1/* SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) */ 2/* Copyright (C) 2021 Corigine, Inc. */ 3 4#ifndef __NFP_FLOWER_CONNTRACK_H__ 5#define __NFP_FLOWER_CONNTRACK_H__ 1 6 7#include <net/netfilter/nf_flow_table.h> 8#include "main.h" 9 10#define NFP_FL_CT_NO_TUN 0xff 11 12#define COMPARE_UNMASKED_FIELDS(__match1, __match2, __out) \ 13 do { \ 14 typeof(__match1) _match1 = (__match1); \ 15 typeof(__match2) _match2 = (__match2); \ 16 bool *_out = (__out); \ 17 int i, size = sizeof(*(_match1).key); \ 18 char *k1, *m1, *k2, *m2; \ 19 *_out = false; \ 20 k1 = (char *)_match1.key; \ 21 m1 = (char *)_match1.mask; \ 22 k2 = (char *)_match2.key; \ 23 m2 = (char *)_match2.mask; \ 24 for (i = 0; i < size; i++) \ 25 if ((k1[i] & m1[i] & m2[i]) ^ \ 26 (k2[i] & m1[i] & m2[i])) { \ 27 *_out = true; \ 28 break; \ 29 } \ 30 } while (0) \ 31 32extern const struct rhashtable_params nfp_zone_table_params; 33extern const struct rhashtable_params nfp_ct_map_params; 34extern const struct rhashtable_params nfp_tc_ct_merge_params; 35extern const struct rhashtable_params nfp_nft_ct_merge_params; 36 37/** 38 * struct nfp_fl_ct_zone_entry - Zone entry containing conntrack flow information 39 * @zone: The zone number, used as lookup key in hashtable 40 * @hash_node: Used by the hashtable 41 * @priv: Pointer to nfp_flower_priv data 42 * @nft: Pointer to nf_flowtable for this zone 43 * 44 * @pre_ct_list: The pre_ct_list of nfp_fl_ct_flow_entry entries 45 * @pre_ct_count: Keep count of the number of pre_ct entries 46 * 47 * @post_ct_list: The post_ct_list of nfp_fl_ct_flow_entry entries 48 * @post_ct_count: Keep count of the number of post_ct entries 49 * 50 * @tc_merge_tb: The table of merged tc flows 51 * @tc_merge_count: Keep count of the number of merged tc entries 52 * 53 * @nft_flows_list: The list of nft relatednfp_fl_ct_flow_entry entries 54 * @nft_flows_count: Keep count of the number of nft_flow entries 55 * 56 * @nft_merge_tb: The table of merged tc+nft flows 57 * @nft_merge_count: Keep count of the number of merged tc+nft entries 58 */ 59struct nfp_fl_ct_zone_entry { 60 u16 zone; 61 struct rhash_head hash_node; 62 63 struct nfp_flower_priv *priv; 64 struct nf_flowtable *nft; 65 66 struct list_head pre_ct_list; 67 unsigned int pre_ct_count; 68 69 struct list_head post_ct_list; 70 unsigned int post_ct_count; 71 72 struct rhashtable tc_merge_tb; 73 unsigned int tc_merge_count; 74 75 struct list_head nft_flows_list; 76 unsigned int nft_flows_count; 77 78 struct rhashtable nft_merge_tb; 79 unsigned int nft_merge_count; 80}; 81 82enum ct_entry_type { 83 CT_TYPE_PRE_CT, 84 CT_TYPE_NFT, 85 CT_TYPE_POST_CT, 86 _CT_TYPE_MAX, 87}; 88 89#define NFP_MAX_RECIRC_CT_ZONES 4 90#define NFP_MAX_ENTRY_RULES (NFP_MAX_RECIRC_CT_ZONES * 2 + 1) 91 92enum nfp_nfp_layer_name { 93 FLOW_PAY_META_TCI = 0, 94 FLOW_PAY_INPORT, 95 FLOW_PAY_EXT_META, 96 FLOW_PAY_MAC_MPLS, 97 FLOW_PAY_L4, 98 FLOW_PAY_IPV4, 99 FLOW_PAY_IPV6, 100 FLOW_PAY_CT, 101 FLOW_PAY_GRE, 102 FLOW_PAY_QINQ, 103 FLOW_PAY_UDP_TUN, 104 FLOW_PAY_GENEVE_OPT, 105 106 _FLOW_PAY_LAYERS_MAX 107}; 108 109/* NFP flow entry flags. */ 110#define NFP_FL_ACTION_DO_NAT BIT(0) 111#define NFP_FL_ACTION_DO_MANGLE BIT(1) 112 113/** 114 * struct nfp_fl_ct_flow_entry - Flow entry containing conntrack flow information 115 * @cookie: Flow cookie, same as original TC flow, used as key 116 * @list_node: Used by the list 117 * @chain_index: Chain index of the original flow 118 * @goto_chain_index: goto chain index of the flow 119 * @netdev: netdev structure. 