#
14690995 |
|
09-Oct-2023 |
Yanguo Li <yanguo.li@corigine.com> |
nfp: flower: avoid rmmod nfp crash issues When there are CT table entries, and you rmmod nfp, the following events can happen: task1: nfp_net_pci_remove ↓ nfp_flower_stop->(asynchronous)tcf_ct_flow_table_cleanup_work(3) ↓ nfp_zone_table_entry_destroy(1) task2: nfp_fl_ct_handle_nft_flow(2) When the execution order is (1)->(2)->(3), it will crash. Therefore, in the function nfp_fl_ct_del_flow, nf_flow_table_offload_del_cb needs to be executed synchronously. At the same time, in order to solve the deadlock problem and the problem of rtnl_lock sometimes failing, replace rtnl_lock with the private nfp_fl_lock. Fixes: 7cc93d888df7 ("nfp: flower-ct: remove callback delete deadlock") Cc: stable@vger.kernel.org Signed-off-by: Yanguo Li <yanguo.li@corigine.com> Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
2b3082c6 |
|
28-Jul-2023 |
Ratheesh Kannoth <rkannoth@marvell.com> |
net: flow_dissector: Use 64bits for used_keys As 32bits of dissector->used_keys are exhausted, increase the size to 64bits. This is base change for ESP/AH flow dissector patch. Please find patch and discussions at https://lore.kernel.org/netdev/ZMDNjD46BvZ5zp5I@corigine.com/T/#t Signed-off-by: Ratheesh Kannoth <rkannoth@marvell.com> Reviewed-by: Petr Machata <petrm@nvidia.com> # for mlxsw Tested-by: Petr Machata <petrm@nvidia.com> Reviewed-by: Martin Habets <habetsm.xilinx@gmail.com> Reviewed-by: Simon Horman <simon.horman@corigine.com> Reviewed-by: Vladimir Oltean <vladimir.oltean@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
a87ceb3d |
|
14-Mar-2023 |
Wentao Jia <wentao.jia@corigine.com> |
nfp: flower: offload tc flows of multiple conntrack zones If goto_chain action present in the post ct flow rule, merge flow rules in this ct-zone, create a new pre_ct entry as the pre ct flow rule of next ct-zone, but do not offload merged flow rules to firmware. Repeat the process in the next ct-zone until no goto_chain action present in the post ct flow rule in a certain ct-zone, merged all the flow rules. Offload to firmware finally. Signed-off-by: Wentao Jia <wentao.jia@corigine.com> Acked-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
b15e2e49 |
|
07-Oct-2022 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower: fix incorrect struct type in GRE key_size Looks like a copy-paste error sneaked in here at some point, causing the key_size for these tunnels to be calculated incorrectly. This size ends up being send to the firmware, causing unexpected behaviour in some cases. Fixes: 78a722af4ad9 ("nfp: flower: compile match for IPv6 tunnels") Reported-by: Chaoyong He <chaoyong.he@corigine.com> Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Link: https://lore.kernel.org/r/20221007092132.218386-1-simon.horman@corigine.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
ff763011 |
|
23-Aug-2022 |
Wenjuan Geng <wenjuan.geng@corigine.com> |
nfp: flower: support case of match on ct_state(0/0x3f) is_post_ct_flow() function will process only ct_state ESTABLISHED, then offload_pre_check() function will check FLOW_DISSECTOR_KEY_CT flag. When config tc filter match ct_state(0/0x3f), dissector->used_keys with FLOW_DISSECTOR_KEY_CT bit, function offload_pre_check() will return false, so not offload. This is a special case that can be handled safely. Therefore, modify to let initial packet which won't go through conntrack can be offloaded, as long as the cared ct fields are all zero. Signed-off-by: Wenjuan Geng <wenjuan.geng@corigine.com> Reviewed-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Link: https://lore.kernel.org/r/20220823090122.403631-1-simon.horman@corigine.com Signed-off-by: Paolo Abeni <pabeni@redhat.com>
|
#
9bacb93b |
|
28-Jun-2022 |
Walter Heymans <walter.heymans@corigine.com> |
nfp: flower: fix comment typos and formatting A number of spelling and language mistakes in the flower section are fixed. The spacing between the text inside some comments and the comment symbols are also updated for consistency. Signed-off-by: Walter Heymans <walter.heymans@corigine.com> Reviewed-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
591c90a1 |
|
04-May-2022 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower: link pre_tun flow rules with neigh entries Add helper functions that can create links between flow rules and cached neighbour entries. Also add the relevant calls to these functions. * When a new neighbour entry gets added cycle through the saved pre_tun flow list and link any relevant matches. Update the neighbour table on the nfp with this new information. * When a new pre_tun flow rule gets added iterate through the save neighbour entries and link any relevant matches. Once again update the nfp neighbour table with any new links. * Do the inverse when deleting - remove any created links and also inform the nfp of this. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
38fc158e |
|
04-May-2022 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower: enforce more strict pre_tun checks Make sure that the rule also matches on source MAC address. On top of that also now save the src and dst MAC addresses similar to how vlan_tci is saved - this will be used in later comparisons with neighbour entries. Indicate if the flow matched on ipv4 or ipv6. Populate the vlan_tpid field that got added to the pre_run_rule struct as well. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
e30b2b68 |
|
04-May-2022 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower: add/remove predt_list entries Add calls to add and remove flows to the predt_table. This very simply just allocates and add a new pretun entry if detected as such, and removes it when encountered on a delete flow. Compatibility for older firmware is kept in place through the DECAP_V2 feature bit. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
59080da0 |
|
23-Feb-2022 |
Baowen Zheng <baowen.zheng@corigine.com> |
nfp: add support to offload tc action to hardware Add process to offload tc action to hardware. Currently we only support to offload police action. Add meter capability to check if firmware supports meter offload. Signed-off-by: Baowen Zheng <baowen.zheng@corigine.com> Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
144d4c9e |
|
17-Dec-2021 |
Baowen Zheng <baowen.zheng@corigine.com> |
flow_offload: reject to offload tc actions in offload drivers A follow-up patch will allow users to offload tc actions independent of classifier in the software datapath. In preparation for this, teach all drivers that support offload of the flow tables to reject such configuration as currently none of them support it. Signed-off-by: Baowen Zheng <baowen.zheng@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Acked-by: Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
f7536ffb |
|
29-Oct-2021 |
Yu Xiao <yu.xiao@corigine.com> |
nfp: flower: Allow ipv6gretap interface for offloading The tunnel_type check only allows for "netif_is_gretap", but for OVS the port is actually "netif_is_ip6gretap" when setting up GRE for ipv6, which means offloading request was rejected before. Therefore, adding "netif_is_ip6gretap" allow ipv6gretap interface for offloading. Signed-off-by: Yu Xiao <yu.xiao@corigine.com> Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
7c3a0a01 |
|
14-Sep-2021 |
Eli Cohen <elic@nvidia.com> |
net/{mlx5|nfp|bnxt}: Remove unnecessary RTNL lock assert Remove the assert from the callback priv lookup function since it does not require RTNL lock and is already protected by flow_indr_block_lock. This will avoid warnings from being emitted to dmesg if the driver registers its callback after an ingress qdisc was created for a netdevice. The warnings started after the following patch was merged: commit 74fc4f828769 ("net: Fix offloading indirect devices dependency on qdisc order creation") Signed-off-by: Eli Cohen <elic@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
40c10bd9 |
|
22-Jul-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-tc: add flow stats updates for ct Add in the logic to update flow stats. The flow stats from the nfp is saved in the flow_pay struct, which is associated with the final merged flow. This saves deltas however, so once read it needs to be cleared. However the flow stats requests from the kernel is from the other side of the chain, and a single tc flow from the kernel can be merged into multiple other tc flows to form multiple offloaded flows. This means that all linked flows needs to be updated for each stats request. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
