#
3a007b80 |
|
24-Jan-2024 |
Hui Zhou <hui.zhou@corigine.com> |
nfp: flower: fix hardware offload for the transfer layer port The nfp driver will merge the tp source port and tp destination port into one dword which the offset must be zero to do hardware offload. However, the mangle action for the tp source port and tp destination port is separated for tc ct action. Modify the mangle action for the FLOW_ACT_MANGLE_HDR_TYPE_TCP and FLOW_ACT_MANGLE_HDR_TYPE_UDP to satisfy the nfp driver offload check for the tp port. The mangle action provides a 4B value for source, and a 4B value for the destination, but only 2B of each contains the useful information. For offload the 2B of each is combined into a single 4B word. Since the incoming mask for the source is '0xFFFF<mask>' the shift-left will throw away the 0xFFFF part. When this gets combined together in the offload it will clear the destination field. Fix this by setting the lower bits back to 0xFFFF, effectively doing a rotate-left operation on the mask. Fixes: 5cee92c6f57a ("nfp: flower: support hw offload for ct nat action") CC: stable@vger.kernel.org # 6.1+ Signed-off-by: Hui Zhou <hui.zhou@corigine.com> Signed-off-by: Louis Peens <louis.peens@corigine.com> Link: https://lore.kernel.org/r/20240124151909.31603-3-louis.peens@corigine.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
cefa98e8 |
|
24-Jan-2024 |
Hui Zhou <hui.zhou@corigine.com> |
nfp: flower: add hardware offload check for post ct entry The nfp offload flow pay will not allocate a mask id when the out port is openvswitch internal port. This is because these flows are used to configure the pre_tun table and are never actually send to the firmware as an add-flow message. When a tc rule which action contains ct and the post ct entry's out port is openvswitch internal port, the merge offload flow pay with the wrong mask id of 0 will be send to the firmware. Actually, the nfp can not support hardware offload for this situation, so return EOPNOTSUPP. Fixes: bd0fe7f96a3c ("nfp: flower-ct: add zone table entry when handling pre/post_ct flows") CC: stable@vger.kernel.org # 5.14+ Signed-off-by: Hui Zhou <hui.zhou@corigine.com> Signed-off-by: Louis Peens <louis.peens@corigine.com> Link: https://lore.kernel.org/r/20240124151909.31603-2-louis.peens@corigine.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
14690995 |
|
09-Oct-2023 |
Yanguo Li <yanguo.li@corigine.com> |
nfp: flower: avoid rmmod nfp crash issues When there are CT table entries, and you rmmod nfp, the following events can happen: task1: nfp_net_pci_remove ↓ nfp_flower_stop->(asynchronous)tcf_ct_flow_table_cleanup_work(3) ↓ nfp_zone_table_entry_destroy(1) task2: nfp_fl_ct_handle_nft_flow(2) When the execution order is (1)->(2)->(3), it will crash. Therefore, in the function nfp_fl_ct_del_flow, nf_flow_table_offload_del_cb needs to be executed synchronously. At the same time, in order to solve the deadlock problem and the problem of rtnl_lock sometimes failing, replace rtnl_lock with the private nfp_fl_lock. Fixes: 7cc93d888df7 ("nfp: flower-ct: remove callback delete deadlock") Cc: stable@vger.kernel.org Signed-off-by: Yanguo Li <yanguo.li@corigine.com> Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
2b3082c6 |
|
28-Jul-2023 |
Ratheesh Kannoth <rkannoth@marvell.com> |
net: flow_dissector: Use 64bits for used_keys As 32bits of dissector->used_keys are exhausted, increase the size to 64bits. This is base change for ESP/AH flow dissector patch. Please find patch and discussions at https://lore.kernel.org/netdev/ZMDNjD46BvZ5zp5I@corigine.com/T/#t Signed-off-by: Ratheesh Kannoth <rkannoth@marvell.com> Reviewed-by: Petr Machata <petrm@nvidia.com> # for mlxsw Tested-by: Petr Machata <petrm@nvidia.com> Reviewed-by: Martin Habets <habetsm.xilinx@gmail.com> Reviewed-by: Simon Horman <simon.horman@corigine.com> Reviewed-by: Vladimir Oltean <vladimir.oltean@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
a87ceb3d |
|
14-Mar-2023 |
Wentao Jia <wentao.jia@corigine.com> |
nfp: flower: offload tc flows of multiple conntrack zones If goto_chain action present in the post ct flow rule, merge flow rules in this ct-zone, create a new pre_ct entry as the pre ct flow rule of next ct-zone, but do not offload merged flow rules to firmware. Repeat the process in the next ct-zone until no goto_chain action present in the post ct flow rule in a certain ct-zone, merged all the flow rules. Offload to firmware finally. Signed-off-by: Wentao Jia <wentao.jia@corigine.com> Acked-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
