 return -EOPNOTSUPP; 31 32 flow_rule_match_enc_ports(rule, &enc_ports); 33 34 /* Currently we support only default GENEVE 35 * port, so udp dst port must match. 36 */ 37 if (be16_to_cpu(enc_ports.key->dst) != GENEVE_UDP_PORT) { 38 NL_SET_ERR_MSG_MOD(extack, 39 "Matched UDP dst port is not registered as a GENEVE port"); 40 netdev_warn(priv->netdev, 41 "UDP port %d is not registered as a GENEVE port\n", 42 be16_to_cpu(enc_ports.key->dst)); 43 return -EOPNOTSUPP; 44 } 45 46 return 0; 47 } 48 49 static int mlx5e_tc_tun_parse_udp_ports_geneve(struct mlx5e_priv *priv, 50 struct mlx5_flow_spec *spec, 51 struct flow_cls_offload *f, 52 void *headers_c, 53 void *headers_v) 54 { 55 int err; 56 57 err = mlx5e_tc_tun_parse_udp_ports(priv, spec, f, headers_c, headers_v); 58 if (err) 59 return err; 60 61 return mlx5e_tc_tun_check_udp_dport_geneve(priv, f); 62 } 63 64 static int mlx5e_tc_tun_init_encap_attr_geneve(struct net_device *tunnel_dev, 65 struct mlx5e_priv *priv, 66 struct mlx5e_encap_entry *e, 67 struct netlink_ext_ack *extack) 68 { 69 e->tunnel = &geneve_tunnel; 70 71 /* Reformat type for GENEVE encap is similar to VXLAN: 72 * in both cases the HW adds in the same place a 73 * defined encapsulation header that the SW provides. 74 */ 75 e->reformat_type = MLX5_REFORMAT_TYPE_L2_TO_VXLAN; 76 return 0; 77 } 78 79 static void mlx5e_tunnel_id_to_vni(__be64 tun_id, __u8 *vni) 80 { 81 #ifdef __BIG_ENDIAN 82 vni[0] = (__force __u8)(tun_id >> 16); 83 vni[1] = (__force __u8)(tun_id >> 8); 84 vni[2] = (__force __u8)tun_id; 85 #else 86 vni[0] = (__force __u8)((__force u64)tun_id >> 40); 87 vni[1] = (__force __u8)((__force u64)tun_id >> 48); 88 vni[2] = (__force __u8)((__force u64)tun_id >> 56); 89 #endif 90 } 91 92 static int mlx5e_gen_ip_tunnel_header_geneve(char buf[], 93 __u8 *ip_proto, 94 struct mlx5e_encap_entry *e) 95 { 96 const struct ip_tunnel_info *tun_info = e->tun_info; 97 struct udphdr *udp = (struct udphdr *)(buf); 98 struct genevehdr *geneveh; 99 100 geneveh = (struct genevehdr *)((char *)udp + sizeof(struct udphdr)); 101 102 *ip_proto = IPPROTO_UDP; 103 104 udp->dest = tun_info->key.tp_dst; 105 106 memset(geneveh, 0, sizeof(*geneveh)); 107 geneveh->ver = MLX5E_GENEVE_VER; 108 geneveh->opt_len = tun_info->options_len / 4; 109 geneveh->oam = !!(tun_info->key.tun_flags & TUNNEL_OAM); 110 geneveh->critical = !!(tun_info->key.tun_flags & TUNNEL_CRIT_OPT); 111 mlx5e_tunnel_id_to_vni(tun_info->key.tun_id, geneveh->vni); 112 geneveh->proto_type = htons(ETH_P_TEB); 113 114 if (tun_info->key.tun_flags & TUNNEL_GENEVE_OPT) { 115 if (!geneveh->opt_len) 116 return -EOPNOTSUPP; 117 ip_tunnel_info_opts_get(geneveh->options, tun_info); 118 } 119 120 return 0; 121 } 122 123 static int mlx5e_tc_tun_parse_geneve_vni(struct mlx5e_priv *priv, 124 struct mlx5_flow_spec *spec, 125 struct flow_cls_offload *f) 126 { 127 struct flow_rule *rule = flow_cls_offload_flow_rule(f); 128 struct netlink_ext_ack *extack = f->common.extack; 129 struct flow_match_enc_keyid enc_keyid; 130 void *misc_c, *misc_v; 131 132 misc_c = MLX5_ADDR_OF(fte_match_param, spec->match_criteria, misc_parameters); 133 misc_v = MLX5_ADDR_OF(fte_match_param, spec->match_value, misc_parameters); 134 135 if (!flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_KEYID)) 136 return 0; 137 138 flow_rule_match_enc_keyid(rule, &enc_keyid); 139 140 if (!enc_keyid.mask->keyid) 141 return 0; 142 143 if (!MLX5_CAP_ESW_FLOWTABLE_FDB(priv->mdev, ft_field_support.outer_geneve_vni)) { 144 NL_SET_ERR_MSG_MOD(extack, "Matching on GENEVE VNI is not supported"); 145 netdev_warn(priv->netdev, "Matching on GENEVE VNI is not supported\n"); 146 return -EOPNOTSUPP; 147 } 148 149 MLX5_SET(fte_match_set_misc, misc_c, geneve_vni, be32_to_cpu(enc_keyid.mask->keyid)); 150 MLX5_SET(fte_match_set_misc, misc_v, geneve_vni, be32_to_cpu(enc_keyid.key->keyid)); 151 152 return 0; 153 } 154 155 static int mlx5e_tc_tun_parse_geneve_options(struct mlx5e_priv *priv, 156 struct mlx5_flow_spec *spec, 157 struct flow_cls_offload *f) 158 { 159 u8 max_tlv_option_data_len = MLX5_CAP_GEN(priv->mdev, max_geneve_tlv_option_data_len); 160 u8 max_tlv_options = MLX5_CAP_GEN(priv->mdev, max_geneve_tlv_options); 161 struct flow_rule *rule = flow_cls_offload_flow_rule(f); 162 struct netlink_ext_ack *extack = f->common.extack; 163 void *misc_c, *misc_v, *misc_3_c, *misc_3_v; 164 struct geneve_opt *option_key, *option_mask; 165 __be32 opt_data_key = 0, opt_data_mask = 0; 166 struct flow_match_enc_opts enc_opts; 167 int res = 0; 168 169 misc_c = MLX5_ADDR_OF(fte_match_param, spec->match_criteria, misc_parameters); 170 misc_v = MLX5_ADDR_OF(fte_match_param, spec->match_value, misc_parameters); 171 misc_3_c = MLX5_ADDR_OF(fte_match_param, spec->match_criteria, misc_parameters_3); 172 misc_3_v = MLX5_ADDR_OF(fte_match_param, spec->match_value, misc_parameters_3); 173 174 if (!flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_OPTS)) 175 return 0; 176 177 flow_rule_match_enc_opts(rule, &enc_opts); 178 179 if (memchr_inv(&enc_opts.mask->data, 0, sizeof(enc_opts.mask->data)) && 180 !MLX5_CAP_ESW_FLOWTABLE_FDB(priv->mdev, 181 ft_field_support.geneve_tlv_option_0_data)) { 182 NL_SET_ERR_MSG_MOD(extack, 183 "Matching on GENEVE options is not supported"); 184 netdev_warn(priv->netdev, 185 "Matching on GENEVE options is not supported\n"); 186 return -EOPNOTSUPP; 187 } 188 189 /* make sure that we're talking about GENEVE options */ 190 191 if (enc_opts.key->dst_opt_type != TUNNEL_GENEVE_OPT) { 192 NL_SET_ERR_MSG_MOD(extack, 193 "Matching on GENEVE options: option type is not GENEVE"); 194 netdev_warn(priv->netdev, 195 "Matching on GENEVE options: option type is not GENEVE\n"); 196 return -EOPNOTSUPP; 197 } 198 199 if (enc_opts.mask->len && 200 !MLX5_CAP_ESW_FLOWTABLE_FDB(priv->mdev, 201 ft_field_support.outer_geneve_opt_len)) { 202 NL_SET_ERR_MSG_MOD(extack, "Matching on GENEVE options len is not supported"); 203 netdev_warn(priv->netdev, 204 "Matching on GENEVE options len is not supported\n"); 205 return -EOPNOTSUPP; 206 } 207 208 /* max_geneve_tlv_option_data_len comes in multiples of 4 bytes, and it 209 * doesn't include the TLV option header. 'geneve_opt_len' is a total 210 * len of all the options, including the headers, also multiples of 4 211 * bytes. Len that comes from the dissector is in bytes. 212 */ 213 214 if ((enc_opts.key->len / 4) > ((max_tlv_option_data_len + 1) * max_tlv_options)) { 215 NL_SET_ERR_MSG_MOD(extack, 216 "Matching on GENEVE options: unsupported options len"); 217 netdev_warn(priv->netdev, 218 "Matching on GENEVE options: unsupported options len (len=%d)\n", 219 enc_opts.key->len); 220 return -EOPNOTSUPP; 221 } 222 223 MLX5_SET(fte_match_set_misc, misc_c, geneve_opt_len, enc_opts.mask->len / 4); 224 MLX5_SET(fte_match_set_misc, misc_v, geneve_opt_len, enc_opts.key->len / 4); 225 226 /* we support matching on one option only, so just get it */ 227 option_key = (struct geneve_opt *)&enc_opts.key->data[0]; 228 option_mask = (struct geneve_opt *)&enc_opts.mask->data[0]; 229 230 if (option_key->length > max_tlv_option_data_len) { 231 NL_SET_ERR_MSG_MOD(extack, 232 "Matching on GENEVE options: unsupported option len"); 233 netdev_warn(priv->netdev, 234 "Matching on GENEVE options: unsupported option len (key=%d, mask=%d)\n", 235 option_key->length, option_mask->length); 