400a5e5f |
|
22-Jul-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: add offload calls to the nfp Add the offload parts (ADD_FLOW/DEL_FLOW) calls to add and delete the flows from the nfp. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
453cdc30 |
|
22-Jul-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: add flow_pay to the offload table Compile the offload flow metadata and add flow_pay to the offload table. Also add in the delete paths. This does not include actual offloading to the card yet, this will follow soon. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
71e88cfb |
|
22-Jul-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: calculate required key_layers This calculates the correct combined keylayers and key_layer_size for the to-be-offloaded flow. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
e75dc265 |
|
22-Jul-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower: refactor action offload code slightly Change the action related offload functions to take in flow_rule * as input instead of flow_cls_offload * as input. The flow_rule parts of flow_cls_offload is the only part that is used in any case, and this is required for more conntrack offload patches which will follow later. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
4b15fb18 |
|
22-Jul-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower: refactor match functions to take flow_rule as input This is a small cleanup to pass in flow->rule to some of the compile functions instead of extracting it every time. This is will also be useful for conntrack patches later. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
d33d24a7 |
|
15-Jun-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: add delete flow handling for ct Add functions to handle delete flow callbacks for ct flows. Also accept the flows for offloading by returning 0 instead of -EOPNOTSUPP. Flows will still not actually be offloaded to hw, but at this point it's difficult to not accept the flows and also exercise the cleanup paths properly. Traffic will still be handled safely through the fallback path. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
c8b034fb |
|
02-Jun-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower-ct: add pre and post ct checks Add checks to see if a flow is a conntrack flow we can potentially handle. Just stub out the handling the different conntrack flows. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
2bda0a5e |
|
02-Jun-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower: move non-zero chain check This is in preparation for conntrack offload support which makes used of different chains. Add explicit checks for conntrack and non-zero chains in the add_offload path. Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
2ea538db |
|
30-Mar-2021 |
Yinjun Zhang <yinjun.zhang@corigine.com> |
nfp: flower: ignore duplicate merge hints from FW A merge hint message needs some time to process before the merged flow actually reaches the firmware, during which we may get duplicate merge hints if there're more than one packet that hit the pre-merged flow. And processing duplicate merge hints will cost extra host_ctx's which are a limited resource. Avoid the duplicate merge by using hash table to store the sub_flows to be merged. Fixes: 8af56f40e53b ("nfp: flower: offload merge flows") Signed-off-by: Yinjun Zhang <yinjun.zhang@corigine.com> Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
982e5ee2 |
|
16-Mar-2021 |
Louis Peens <louis.peens@corigine.com> |
nfp: flower: fix unsupported pre_tunnel flows There are some pre_tunnel flows combinations which are incorrectly being offloaded without proper support, fix these. - Matching on MPLS is not supported for pre_tun. - Match on IPv4/IPv6 layer must be present. - Destination MAC address must match pre_tun.dev MAC Fixes: 120ffd84a9ec ("nfp: flower: verify pre-tunnel rules") Signed-off-by: Louis Peens <louis.peens@corigine.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
df561f66 |
|
23-Aug-2020 |
Gustavo A. R. Silva <gustavoars@kernel.org> |
treewide: Use fallthrough pseudo-keyword Replace the existing /* fall through */ comments and its variants with the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary fall-through markings when it is the case. [1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
|
#
0d630f58 |
|
20-Aug-2020 |
Louis Peens <louis.peens@netronome.com> |
nfp: flower: add support to offload QinQ match When both the driver and the firmware supports QinQ the flow key structure that is send to the firmware is updated as the old method of matching on VLAN did not allow for space to add another VLAN tag. VLAN flows can now also match on the tpid field, not constrained to just 0x8100 as before. Signed-off-by: Louis Peens <louis.peens@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
c40f4e50 |
|
10-Jul-2020 |
Petr Machata <petrm@mellanox.com> |
net: sched: Pass qdisc reference in struct flow_block_offload Previously, shared blocks were only relevant for the pseudo-qdiscs ingress and clsact. Recently, a qevent facility was introduced, which allows to bind blocks to well-defined slots of a qdisc instance. RED in particular got two qevents: early_drop and mark. Drivers that wish to offload these blocks will be sent the usual notification, and need to know which qdisc it is related to. To that end, extend flow_block_offload with a "sch" pointer, and initialize as appropriate. This prompts changes in the indirect block facility, which now tracks the scheduler in addition to the netdevice. Update signatures of several functions similarly. Signed-off-by: Petr Machata <petrm@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
a1db2178 |
|
18-Jun-2020 |
wenxu <wenxu@ucloud.cn> |
net: flow_offload: fix flow_indr_dev_unregister path If the representor is removed, then identify the indirect flow_blocks that need to be removed by the release callback and the port representor structure. To identify the port representor structure, a new indr.cb_priv field needs to be introduced. The flow_block also needs to be removed from the driver list from the cleanup path. Fixes: 1fac52da5942 ("net: flow_offload: consolidate indirect flow_block infrastructure") Signed-off-by: wenxu <wenxu@ucloud.cn> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
66f1939a |
|
18-Jun-2020 |
wenxu <wenxu@ucloud.cn> |
flow_offload: use flow_indr_block_cb_alloc/remove function Prepare fix the bug in the next patch. use flow_indr_block_cb_alloc/remove function and remove the __flow_block_indr_binding. Signed-off-by: wenxu <wenxu@ucloud.cn> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
4b61d3e8 |
|
19-Jun-2020 |
Po Liu <Po.Liu@nxp.com> |
net: qos offload add flow status with dropped count This patch adds a drop frames counter to tc flower offloading. Reporting h/w dropped frames is necessary for some actions. Some actions like police action and the coming introduced stream gate action would produce dropped frames which is necessary for user. Status update shows how many filtered packets increasing and how many dropped in those packets. v2: Changes - Update commit comments suggest by Jiri Pirko. Signed-off-by: Po Liu <Po.Liu@nxp.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Reviewed-by: Vlad Buslov <vladbu@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
50c1b1c9 |
|
28-May-2020 |
Pablo Neira Ayuso <pablo@netfilter.org> |
nfp: update indirect block support Register ndo callback via flow_indr_dev_register() and flow_indr_dev_unregister(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
5b186cd6 |
|
27-May-2020 |
Heinrich Kuhn <heinrich.kuhn@netronome.com> |
nfp: flower: fix used time of merge flow statistics Prior to this change the correct value for the used counter is calculated but not stored nor, therefore, propagated to user-space. In use-cases such as OVS use-case at least this results in active flows being removed from the hardware datapath. Which results in both unnecessary flow tear-down and setup, and packet processing on the host. This patch addresses the problem by saving the calculated used value which allows the value to propagate to user-space. Found by inspection. Fixes: aa6ce2ea0c93 ("nfp: flower: support stats update for merge flows") Signed-off-by: Heinrich Kuhn <heinrich.kuhn@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
93a129eb |
|
28-Mar-2020 |
Jiri Pirko <jiri@mellanox.com> |
