drivers/net/ethernet/intel/ice/ice_tc_lib.c at v5.17

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / drivers / net / ethernet / intel / ice / ice_tc_lib.c
at v5.17 1361 lines 38 kB view raw
wrap content
   1// SPDX-License-Identifier: GPL-2.0
   2/* Copyright (C) 2019-2021, Intel Corporation. */
   3
   4#include "ice.h"
   5#include "ice_tc_lib.h"
   6#include "ice_fltr.h"
   7#include "ice_lib.h"
   8#include "ice_protocol_type.h"
   9
  10/**
  11 * ice_tc_count_lkups - determine lookup count for switch filter
  12 * @flags: TC-flower flags
  13 * @headers: Pointer to TC flower filter header structure
  14 * @fltr: Pointer to outer TC filter structure
  15 *
  16 * Determine lookup count based on TC flower input for switch filter.
  17 */
  18static int
  19ice_tc_count_lkups(u32 flags, struct ice_tc_flower_lyr_2_4_hdrs *headers,
  20		   struct ice_tc_flower_fltr *fltr)
  21{
  22	int lkups_cnt = 0;
  23
  24	if (flags & ICE_TC_FLWR_FIELD_TENANT_ID)
  25		lkups_cnt++;
  26
  27	if (flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV4 |
  28		     ICE_TC_FLWR_FIELD_ENC_DEST_IPV4 |
  29		     ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 |
  30		     ICE_TC_FLWR_FIELD_ENC_DEST_IPV6))
  31		lkups_cnt++;
  32
  33	if (flags & ICE_TC_FLWR_FIELD_ENC_DEST_L4_PORT)
  34		lkups_cnt++;
  35
  36	/* currently inner etype filter isn't supported */
  37	if ((flags & ICE_TC_FLWR_FIELD_ETH_TYPE_ID) &&
  38	    fltr->tunnel_type == TNL_LAST)
  39		lkups_cnt++;
  40
  41	/* are MAC fields specified? */
  42	if (flags & (ICE_TC_FLWR_FIELD_DST_MAC | ICE_TC_FLWR_FIELD_SRC_MAC))
  43		lkups_cnt++;
  44
  45	/* is VLAN specified? */
  46	if (flags & ICE_TC_FLWR_FIELD_VLAN)
  47		lkups_cnt++;
  48
  49	/* are IPv[4|6] fields specified? */
  50	if (flags & (ICE_TC_FLWR_FIELD_DEST_IPV4 | ICE_TC_FLWR_FIELD_SRC_IPV4 |
  51		     ICE_TC_FLWR_FIELD_DEST_IPV6 | ICE_TC_FLWR_FIELD_SRC_IPV6))
  52		lkups_cnt++;
  53
  54	/* is L4 (TCP/UDP/any other L4 protocol fields) specified? */
  55	if (flags & (ICE_TC_FLWR_FIELD_DEST_L4_PORT |
  56		     ICE_TC_FLWR_FIELD_SRC_L4_PORT))
  57		lkups_cnt++;
  58
  59	return lkups_cnt;
  60}
  61
  62static enum ice_protocol_type ice_proto_type_from_mac(bool inner)
  63{
  64	return inner ? ICE_MAC_IL : ICE_MAC_OFOS;
  65}
  66
  67static enum ice_protocol_type ice_proto_type_from_ipv4(bool inner)
  68{
  69	return inner ? ICE_IPV4_IL : ICE_IPV4_OFOS;
  70}
  71
  72static enum ice_protocol_type ice_proto_type_from_ipv6(bool inner)
  73{
  74	return inner ? ICE_IPV6_IL : ICE_IPV6_OFOS;
  75}
  76
  77static enum ice_protocol_type ice_proto_type_from_l4_port(u16 ip_proto)
  78{
  79	switch (ip_proto) {
  80	case IPPROTO_TCP:
  81		return ICE_TCP_IL;
  82	case IPPROTO_UDP:
  83		return ICE_UDP_ILOS;
  84	}
  85
  86	return 0;
  87}
  88
  89static enum ice_protocol_type
  90ice_proto_type_from_tunnel(enum ice_tunnel_type type)
  91{
  92	switch (type) {
  93	case TNL_VXLAN:
  94		return ICE_VXLAN;
  95	case TNL_GENEVE:
  96		return ICE_GENEVE;
  97	case TNL_GRETAP:
  98		return ICE_NVGRE;
  99	default:
 100		return 0;
 101	}
 102}
 103
 104static enum ice_sw_tunnel_type
 105ice_sw_type_from_tunnel(enum ice_tunnel_type type)
 106{
 107	switch (type) {
 108	case TNL_VXLAN:
 109		return ICE_SW_TUN_VXLAN;