46a83c85 |
|
14-Mar-2023 |
Wentao Jia <wentao.jia@corigine.com> |
nfp: flower: prepare for parameterisation of number of offload rules The fixed number of offload flow rule is only supported scenario of one ct zone, in the scenario of multiple ct zones, dynamic number and more number of offload flow rules are required. In order to support scenario of multiple ct zones, parameter num_rules is added for to offload flow rules Signed-off-by: Wentao Jia <wentao.jia@corigine.com> Acked-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
3e44d199 |
|
14-Mar-2023 |
Wentao Jia <wentao.jia@corigine.com> |
nfp: flower: add goto_chain_index for ct entry The chain_index has different means in pre ct entry and post ct entry. In pre ct entry, it means chain index, but in post ct entry, it means goto chain index, it is confused. chain_index and goto_chain_index may be present in one flow rule, It cannot be distinguished by one field chain_index, both chain_index and goto_chain_index are required in the follow-up patch to support multiple ct zones Another field goto_chain_index is added to record the goto chain index. If no goto action in post ct entry, goto_chain_index is 0. Signed-off-by: Wentao Jia <wentao.jia@corigine.com> Acked-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
0b8d953c |
|
14-Mar-2023 |
Wentao Jia <wentao.jia@corigine.com> |
nfp: flower: refactor function "is_post_ct_flow" 'ct_clear' action only or no ct action is supported for 'post_ct_flow'. But in scenario of multiple ct zones, one non 'ct_clear' ct action or more ct actions, including 'ct_clear action', may be present in one flow rule. If ct state match key is 'ct_established', the flow rule is still expected to be classified as 'post_ct_flow'. Check ct status first in function "is_post_ct_flow" to achieve this. Signed-off-by: Wentao Jia <wentao.jia@corigine.com> Acked-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
cee7b339 |
|
14-Mar-2023 |
Wentao Jia <wentao.jia@corigine.com> |
nfp: flower: refactor function "is_pre_ct_flow" In the scenario of multiple ct zones, ct state key match and ct action is present in one flow rule, the flow rule is classified to post_ct_flow in design. There is no ct state key match for pre ct flow, the judging condition is added to function "is_pre_ct_flow". Chain_index is another field for judging which flows are pre ct flow If chain_index not 0, the flow is not pre ct flow. Signed-off-by: Wentao Jia <wentao.jia@corigine.com> Acked-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
8a8db7ae |
|
14-Mar-2023 |
Wentao Jia <wentao.jia@corigine.com> |
nfp: flower: add get_flow_act_ct() for ct action CT action is a special case different from other actions, CT clear action is not required when get ct action, but this case is not considered. If CT clear action in the flow rule, skip the CT clear action when get ct action, return the first ct action that is not a CT clear action Signed-off-by: Wentao Jia <wentao.jia@corigine.com> Acked-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
29744a10 |
|
01-Feb-2023 |
Vlad Buslov <vladbu@nvidia.com> |
net: flow_offload: provision conntrack info in ct_metadata In order to offload connections in other states besides "established" the driver offload callbacks need to have access to connection conntrack info. Flow offload intermediate representation data structure already contains that data encoded in 'cookie' field, so just reuse it in the drivers. Reject offloading IP_CT_NEW connections for now by returning an error in relevant driver callbacks based on value of ctinfo. Support for offloading such connections will need to be added to the drivers afterwards. Signed-off-by: Vlad Buslov <vladbu@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
742b7072 |
|
14-Sep-2022 |
Hui Zhou <hui.zhou@corigine.com> |
nfp: flower: support vlan action in pre_ct Support hardware offload of rule which has both vlan push/pop/mangle and ct action. Signed-off-by: Hui Zhou <hui.zhou@corigine.com> Reviewed-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
5cee92c6 |
|
14-Sep-2022 |
Hui Zhou <hui.zhou@corigine.com> |
nfp: flower: support hw offload for ct nat action support ct nat action when pre_ct merge with post_ct and nft. at the same time, add the extra checksum action and hardware stats for nft to meet the action check when do nat. Signed-off-by: Hui Zhou <hui.zhou@corigine.com> Reviewed-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
9bacb93b |
|
28-Jun-2022 |
Walter Heymans <walter.heymans@corigine.com> |