net: sched: expose HW stats types per action used by drivers It may be up to the driver (in case ANY HW stats is passed) to select which type of HW stats he is going to use. Add an infrastructure to expose this information to user. $ tc filter add dev enp3s0np1 ingress proto ip handle 1 pref 1 flower dst_ip 192.168.1.1 action drop $ tc -s filter show dev enp3s0np1 ingress filter protocol ip pref 1 flower chain 0 filter protocol ip pref 1 flower chain 0 handle 0x1 eth_type ipv4 dst_ip 192.168.1.1 in_hw in_hw_count 2 action order 1: gact action drop random type none pass val 0 index 1 ref 1 bind 1 installed 10 sec used 10 sec Action statistics: Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 used_hw_stats immediate <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
78346160 |
|
17-Dec-2019 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: update flow merge code to support IPv6 tunnels Both pre-tunnel match rules and flow merge functions parse compiled match/action fields for validation. Update these validation functions to include IPv6 match and action fields. Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
1922c9a4 |
|
17-Dec-2019 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: modify pre-tunnel and set tunnel action for ipv6 The IPv4 set tunnel action allows the setting of tunnel metadata such as the TTL and ToS values. The pre-tunnel action includes the destination IP address and is used to calculate the next hop from from the neighbour table. Much of the IPv4 tunnel actions can be reused for IPv6 tunnels. Change the names of associated functions and structs to remove the IPv4 identifier and make minor modifcations to support IPv6 tunnel actions. Ensure the pre-tunnel action contains the IPv6 address along with an identifying flag when an IPv6 tunnel action is required. Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
cfa18993 |
|
17-Dec-2019 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: offload list of IPv6 tunnel endpoint addresses Fw requires a list of IPv6 addresses that are used as tunnel endpoints to enable correct decap of tunneled packets. Store a list of IPv6 endpoints used in rules with a ref counter to track how many times it is in use. Offload the entire list any time a new IPv6 address is added or when an address is removed (ref count is 0). Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
78a722af |
|
17-Dec-2019 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: compile match for IPv6 tunnels IPv6 tunnel matches are now supported by firmware. Modify the NFP driver to compile these match rules. IPv6 matches are handled similar to IPv4 tunnels with the difference the address length. The type of tunnel is indicated by the same bitmap that is used in IPv4 with an extra bit signifying that the IPv6 variation should be used. Only compile IPv6 tunnel matches when the fw features symbol indicated that they are compatible with the currently loaded fw. Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
739d7c57 |
|
27-Aug-2019 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: prevent ingress block binds on internal ports Internal port TC offload is implemented through user-space applications (such as OvS) by adding filters at egress via TC clsact qdiscs. Indirect block offload support in the NFP driver accepts both ingress qdisc binds and egress binds if the device is an internal port. However, clsact sends bind notification for both ingress and egress block binds which can lead to the driver registering multiple callbacks and receiving multiple notifications of new filters. Fix this by rejecting ingress block bind callbacks when the port is internal and only adding filter callbacks for egress binds. Fixes: 4d12ba42787b ("nfp: flower: allow offloading of matches on 'internal' ports") Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
1edfb8ed |
|
19-Aug-2019 |
Vlad Buslov <vladbu@mellanox.com> |
nfp: flower: verify that block cb is not busy before binding When processing FLOW_BLOCK_BIND command on indirect block, check that flow block cb is not busy. Fixes: 0d4fd02e7199 ("net: flow_offload: add flow_block_cb_is_busy() and use it") Reported-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Vlad Buslov <vladbu@mellanox.com> Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
4e481908 |
|
06-Aug-2019 |
wenxu <wenxu@ucloud.cn> |
flow_offload: move tc indirect block to flow offload move tc indirect block to flow_offload and rename it to flow indirect block.The nf_tables can use the indr block architecture. Signed-off-by: wenxu <wenxu@ucloud.cn> Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
120ffd84 |
|
04-Aug-2019 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: verify pre-tunnel rules Pre-tunnel rules must direct packets to an internal port based on L2 information. Rules that egress to an internal port are already indicated by a non-NULL device in its nfp_fl_payload struct. Verfiy the rest of the match fields indicate that the rule is a pre-tunnel rule. This requires a full match on the destination MAC address, an option VLAN field, and no specific matches on other lower layer fields (with the exception of L4 proto and flags). If a rule is identified as a pre-tunnel rule then mark it for offload to the pre-tunnel table. Similarly, remove it from the pre-tunnel table on rule deletion. The actual offloading of these commands is left to a following patch. Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
f5c977ee |
|
04-Aug-2019 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: detect potential pre-tunnel rules Pre-tunnel rules are used when the tunnel end-point is on an 'internal port'. These rules are used to direct the tunnelled packets (based on outer header fields) to the internal port where they can be detunnelled. The rule must send the packet to ingress the internal port at the TC layer. Currently FW does not support an action to send to ingress so cannot offload such rules. However, in preparation for populating the pre-tunnel table to represent such rules, check for rules that send to the ingress of an internal port and mark them as such. Further validation of such rules is left to subsequent patches. Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
4b10c53d |
|
04-Aug-2019 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: push vlan after tunnel in merge NFP allows the merging of 2 flows together into a single offloaded flow. In the kernel datapath the packet must match 1 flow, impliment its actions, recirculate, match the 2nd flow and also impliment its actions. Merging creates a single flow with all actions from the 2 original flows. Firmware impliments a tunnel header push as the packet is about to egress the card. Therefore, if the first merge rule candiate pushes a tunnel, then the second rule can only have an egress action for a valid merge to occur (or else the action ordering will be incorrect). This prevents the pushing of a tunnel header followed by the pushing of a vlan header. In order to support this behaviour, firmware allows VLAN information to be encoded in the tunnel push action. If this is non zero then the fw will push a VLAN after the tunnel header push meaning that 2 such flows with these actions can be merged (with action order being maintained). Support tunnel in VLAN pushes by encoding VLAN information in the tunnel push action of any merge flow requiring this. Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
14bfb13f |
|
19-Jul-2019 |
Pablo Neira Ayuso <pablo@netfilter.org> |
net: flow_offload: add flow_block structure and use it This object stores the flow block callbacks that are attached to this block. Update flow_block_cb_lookup() to take this new object. This patch restores the block sharing feature. Fixes: da3eeb904ff4 ("net: flow_offload: add list handling functions") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
0c7294dd |
|
19-Jul-2019 |
Pablo Neira Ayuso <pablo@netfilter.org> |
net: flow_offload: remove netns parameter from flow_block_cb_alloc() No need to annotate the netns on the flow block callback object, flow_block_cb_is_busy() already checks for used blocks. Fixes: d63db30c8537 ("net: flow_offload: add flow_block_cb_alloc() and flow_block_cb_free()") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
103b7c25 |
|
