#
44af9571 |
|
23-Aug-2022 |
Maksym Glubokiy <maksym.glubokiy@plvision.eu> |
net: prestera: manage matchall and flower priorities matchall rules can be added only to chain 0 and their priorities have limitations: - new matchall ingress rule's priority must be higher (lower value) than any existing flower rule; - new matchall egress rule's priority must be lower (higher value) than any existing flower rule. The opposite works for flower rule adding: - new flower ingress rule's priority must be lower (higher value) than any existing matchall rule; - new flower egress rule's priority must be higher (lower value) than any existing matchall rule. This is a hardware limitation and thus must be properly handled in driver by reporting errors to the user when newly added rule has such a priority that cannot be installed into the hardware. To achieve this, the driver must maintain both min/max matchall priorities for every flower block when user adds/deletes a matchall rule, as well as both min/max flower priorities for chain 0 for every adding/deletion of flower rules for chain 0. Cc: Serhiy Boiko <serhiy.boiko@plvision.eu> Signed-off-by: Maksym Glubokiy <maksym.glubokiy@plvision.eu> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
8afd552d |
|
23-Aug-2022 |
Serhiy Boiko <serhiy.boiko@plvision.eu> |
net: prestera: acl: extract matchall logic into a separate file This commit adds more clarity to handling of TC_CLSMATCHALL_REPLACE and TC_CLSMATCHALL_DESTROY events by calling newly added *_mall_*() handlers instead of directly calling SPAN API. This also extracts matchall rules management out of SPAN API since SPAN is a hardware module which is used to implement 'matchall egress mirred' action only. Signed-off-by: Taras Chornyi <tchornyi@marvell.com> Signed-off-by: Serhiy Boiko <serhiy.boiko@plvision.eu> Signed-off-by: Maksym Glubokiy <maksym.glubokiy@plvision.eu> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
702e7014 |
|
26-Jun-2022 |
Maksym Glubokiy <maksym.glubokiy@plvision.eu> |
net: prestera: acl: add support for 'egress' rules The following is now supported: $ tc qdisc add PORT clsact $ tc filter add dev PORT egress ... Signed-off-by: Maksym Glubokiy <maksym.glubokiy@plvision.eu> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
fa5d824c |
|
14-Feb-2022 |
Volodymyr Mytnyk <vmytnyk@marvell.com> |
net: prestera: acl: add multi-chain support offload Add support of rule offloading added to the non-zero index chain, which was previously forbidden. Also, goto action is offloaded allowing to jump for processing of desired chain. Note that only implicit chain 0 is bound to the device port(s) for processing. The rest of chains have to be jumped by actions. Signed-off-by: Volodymyr Mytnyk <vmytnyk@marvell.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
604ba230 |
|
14-Dec-2021 |
Volodymyr Mytnyk <vmytnyk@marvell.com> |
net: prestera: flower template support Add user template explicit support. At this moment, max TCAM rule size is utilized for all rules, doesn't matter which and how much flower matches are provided by user. It means that some of TCAM space is wasted, which impacts the number of filters that can be offloaded. Introducing the template, allows to have more HW offloaded filters by specifying the template explicitly. Example: tc qd add dev PORT clsact tc chain add dev PORT ingress protocol ip \ flower dst_ip 0.0.0.0/16 tc filter add dev PORT ingress protocol ip \ flower skip_sw dst_ip 1.2.3.4/16 action drop NOTE: chain 0 is the default chain id for "tc chain" & "tc filter" command, so it is omitted in the example above. This patch adds only template support for default chain 0 suppoerted by prestera driver at this moment. Chains are not supported yet, and will be added later. Signed-off-by: Volodymyr Mytnyk <vmytnyk@marvell.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
47327e19 |
|
29-Nov-2021 |
Volodymyr Mytnyk <vmytnyk@marvell.com> |
net: prestera: acl: migrate to new vTCAM api - Add new vTCAM HW API to configure HW ACLs. - Migrate acl to use new vTCAM HW API. - No counter support in this patch-set. Co-developed-by: Yevhen Orlov <yevhen.orlov@plvision.eu> Signed-off-by: Yevhen Orlov <yevhen.orlov@plvision.eu> Signed-off-by: Volodymyr Mytnyk <vmytnyk@marvell.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
13defa27 |
|
16-Jun-2021 |
Serhiy Boiko <serhiy.boiko@plvision.eu> |
net: marvell: prestera: Add matchall support - Introduce matchall filter support - Add SPAN API to configure port mirroring. - Add tc mirror action. At this moment, only mirror (egress) action is supported. Example: tc filter ... action mirred egress mirror dev DEV Co-developed-by: Volodymyr Mytnyk <vmytnyk@marvell.com> Signed-off-by: Volodymyr Mytnyk <vmytnyk@marvell.com> Signed-off-by: Serhiy Boiko <serhiy.boiko@plvision.eu> Signed-off-by: Vadym Kochan <vkochan@marvell.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
8b474a9f |
|
16-Jun-2021 |
Serhiy Boiko <serhiy.boiko@plvision.eu> |
net: marvell: Implement TC flower offload Add ACL infrastructure for Prestera Switch ASICs family devices to offload cls_flower rules to be processed in the HW. ACL implementation is based on tc filter api. The flower classifier is supported to configure ACL rules/matches/action. Supported actions: - drop - trap - pass Supported dissector keys: - indev - src_mac - dst_mac - src_ip - dst_ip - ip_proto - src_port - dst_port - vlan_id - vlan_ethtype - icmp type/code Co-developed-by: Volodymyr Mytnyk <vmytnyk@marvell.com> Signed-off-by: Volodymyr Mytnyk <vmytnyk@marvell.com> Signed-off-by: Serhiy Boiko <serhiy.boiko@plvision.eu> Signed-off-by: Vadym Kochan <vkochan@marvell.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|