nfp: flower: fix comment typos and formatting A number of spelling and language mistakes in the flower section are fixed. The spacing between the text inside some comments and the comment symbols are also updated for consistency. Signed-off-by: Walter Heymans <walter.heymans@corigine.com> Reviewed-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
a0b84334 |
|
08-Jun-2022 |
Etienne van der Linde <etienne.vanderlinde@corigine.com> |
nfp: flower: restructure flow-key for gre+vlan combination Swap around the GRE and VLAN parts in the flow-key offloaded by the driver to fit in with other tunnel types and the firmware. Without this change used cases with GRE+VLAN on the outer header does not get offloaded as the flow-key mismatches what the firmware expect. Fixes: 0d630f58989a ("nfp: flower: add support to offload QinQ match") Fixes: 5a2b93041646 ("nfp: flower-ct: compile match sections of flow_payload") Signed-off-by: Etienne van der Linde <etienne.vanderlinde@corigine.com> Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
e43d940f |
|
18-May-2022 |
Yinjun Zhang <yinjun.zhang@corigine.com> |
nfp: flower: support ct merging when mangle action exists Current implementation of ct merging doesn't support the case that the fields mangling in pre_ct rules are matched in post_ct rules. This change is to support merging when mangling mac address, ip address, tos, ttl and l4 port. VLAN and MPLS mangling is not involved yet. Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Link: https://lore.kernel.org/r/20220518075055.130649-1-simon.horman@corigine.com Signed-off-by: Paolo Abeni <pabeni@redhat.com>
|
#
7195464c |
|
29-Apr-2022 |
Yinjun Zhang <yinjun.zhang@corigine.com> |
nfp: flower: utilize the tuple iifidx in offloading ct flows The device info from which conntrack originates is stored in metadata field of the ct flow to offload now, driver can utilize it to reduce the number of offloaded flows. v2: Drop inline keyword from get_netdev_from_rule() signature. The compiler can decide. Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Link: https://lore.kernel.org/r/20220429075124.128589-1-simon.horman@corigine.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
d80f6d66 |
|
28-Jul-2021 |
Yang Yingliang <yangyingliang@huawei.com> |
nfp: flower-ct: fix error return code in nfp_fl_ct_add_offload() If nfp_tunnel_add_ipv6_off() fails, it should return error code in nfp_fl_ct_add_offload(). Fixes: 5a2b93041646 ("nfp: flower-ct: compile match sections of flow_payload") Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> Signed-off-by: Louis Peens <louis.peens@corigine.com> Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
40c10bd9 |
|
22-Jul-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-tc: add flow stats updates for ct Add in the logic to update flow stats. The flow stats from the nfp is saved in the flow_pay struct, which is associated with the final merged flow. This saves deltas however, so once read it needs to be cleared. However the flow stats requests from the kernel is from the other side of the chain, and a single tc flow from the kernel can be merged into multiple other tc flows to form multiple offloaded flows. This means that all linked flows needs to be updated for each stats request. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
400a5e5f |
|
22-Jul-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: add offload calls to the nfp Add the offload parts (ADD_FLOW/DEL_FLOW) calls to add and delete the flows from the nfp. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
453cdc30 |
|
22-Jul-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: add flow_pay to the offload table Compile the offload flow metadata and add flow_pay to the offload table. Also add in the delete paths. This does not include actual offloading to the card yet, this will follow soon. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
d94a63b4 |
|
22-Jul-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: add actions into flow_pay for offload Combine the actions from the three different rules into one and convert into the payload format expected by the nfp. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
5a2b9304 |
|
22-Jul-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: compile match sections of flow_payload Add in the code to compile match part of the payload that will be sent to the firmware. This works similar to match.c does it, but since three flows needs to be merged it iterates through all three rules in a loop and combine the match fields to get the most strict match as result. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