10-Jul-2019 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: ensure ip protocol is specified for L4 matches Flower rules on the NFP firmware are able to match on an IP protocol field. When parsing rules in the driver, unknown IP protocols are only rejected when further matches are to be carried out on layer 4 fields, as the firmware will not be able to extract such fields from packets. L4 protocol dissectors such as FLOW_DISSECTOR_KEY_PORTS are only parsed if an IP protocol is specified. This leaves a loophole whereby a rule that attempts to match on transport layer information such as port numbers but does not explicitly give an IP protocol type can be incorrectly offloaded (in this case with wildcard port numbers matches). Fix this by rejecting the offload of flows that attempt to match on L4 information, not only when matching on an unknown IP protocol type, but also when the protocol is wildcarded. Fixes: 2a04784594f6 ("nfp: flower: check L4 matches on unknown IP protocols") Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
fd262a6d |
|
10-Jul-2019 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: fix ethernet check on match fields NFP firmware does not explicitly match on an ethernet type field. Rather, each rule has a bitmask of match fields that can be used to infer the ethernet type. Currently, if a flower rule contains an unknown ethernet type, a check is carried out for matches on other fields of the packet. If matches on layer 3 or 4 are found, then the offload is rejected as firmware will not be able to extract these fields from a packet with an ethernet type it does not currently understand. However, if a rule contains an unknown ethernet type without any L3 (or above) matches then this will effectively be offloaded as a rule with a wildcarded ethertype. This can lead to misclassifications on the firmware. Fix this issue by rejecting all flower rules that specify a match on an unknown ethernet type. Further ensure correct offloads by moving the 'L3 and above' check to any rule that does not specify an ethernet type and rejecting rules with further matches. This means that we can still offload rules with a wildcarded ethertype if they only match on L2 fields but will prevent rules which match on further fields that we cannot be sure if the firmware will be able to extract. Fixes: af9d842c1354 ("nfp: extend flower add flow offload") Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
f9e30088 |
|
09-Jul-2019 |
Pablo Neira Ayuso <pablo@netfilter.org> |
net: flow_offload: rename tc_cls_flower_offload to flow_cls_offload And any other existing fields in this structure that refer to tc. Specifically: * tc_cls_flower_offload_flow_rule() to flow_cls_offload_flow_rule(). * TC_CLSFLOWER_* to FLOW_CLS_*. * tc_cls_common_offload to tc_cls_common_offload. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
0d4fd02e |
|
09-Jul-2019 |
Pablo Neira Ayuso <pablo@netfilter.org> |
net: flow_offload: add flow_block_cb_is_busy() and use it This patch adds a function to check if flow block callback is already in use. Call this new function from flow_block_cb_setup_simple() and from drivers. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
955bcb6e |
|
09-Jul-2019 |
Pablo Neira Ayuso <pablo@netfilter.org> |
drivers: net: use flow block API This patch updates flow_block_cb_setup_simple() to use the flow block API. Several drivers are also adjusted to use it. This patch introduces the per-driver list of flow blocks to account for blocks that are already in use. Remove tc_block_offload alias. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
32f8c409 |
|
09-Jul-2019 |
Pablo Neira Ayuso <pablo@netfilter.org> |
net: flow_offload: rename TCF_BLOCK_BINDER_TYPE_* to FLOW_BLOCK_BINDER_TYPE_* Rename from TCF_BLOCK_BINDER_TYPE_* to FLOW_BLOCK_BINDER_TYPE_* and remove temporary tcf_block_binder_type alias. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
9c0e189e |
|
09-Jul-2019 |
Pablo Neira Ayuso <pablo@netfilter.org> |
net: flow_offload: rename TC_BLOCK_{UN}BIND to FLOW_BLOCK_{UN}BIND Rename from TC_BLOCK_{UN}BIND to FLOW_BLOCK_{UN}BIND and remove temporary tc_block_command alias. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
e3a6aba0 |
|
27-Jun-2019 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: flower: add GRE decap classification support Extend the existing tunnel matching support to include GRE decap classification. Specifically matching existing tunnel fields for NVGRE (GRE with protocol field set to TEB). Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: John Hurley <john.hurley@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
986643de |
|
27-Jun-2019 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: flower: refactor tunnel key layer calculation Refactor the key layer calculation function, in particular the tunnel key layer calculation by introducing helper functions. This is done in preparation for supporting GRE tunnel offloads. Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: John Hurley <john.hurley@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
bef6e97d |
|
13-Jun-2019 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: flower: extend extack messaging for flower match and actions Use extack messages in flower offload when compiling match and actions messages that will configure hardware. Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
14179c4b |
|
13-Jun-2019 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: flower: use extack messages in flower offload Use extack messages in flower offload, specifically focusing on the extack use in add offload, remove offload and get stats paths. Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
2a047845 |
|
13-Jun-2019 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: flower: check L4 matches on unknown IP protocols Matching on fields with a protocol that is unknown to hardware is not strictly unsupported. Determine if hardware can offload a filter with an unknown protocol by checking if any L4 fields are being matched as well. Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
d6787147 |
|
06-May-2019 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
net/sched: remove block pointer from common offload structure Based on feedback from Jiri avoid carrying a pointer to the tcf_block structure in the tc_cls_common_offload structure. Instead store a flag in driver private data which indicates if offloads apply to a shared block at block binding time. Suggested-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
b66d035e |
|
04-May-2019 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: flower: add qos offload framework Introduce matchall filter offload infrastructure that is needed to offload qos features like policing. Subsequent patches will make use of police-filters for ingress rate limiting. Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
9bad65e5 |
|
16-Apr-2019 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: fix implicit fallthrough warning The nfp_flower_copy_pre_actions function introduces a case statement with an intentional fallthrough. However, this generates a warning if built with the -Wimplicit-fallthrough flag. Remove the warning by adding a fall through comment. Fixes: 1c6952ca587d ("nfp: flower: generate merge flow rule") Signed-off-by: John Hurley <john.hurley@netronome.com> Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Reviewed-by: Jiong Wang <jiong.wang@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
8af56f40 |
|
15-Apr-2019 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: offload merge flows A merge flow is formed from 2 sub flows. The match fields of the merge are the same as the first sub flow that has formed it, with the actions being a combination of the first and second sub flow. Therefore, a merge flow should replace sub flow 1 when offloaded. Offload valid merge flows by using a new 'flow mod' message type to replace an existing offloaded rule. Track the deletion of sub flows that are linked to a merge flow and revert offloaded merge rules if required. Signed-off-by: John Hurley <john.hurley@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
aa6ce2ea |
|
15-Apr-2019 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: support stats update for merge flows With the merging of 2 sub flows, a new 'merge' flow will be created and written to FW. The TC layer is unaware that the merge flow exists and will request stats from the sub flows. Conversely, the FW treats a merge rule the same as any other rule and sends stats updates to the NFP driver. Add links between merge flows and their sub flows. Use these links to pass merge flow stats updates from FW to the underlying sub flows, ensuring TC stats requests are handled correctly. The updating of sub flow stats is done on (the less time critcal) TC stats requests rather than on FW stats update. Signed-off-by: John Hurley <john.hurley@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
