1 // SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
2 /* Copyright (C) 2017-2018 Netronome Systems, Inc. */
4 #include <linux/etherdevice.h>
5 #include <linux/inetdevice.h>
6 #include <net/netevent.h>
8 #include <net/dst_metadata.h>
13 #include "../nfp_net_repr.h"
14 #include "../nfp_net.h"
16 #define NFP_FL_MAX_ROUTES 32
18 #define NFP_TUN_PRE_TUN_RULE_LIMIT 32
19 #define NFP_TUN_PRE_TUN_RULE_DEL BIT(0)
20 #define NFP_TUN_PRE_TUN_IDX_BIT BIT(3)
21 #define NFP_TUN_PRE_TUN_IPV6_BIT BIT(7)
24 * struct nfp_tun_pre_tun_rule - rule matched before decap
25 * @flags: options for the rule offset
26 * @port_idx: index of destination MAC address for the rule
27 * @vlan_tci: VLAN info associated with MAC
28 * @host_ctx_id: stats context of rule to update
30 struct nfp_tun_pre_tun_rule {
38 * struct nfp_tun_active_tuns - periodic message of active tunnels
39 * @seq: sequence number of the message
40 * @count: number of tunnels report in message
41 * @flags: options part of the request
42 * @tun_info.ipv4: dest IPv4 address of active route
43 * @tun_info.egress_port: port the encapsulated packet egressed
44 * @tun_info.extra: reserved for future use
45 * @tun_info: tunnels that have sent traffic in reported period
47 struct nfp_tun_active_tuns {
51 struct route_ip_info {
59 * struct nfp_tun_active_tuns_v6 - periodic message of active IPv6 tunnels
60 * @seq: sequence number of the message
61 * @count: number of tunnels report in message
62 * @flags: options part of the request
63 * @tun_info.ipv6: dest IPv6 address of active route
64 * @tun_info.egress_port: port the encapsulated packet egressed
65 * @tun_info.extra: reserved for future use
66 * @tun_info: tunnels that have sent traffic in reported period
68 struct nfp_tun_active_tuns_v6 {
72 struct route_ip_info_v6 {
80 * struct nfp_tun_req_route_ipv4 - NFP requests a route/neighbour lookup
81 * @ingress_port: ingress port of packet that signalled request
82 * @ipv4_addr: destination ipv4 address for route
83 * @reserved: reserved for future use
85 struct nfp_tun_req_route_ipv4 {
92 * struct nfp_tun_req_route_ipv6 - NFP requests an IPv6 route/neighbour lookup
93 * @ingress_port: ingress port of packet that signalled request
94 * @ipv6_addr: destination ipv6 address for route
96 struct nfp_tun_req_route_ipv6 {
98 struct in6_addr ipv6_addr;
102 * struct nfp_offloaded_route - routes that are offloaded to the NFP
103 * @list: list pointer
104 * @ip_add: destination of route - can be IPv4 or IPv6
106 struct nfp_offloaded_route {
107 struct list_head list;
111 #define NFP_FL_IPV4_ADDRS_MAX 32
114 * struct nfp_tun_ipv4_addr - set the IP address list on the NFP
115 * @count: number of IPs populated in the array
116 * @ipv4_addr: array of IPV4_ADDRS_MAX 32 bit IPv4 addresses
118 struct nfp_tun_ipv4_addr {
120 __be32 ipv4_addr[NFP_FL_IPV4_ADDRS_MAX];
124 * struct nfp_ipv4_addr_entry - cached IPv4 addresses
125 * @ipv4_addr: IP address
126 * @ref_count: number of rules currently using this IP
127 * @list: list pointer
129 struct nfp_ipv4_addr_entry {
132 struct list_head list;
135 #define NFP_FL_IPV6_ADDRS_MAX 4
138 * struct nfp_tun_ipv6_addr - set the IP address list on the NFP
139 * @count: number of IPs populated in the array
140 * @ipv6_addr: array of IPV6_ADDRS_MAX 128 bit IPv6 addresses
142 struct nfp_tun_ipv6_addr {
144 struct in6_addr ipv6_addr[NFP_FL_IPV6_ADDRS_MAX];
147 #define NFP_TUN_MAC_OFFLOAD_DEL_FLAG 0x2
150 * struct nfp_tun_mac_addr_offload - configure MAC address of tunnel EP on NFP
151 * @flags: MAC address offload options
152 * @count: number of MAC addresses in the message (should be 1)
153 * @index: index of MAC address in the lookup table
154 * @addr: interface MAC address
156 struct nfp_tun_mac_addr_offload {
163 enum nfp_flower_mac_offload_cmd {
164 NFP_TUNNEL_MAC_OFFLOAD_ADD = 0,
165 NFP_TUNNEL_MAC_OFFLOAD_DEL = 1,
166 NFP_TUNNEL_MAC_OFFLOAD_MOD = 2,
169 #define NFP_MAX_MAC_INDEX 0xff
172 * struct nfp_tun_offloaded_mac - hashtable entry for an offloaded MAC
173 * @ht_node: Hashtable entry
174 * @addr: Offloaded MAC address
175 * @index: Offloaded index for given MAC address
176 * @ref_count: Number of devs using this MAC address
177 * @repr_list: List of reprs sharing this MAC address
178 * @bridge_count: Number of bridge/internal devs with MAC
180 struct nfp_tun_offloaded_mac {
181 struct rhash_head ht_node;
185 struct list_head repr_list;
189 static const struct rhashtable_params offloaded_macs_params = {
190 .key_offset = offsetof(struct nfp_tun_offloaded_mac, addr),
191 .head_offset = offsetof(struct nfp_tun_offloaded_mac, ht_node),
193 .automatic_shrinking = true,
196 void nfp_tunnel_keep_alive(struct nfp_app *app, struct sk_buff *skb)
198 struct nfp_tun_active_tuns *payload;