120 * @zt: Reference to the zone table this belongs to 121 * @children: List of tc_merge flows this flow forms part of 122 * @rule: Reference to the original TC flow rule 123 * @stats: Used to cache stats for updating 124 * @prev_m_entries: Array of all previous nft_tc_merge entries 125 * @num_prev_m_entries: The number of all previous nft_tc_merge entries 126 * @tun_offset: Used to indicate tunnel action offset in action list 127 * @flags: Used to indicate flow flag like NAT which used by merge. 128 * @type: Type of ct-entry from enum ct_entry_type 129 */ 130struct nfp_fl_ct_flow_entry { 131 unsigned long cookie; 132 struct list_head list_node; 133 u32 chain_index; 134 u32 goto_chain_index; 135 struct net_device *netdev; 136 struct nfp_fl_ct_zone_entry *zt; 137 struct list_head children; 138 struct flow_rule *rule; 139 struct flow_stats stats; 140 struct nfp_fl_nft_tc_merge *prev_m_entries[NFP_MAX_RECIRC_CT_ZONES - 1]; 141 u8 num_prev_m_entries; 142 u8 tun_offset; // Set to NFP_FL_CT_NO_TUN if no tun 143 u8 flags; 144 u8 type; 145}; 146 147/** 148 * struct nfp_fl_ct_tc_merge - Merge of two flows from tc 149 * @cookie: Flow cookie, combination of pre and post ct cookies 150 * @hash_node: Used by the hashtable 151 * @pre_ct_list: This entry is part of a pre_ct_list 152 * @post_ct_list: This entry is part of a post_ct_list 153 * @zt: Reference to the zone table this belongs to 154 * @pre_ct_parent: The pre_ct_parent 155 * @post_ct_parent: The post_ct_parent 156 * @children: List of nft merged entries 157 */ 158struct nfp_fl_ct_tc_merge { 159 unsigned long cookie[2]; 160 struct rhash_head hash_node; 161 struct list_head pre_ct_list; 162 struct list_head post_ct_list; 163 struct nfp_fl_ct_zone_entry *zt; 164 struct nfp_fl_ct_flow_entry *pre_ct_parent; 165 struct nfp_fl_ct_flow_entry *post_ct_parent; 166 struct list_head children; 167}; 168 169/** 170 * struct nfp_fl_nft_tc_merge - Merge of tc_merge flows with nft flow 171 * @netdev: Ingress netdev name 172 * @cookie: Flow cookie, combination of tc_merge and nft cookies 173 * @hash_node: Used by the hashtable 174 * @zt: Reference to the zone table this belongs to 175 * @nft_flow_list: This entry is part of a nft_flows_list 176 * @tc_merge_list: This entry is part of a ct_merge_list 177 * @tc_m_parent: The tc_merge parent 178 * @nft_parent: The nft_entry parent 179 * @tc_flower_cookie: The cookie of the flow offloaded to the nfp 180 * @flow_pay: Reference to the offloaded flow struct 181 * @next_pre_ct_entry: Reference to the next ct zone pre ct entry 182 */ 183struct nfp_fl_nft_tc_merge { 184 struct net_device *netdev; 185 unsigned long cookie[3]; 186 struct rhash_head hash_node; 187 struct nfp_fl_ct_zone_entry *zt; 188 struct list_head nft_flow_list; 189 struct list_head tc_merge_list; 190 struct nfp_fl_ct_tc_merge *tc_m_parent; 191 struct nfp_fl_ct_flow_entry *nft_parent; 192 unsigned long tc_flower_cookie; 193 struct nfp_fl_payload *flow_pay; 194 struct nfp_fl_ct_flow_entry *next_pre_ct_entry; 195}; 196 197/** 198 * struct nfp_fl_ct_map_entry - Map between flow cookie and specific ct_flow 199 * @cookie: Flow cookie, same as original TC flow, used as key 200 * @hash_node: Used by the hashtable 201 * @ct_entry: Pointer to corresponding ct_entry 202 */ 203struct nfp_fl_ct_map_entry { 204 unsigned long cookie; 205 struct rhash_head hash_node; 206 struct nfp_fl_ct_flow_entry *ct_entry; 207}; 208 209bool is_pre_ct_flow(struct flow_cls_offload *flow); 210bool is_post_ct_flow(struct flow_cls_offload *flow); 211 212/** 213 * nfp_fl_ct_handle_pre_ct() - Handles -trk conntrack rules 214 * @priv: Pointer to app priv 215 * @netdev: netdev structure. 