 110	case TNL_GENEVE:
 111		return ICE_SW_TUN_GENEVE;
 112	case TNL_GRETAP:
 113		return ICE_SW_TUN_NVGRE;
 114	default:
 115		return ICE_NON_TUN;
 116	}
 117}
 118
 119static int
 120ice_tc_fill_tunnel_outer(u32 flags, struct ice_tc_flower_fltr *fltr,
 121			 struct ice_adv_lkup_elem *list)
 122{
 123	struct ice_tc_flower_lyr_2_4_hdrs *hdr = &fltr->outer_headers;
 124	int i = 0;
 125
 126	if (flags & ICE_TC_FLWR_FIELD_TENANT_ID) {
 127		u32 tenant_id;
 128
 129		list[i].type = ice_proto_type_from_tunnel(fltr->tunnel_type);
 130		switch (fltr->tunnel_type) {
 131		case TNL_VXLAN:
 132		case TNL_GENEVE:
 133			tenant_id = be32_to_cpu(fltr->tenant_id) << 8;
 134			list[i].h_u.tnl_hdr.vni = cpu_to_be32(tenant_id);
 135			memcpy(&list[i].m_u.tnl_hdr.vni, "\xff\xff\xff\x00", 4);
 136			i++;
 137			break;
 138		case TNL_GRETAP:
 139			list[i].h_u.nvgre_hdr.tni_flow = fltr->tenant_id;
 140			memcpy(&list[i].m_u.nvgre_hdr.tni_flow, "\xff\xff\xff\xff", 4);
 141			i++;
 142			break;
 143		default:
 144			break;
 145		}
 146	}
 147
 148	if (flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV4 |
 149		     ICE_TC_FLWR_FIELD_ENC_DEST_IPV4)) {
 150		list[i].type = ice_proto_type_from_ipv4(false);
 151
 152		if (flags & ICE_TC_FLWR_FIELD_ENC_SRC_IPV4) {
 153			list[i].h_u.ipv4_hdr.src_addr = hdr->l3_key.src_ipv4;
 154			list[i].m_u.ipv4_hdr.src_addr = hdr->l3_mask.src_ipv4;
 155		}
 156		if (flags & ICE_TC_FLWR_FIELD_ENC_DEST_IPV4) {
 157			list[i].h_u.ipv4_hdr.dst_addr = hdr->l3_key.dst_ipv4;
 158			list[i].m_u.ipv4_hdr.dst_addr = hdr->l3_mask.dst_ipv4;
 159		}
 160		i++;
 161	}
 162
 163	if (flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 |
 164		     ICE_TC_FLWR_FIELD_ENC_DEST_IPV6)) {
 165		list[i].type = ice_proto_type_from_ipv6(false);
 166
 167		if (flags & ICE_TC_FLWR_FIELD_ENC_SRC_IPV6) {
 168			memcpy(&list[i].h_u.ipv6_hdr.src_addr,
 169			       &hdr->l3_key.src_ipv6_addr,
 170			       sizeof(hdr->l3_key.src_ipv6_addr));
 171			memcpy(&list[i].m_u.ipv6_hdr.src_addr,
 172			       &hdr->l3_mask.src_ipv6_addr,
 173			       sizeof(hdr->l3_mask.src_ipv6_addr));
 174		}
 175		if (flags & ICE_TC_FLWR_FIELD_ENC_DEST_IPV6) {
 176			memcpy(&list[i].h_u.ipv6_hdr.dst_addr,
 177			       &hdr->l3_key.dst_ipv6_addr,
 178			       sizeof(hdr->l3_key.dst_ipv6_addr));
 179			memcpy(&list[i].m_u.ipv6_hdr.dst_addr,
 180			       &hdr->l3_mask.dst_ipv6_addr,
 181			       sizeof(hdr->l3_mask.dst_ipv6_addr));
 182		}
 183		i++;
 184	}
 185
 186	if ((flags & ICE_TC_FLWR_FIELD_ENC_DEST_L4_PORT) &&
 187	    hdr->l3_key.ip_proto == IPPROTO_UDP) {
 188		list[i].type = ICE_UDP_OF;
 189		list[i].h_u.l4_hdr.dst_port = hdr->l4_key.dst_port;
 190		list[i].m_u.l4_hdr.dst_port = hdr->l4_mask.dst_port;
 191		i++;
 192	}
 193
 194	return i;
 195}
 196
 197/**
 198 * ice_tc_fill_rules - fill filter rules based on TC fltr
 199 * @hw: pointer to HW structure
 200 * @flags: tc flower field flags
 201 * @tc_fltr: pointer to TC flower filter
 202 * @list: list of advance rule elements
 203 * @rule_info: pointer to information about rule
 204 * @l4_proto: pointer to information such as L4 proto type
 205 *
 206 * Fill ice_adv_lkup_elem list based on TC flower flags and
 207 * TC flower headers. This list should be used to add
 208 * advance filter in hardware.