1c6952ca |
|
15-Apr-2019 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: generate merge flow rule When combining 2 sub_flows to a single 'merge flow' (assuming the merge is valid), the merge flow should contain the same match fields as sub_flow 1 with actions derived from a combination of sub_flows 1 and 2. This action list should have all actions from sub_flow 1 with the exception of the output action that triggered the 'implicit recirculation' by sending to an internal port, followed by all actions of sub_flow 2. Any pre-actions in either sub_flow should feature at the start of the action list. Add code to generate a new merge flow and populate the match and actions fields based on the sub_flows. The offloading of the flow is left to future patches. Signed-off-by: John Hurley <john.hurley@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
107e37bb |
|
15-Apr-2019 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: validate merge hint flows Two flows can be merged if the second flow (after recirculation) matches on bits that are either matched on or explicitly set by the first flow. This means that if a packet hits flow 1 and recirculates then it is guaranteed to hit flow 2. Add a 'can_merge' function that determines if 2 sub_flows in a merge hint can be validly merged to a single flow. Signed-off-by: John Hurley <john.hurley@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
dbc2d68e |
|
15-Apr-2019 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: handle merge hint messages If a merge hint is received containing 2 flows that are matched via an implicit recirculation (sending to and matching on an internal port), fw reports that the flows (called sub_flows) may be able to be combined to a single flow. Add infastructure to accept and process merge hint messages. The actual merging of the flows is left as a stub call. Signed-off-by: John Hurley <john.hurley@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
4d12ba42 |
|
15-Apr-2019 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: allow offloading of matches on 'internal' ports Recent FW modifications allow the offloading of non repr ports. These ports exist internally on the NFP. So if a rule outputs to an 'internal' port, then the packet will recirculate back into the system but will now have this internal port as it's incoming port. These ports are indicated by a specific type field combined with an 8 bit port id. Add private app data to assign additional port ids for use in offloads. Provide functions to lookup or create new ids when a rule attempts to match on an internal netdev - the only internal netdevs currently supported are of type openvswitch. Have a netdev notifier to release port ids on netdev unregister. OvS offloads rules that match on internal ports as TC egress filters. Ensure that such rules are accepted by the driver. Signed-off-by: John Hurley <john.hurley@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
bea96410 |
|
21-Mar-2019 |
Moshe Shemesh <moshe@mellanox.com> |
net: Add IANA_VXLAN_UDP_PORT definition to vxlan header file Added IANA_VXLAN_UDP_PORT (4789) definition to vxlan header file so it can be used by drivers instead of local definition. Updated drivers which locally defined it as 4789 to use it. Signed-off-by: Moshe Shemesh <moshe@mellanox.com> Reviewed-by: Or Gerlitz <ogerlitz@mellanox.com> Cc: John Hurley <john.hurley@netronome.com> Cc: Jakub Kicinski <jakub.kicinski@netronome.com> Cc: Yunsheng Lin <linyunsheng@huawei.com> Cc: Peng Li <lipeng321@huawei.com> Reviewed-by: Tariq Toukan <tariqt@mellanox.com> Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
|
#
974eff2b |
|
21-Mar-2019 |
Moshe Shemesh <moshe@mellanox.com> |
net: Move the definition of the default Geneve udp port to public header file Move the definition of the default Geneve udp port from the geneve source to the header file, so we can re-use it from drivers. Modify existing drivers to use it. Signed-off-by: Moshe Shemesh <moshe@mellanox.com> Reviewed-by: Or Gerlitz <ogerlitz@mellanox.com> Cc: John Hurley <john.hurley@netronome.com> Cc: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Tariq Toukan <tariqt@mellanox.com> Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
|
#
0ff8409b |
|
12-Feb-2019 |
Jakub Kicinski <kuba@kernel.org> |
nfp: flower: remove double new line Recent cls_flower offload rewrite added a double new line. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Quentin Monnet <quentin.monnet@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
3b1903ef |
|
01-Feb-2019 |
Pablo Neira Ayuso <pablo@netfilter.org> |
flow_offload: add statistics retrieval infrastructure and use it This patch provides the flow_stats structure that acts as container for tc_cls_flower_offload, then we can use to restore the statistics on the existing TC actions. Hence, tcf_exts_stats_update() is not used from drivers anymore. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
8f256622 |
|
01-Feb-2019 |
Pablo Neira Ayuso <pablo@netfilter.org> |
flow_offload: add flow_rule and flow_match structures and use them This patch wraps the dissector key and mask - that flower uses to represent the matching side - around the flow_match structure. To avoid a follow up patch that would edit the same LoCs in the drivers, this patch also wraps this new flow match structure around the flow rule object. This new structure will also contain the flow actions in follow up patches. This introduces two new interfaces: bool flow_rule_match_key(rule, dissector_id) that returns true if a given matching key is set on, and: flow_rule_match_XYZ(rule, &match); To fetch the matching side XYZ into the match container structure, to retrieve the key and the mask with one single call. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
b12c97d4 |
|
17-Dec-2018 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: fix cb_ident duplicate in indirect block register Previously the identifier used for indirect block callback registry and for block rule cb registry (when done via indirect blocks) was the pointer to the netdev we were interested in receiving updates on. This worked fine if a single app existed that registered one callback per netdev of interest. However, if multiple cards are in place and, in turn, multiple apps, then each app may register the same callback with the same identifier to both the netdev's indirect block cb list and to a block's cb list. This can lead to EEXIST errors and/or incorrect cb deletions. Prevent this conflict by using the app pointer as the identifier for netdev indirect block cb registry, allowing each app to register a unique callback per netdev. For block cb registry, the same app may register multiple cbs to the same block if using TC shared blocks. Instead of the app, use the pointer to the allocated cb_priv data as the identifier here. This means that there can be a unique block callback for each app/netdev combo. Fixes: 3166dd07a9cb ("nfp: flower: offload tunnel decap rules via indirect TC blocks") Reported-by: Edward Cree <ecree@solarflare.com> Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
290974d4 |
|
10-Dec-2018 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: flower: ensure TCP flags can be placed in IPv6 frame Previously we did not ensure tcp flags have a place to be stored when using IPv6. We correct this by including IPv6 key layer when we match tcp flags and the IPv6 key layer has not been included already. Fixes: 07e1671cfca5 ("nfp: flower: refactor shared ip header in match offload") Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
b5f0cf08 |
|
27-Nov-2018 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: prevent offload if rhashtable insert fails For flow offload adds, if the rhash insert code fails, the flow will still have been offloaded but the reference to it in the driver freed. Re-order the offload setup calls to ensure that a flow will only be written to FW if a kernel reference is held and stored in the rhashtable. Remove this hashtable entry if the offload fails. Fixes: c01d0efa5136 ("nfp: flower: use rhashtable for flow caching") Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
11664948 |
|