216 * @flow: TC flower classifier offload structure. 217 * @extack: Extack pointer for errors 218 * @m_entry:previous nfp_fl_nft_tc_merge entry 219 * 220 * Adds a new entry to the relevant zone table and tries to 221 * merge with other +trk+est entries and offload if possible. 222 * 223 * Return: negative value on error, 0 if configured successfully. 224 */ 225int nfp_fl_ct_handle_pre_ct(struct nfp_flower_priv *priv, 226 struct net_device *netdev, 227 struct flow_cls_offload *flow, 228 struct netlink_ext_ack *extack, 229 struct nfp_fl_nft_tc_merge *m_entry); 230/** 231 * nfp_fl_ct_handle_post_ct() - Handles +trk+est conntrack rules 232 * @priv: Pointer to app priv 233 * @netdev: netdev structure. 234 * @flow: TC flower classifier offload structure. 235 * @extack: Extack pointer for errors 236 * 237 * Adds a new entry to the relevant zone table and tries to 238 * merge with other -trk entries and offload if possible. 239 * 240 * Return: negative value on error, 0 if configured successfully. 241 */ 242int nfp_fl_ct_handle_post_ct(struct nfp_flower_priv *priv, 243 struct net_device *netdev, 244 struct flow_cls_offload *flow, 245 struct netlink_ext_ack *extack); 246 247/** 248 * nfp_fl_create_new_pre_ct() - create next ct_zone -trk conntrack rules 249 * @m_entry:previous nfp_fl_nft_tc_merge entry 250 * 251 * Create a new pre_ct entry from previous nfp_fl_nft_tc_merge entry 252 * to the next relevant zone table. Try to merge with other +trk+est 253 * entries and offload if possible. The created new pre_ct entry is 254 * linked to the previous nfp_fl_nft_tc_merge entry. 255 * 256 * Return: negative value on error, 0 if configured successfully. 257 */ 258int nfp_fl_create_new_pre_ct(struct nfp_fl_nft_tc_merge *m_entry); 259 260/** 261 * nfp_fl_ct_clean_flow_entry() - Free a nfp_fl_ct_flow_entry 262 * @entry: Flow entry to cleanup 263 */ 264void nfp_fl_ct_clean_flow_entry(struct nfp_fl_ct_flow_entry *entry); 265 266/** 267 * nfp_fl_ct_del_flow() - Handle flow_del callbacks for conntrack 268 * @ct_map_ent: ct map entry for the flow that needs deleting 269 */ 270int nfp_fl_ct_del_flow(struct nfp_fl_ct_map_entry *ct_map_ent); 271 272/** 273 * nfp_fl_ct_handle_nft_flow() - Handle flower flow callbacks for nft table 274 * @type: Type provided by callback 275 * @type_data: Callback data 276 * @cb_priv: Pointer to data provided when registering the callback, in this 277 * case it's the zone table. 278 */ 279int nfp_fl_ct_handle_nft_flow(enum tc_setup_type type, void *type_data, 280 void *cb_priv); 281 282/** 283 * nfp_fl_ct_stats() - Handle flower stats callbacks for ct flows 284 * @flow: TC flower classifier offload structure. 285 * @ct_map_ent: ct map entry for the flow that needs deleting 286 */ 287int nfp_fl_ct_stats(struct flow_cls_offload *flow, 288 struct nfp_fl_ct_map_entry *ct_map_ent); 289#endif 290