199 struct net_device *netdev;
200 int count, i, pay_len;
205 payload = nfp_flower_cmsg_get_data(skb);
206 count = be32_to_cpu(payload->count);
207 if (count > NFP_FL_MAX_ROUTES) {
208 nfp_flower_cmsg_warn(app, "Tunnel keep-alive request exceeds max routes.\n");
212 pay_len = nfp_flower_cmsg_get_data_len(skb);
213 if (pay_len != struct_size(payload, tun_info, count)) {
214 nfp_flower_cmsg_warn(app, "Corruption in tunnel keep-alive message.\n");
219 for (i = 0; i < count; i++) {
220 ipv4_addr = payload->tun_info[i].ipv4;
221 port = be32_to_cpu(payload->tun_info[i].egress_port);
222 netdev = nfp_app_dev_get(app, port, NULL);
226 n = neigh_lookup(&arp_tbl, &ipv4_addr, netdev);
230 /* Update the used timestamp of neighbour */
231 neigh_event_send(n, NULL);
237 void nfp_tunnel_keep_alive_v6(struct nfp_app *app, struct sk_buff *skb)
239 #if IS_ENABLED(CONFIG_IPV6)
240 struct nfp_tun_active_tuns_v6 *payload;
241 struct net_device *netdev;
242 int count, i, pay_len;
247 payload = nfp_flower_cmsg_get_data(skb);
248 count = be32_to_cpu(payload->count);
249 if (count > NFP_FL_IPV6_ADDRS_MAX) {
250 nfp_flower_cmsg_warn(app, "IPv6 tunnel keep-alive request exceeds max routes.\n");
254 pay_len = nfp_flower_cmsg_get_data_len(skb);
255 if (pay_len != struct_size(payload, tun_info, count)) {
256 nfp_flower_cmsg_warn(app, "Corruption in tunnel keep-alive message.\n");
261 for (i = 0; i < count; i++) {
262 ipv6_add = &payload->tun_info[i].ipv6;
263 port = be32_to_cpu(payload->tun_info[i].egress_port);
264 netdev = nfp_app_dev_get(app, port, NULL);
268 n = neigh_lookup(&nd_tbl, ipv6_add, netdev);
272 /* Update the used timestamp of neighbour */
273 neigh_event_send(n, NULL);
281 nfp_flower_xmit_tun_conf(struct nfp_app *app, u8 mtype, u16 plen, void *pdata,
284 struct nfp_flower_priv *priv = app->priv;
288 if (!(priv->flower_ext_feats & NFP_FL_FEATS_DECAP_V2) &&
289 (mtype == NFP_FLOWER_CMSG_TYPE_TUN_NEIGH ||
290 mtype == NFP_FLOWER_CMSG_TYPE_TUN_NEIGH_V6))
291 plen -= sizeof(struct nfp_tun_neigh_ext);
293 skb = nfp_flower_cmsg_alloc(app, plen, mtype, flag);
297 msg = nfp_flower_cmsg_get_data(skb);
298 memcpy(msg, pdata, nfp_flower_cmsg_get_data_len(skb));
300 nfp_ctrl_tx(app->ctrl, skb);
305 nfp_tun_mutual_link(struct nfp_predt_entry *predt,
306 struct nfp_neigh_entry *neigh)
308 struct nfp_fl_payload *flow_pay = predt->flow_pay;
309 struct nfp_tun_neigh_ext *ext;
310 struct nfp_tun_neigh *common;
312 if (flow_pay->pre_tun_rule.is_ipv6 != neigh->is_ipv6)
315 /* In the case of bonding it is possible that there might already
316 * be a flow linked (as the MAC address gets shared). If a flow
317 * is already linked just return.
322 common = neigh->is_ipv6 ?
323 &((struct nfp_tun_neigh_v6 *)neigh->payload)->common :
324 &((struct nfp_tun_neigh_v4 *)neigh->payload)->common;
325 ext = neigh->is_ipv6 ?
326 &((struct nfp_tun_neigh_v6 *)neigh->payload)->ext :
327 &((struct nfp_tun_neigh_v4 *)neigh->payload)->ext;
329 if (memcmp(flow_pay->pre_tun_rule.loc_mac,
330 common->src_addr, ETH_ALEN) ||
331 memcmp(flow_pay->pre_tun_rule.rem_mac,
332 common->dst_addr, ETH_ALEN))
335 list_add(&neigh->list_head, &predt->nn_list);
337 ext->host_ctx = flow_pay->meta.host_ctx_id;
338 ext->vlan_tci = flow_pay->pre_tun_rule.vlan_tci;
339 ext->vlan_tpid = flow_pay->pre_tun_rule.vlan_tpid;
343 nfp_tun_link_predt_entries(struct nfp_app *app,
344 struct nfp_neigh_entry *nn_entry)
346 struct nfp_flower_priv *priv = app->priv;
347 struct nfp_predt_entry *predt, *tmp;
349 list_for_each_entry_safe(predt, tmp, &priv->predt_list, list_head) {
350 nfp_tun_mutual_link(predt, nn_entry);
354 void nfp_tun_link_and_update_nn_entries(struct nfp_app *app,
355 struct nfp_predt_entry *predt)
357 struct nfp_flower_priv *priv = app->priv;
358 struct nfp_neigh_entry *nn_entry;
359 struct rhashtable_iter iter;
363 rhashtable_walk_enter(&priv->neigh_table, &iter);
364 rhashtable_walk_start(&iter);
365 while ((nn_entry = rhashtable_walk_next(&iter)) != NULL) {
366 if (IS_ERR(nn_entry))
368 nfp_tun_mutual_link(predt, nn_entry);
369 neigh_size = nn_entry->is_ipv6 ?
370 sizeof(struct nfp_tun_neigh_v6) :
371 sizeof(struct nfp_tun_neigh_v4);
372 type = nn_entry->is_ipv6 ? NFP_FLOWER_CMSG_TYPE_TUN_NEIGH_V6 :
373 NFP_FLOWER_CMSG_TYPE_TUN_NEIGH;
374 nfp_flower_xmit_tun_conf(app, type, neigh_size,
378 rhashtable_walk_stop(&iter);
379 rhashtable_walk_exit(&iter);
382 static void nfp_tun_cleanup_nn_entries(struct nfp_app *app)
384 struct nfp_flower_priv *priv = app->priv;
385 struct nfp_neigh_entry *neigh;
386 struct nfp_tun_neigh_ext *ext;
387 struct rhashtable_iter iter;
391 rhashtable_walk_enter(&priv->neigh_table, &iter);
392 rhashtable_walk_start(&iter);
393 while ((neigh = rhashtable_walk_next(&iter)) != NULL) {
396 ext = neigh->is_ipv6 ?