27-Nov-2018 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: release metadata on offload failure Calling nfp_compile_flow_metadata both assigns a stats context and increments a ref counter on (or allocates) a mask id table entry. These are released by the nfp_modify_flow_metadata call on flow deletion, however, if a flow add fails after metadata is set then the flow entry will be deleted but the metadata assignments leaked. Add an error path to the flow add offload function to ensure allocated metadata is released in the event of an offload fail. Fixes: 81f3ddf2547d ("nfp: add control message passing capabilities to flower offloads") Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
d4b69bad |
|
09-Nov-2018 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: remove unnecessary code in flow lookup Recent changes to NFP mean that stats updates from fw to driver no longer require a flow lookup and (because egdev offload has been removed) the ingress netdev for a lookup is now always known. Remove obsolete code in a flow lookup that matches on host context and that allows for a netdev to be NULL. Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
4f63fde3 |
|
09-Nov-2018 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: remove TC egdev offloads Previously, only tunnel decap rules required egdev registration for offload in NFP. These are now supported via indirect TC block callbacks. Remove the egdev code from NFP. Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
3166dd07 |
|
09-Nov-2018 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: offload tunnel decap rules via indirect TC blocks Previously, TC block tunnel decap rules were only offloaded when a callback was triggered through registration of the rules egress device. This meant that the driver had no access to the ingress netdev and so could not verify it was the same tunnel type that the rule implied. Register tunnel devices for indirect TC block offloads in NFP, giving access to new rules based on the ingress device rather than egress. Use this to verify the netdev type of VXLAN and Geneve based rules and offload the rules to HW if applicable. Tunnel registration is done via a netdev notifier. On notifier registration, this is triggered for already existing netdevs. This means that NFP can register for offloads from devices that exist before it is loaded (filter rules will be replayed from the TC core). Similarly, on notifier unregister, a call is triggered for each currently active netdev. This allows the driver to unregister any indirect block callbacks that may still be active. Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
7885b4fc |
|
09-Nov-2018 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: allow non repr netdev offload Previously the offload functions in NFP assumed that the ingress (or egress) netdev passed to them was an nfp repr. Modify the driver to permit the passing of non repr netdevs as the ingress device for an offload rule candidate. This may include devices such as tunnels. The driver should then base its offload decision on a combination of ingress device and egress port for a rule. Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
96de2506 |
|
11-Oct-2018 |
Jakub Kicinski <kuba@kernel.org> |
nfp: replace long license headers with SPDX Replace the repeated license text with SDPX identifiers. While at it bump the Copyright dates for files we touched this year. Signed-off-by: Edwin Peer <edwin.peer@netronome.com> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Nic Viljoen <nick.viljoen@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
7fade107 |
|
08-Oct-2018 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: flower: use stats array instead of storing stats per flow Make use of an array stats instead of storing stats per flow which would require a hash lookup at critical times. Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
c01d0efa |
|
08-Oct-2018 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: flower: use rhashtable for flow caching Make use of relativistic hash tables for tracking flows instead of fixed sized hash tables. Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
db191db8 |
|
11-Sep-2018 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: flower: fix vlan match by checking both vlan id and vlan pcp Previously we only checked if the vlan id field is present when trying to match a vlan tag. The vlan id and vlan pcp field should be treated independently. Fixes: 5571e8c9f241 ("nfp: extend flower matching capabilities") Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
0a22b17a |
|
07-Aug-2018 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: flower: add geneve option match offload Introduce a new layer for matching on geneve options. This allows offloading filters configured to match geneve with options. Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
d7ff7ec5 |
|
07-Aug-2018 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: allow matching on ipv4 UDP tunnel tos and ttl The addition of FLOW_DISSECTOR_KEY_ENC_IP to TC flower means that the ToS and TTL of the tunnel header can now be matched on. Extend the NFP tunnel match function to include these new fields. Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
042f8825 |
|
20-Jul-2018 |
Jakub Kicinski <kuba@kernel.org> |
nfp: bring back support for offloading shared blocks Now that we have offload replay infrastructure added by commit 326367427cc0 ("net: sched: call reoffload op on block callback reg") and flows are guaranteed to be removed correctly, we can revert commit 951a8ee6def3 ("nfp: reject binding to shared blocks"). Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: John Hurley <john.hurley@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
951a8ee6 |
|
25-Jun-2018 |
John Hurley <john.hurley@netronome.com> |
nfp: reject binding to shared blocks TC shared blocks allow multiple qdiscs to be grouped together and filters shared between them. Currently the chains of filters attached to a block are only flushed when the block is removed. If a qdisc is removed from a block but the block still exists, flow del messages are not passed to the callback registered for that qdisc. For the NFP, this presents the possibility of rules still existing in hw when they should be removed. Prevent binding to shared blocks until the kernel can send per qdisc del messages when block unbinds occur. tcf_block_shared() was not used outside of the core until now, so also add an empty implementation for builds with CONFIG_NET_CLS=n. Fixes: 4861738775d7 ("net: sched: introduce shared filter blocks infrastructure") Signed-off-by: John Hurley <john.hurley@netronome.com> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
a6411941 |
|
25-Jun-2018 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: flower: fix mpls ether type detection Previously it was not possible to distinguish between mpls ether types and other ether types. This leads to incorrect classification of offloaded filters that match on mpls ether type. For example the following two filters overlap: # tc filter add dev eth0 parent ffff: \ protocol 0x8847 flower \ action mirred egress redirect dev eth1 # tc filter add dev eth0 parent ffff: \ protocol 0x0800 flower \ action mirred egress redirect dev eth2 The driver now correctly includes the mac_mpls layer where HW stores mpls fields, when it detects an mpls ether type. It also sets the MPLS_Q bit to indicate that the filter should match mpls packets. Fixes: bb055c198d9b ("nfp: add mpls match offloading support") Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
60513bd8 |
|
25-Jun-2018 |
John Hurley <john.hurley@netronome.com> |
net: sched: pass extack pointer to block binds and cb registration Pass the extact struct from a tc qdisc add to the block bind function and, in turn, to the setup_tc ndo of binding device via the tc_block_offload struct. Pass this back to any block callback registrations to allow netlink logging of fails in the bind process. Signed-off-by: John Hurley <john.hurley@netronome.com> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
eba7927b |
|
24-Jun-2018 |
Jiri Pirko <jiri@mellanox.com> |
nfp: handle cls_flower command default case Currently the default case is not handled, which with future command introductions would introduce a warning. So handle it. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
7e24a593 |
|