 209 */
 210static int
 211ice_tc_fill_rules(struct ice_hw *hw, u32 flags,
 212		  struct ice_tc_flower_fltr *tc_fltr,
 213		  struct ice_adv_lkup_elem *list,
 214		  struct ice_adv_rule_info *rule_info,
 215		  u16 *l4_proto)
 216{
 217	struct ice_tc_flower_lyr_2_4_hdrs *headers = &tc_fltr->outer_headers;
 218	bool inner = false;
 219	int i = 0;
 220
 221	rule_info->tun_type = ice_sw_type_from_tunnel(tc_fltr->tunnel_type);
 222	if (tc_fltr->tunnel_type != TNL_LAST) {
 223		i = ice_tc_fill_tunnel_outer(flags, tc_fltr, list);
 224
 225		headers = &tc_fltr->inner_headers;
 226		inner = true;
 227	} else if (flags & ICE_TC_FLWR_FIELD_ETH_TYPE_ID) {
 228		list[i].type = ICE_ETYPE_OL;
 229		list[i].h_u.ethertype.ethtype_id = headers->l2_key.n_proto;
 230		list[i].m_u.ethertype.ethtype_id = headers->l2_mask.n_proto;
 231		i++;
 232	}
 233
 234	if (flags & (ICE_TC_FLWR_FIELD_DST_MAC |
 235		     ICE_TC_FLWR_FIELD_SRC_MAC)) {
 236		struct ice_tc_l2_hdr *l2_key, *l2_mask;
 237
 238		l2_key = &headers->l2_key;
 239		l2_mask = &headers->l2_mask;
 240
 241		list[i].type = ice_proto_type_from_mac(inner);
 242		if (flags & ICE_TC_FLWR_FIELD_DST_MAC) {
 243			ether_addr_copy(list[i].h_u.eth_hdr.dst_addr,
 244					l2_key->dst_mac);
 245			ether_addr_copy(list[i].m_u.eth_hdr.dst_addr,
 246					l2_mask->dst_mac);
 247		}
 248		if (flags & ICE_TC_FLWR_FIELD_SRC_MAC) {
 249			ether_addr_copy(list[i].h_u.eth_hdr.src_addr,
 250					l2_key->src_mac);
 251			ether_addr_copy(list[i].m_u.eth_hdr.src_addr,
 252					l2_mask->src_mac);
 253		}
 254		i++;
 255	}
 256
 257	/* copy VLAN info */
 258	if (flags & ICE_TC_FLWR_FIELD_VLAN) {
 259		list[i].type = ICE_VLAN_OFOS;
 260		list[i].h_u.vlan_hdr.vlan = headers->vlan_hdr.vlan_id;
 261		list[i].m_u.vlan_hdr.vlan = cpu_to_be16(0xFFFF);
 262		i++;
 263	}
 264
 265	/* copy L3 (IPv[4|6]: src, dest) address */
 266	if (flags & (ICE_TC_FLWR_FIELD_DEST_IPV4 |
 267		     ICE_TC_FLWR_FIELD_SRC_IPV4)) {
 268		struct ice_tc_l3_hdr *l3_key, *l3_mask;
 269
 270		list[i].type = ice_proto_type_from_ipv4(inner);
 271		l3_key = &headers->l3_key;
 272		l3_mask = &headers->l3_mask;
 273		if (flags & ICE_TC_FLWR_FIELD_DEST_IPV4) {
 274			list[i].h_u.ipv4_hdr.dst_addr = l3_key->dst_ipv4;
 275			list[i].m_u.ipv4_hdr.dst_addr = l3_mask->dst_ipv4;
 276		}
 277		if (flags & ICE_TC_FLWR_FIELD_SRC_IPV4) {
 278			list[i].h_u.ipv4_hdr.src_addr = l3_key->src_ipv4;
 279			list[i].m_u.ipv4_hdr.src_addr = l3_mask->src_ipv4;
 280		}
 281		i++;
 282	} else if (flags & (ICE_TC_FLWR_FIELD_DEST_IPV6 |
 283			    ICE_TC_FLWR_FIELD_SRC_IPV6)) {
 284		struct ice_ipv6_hdr *ipv6_hdr, *ipv6_mask;
 285		struct ice_tc_l3_hdr *l3_key, *l3_mask;
 286
 287		list[i].type = ice_proto_type_from_ipv6(inner);
 288		ipv6_hdr = &list[i].h_u.ipv6_hdr;
 289		ipv6_mask = &list[i].m_u.ipv6_hdr;
 290		l3_key = &headers->l3_key;
 291		l3_mask = &headers->l3_mask;
 292
 293		if (flags & ICE_TC_FLWR_FIELD_DEST_IPV6) {
 294			memcpy(&ipv6_hdr->dst_addr, &l3_key->dst_ipv6_addr,