397 &((struct nfp_tun_neigh_v6 *)neigh->payload)->ext :
398 &((struct nfp_tun_neigh_v4 *)neigh->payload)->ext;
399 ext->host_ctx = cpu_to_be32(U32_MAX);
400 ext->vlan_tpid = cpu_to_be16(U16_MAX);
401 ext->vlan_tci = cpu_to_be16(U16_MAX);
403 neigh_size = neigh->is_ipv6 ?
404 sizeof(struct nfp_tun_neigh_v6) :
405 sizeof(struct nfp_tun_neigh_v4);
406 type = neigh->is_ipv6 ? NFP_FLOWER_CMSG_TYPE_TUN_NEIGH_V6 :
407 NFP_FLOWER_CMSG_TYPE_TUN_NEIGH;
408 nfp_flower_xmit_tun_conf(app, type, neigh_size, neigh->payload,
411 rhashtable_remove_fast(&priv->neigh_table, &neigh->ht_node,
414 list_del(&neigh->list_head);
417 rhashtable_walk_stop(&iter);
418 rhashtable_walk_exit(&iter);
421 void nfp_tun_unlink_and_update_nn_entries(struct nfp_app *app,
422 struct nfp_predt_entry *predt)
424 struct nfp_neigh_entry *neigh, *tmp;
425 struct nfp_tun_neigh_ext *ext;
429 list_for_each_entry_safe(neigh, tmp, &predt->nn_list, list_head) {
430 ext = neigh->is_ipv6 ?
431 &((struct nfp_tun_neigh_v6 *)neigh->payload)->ext :
432 &((struct nfp_tun_neigh_v4 *)neigh->payload)->ext;
434 ext->host_ctx = cpu_to_be32(U32_MAX);
435 ext->vlan_tpid = cpu_to_be16(U16_MAX);
436 ext->vlan_tci = cpu_to_be16(U16_MAX);
437 list_del(&neigh->list_head);
438 neigh_size = neigh->is_ipv6 ?
439 sizeof(struct nfp_tun_neigh_v6) :
440 sizeof(struct nfp_tun_neigh_v4);
441 type = neigh->is_ipv6 ? NFP_FLOWER_CMSG_TYPE_TUN_NEIGH_V6 :
442 NFP_FLOWER_CMSG_TYPE_TUN_NEIGH;
443 nfp_flower_xmit_tun_conf(app, type, neigh_size, neigh->payload,
449 nfp_tun_write_neigh(struct net_device *netdev, struct nfp_app *app,
450 void *flow, struct neighbour *neigh, bool is_ipv6,
453 bool neigh_invalid = !(neigh->nud_state & NUD_VALID) || neigh->dead;
454 size_t neigh_size = is_ipv6 ? sizeof(struct nfp_tun_neigh_v6) :
455 sizeof(struct nfp_tun_neigh_v4);
456 unsigned long cookie = (unsigned long)neigh;
457 struct nfp_flower_priv *priv = app->priv;
458 struct nfp_neigh_entry *nn_entry;
462 port_id = nfp_flower_get_port_id_from_netdev(app, netdev);
466 spin_lock_bh(&priv->predt_lock);
467 nn_entry = rhashtable_lookup_fast(&priv->neigh_table, &cookie,
469 if (!nn_entry && !neigh_invalid) {
470 struct nfp_tun_neigh_ext *ext;
471 struct nfp_tun_neigh *common;
473 nn_entry = kzalloc(sizeof(*nn_entry) + neigh_size,
478 nn_entry->payload = (char *)&nn_entry[1];
479 nn_entry->neigh_cookie = cookie;
480 nn_entry->is_ipv6 = is_ipv6;
481 nn_entry->flow = NULL;
483 struct flowi6 *flowi6 = (struct flowi6 *)flow;
484 struct nfp_tun_neigh_v6 *payload;
486 payload = (struct nfp_tun_neigh_v6 *)nn_entry->payload;
487 payload->src_ipv6 = flowi6->saddr;
488 payload->dst_ipv6 = flowi6->daddr;
489 common = &payload->common;
491 mtype = NFP_FLOWER_CMSG_TYPE_TUN_NEIGH_V6;
493 struct flowi4 *flowi4 = (struct flowi4 *)flow;
494 struct nfp_tun_neigh_v4 *payload;
496 payload = (struct nfp_tun_neigh_v4 *)nn_entry->payload;
497 payload->src_ipv4 = flowi4->saddr;
498 payload->dst_ipv4 = flowi4->daddr;
499 common = &payload->common;
501 mtype = NFP_FLOWER_CMSG_TYPE_TUN_NEIGH;
503 ext->host_ctx = cpu_to_be32(U32_MAX);
504 ext->vlan_tpid = cpu_to_be16(U16_MAX);
505 ext->vlan_tci = cpu_to_be16(U16_MAX);
506 ether_addr_copy(common->src_addr, netdev->dev_addr);
507 neigh_ha_snapshot(common->dst_addr, neigh, netdev);
508 common->port_id = cpu_to_be32(port_id);
510 if (rhashtable_insert_fast(&priv->neigh_table,
515 nfp_tun_link_predt_entries(app, nn_entry);
516 nfp_flower_xmit_tun_conf(app, mtype, neigh_size,
519 } else if (nn_entry && neigh_invalid) {
521 struct flowi6 *flowi6 = (struct flowi6 *)flow;
522 struct nfp_tun_neigh_v6 *payload;
524 payload = (struct nfp_tun_neigh_v6 *)nn_entry->payload;
525 memset(payload, 0, sizeof(struct nfp_tun_neigh_v6));
526 payload->dst_ipv6 = flowi6->daddr;
527 mtype = NFP_FLOWER_CMSG_TYPE_TUN_NEIGH_V6;
529 struct flowi4 *flowi4 = (struct flowi4 *)flow;
530 struct nfp_tun_neigh_v4 *payload;
532 payload = (struct nfp_tun_neigh_v4 *)nn_entry->payload;
533 memset(payload, 0, sizeof(struct nfp_tun_neigh_v4));
534 payload->dst_ipv4 = flowi4->daddr;
535 mtype = NFP_FLOWER_CMSG_TYPE_TUN_NEIGH;
537 /* Trigger ARP to verify invalid neighbour state. */
538 neigh_event_send(neigh, NULL);
539 rhashtable_remove_fast(&priv->neigh_table,
543 nfp_flower_xmit_tun_conf(app, mtype, neigh_size,