71e88cfb |
|
22-Jul-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: calculate required key_layers This calculates the correct combined keylayers and key_layer_size for the to-be-offloaded flow. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
4020f26b |
|
11-Jul-2021 |
Gustavo A. R. Silva <gustavoars@kernel.org> |
nfp: flower-ct: Fix fall-through warning for Clang In preparation to enable -Wimplicit-fallthrough for Clang, fix the following warning by explicitly adding a break statement: drivers/net/ethernet/netronome/nfp/flower/conntrack.c:1175:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] Link: https://github.com/KSPP/linux/issues/115 Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
|
#
7cc93d88 |
|
02-Jul-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: remove callback delete deadlock The current location of the callback delete can lead to a race condition where deleting the callback requires a write_lock on the nf_table, but at the same time another thread from netfilter could have taken a read lock on the table before trying to offload. Since the driver is taking a rtnl_lock this can lead into a deadlock situation, where the netfilter offload will wait for the cls_flower rtnl_lock to be released, but this cannot happen since this is waiting for the nf_table read_lock to be released before it can delete the callback. Solve this by completely removing the nf_flow_table_offload_del_cb call, as this will now be cleaned up by act_ct itself when cleaning up the specific nf_table. Fixes: 62268e78145f ("nfp: flower-ct: add nft callback stubs") Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
43c9a811 |
|
19-Jun-2021 |
Dan Carpenter <dan.carpenter@oracle.com> |
nfp: flower-ct: check for error in nfp_fl_ct_offload_nft_flow() The nfp_fl_ct_add_flow() function can fail so we need to check for failure. Fixes: 95255017e0a8 ("nfp: flower-ct: add nft flows to nft list") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Louis Peens <louis.peens@corigine.com> Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
30c4a9f4 |
|
15-Jun-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: implement action_merge check Fill in code stub to check that the flow actions are valid for merge. The actions of the flow X should not conflict with the matches of flow X+1. For now this check is quite strict and set_actions are very limited, will need to update this when NAT support is added. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
5e5f0816 |
|
15-Jun-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: fill ct metadata check function Fill in check_meta stub to check that ct_metadata action fields in the nft flow matches the ct_match data of the post_ct flow. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
c698e2ad |
|
15-Jun-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: fill in ct merge check function Replace merge check stub code with the actual implementation. This checks that the match parts of two tc flows does not conflict. Only overlapping keys needs to be checked, and only the narrowest masked parts needs to be checked, so each key is masked with the AND'd result of both masks before comparing. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
a6ffdd3a |
|
15-Jun-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: implement code to save merge of tc and nft flows Add in the code to merge the tc_merge objects with the flows received from nft. At the moment flows are just merged blindly as the validity check functions are stubbed out, this will be populated in follow-up patches. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
b5e30c61 |
|
15-Jun-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: add nft_merge table Add table and struct to save the result of the three-way merge between pre_ct,post_ct, and nft flows. Merging code is to be added in follow-up patches. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
4772ad3f |
|
15-Jun-2021 |
Yinjun Zhang <yinjun.zhang@corigine.com> |
nfp: flower-ct: make a full copy of the rule when it is a NFT flow The nft flow will be destroyed after offload cb returns. This means we need save a full copy of it since it can be referenced through other paths other than just the offload cb, for example when a new pre_ct or post_ct entry is added, and it needs to be merged with an existing nft entry. Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
95255017 |
|