23-May-2018 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: compute link aggregation action If the egress device of an offloaded rule is a LAG port, then encode the output port to the NFP with a LAG identifier and the offloaded group ID. A prelag action is also offloaded which must be the first action of the series (although may appear after other pre-actions - e.g. tunnels). This causes the FW to check that it has the necessary information to output to the requested LAG port. If it does not, the packet is sent to the kernel before any other actions are applied to it. Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
c50647d3 |
|
24-Apr-2018 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: ignore duplicate cb requests for same rule If a flower rule has a repr both as ingress and egress port then 2 callbacks may be generated for the same rule request. Add an indicator to each flow as to whether or not it was added from an ingress registered cb. If so then ignore add/del/stat requests to it from an egress cb. Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
54a4a034 |
|
24-Apr-2018 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: support offloading multiple rules with same cookie When multiple netdevs are attached to a tc offload block and register for callbacks, a rule added to the block will be propogated to all netdevs. Previously these were detected as duplicates (based on cookie) and rejected. Modify the rule nfp lookup function to optionally include an ingress netdev and a host context along with the cookie value when searching for a rule. When a new rule is passed to the driver, the netdev the rule is to be attached to is considered when searching for dublicates. When a stats update is received from HW, the host context is used alongside the cookie to map to the correct host rule. Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
71ea5343 |
|
26-Mar-2018 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: flower: implement ip fragmentation match offload Implement ip fragmentation match offloading for both IPv4 and IPv6. Allows offloading frag, nofrag, first and nofirstfrag classification. Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
ffa61202 |
|
15-Feb-2018 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: flower: implement tcp flag match offload Implement tcp flag match offloading. Current tcp flag match support include FIN, SYN, RST, PSH and URG flags, other flags are unsupported. The PSH and URG flags are only set in the hardware fast path when used in combination with the SYN, RST and PSH flags. Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
d692403e |
|
07-Feb-2018 |
Jakub Kicinski <kuba@kernel.org> |
nfp: forbid disabling hw-tc-offload on representors while offload active All netdevs which can accept TC offloads must implement .ndo_set_features(). nfp_reprs currently do not do that, which means hw-tc-offload can be turned on and off even when offloads are active. Whether the offloads are active is really a question to nfp_ports, so remove the per-app tc_busy callback indirection thing, and simply count the number of offloaded items in nfp_port structure. Fixes: 8a2768732a4d ("nfp: provide infrastructure for offloading flower based TC filters") Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Tested-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
3107fdc8 |
|
25-Jan-2018 |
Jakub Kicinski <kuba@kernel.org> |
nfp: use tc_cls_can_offload_and_chain0() Make use of tc_cls_can_offload_and_chain0() to set extack msg in case ethtool tc offload flag is not set or chain unsupported. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
bedeca15 |
|
19-Dec-2017 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: compile Geneve match fields Compile Geneve match fields for offloading to the NFP. The addition of Geneve overflows the 8 bit key_layer field, so apply extended metadata to the match cmsg allowing up to 32 more key_layer fields. Rather than adding new Geneve blocks, move the vxlan code to generic ipv4 udp tunnel structs and use these for both vxlan and Geneve. Matches are only supported when specifically mentioning well known port 6081. Geneve tunnel options are not yet included in the match. Only offload Geneve if the fw supports it - include check for this. Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
a427673e |
|
08-Dec-2017 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: remove dead code paths Port matching is selected by default on every rule so remove check for it and delete 'else' side of the statement. Remove nfp_flower_meta_one as now it will not feature in the code. Rename nfp_flower_meta_two given that one has been removed. 'Additional metadata' if statement can never be true so remove it as well. Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
de7d9549 |
|
08-Dec-2017 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: do not assume mac/mpls matches Remove the matching of mac/mpls as a default selection. These are not necessarily set by a TC rule (unlike the port). Previously a mac/mpls field would exist in every match and be masked out if not used. This patch has no impact on functionality but removes unnessary memory assignment in the match cmsg. Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
b48b1f7a |
|
20-Nov-2017 |
Jakub Kicinski <kuba@kernel.org> |
nfp: flower: add missing kdoc Commit 0115552eac14 ("nfp: remove false positive offloads in flower vxlan") missed adding kdoc for a new parameter of nfp_flower_add_offload(). Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
0115552e |
|
16-Nov-2017 |
John Hurley <john.hurley@netronome.com> |
nfp: remove false positive offloads in flower vxlan Pass information to the match offload on whether or not the repr is the ingress or egress dev. Only accept tunnel matches if repr is the egress dev. This means rules such as the following are successfully offloaded: tc .. add dev vxlan0 .. enc_dst_port 4789 .. action redirect dev nfp_p0 While rules such as the following are rejected: tc .. add dev nfp_p0 .. enc_dst_port 4789 .. action redirect dev vxlan0 Also reject non tunnel flows that are offloaded to an egress dev. Non tunnel matches assume that the offload dev is the ingress port and offload a match accordingly. Fixes: 611aec101ab7 ("nfp: compile flower vxlan tunnel metadata match fields") Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
1a24d4f9 |
|
16-Nov-2017 |
John Hurley <john.hurley@netronome.com> |
nfp: register flower reprs for egress dev offload Register a callback for offloading flows that have a repr as their egress device. The new egdev_register function is added to net-next for the 4.15 release. Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
dc4646a9 |
|
02-Nov-2017 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: vxlan - ensure no sleep in atomic context Functions called by the netevent notifier must be in atomic context. Change the mutex to spinlock and ensure mem allocations are done with the atomic flag. Also, remove unnecessary locking after notifiers are unregistered. Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
2df7b2d2 |
|
02-Nov-2017 |
John Hurley <john.hurley@netronome.com> |
nfp: flower: app should use struct nfp_repr Ensure priv netdev data in flower app is cast to nfp_repr and not nfp_net as in other apps. Fixes: 363fc53b8b58 ("nfp: flower: Convert ndo_setup_tc offloads to block callbacks") Signed-off-by: John Hurley <john.hurley@netronome.com> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
44ae12a7 |
|
01-Nov-2017 |
Jiri Pirko <jiri@mellanox.com> |
net: sched: move the can_offload check from binding phase to rule insertion phase This restores the original behaviour before the block callbacks were introduced. Allow the drivers to do binding of block always, no matter if the NETIF_F_HW_TC feature is on or off. Move the check to the block callback which is called for rule insertion. Reported-by: Alexander Duyck <alexander.duyck@gmail.com> Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
8d26d563 |
|
19-Oct-2017 |
Jiri Pirko <jiri@mellanox.com> |
net: sched: avoid ndo_setup_tc calls for TC_SETUP_CLS* All drivers are converted to use block callbacks for TC_SETUP_CLS*. So it is now safe to remove the calls to ndo_setup_tc from cls_* Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
363fc53b |
|
19-Oct-2017 |
Jiri Pirko <jiri@mellanox.com> |
nfp: flower: Convert ndo_setup_tc offloads to block callbacks Benefit from the newly introduced block callback infrastructure and convert ndo_setup_tc calls for flower offloads to block callbacks. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
fc53b4a7 |
|