548 list_del(&nn_entry->list_head);
550 } else if (nn_entry && !neigh_invalid && override) {
551 mtype = is_ipv6 ? NFP_FLOWER_CMSG_TYPE_TUN_NEIGH_V6 :
552 NFP_FLOWER_CMSG_TYPE_TUN_NEIGH;
553 nfp_tun_link_predt_entries(app, nn_entry);
554 nfp_flower_xmit_tun_conf(app, mtype, neigh_size,
559 spin_unlock_bh(&priv->predt_lock);
564 spin_unlock_bh(&priv->predt_lock);
565 nfp_flower_cmsg_warn(app, "Neighbour configuration failed.\n");
569 nfp_tun_neigh_event_handler(struct notifier_block *nb, unsigned long event,
572 struct nfp_flower_priv *app_priv;
573 struct netevent_redirect *redir;
580 case NETEVENT_REDIRECT:
581 redir = (struct netevent_redirect *)ptr;
584 case NETEVENT_NEIGH_UPDATE:
585 n = (struct neighbour *)ptr;
591 neigh_invalid = !(n->nud_state & NUD_VALID) || n->dead;
593 app_priv = container_of(nb, struct nfp_flower_priv, tun.neigh_nb);
596 if (!nfp_netdev_is_nfp_repr(n->dev) &&
597 !nfp_flower_internal_port_can_offload(app, n->dev))
600 #if IS_ENABLED(CONFIG_INET)
601 if (n->tbl->family == AF_INET6) {
602 #if IS_ENABLED(CONFIG_IPV6)
603 struct flowi6 flow6 = {};
605 flow6.daddr = *(struct in6_addr *)n->primary_key;
606 if (!neigh_invalid) {
607 struct dst_entry *dst;
608 /* Use ipv6_dst_lookup_flow to populate flow6->saddr
609 * and other fields. This information is only needed
610 * for new entries, lookup can be skipped when an entry
611 * gets invalidated - as only the daddr is needed for
614 dst = ip6_dst_lookup_flow(dev_net(n->dev), NULL,
621 nfp_tun_write_neigh(n->dev, app, &flow6, n, true, false);
624 #endif /* CONFIG_IPV6 */
626 struct flowi4 flow4 = {};
628 flow4.daddr = *(__be32 *)n->primary_key;
629 if (!neigh_invalid) {
631 /* Use ip_route_output_key to populate flow4->saddr and
632 * other fields. This information is only needed for
633 * new entries, lookup can be skipped when an entry
634 * gets invalidated - as only the daddr is needed for
637 rt = ip_route_output_key(dev_net(n->dev), &flow4);
638 err = PTR_ERR_OR_ZERO(rt);
644 nfp_tun_write_neigh(n->dev, app, &flow4, n, false, false);
648 #endif /* CONFIG_INET */
653 void nfp_tunnel_request_route_v4(struct nfp_app *app, struct sk_buff *skb)
655 struct nfp_tun_req_route_ipv4 *payload;
656 struct net_device *netdev;
657 struct flowi4 flow = {};
662 payload = nfp_flower_cmsg_get_data(skb);
665 netdev = nfp_app_dev_get(app, be32_to_cpu(payload->ingress_port), NULL);
667 goto fail_rcu_unlock;
669 flow.daddr = payload->ipv4_addr;
670 flow.flowi4_proto = IPPROTO_UDP;
672 #if IS_ENABLED(CONFIG_INET)
673 /* Do a route lookup on same namespace as ingress port. */
674 rt = ip_route_output_key(dev_net(netdev), &flow);
675 err = PTR_ERR_OR_ZERO(rt);
677 goto fail_rcu_unlock;
679 goto fail_rcu_unlock;
682 /* Get the neighbour entry for the lookup */
683 n = dst_neigh_lookup(&rt->dst, &flow.daddr);
686 goto fail_rcu_unlock;
687 nfp_tun_write_neigh(n->dev, app, &flow, n, false, true);
694 nfp_flower_cmsg_warn(app, "Requested route not found.\n");
697 void nfp_tunnel_request_route_v6(struct nfp_app *app, struct sk_buff *skb)
699 struct nfp_tun_req_route_ipv6 *payload;
700 struct net_device *netdev;
701 struct flowi6 flow = {};
702 struct dst_entry *dst;
705 payload = nfp_flower_cmsg_get_data(skb);
708 netdev = nfp_app_dev_get(app, be32_to_cpu(payload->ingress_port), NULL);
710 goto fail_rcu_unlock;
712 flow.daddr = payload->ipv6_addr;
713 flow.flowi6_proto = IPPROTO_UDP;
715 #if IS_ENABLED(CONFIG_INET) && IS_ENABLED(CONFIG_IPV6)
716 dst = ipv6_stub->ipv6_dst_lookup_flow(dev_net(netdev), NULL, &flow,
719 goto fail_rcu_unlock;
721 goto fail_rcu_unlock;
724 n = dst_neigh_lookup(dst, &flow.daddr);
727 goto fail_rcu_unlock;
729 nfp_tun_write_neigh(n->dev, app, &flow, n, true, true);
736 nfp_flower_cmsg_warn(app, "Requested IPv6 route not found.\n");
739 static void nfp_tun_write_ipv4_list(struct nfp_app *app)
741 struct nfp_flower_priv *priv = app->priv;
742 struct nfp_ipv4_addr_entry *entry;
743 struct nfp_tun_ipv4_addr payload;
744 struct list_head *ptr, *storage;
747 memset(&payload, 0, sizeof(struct nfp_tun_ipv4_addr));
748 mutex_lock(&priv->tun.ipv4_off_lock);
750 list_for_each_safe(ptr, storage, &priv->tun.ipv4_off_list) {
751 if (count >= NFP_FL_IPV4_ADDRS_MAX) {
752 mutex_unlock(&priv->tun.ipv4_off_lock);
753 nfp_flower_cmsg_warn(app, "IPv4 offload exceeds limit.\n");
