nfp/flower/conntrack.h

0001 /* SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) */
0002 /* Copyright (C) 2021 Corigine, Inc. */
0003
0004 #ifndef __NFP_FLOWER_CONNTRACK_H__
0005 #define __NFP_FLOWER_CONNTRACK_H__ 1
0006
0007 #include <net/netfilter/nf_flow_table.h>
0008 #include "main.h"
0009
0010 #define NFP_FL_CT_NO_TUN    0xff
0011
0012 #define COMPARE_UNMASKED_FIELDS(__match1, __match2, __out)  \
0013     do {                            \
0014         typeof(__match1) _match1 = (__match1);      \
0015         typeof(__match2) _match2 = (__match2);      \
0016         bool *_out = (__out);       \
0017         int i, size = sizeof(*(_match1).key);       \
0018         char *k1, *m1, *k2, *m2;            \
0019         *_out = false;                  \
0020         k1 = (char *)_match1.key;           \
0021         m1 = (char *)_match1.mask;          \
0022         k2 = (char *)_match2.key;           \
0023         m2 = (char *)_match2.mask;          \
0024         for (i = 0; i < size; i++)          \
0025             if ((k1[i] & m1[i] & m2[i]) ^       \
0026                 (k2[i] & m1[i] & m2[i])) {      \
0027                 *_out = true;           \
0028                 break;              \
0029             }                   \
0030     } while (0)                     \
0031
0032 extern const struct rhashtable_params nfp_zone_table_params;
0033 extern const struct rhashtable_params nfp_ct_map_params;
0034 extern const struct rhashtable_params nfp_tc_ct_merge_params;
0035 extern const struct rhashtable_params nfp_nft_ct_merge_params;
0036
0037 /**
0038  * struct nfp_fl_ct_zone_entry - Zone entry containing conntrack flow information
0039  * @zone:   The zone number, used as lookup key in hashtable
0040  * @hash_node:  Used by the hashtable
0041  * @priv:   Pointer to nfp_flower_priv data
0042  * @nft:    Pointer to nf_flowtable for this zone
0043  *
0044  * @pre_ct_list:    The pre_ct_list of nfp_fl_ct_flow_entry entries
0045  * @pre_ct_count:   Keep count of the number of pre_ct entries
0046  *
0047  * @post_ct_list:   The post_ct_list of nfp_fl_ct_flow_entry entries
0048  * @post_ct_count:  Keep count of the number of post_ct entries
0049  *
0050  * @tc_merge_tb:    The table of merged tc flows
0051  * @tc_merge_count: Keep count of the number of merged tc entries
0052  *
0053  * @nft_flows_list: The list of nft relatednfp_fl_ct_flow_entry entries
0054  * @nft_flows_count:    Keep count of the number of nft_flow entries
0055  *
0056  * @nft_merge_tb:   The table of merged tc+nft flows
0057  * @nft_merge_count:    Keep count of the number of merged tc+nft entries
0058  */
0059 struct nfp_fl_ct_zone_entry {
0060     u16 zone;
0061     struct rhash_head hash_node;
0062
0063     struct nfp_flower_priv *priv;
0064     struct nf_flowtable *nft;
0065
0066     struct list_head pre_ct_list;
0067     unsigned int pre_ct_count;
0068
0069     struct list_head post_ct_list;
0070     unsigned int post_ct_count;
0071
0072     struct rhashtable tc_merge_tb;
0073     unsigned int tc_merge_count;
0074
0075     struct list_head nft_flows_list;
0076     unsigned int nft_flows_count;
0077
0078     struct rhashtable nft_merge_tb;
0079     unsigned int nft_merge_count;
0080 };
0081
0082 enum ct_entry_type {
0083     CT_TYPE_PRE_CT,
0084     CT_TYPE_NFT,
0085     CT_TYPE_POST_CT,
0086     _CT_TYPE_MAX,
0087 };
0088
0089 enum nfp_nfp_layer_name {
0090     FLOW_PAY_META_TCI =    0,
0091     FLOW_PAY_INPORT,
0092     FLOW_PAY_EXT_META,
0093     FLOW_PAY_MAC_MPLS,
0094     FLOW_PAY_L4,
0095     FLOW_PAY_IPV4,
0096     FLOW_PAY_IPV6,
0097     FLOW_PAY_CT,
0098     FLOW_PAY_GRE,
0099     FLOW_PAY_QINQ,
0100     FLOW_PAY_UDP_TUN,
0101     FLOW_PAY_GENEVE_OPT,
0102
0103     _FLOW_PAY_LAYERS_MAX
0104 };
0105
0106 /**
0107  * struct nfp_fl_ct_flow_entry - Flow entry containing conntrack flow information
0108  * @cookie: Flow cookie, same as original TC flow, used as key
0109  * @list_node:  Used by the list
0110  * @chain_index:    Chain index of the original flow
0111  * @netdev: netdev structure.