15-Jun-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: add nft flows to nft list Implement code to add and remove nft flows to the relevant list. Registering and deregistering the callback function for the nft table is quite complicated. The safest is to delete the callback on the removal of the last pre_ct flow. This is because if this is also the latest pre_ct flow in software it means that this specific nft table will be freed, so there will not be a later opportunity to do this. Another place where it looks possible to delete the callback is when the last nft_flow is deleted, but this happens under the flow_table lock, which is also taken when deregistering the callback, leading to a deadlock situation. This means the final solution here is to delete the callback when removing the last pre_ct flow, and then clean up any remaining nft_flow entries which may still be present, since there will never be a callback now to do this, leaving them orphaned if not cleaned up here as well. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
62268e78 |
|
15-Jun-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: add nft callback stubs Add register/unregister of the nft callback. For now just add stub code to accept the flows, but don't do anything with it. Decided to accept the flows since netfilter will keep on trying to offload a flow if it was rejected, which is quite noisy. Follow-up patches will start implementing the functions to add nft flows to the relevant tables. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
d33d24a7 |
|
15-Jun-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: add delete flow handling for ct Add functions to handle delete flow callbacks for ct flows. Also accept the flows for offloading by returning 0 instead of -EOPNOTSUPP. Flows will still not actually be offloaded to hw, but at this point it's difficult to not accept the flows and also exercise the cleanup paths properly. Traffic will still be handled safely through the fallback path. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
3c863c30 |
|
02-Jun-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: add tc merge functionality Add merging of pre/post_ct flow rules into the tc_merge table. Pre_ct flows needs to be merge with post_ct flows and vice versa. This needs to be done for all flows in the same zone table, as well as with the wc_zone_table, which is for flows masking out ct_zone info. Cleanup is happening when all the tables are cleared up and prints a warning traceback as this is not expected in the final version. At this point we are not actually returning success for the offload, so we do not get any delete requests for flows, so we can't delete them that way yet. This means that cleanup happens in what would usually be an exception path. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
f7ae12e2 |
|
02-Jun-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: add tc_merge_tb Add the table required to store the merge result of pre_ct and post_ct flows. This is just the initial setup and teardown of the table, the implementation will be in follow-up patches. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
fa81d6d2 |
|
02-Jun-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: add a table to map flow cookies to ct flows Add a hashtable which contains entries to map flow cookies to ct flow entries. Currently the entries are added and not used, but follow-up patches will use this for stats updates and flow deletes. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
072c089c |
|
02-Jun-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: add nfp_fl_ct_flow_entries This commit starts adding the structures and lists that will be used in follow up commits to enable offloading of conntrack. Some stub functions are also introduced as placeholders by this commit. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
bd0fe7f9 |
|
02-Jun-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: add zone table entry when handling pre/post_ct flows Start populating the pre/post_ct handler functions. Add a zone entry to the zone table, based on the zone information from the flow. In the case of a post_ct flow which has a wildcarded match on the zone create a special entry. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
c8b034fb |
|
02-Jun-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: add pre and post ct checks Add checks to see if a flow is a conntrack flow we can potentially handle. Just stub out the handling the different conntrack flows. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|