756 entry = list_entry(ptr, struct nfp_ipv4_addr_entry, list);
757 payload.ipv4_addr[count++] = entry->ipv4_addr;
759 payload.count = cpu_to_be32(count);
760 mutex_unlock(&priv->tun.ipv4_off_lock);
762 nfp_flower_xmit_tun_conf(app, NFP_FLOWER_CMSG_TYPE_TUN_IPS,
763 sizeof(struct nfp_tun_ipv4_addr),
764 &payload, GFP_KERNEL);
767 void nfp_tunnel_add_ipv4_off(struct nfp_app *app, __be32 ipv4)
769 struct nfp_flower_priv *priv = app->priv;
770 struct nfp_ipv4_addr_entry *entry;
771 struct list_head *ptr, *storage;
773 mutex_lock(&priv->tun.ipv4_off_lock);
774 list_for_each_safe(ptr, storage, &priv->tun.ipv4_off_list) {
775 entry = list_entry(ptr, struct nfp_ipv4_addr_entry, list);
776 if (entry->ipv4_addr == ipv4) {
778 mutex_unlock(&priv->tun.ipv4_off_lock);
783 entry = kmalloc(sizeof(*entry), GFP_KERNEL);
785 mutex_unlock(&priv->tun.ipv4_off_lock);
786 nfp_flower_cmsg_warn(app, "Mem error when offloading IP address.\n");
789 entry->ipv4_addr = ipv4;
790 entry->ref_count = 1;
791 list_add_tail(&entry->list, &priv->tun.ipv4_off_list);
792 mutex_unlock(&priv->tun.ipv4_off_lock);
794 nfp_tun_write_ipv4_list(app);
797 void nfp_tunnel_del_ipv4_off(struct nfp_app *app, __be32 ipv4)
799 struct nfp_flower_priv *priv = app->priv;
800 struct nfp_ipv4_addr_entry *entry;
801 struct list_head *ptr, *storage;
803 mutex_lock(&priv->tun.ipv4_off_lock);
804 list_for_each_safe(ptr, storage, &priv->tun.ipv4_off_list) {
805 entry = list_entry(ptr, struct nfp_ipv4_addr_entry, list);
806 if (entry->ipv4_addr == ipv4) {
808 if (!entry->ref_count) {
809 list_del(&entry->list);
815 mutex_unlock(&priv->tun.ipv4_off_lock);
817 nfp_tun_write_ipv4_list(app);
820 static void nfp_tun_write_ipv6_list(struct nfp_app *app)
822 struct nfp_flower_priv *priv = app->priv;
823 struct nfp_ipv6_addr_entry *entry;
824 struct nfp_tun_ipv6_addr payload;
827 memset(&payload, 0, sizeof(struct nfp_tun_ipv6_addr));
828 mutex_lock(&priv->tun.ipv6_off_lock);
829 list_for_each_entry(entry, &priv->tun.ipv6_off_list, list) {
830 if (count >= NFP_FL_IPV6_ADDRS_MAX) {
831 nfp_flower_cmsg_warn(app, "Too many IPv6 tunnel endpoint addresses, some cannot be offloaded.\n");
834 payload.ipv6_addr[count++] = entry->ipv6_addr;
836 mutex_unlock(&priv->tun.ipv6_off_lock);
837 payload.count = cpu_to_be32(count);
839 nfp_flower_xmit_tun_conf(app, NFP_FLOWER_CMSG_TYPE_TUN_IPS_V6,
840 sizeof(struct nfp_tun_ipv6_addr),
841 &payload, GFP_KERNEL);
844 struct nfp_ipv6_addr_entry *
845 nfp_tunnel_add_ipv6_off(struct nfp_app *app, struct in6_addr *ipv6)
847 struct nfp_flower_priv *priv = app->priv;
848 struct nfp_ipv6_addr_entry *entry;
850 mutex_lock(&priv->tun.ipv6_off_lock);
851 list_for_each_entry(entry, &priv->tun.ipv6_off_list, list)
852 if (!memcmp(&entry->ipv6_addr, ipv6, sizeof(*ipv6))) {
854 mutex_unlock(&priv->tun.ipv6_off_lock);
858 entry = kmalloc(sizeof(*entry), GFP_KERNEL);
860 mutex_unlock(&priv->tun.ipv6_off_lock);
861 nfp_flower_cmsg_warn(app, "Mem error when offloading IP address.\n");
864 entry->ipv6_addr = *ipv6;
865 entry->ref_count = 1;
866 list_add_tail(&entry->list, &priv->tun.ipv6_off_list);
867 mutex_unlock(&priv->tun.ipv6_off_lock);
869 nfp_tun_write_ipv6_list(app);
875 nfp_tunnel_put_ipv6_off(struct nfp_app *app, struct nfp_ipv6_addr_entry *entry)
877 struct nfp_flower_priv *priv = app->priv;
880 mutex_lock(&priv->tun.ipv6_off_lock);
881 if (!--entry->ref_count) {
882 list_del(&entry->list);
886 mutex_unlock(&priv->tun.ipv6_off_lock);
889 nfp_tun_write_ipv6_list(app);
893 __nfp_tunnel_offload_mac(struct nfp_app *app, const u8 *mac, u16 idx, bool del)
895 struct nfp_tun_mac_addr_offload payload;
897 memset(&payload, 0, sizeof(payload));
900 payload.flags = cpu_to_be16(NFP_TUN_MAC_OFFLOAD_DEL_FLAG);
902 /* FW supports multiple MACs per cmsg but restrict to single. */
903 payload.count = cpu_to_be16(1);
904 payload.index = cpu_to_be16(idx);
905 ether_addr_copy(payload.addr, mac);
907 return nfp_flower_xmit_tun_conf(app, NFP_FLOWER_CMSG_TYPE_TUN_MAC,
908 sizeof(struct nfp_tun_mac_addr_offload),
909 &payload, GFP_KERNEL);
912 static bool nfp_tunnel_port_is_phy_repr(int port)
914 if (FIELD_GET(NFP_FLOWER_CMSG_PORT_TYPE, port) ==
915 NFP_FLOWER_CMSG_PORT_TYPE_PHYS_PORT)
921 static u16 nfp_tunnel_get_mac_idx_from_phy_port_id(int port)