0112  * @type:   Type of pre-entry from enum ct_entry_type
0113  * @zt:     Reference to the zone table this belongs to
0114  * @children:   List of tc_merge flows this flow forms part of
0115  * @rule:   Reference to the original TC flow rule
0116  * @stats:  Used to cache stats for updating
0117  * @tun_offset: Used to indicate tunnel action offset in action list
0118  */
0119 struct nfp_fl_ct_flow_entry {
0120     unsigned long cookie;
0121     struct list_head list_node;
0122     u32 chain_index;
0123     enum ct_entry_type type;
0124     struct net_device *netdev;
0125     struct nfp_fl_ct_zone_entry *zt;
0126     struct list_head children;
0127     struct flow_rule *rule;
0128     struct flow_stats stats;
0129     u8 tun_offset;      // Set to NFP_FL_CT_NO_TUN if no tun
0130 };
0131
0132 /**
0133  * struct nfp_fl_ct_tc_merge - Merge of two flows from tc
0134  * @cookie:     Flow cookie, combination of pre and post ct cookies
0135  * @hash_node:      Used by the hashtable
0136  * @pre_ct_list:    This entry is part of a pre_ct_list
0137  * @post_ct_list:   This entry is part of a post_ct_list
0138  * @zt:         Reference to the zone table this belongs to
0139  * @pre_ct_parent:  The pre_ct_parent
0140  * @post_ct_parent: The post_ct_parent
0141  * @children:       List of nft merged entries
0142  */
0143 struct nfp_fl_ct_tc_merge {
0144     unsigned long cookie[2];
0145     struct rhash_head hash_node;
0146     struct list_head pre_ct_list;
0147     struct list_head post_ct_list;
0148     struct nfp_fl_ct_zone_entry *zt;
0149     struct nfp_fl_ct_flow_entry *pre_ct_parent;
0150     struct nfp_fl_ct_flow_entry *post_ct_parent;
0151     struct list_head children;
0152 };
0153
0154 /**
0155  * struct nfp_fl_nft_tc_merge - Merge of tc_merge flows with nft flow
0156  * @netdev:     Ingress netdev name
0157  * @cookie:     Flow cookie, combination of tc_merge and nft cookies
0158  * @hash_node:      Used by the hashtable
0159  * @zt: Reference to the zone table this belongs to
0160  * @nft_flow_list:  This entry is part of a nft_flows_list
0161  * @tc_merge_list:  This entry is part of a ct_merge_list
0162  * @tc_m_parent:    The tc_merge parent
0163  * @nft_parent: The nft_entry parent
0164  * @tc_flower_cookie:   The cookie of the flow offloaded to the nfp
0165  * @flow_pay:   Reference to the offloaded flow struct
0166  */
0167 struct nfp_fl_nft_tc_merge {
0168     struct net_device *netdev;
0169     unsigned long cookie[3];
0170     struct rhash_head hash_node;
0171     struct nfp_fl_ct_zone_entry *zt;
0172     struct list_head nft_flow_list;
0173     struct list_head tc_merge_list;
0174     struct nfp_fl_ct_tc_merge *tc_m_parent;
0175     struct nfp_fl_ct_flow_entry *nft_parent;
0176     unsigned long tc_flower_cookie;
0177     struct nfp_fl_payload *flow_pay;
0178 };
0179
0180 /**
0181  * struct nfp_fl_ct_map_entry - Map between flow cookie and specific ct_flow
0182  * @cookie: Flow cookie, same as original TC flow, used as key
0183  * @hash_node:  Used by the hashtable
0184  * @ct_entry:   Pointer to corresponding ct_entry
0185  */
0186 struct nfp_fl_ct_map_entry {
0187     unsigned long cookie;
0188     struct rhash_head hash_node;
0189     struct nfp_fl_ct_flow_entry *ct_entry;
0190 };
0191
0192 bool is_pre_ct_flow(struct flow_cls_offload *flow);
0193 bool is_post_ct_flow(struct flow_cls_offload *flow);
0194
0195 /**
0196  * nfp_fl_ct_handle_pre_ct() - Handles -trk conntrack rules
0197  * @priv:   Pointer to app priv
0198  * @netdev: netdev structure.