236 return -EOPNOTSUPP; 237 } 238 239 /* data can't be all 0 - fail to offload such rule */ 240 if (!memchr_inv(option_key->opt_data, 0, option_key->length * 4)) { 241 NL_SET_ERR_MSG_MOD(extack, 242 "Matching on GENEVE options: can't match on 0 data field"); 243 netdev_warn(priv->netdev, 244 "Matching on GENEVE options: can't match on 0 data field\n"); 245 return -EOPNOTSUPP; 246 } 247 248 /* add new GENEVE TLV options object */ 249 res = mlx5_geneve_tlv_option_add(priv->mdev->geneve, option_key); 250 if (res) { 251 NL_SET_ERR_MSG_MOD(extack, 252 "Matching on GENEVE options: failed creating TLV opt object"); 253 netdev_warn(priv->netdev, 254 "Matching on GENEVE options: failed creating TLV opt object (class:type:len = 0x%x:0x%x:%d)\n", 255 be16_to_cpu(option_key->opt_class), 256 option_key->type, option_key->length); 257 return res; 258 } 259 260 /* In general, after creating the object, need to query it 261 * in order to check which option data to set in misc3. 262 * But we support only geneve_tlv_option_0_data, so no 263 * point querying at this stage. 264 */ 265 266 memcpy(&opt_data_key, option_key->opt_data, option_key->length * 4); 267 memcpy(&opt_data_mask, option_mask->opt_data, option_mask->length * 4); 268 MLX5_SET(fte_match_set_misc3, misc_3_v, 269 geneve_tlv_option_0_data, be32_to_cpu(opt_data_key)); 270 MLX5_SET(fte_match_set_misc3, misc_3_c, 271 geneve_tlv_option_0_data, be32_to_cpu(opt_data_mask)); 272 273 spec->match_criteria_enable |= MLX5_MATCH_MISC_PARAMETERS_3; 274 275 return 0; 276 } 277 278 static int mlx5e_tc_tun_parse_geneve_params(struct mlx5e_priv *priv, 279 struct mlx5_flow_spec *spec, 280 struct flow_cls_offload *f) 281 { 282 void *misc_c = MLX5_ADDR_OF(fte_match_param, spec->match_criteria, misc_parameters); 283 void *misc_v = MLX5_ADDR_OF(fte_match_param, spec->match_value, misc_parameters); 284 struct netlink_ext_ack *extack = f->common.extack; 285 286 /* match on OAM - packets with OAM bit on should NOT be offloaded */ 287 288 if (!MLX5_CAP_ESW_FLOWTABLE_FDB(priv->mdev, ft_field_support.outer_geneve_oam)) { 289 NL_SET_ERR_MSG_MOD(extack, "Matching on GENEVE OAM is not supported"); 290 netdev_warn(priv->netdev, "Matching on GENEVE OAM is not supported\n"); 291 return -EOPNOTSUPP; 292 } 293 MLX5_SET_TO_ONES(fte_match_set_misc, misc_c, geneve_oam); 294 MLX5_SET(fte_match_set_misc, misc_v, geneve_oam, 0); 295 296 /* Match on GENEVE protocol. We support only Transparent Eth Bridge. */ 297 298 if (MLX5_CAP_ESW_FLOWTABLE_FDB(priv->mdev, 299 ft_field_support.outer_geneve_protocol_type)) { 300 MLX5_SET_TO_ONES(fte_match_set_misc, misc_c, geneve_protocol_type); 301 MLX5_SET(fte_match_set_misc, misc_v, geneve_protocol_type, ETH_P_TEB); 302 } 303 304 return 0; 305 } 306 307 static int mlx5e_tc_tun_parse_geneve(struct mlx5e_priv *priv, 308 struct mlx5_flow_spec *spec, 309 struct flow_cls_offload *f, 310 void *headers_c, 311 void *headers_v) 312 { 313 int err; 314 315 err = mlx5e_tc_tun_parse_geneve_params(priv, spec, f); 316 if (err) 317 return err; 318 319 err = mlx5e_tc_tun_parse_geneve_vni(priv, spec, f); 320 if (err) 321 return err; 322 323 return mlx5e_tc_tun_parse_geneve_options(priv, spec, f); 324 } 325 326 struct mlx5e_tc_tunnel geneve_tunnel = { 327 .tunnel_type = MLX5E_TC_TUNNEL_TYPE_GENEVE, 328 .match_level = MLX5_MATCH_L4, 329 .can_offload = mlx5e_tc_tun_can_offload_geneve, 330 .calc_hlen = mlx5e_tc_tun_calc_hlen_geneve, 331 .init_encap_attr = mlx5e_tc_tun_init_encap_attr_geneve, 332 .generate_ip_tun_hdr = mlx5e_gen_ip_tunnel_header_geneve, 333 .parse_udp_ports = mlx5e_tc_tun_parse_udp_ports_geneve, 334 .parse_tunnel = mlx5e_tc_tun_parse_geneve, 335 }; 336