923 return port << 8 | NFP_FLOWER_CMSG_PORT_TYPE_PHYS_PORT;
926 static u16 nfp_tunnel_get_global_mac_idx_from_ida(int id)
928 return id << 8 | NFP_FLOWER_CMSG_PORT_TYPE_OTHER_PORT;
931 static int nfp_tunnel_get_ida_from_global_mac_idx(u16 nfp_mac_idx)
933 return nfp_mac_idx >> 8;
936 static bool nfp_tunnel_is_mac_idx_global(u16 nfp_mac_idx)
938 return (nfp_mac_idx & 0xff) == NFP_FLOWER_CMSG_PORT_TYPE_OTHER_PORT;
941 static struct nfp_tun_offloaded_mac *
942 nfp_tunnel_lookup_offloaded_macs(struct nfp_app *app, const u8 *mac)
944 struct nfp_flower_priv *priv = app->priv;
946 return rhashtable_lookup_fast(&priv->tun.offloaded_macs, mac,
947 offloaded_macs_params);
951 nfp_tunnel_offloaded_macs_inc_ref_and_link(struct nfp_tun_offloaded_mac *entry,
952 struct net_device *netdev, bool mod)
954 if (nfp_netdev_is_nfp_repr(netdev)) {
955 struct nfp_flower_repr_priv *repr_priv;
956 struct nfp_repr *repr;
958 repr = netdev_priv(netdev);
959 repr_priv = repr->app_priv;
961 /* If modifing MAC, remove repr from old list first. */
963 list_del(&repr_priv->mac_list);
965 list_add_tail(&repr_priv->mac_list, &entry->repr_list);
966 } else if (nfp_flower_is_supported_bridge(netdev)) {
967 entry->bridge_count++;
974 nfp_tunnel_add_shared_mac(struct nfp_app *app, struct net_device *netdev,
977 struct nfp_flower_priv *priv = app->priv;
978 struct nfp_tun_offloaded_mac *entry;
979 int ida_idx = -1, err;
982 entry = nfp_tunnel_lookup_offloaded_macs(app, netdev->dev_addr);
983 if (entry && nfp_tunnel_is_mac_idx_global(entry->index)) {
984 if (entry->bridge_count ||
985 !nfp_flower_is_supported_bridge(netdev)) {
986 nfp_tunnel_offloaded_macs_inc_ref_and_link(entry,
991 /* MAC is global but matches need to go to pre_tun table. */
992 nfp_mac_idx = entry->index | NFP_TUN_PRE_TUN_IDX_BIT;
996 /* Assign a global index if non-repr or MAC is now shared. */
997 if (entry || !port) {
998 ida_idx = ida_alloc_max(&priv->tun.mac_off_ids,
999 NFP_MAX_MAC_INDEX, GFP_KERNEL);
1004 nfp_tunnel_get_global_mac_idx_from_ida(ida_idx);
1006 if (nfp_flower_is_supported_bridge(netdev))
1007 nfp_mac_idx |= NFP_TUN_PRE_TUN_IDX_BIT;
1011 nfp_tunnel_get_mac_idx_from_phy_port_id(port);
1016 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
1022 ether_addr_copy(entry->addr, netdev->dev_addr);
1023 INIT_LIST_HEAD(&entry->repr_list);
1025 if (rhashtable_insert_fast(&priv->tun.offloaded_macs,
1027 offloaded_macs_params)) {
1029 goto err_free_entry;
1033 err = __nfp_tunnel_offload_mac(app, netdev->dev_addr,
1034 nfp_mac_idx, false);
1036 /* If not shared then free. */
1037 if (!entry->ref_count)
1038 goto err_remove_hash;
1042 entry->index = nfp_mac_idx;
1043 nfp_tunnel_offloaded_macs_inc_ref_and_link(entry, netdev, mod);
1048 rhashtable_remove_fast(&priv->tun.offloaded_macs, &entry->ht_node,
1049 offloaded_macs_params);
1054 ida_free(&priv->tun.mac_off_ids, ida_idx);
1060 nfp_tunnel_del_shared_mac(struct nfp_app *app, struct net_device *netdev,
1061 const u8 *mac, bool mod)
1063 struct nfp_flower_priv *priv = app->priv;
1064 struct nfp_flower_repr_priv *repr_priv;
1065 struct nfp_tun_offloaded_mac *entry;
1066 struct nfp_repr *repr;
1070 entry = nfp_tunnel_lookup_offloaded_macs(app, mac);
1075 /* If del is part of a mod then mac_list is still in use elsewheree. */
1076 if (nfp_netdev_is_nfp_repr(netdev) && !mod) {
1077 repr = netdev_priv(netdev);
1078 repr_priv = repr->app_priv;
1079 list_del(&repr_priv->mac_list);
1082 if (nfp_flower_is_supported_bridge(netdev)) {
1083 entry->bridge_count--;
1085 if (!entry->bridge_count && entry->ref_count) {
1086 nfp_mac_idx = entry->index & ~NFP_TUN_PRE_TUN_IDX_BIT;
1087 if (__nfp_tunnel_offload_mac(app, mac, nfp_mac_idx,
1089 nfp_flower_cmsg_warn(app, "MAC offload index revert failed on %s.\n",
1090 netdev_name(netdev));
1094 entry->index = nfp_mac_idx;
1099 /* If MAC is now used by 1 repr set the offloaded MAC index to port. */
1100 if (entry->ref_count == 1 && list_is_singular(&entry->repr_list)) {
1103 repr_priv = list_first_entry(&entry->repr_list,
1104 struct nfp_flower_repr_priv,
1106 repr = repr_priv->nfp_repr;
1107 port = nfp_repr_get_port_id(repr->netdev);
1108 nfp_mac_idx = nfp_tunnel_get_mac_idx_from_phy_port_id(port);
1109 err = __nfp_tunnel_offload_mac(app, mac, nfp_mac_idx, false);