0199  * @flow:   TC flower classifier offload structure.
0200  * @extack: Extack pointer for errors
0201  *
0202  * Adds a new entry to the relevant zone table and tries to
0203  * merge with other +trk+est entries and offload if possible.
0204  *
0205  * Return: negative value on error, 0 if configured successfully.
0206  */
0207 int nfp_fl_ct_handle_pre_ct(struct nfp_flower_priv *priv,
0208                 struct net_device *netdev,
0209                 struct flow_cls_offload *flow,
0210                 struct netlink_ext_ack *extack);
0211 /**
0212  * nfp_fl_ct_handle_post_ct() - Handles +trk+est conntrack rules
0213  * @priv:   Pointer to app priv
0214  * @netdev: netdev structure.
0215  * @flow:   TC flower classifier offload structure.
0216  * @extack: Extack pointer for errors
0217  *
0218  * Adds a new entry to the relevant zone table and tries to
0219  * merge with other -trk entries and offload if possible.
0220  *
0221  * Return: negative value on error, 0 if configured successfully.
0222  */
0223 int nfp_fl_ct_handle_post_ct(struct nfp_flower_priv *priv,
0224                  struct net_device *netdev,
0225                  struct flow_cls_offload *flow,
0226                  struct netlink_ext_ack *extack);
0227
0228 /**
0229  * nfp_fl_ct_clean_flow_entry() - Free a nfp_fl_ct_flow_entry
0230  * @entry:  Flow entry to cleanup
0231  */
0232 void nfp_fl_ct_clean_flow_entry(struct nfp_fl_ct_flow_entry *entry);
0233
0234 /**
0235  * nfp_fl_ct_del_flow() - Handle flow_del callbacks for conntrack
0236  * @ct_map_ent: ct map entry for the flow that needs deleting
0237  */
0238 int nfp_fl_ct_del_flow(struct nfp_fl_ct_map_entry *ct_map_ent);
0239
0240 /**
0241  * nfp_fl_ct_handle_nft_flow() - Handle flower flow callbacks for nft table
0242  * @type:   Type provided by callback
0243  * @type_data:  Callback data
0244  * @cb_priv:    Pointer to data provided when registering the callback, in this
0245  *      case it's the zone table.
0246  */
0247 int nfp_fl_ct_handle_nft_flow(enum tc_setup_type type, void *type_data,
0248                   void *cb_priv);
0249
0250 /**
0251  * nfp_fl_ct_stats() - Handle flower stats callbacks for ct flows
0252  * @flow:   TC flower classifier offload structure.
0253  * @ct_map_ent: ct map entry for the flow that needs deleting
0254  */
0255 int nfp_fl_ct_stats(struct flow_cls_offload *flow,
0256             struct nfp_fl_ct_map_entry *ct_map_ent);
0257 #endif