06-Oct-2017 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: add IPv6 ttl and tos match offloading support Previously matching on IPv6 ttl and tos fields were not offloaded. This patch enables offloading IPv6 ttl and tos as match fields. Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
a1e9203c |
|
06-Oct-2017 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: add IPv4 ttl and tos match offloading support Previously matching on IPv4 ttl and tos fields were not offloaded. This patch enables offloading IPv4 ttl and tos as match fields. Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
bb055c19 |
|
06-Oct-2017 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: add mpls match offloading support Previously MPLS match offloading was not supported. This patch enables MPLS match offloading support for label, bos and tc fields. Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
2d9ad71a |
|
24-Sep-2017 |
John Hurley <john.hurley@netronome.com> |
nfp: offload vxlan IPv4 endpoints of flower rules Maintain a list of IPv4 addresses used as the tunnel destination IP match fields in currently active flower rules. Offload the entire list of NFP_FL_IPV4_ADDRS_MAX (even if some are unused) when new IPs are added or removed. The NFP should only be aware of tunnel end points that are currently used by rules on the device Signed-off-by: John Hurley <john.hurley@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
611aec10 |
|
24-Sep-2017 |
John Hurley <john.hurley@netronome.com> |
nfp: compile flower vxlan tunnel metadata match fields Compile ovs-tc flower vxlan metadata match fields for offloading. Only support offload of tunnel data when the VXLAN port specifically matches well known port 4789. Signed-off-by: John Hurley <john.hurley@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
b95a2d83 |
|
13-Sep-2017 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: add whitelist of supported flow dissector Previously we did not check the flow dissector against a list of allowed and supported flow key dissectors. This patch introduces such a list and correctly rejects unsupported flow keys. Fixes: 43f84b72c50d ("nfp: add metadata to each flow offload") Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
74af5975 |
|
25-Aug-2017 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: fix supported key layers calculation Previously when calculating the supported key layers MPLS, IPv4/6 TTL and TOS were not considered. This patch checks that the TTL and TOS fields are masked out before offloading. Additionally this patch checks that MPLS packets are correctly handled, by not offloading them. Fixes: af9d842c1354 ("nfp: extend flower add flow offload") Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
a7cd39e0 |
|
25-Aug-2017 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: fix unchecked flow dissector use Previously flow dissectors were referenced without first checking that they are in use and correctly populated by TC. This patch fixes this by checking each flow dissector key before referencing them. Fixes: 5571e8c9f241 ("nfp: extend flower matching capabilities") Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
7f3b39da |
|
18-Aug-2017 |
Chris Mi <chrism@mellanox.com> |
net/sched: Fix the logic error to decide the ingress qdisc The offending commit used a newly added helper function. But the logic is wrong. Without this fix, the affected NICs can't do HW offload. Error -EOPNOTSUPP will be returned directly. Fixes: a2e8da9378cc ("net/sched: use newly added classid identity helpers") Signed-off-by: Chris Mi <chrism@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
a2e8da93 |
|
09-Aug-2017 |
Jiri Pirko <jiri@mellanox.com> |
net: sched: use newly added classid identity helpers Instead of checking handle, which does not have the inner class information and drivers wrongly assume clsact->egress as ingress, use the newly introduced classid identification helpers. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
de4784ca |
|
07-Aug-2017 |
Jiri Pirko <jiri@mellanox.com> |
net: sched: get rid of struct tc_to_netdev Get rid of struct tc_to_netdev which is now just unnecessary container and rather pass per-type structures down to drivers directly. Along with that, consolidate the naming of per-type structure variables in cls_*. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Acked-by: Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
5fd9fc4e |
|
07-Aug-2017 |
Jiri Pirko <jiri@mellanox.com> |
net: sched: push cls related args into cls_common structure As ndo_setup_tc is generic offload op for whole tc subsystem, does not really make sense to have cls-specific args. So move them under cls_common structurure which is embedded in all cls structs. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Acked-by: Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
37cba6b3 |
|
07-Aug-2017 |
Jiri Pirko <jiri@mellanox.com> |
nfp: change flows in apps that offload ndo_setup_tc Change the flows a bit in preparation of follow-up changes in ndo_setup_tc args. Also, change the error code to align with the rest of the drivers. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Acked-by: Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
2572ac53 |
|
07-Aug-2017 |
Jiri Pirko <jiri@mellanox.com> |
net: sched: make type an argument for ndo_setup_tc Since the type is always present, push it to be a separate argument to ndo_setup_tc. On the way, name the type enum and use it for arg type. Signed-off-by: Jiri Pirko <jiri@mellanox.com> Acked-by: Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
81f3ddf2 |
|
29-Jun-2017 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: add control message passing capabilities to flower offloads Previously the flower offloads never sends messages to the hardware, and never registers a handler for receiving messages from hardware. This patch enables the flower offloads to send control messages to hardware when adding and removing flow rules. Additionally it registers a control message rx handler for receiving stats updates from hardware for each offloaded flow. Additionally this patch adds 4 control message types; Add, modify and delete flow, as well as flow stats. It also allows nfp_flower_cmsg_get_data() to be used outside of cmsg.c. Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
abfcdc1d |
|
29-Jun-2017 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: add a stats handler for flower offloads Previously there was no way of updating flow rule stats after they have been offloaded to hardware. This is solved by keeping track of stats received from hardware and providing this to the TC handler on request. Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
43f84b72 |
|
29-Jun-2017 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: add metadata to each flow offload Adds metadata describing the mask id of each flow and keeps track of flows installed in hardware. Previously a flow could not be removed from hardware as there was no way of knowing if that a specific flow was installed. This is solved by storing the offloaded flows in a hash table. Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
1a1e586f |
|
29-Jun-2017 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: add basic action capabilities to flower offloads Adds push vlan, pop vlan, output and drop action capabilities to flower offloads. Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
5571e8c9 |
|
29-Jun-2017 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: extend flower matching capabilities Extends matching capabilities for flower offloads to include vlan, layer 2, layer 3 and layer 4 type matches. This includes both exact and wildcard matching. Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
af9d842c |
|
29-Jun-2017 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: extend flower add flow offload Extends the flower flow add function by calculating which match fields are present in the flower offload structure and allocating the appropriate space to describe these. Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
8a276873 |
|
29-Jun-2017 |
Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> |
nfp: provide infrastructure for offloading flower based TC filters Adds a flower based TC offload handler for representor devices, this is in addition to the bpf based offload handler. The changes in this patch will be used in a follow-up patch to add tc flower offload to the NFP. The flower app enables tc offloads on representors by default. Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|