1111 nfp_flower_cmsg_warn(app, "MAC offload index revert failed on %s.\n",
1112 netdev_name(netdev));
1116 ida_idx = nfp_tunnel_get_ida_from_global_mac_idx(entry->index);
1117 ida_free(&priv->tun.mac_off_ids, ida_idx);
1118 entry->index = nfp_mac_idx;
1122 if (entry->ref_count)
1125 WARN_ON_ONCE(rhashtable_remove_fast(&priv->tun.offloaded_macs,
1127 offloaded_macs_params));
1129 if (nfp_flower_is_supported_bridge(netdev))
1130 nfp_mac_idx = entry->index & ~NFP_TUN_PRE_TUN_IDX_BIT;
1132 nfp_mac_idx = entry->index;
1134 /* If MAC has global ID then extract and free the ida entry. */
1135 if (nfp_tunnel_is_mac_idx_global(nfp_mac_idx)) {
1136 ida_idx = nfp_tunnel_get_ida_from_global_mac_idx(entry->index);
1137 ida_free(&priv->tun.mac_off_ids, ida_idx);
1142 return __nfp_tunnel_offload_mac(app, mac, 0, true);
1146 nfp_tunnel_offload_mac(struct nfp_app *app, struct net_device *netdev,
1147 enum nfp_flower_mac_offload_cmd cmd)
1149 struct nfp_flower_non_repr_priv *nr_priv = NULL;
1150 bool non_repr = false, *mac_offloaded;
1154 if (nfp_netdev_is_nfp_repr(netdev)) {
1155 struct nfp_flower_repr_priv *repr_priv;
1156 struct nfp_repr *repr;
1158 repr = netdev_priv(netdev);
1159 if (repr->app != app)
1162 repr_priv = repr->app_priv;
1163 if (repr_priv->on_bridge)
1166 mac_offloaded = &repr_priv->mac_offloaded;
1167 off_mac = &repr_priv->offloaded_mac_addr[0];
1168 port = nfp_repr_get_port_id(netdev);
1169 if (!nfp_tunnel_port_is_phy_repr(port))
1171 } else if (nfp_fl_is_netdev_to_offload(netdev)) {
1172 nr_priv = nfp_flower_non_repr_priv_get(app, netdev);
1176 mac_offloaded = &nr_priv->mac_offloaded;
1177 off_mac = &nr_priv->offloaded_mac_addr[0];
1183 if (!is_valid_ether_addr(netdev->dev_addr)) {
1185 goto err_put_non_repr_priv;
1188 if (cmd == NFP_TUNNEL_MAC_OFFLOAD_MOD && !*mac_offloaded)
1189 cmd = NFP_TUNNEL_MAC_OFFLOAD_ADD;
1192 case NFP_TUNNEL_MAC_OFFLOAD_ADD:
1193 err = nfp_tunnel_add_shared_mac(app, netdev, port, false);
1195 goto err_put_non_repr_priv;
1198 __nfp_flower_non_repr_priv_get(nr_priv);
1200 *mac_offloaded = true;
1201 ether_addr_copy(off_mac, netdev->dev_addr);
1203 case NFP_TUNNEL_MAC_OFFLOAD_DEL:
1204 /* Only attempt delete if add was successful. */
1205 if (!*mac_offloaded)
1209 __nfp_flower_non_repr_priv_put(nr_priv);
1211 *mac_offloaded = false;
1213 err = nfp_tunnel_del_shared_mac(app, netdev, netdev->dev_addr,
1216 goto err_put_non_repr_priv;
1219 case NFP_TUNNEL_MAC_OFFLOAD_MOD:
1220 /* Ignore if changing to the same address. */
1221 if (ether_addr_equal(netdev->dev_addr, off_mac))
1224 err = nfp_tunnel_add_shared_mac(app, netdev, port, true);
1226 goto err_put_non_repr_priv;
1228 /* Delete the previous MAC address. */
1229 err = nfp_tunnel_del_shared_mac(app, netdev, off_mac, true);
1231 nfp_flower_cmsg_warn(app, "Failed to remove offload of replaced MAC addr on %s.\n",
1232 netdev_name(netdev));
1234 ether_addr_copy(off_mac, netdev->dev_addr);
1238 goto err_put_non_repr_priv;
1242 __nfp_flower_non_repr_priv_put(nr_priv);
1246 err_put_non_repr_priv:
1248 __nfp_flower_non_repr_priv_put(nr_priv);
1253 int nfp_tunnel_mac_event_handler(struct nfp_app *app,
1254 struct net_device *netdev,
1255 unsigned long event, void *ptr)
1259 if (event == NETDEV_DOWN) {
1260 err = nfp_tunnel_offload_mac(app, netdev,
1261 NFP_TUNNEL_MAC_OFFLOAD_DEL);
1263 nfp_flower_cmsg_warn(app, "Failed to delete offload MAC on %s.\n",
1264 netdev_name(netdev));
1265 } else if (event == NETDEV_UP) {
1266 err = nfp_tunnel_offload_mac(app, netdev,
1267 NFP_TUNNEL_MAC_OFFLOAD_ADD);
1269 nfp_flower_cmsg_warn(app, "Failed to offload MAC on %s.\n",
1270 netdev_name(netdev));
1271 } else if (event == NETDEV_CHANGEADDR) {
1272 /* Only offload addr change if netdev is already up. */
1273 if (!(netdev->flags & IFF_UP))
1276 err = nfp_tunnel_offload_mac(app, netdev,
1277 NFP_TUNNEL_MAC_OFFLOAD_MOD);
1279 nfp_flower_cmsg_warn(app, "Failed to offload MAC change on %s.\n",
1280 netdev_name(netdev));
1281 } else if (event == NETDEV_CHANGEUPPER) {
1282 /* If a repr is attached to a bridge then tunnel packets
1283 * entering the physical port are directed through the bridge
1284 * datapath and cannot be directly detunneled. Therefore,
1285 * associated offloaded MACs and indexes should not be used
1286 * by fw for detunneling.
1288 struct netdev_notifier_changeupper_info *info = ptr;
1289 struct net_device *upper = info->upper_dev;
1290 struct nfp_flower_repr_priv *repr_priv;
1291 struct nfp_repr *repr;
1293 if (!nfp_netdev_is_nfp_repr(netdev) ||
1294 !nfp_flower_is_supported_bridge(upper))
1297 repr = netdev_priv(netdev);
1298 if (repr->app != app)
1301 repr_priv = repr->app_priv;
1303 if (info->linking) {
1304 if (nfp_tunnel_offload_mac(app, netdev,
1305 NFP_TUNNEL_MAC_OFFLOAD_DEL))
1306 nfp_flower_cmsg_warn(app, "Failed to delete offloaded MAC on %s.\n",
1307 netdev_name(netdev));
1308 repr_priv->on_bridge = true;
1310 repr_priv->on_bridge = false;
1312 if (!(netdev->flags & IFF_UP))
1315 if (nfp_tunnel_offload_mac(app, netdev,
1316 NFP_TUNNEL_MAC_OFFLOAD_ADD))
1317 nfp_flower_cmsg_warn(app, "Failed to offload MAC on %s.\n",
1318 netdev_name(netdev));
1324 int nfp_flower_xmit_pre_tun_flow(struct nfp_app *app,
1325 struct nfp_fl_payload *flow)
1327 struct nfp_flower_priv *app_priv = app->priv;
1328 struct nfp_tun_offloaded_mac *mac_entry;
1329 struct nfp_flower_meta_tci *key_meta;
1330 struct nfp_tun_pre_tun_rule payload;
1331 struct net_device *internal_dev;
1334 if (app_priv->pre_tun_rule_cnt == NFP_TUN_PRE_TUN_RULE_LIMIT)
1337 memset(&payload, 0, sizeof(struct nfp_tun_pre_tun_rule));
1339 internal_dev = flow->pre_tun_rule.dev;
1340 payload.vlan_tci = flow->pre_tun_rule.vlan_tci;
1341 payload.host_ctx_id = flow->meta.host_ctx_id;
1343 /* Lookup MAC index for the pre-tunnel rule egress device.
1344 * Note that because the device is always an internal port, it will
1345 * have a constant global index so does not need to be tracked.
1347 mac_entry = nfp_tunnel_lookup_offloaded_macs(app,
1348 internal_dev->dev_addr);
1352 /* Set/clear IPV6 bit. cpu_to_be16() swap will lead to MSB being
1353 * set/clear for port_idx.
1355 key_meta = (struct nfp_flower_meta_tci *)flow->unmasked_data;
1356 if (key_meta->nfp_flow_key_layer & NFP_FLOWER_LAYER_IPV6)
1357 mac_entry->index |= NFP_TUN_PRE_TUN_IPV6_BIT;
1359 mac_entry->index &= ~NFP_TUN_PRE_TUN_IPV6_BIT;
1361 payload.port_idx = cpu_to_be16(mac_entry->index);
1363 /* Copy mac id and vlan to flow - dev may not exist at delete time. */
1364 flow->pre_tun_rule.vlan_tci = payload.vlan_tci;
1365 flow->pre_tun_rule.port_idx = payload.port_idx;
1367 err = nfp_flower_xmit_tun_conf(app, NFP_FLOWER_CMSG_TYPE_PRE_TUN_RULE,
1368 sizeof(struct nfp_tun_pre_tun_rule),
1369 (unsigned char *)&payload, GFP_KERNEL);
1373 app_priv->pre_tun_rule_cnt++;
1378 int nfp_flower_xmit_pre_tun_del_flow(struct nfp_app *app,
1379 struct nfp_fl_payload *flow)
1381 struct nfp_flower_priv *app_priv = app->priv;
1382 struct nfp_tun_pre_tun_rule payload;
1386 memset(&payload, 0, sizeof(struct nfp_tun_pre_tun_rule));
1388 tmp_flags |= NFP_TUN_PRE_TUN_RULE_DEL;
1389 payload.flags = cpu_to_be32(tmp_flags);
1390 payload.vlan_tci = flow->pre_tun_rule.vlan_tci;
1391 payload.port_idx = flow->pre_tun_rule.port_idx;
1393 err = nfp_flower_xmit_tun_conf(app, NFP_FLOWER_CMSG_TYPE_PRE_TUN_RULE,
1394 sizeof(struct nfp_tun_pre_tun_rule),
1395 (unsigned char *)&payload, GFP_KERNEL);
1399 app_priv->pre_tun_rule_cnt--;
1404 int nfp_tunnel_config_start(struct nfp_app *app)
1406 struct nfp_flower_priv *priv = app->priv;
1409 /* Initialise rhash for MAC offload tracking. */
1410 err = rhashtable_init(&priv->tun.offloaded_macs,
1411 &offloaded_macs_params);
1415 ida_init(&priv->tun.mac_off_ids);
1417 /* Initialise priv data for IPv4/v6 offloading. */
1418 mutex_init(&priv->tun.ipv4_off_lock);
1419 INIT_LIST_HEAD(&priv->tun.ipv4_off_list);
1420 mutex_init(&priv->tun.ipv6_off_lock);
1421 INIT_LIST_HEAD(&priv->tun.ipv6_off_list);
1423 /* Initialise priv data for neighbour offloading. */
1424 priv->tun.neigh_nb.notifier_call = nfp_tun_neigh_event_handler;
1426 err = register_netevent_notifier(&priv->tun.neigh_nb);
1428 rhashtable_free_and_destroy(&priv->tun.offloaded_macs,
1429 nfp_check_rhashtable_empty, NULL);
1436 void nfp_tunnel_config_stop(struct nfp_app *app)
1438 struct nfp_flower_priv *priv = app->priv;
1439 struct nfp_ipv4_addr_entry *ip_entry;
1440 struct list_head *ptr, *storage;
1442 unregister_netevent_notifier(&priv->tun.neigh_nb);
1444 ida_destroy(&priv->tun.mac_off_ids);
1446 /* Free any memory that may be occupied by ipv4 list. */
1447 list_for_each_safe(ptr, storage, &priv->tun.ipv4_off_list) {
1448 ip_entry = list_entry(ptr, struct nfp_ipv4_addr_entry, list);
1449 list_del(&ip_entry->list);
1453 mutex_destroy(&priv->tun.ipv6_off_lock);
1455 /* Destroy rhash. Entries should be cleaned on netdev notifier unreg. */
1456 rhashtable_free_and_destroy(&priv->tun.offloaded_macs,
1457 nfp_check_rhashtable_empty, NULL);
1459 nfp_tun_cleanup_nn_entries(app);