 295			       sizeof(l3_key->dst_ipv6_addr));
 296			memcpy(&ipv6_mask->dst_addr, &l3_mask->dst_ipv6_addr,
 297			       sizeof(l3_mask->dst_ipv6_addr));
 298		}
 299		if (flags & ICE_TC_FLWR_FIELD_SRC_IPV6) {
 300			memcpy(&ipv6_hdr->src_addr, &l3_key->src_ipv6_addr,
 301			       sizeof(l3_key->src_ipv6_addr));
 302			memcpy(&ipv6_mask->src_addr, &l3_mask->src_ipv6_addr,
 303			       sizeof(l3_mask->src_ipv6_addr));
 304		}
 305		i++;
 306	}
 307
 308	/* copy L4 (src, dest) port */
 309	if (flags & (ICE_TC_FLWR_FIELD_DEST_L4_PORT |
 310		     ICE_TC_FLWR_FIELD_SRC_L4_PORT)) {
 311		struct ice_tc_l4_hdr *l4_key, *l4_mask;
 312
 313		list[i].type = ice_proto_type_from_l4_port(headers->l3_key.ip_proto);
 314		l4_key = &headers->l4_key;
 315		l4_mask = &headers->l4_mask;
 316
 317		if (flags & ICE_TC_FLWR_FIELD_DEST_L4_PORT) {
 318			list[i].h_u.l4_hdr.dst_port = l4_key->dst_port;
 319			list[i].m_u.l4_hdr.dst_port = l4_mask->dst_port;
 320		}
 321		if (flags & ICE_TC_FLWR_FIELD_SRC_L4_PORT) {
 322			list[i].h_u.l4_hdr.src_port = l4_key->src_port;
 323			list[i].m_u.l4_hdr.src_port = l4_mask->src_port;
 324		}
 325		i++;
 326	}
 327
 328	return i;
 329}
 330
 331/**
 332 * ice_tc_tun_get_type - get the tunnel type
 333 * @tunnel_dev: ptr to tunnel device
 334 *
 335 * This function detects appropriate tunnel_type if specified device is
 336 * tunnel device such as VXLAN/Geneve
 337 */
 338static int ice_tc_tun_get_type(struct net_device *tunnel_dev)
 339{
 340	if (netif_is_vxlan(tunnel_dev))
 341		return TNL_VXLAN;
 342	if (netif_is_geneve(tunnel_dev))
 343		return TNL_GENEVE;
 344	if (netif_is_gretap(tunnel_dev) ||
 345	    netif_is_ip6gretap(tunnel_dev))
 346		return TNL_GRETAP;
 347	return TNL_LAST;
 348}
 349
 350bool ice_is_tunnel_supported(struct net_device *dev)
 351{
 352	return ice_tc_tun_get_type(dev) != TNL_LAST;
 353}
 354
 355static int
 356ice_eswitch_tc_parse_action(struct ice_tc_flower_fltr *fltr,
 357			    struct flow_action_entry *act)
 358{
 359	struct ice_repr *repr;
 360
 361	switch (act->id) {
 362	case FLOW_ACTION_DROP:
 363		fltr->action.fltr_act = ICE_DROP_PACKET;
 364		break;
 365
 366	case FLOW_ACTION_REDIRECT:
 367		fltr->action.fltr_act = ICE_FWD_TO_VSI;
 368
 369		if (ice_is_port_repr_netdev(act->dev)) {
 370			repr = ice_netdev_to_repr(act->dev);
 371
 372			fltr->dest_vsi = repr->src_vsi;
 373			fltr->direction = ICE_ESWITCH_FLTR_INGRESS;
 374		} else if (netif_is_ice(act->dev) ||
 375			   ice_is_tunnel_supported(act->dev)) {
 376			fltr->direction = ICE_ESWITCH_FLTR_EGRESS;
 377		} else {
 378			NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported netdevice in switchdev mode");
 379			return -EINVAL;
 380		}
 381
 382		break;
 383
 384	default:
 385		NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported action in switchdev mode");
 386		return -EINVAL;
 387	}
 388
 389	return 0;
 390}
 391
 392static int
 393ice_eswitch_add_tc_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr)
 394{
 395	struct ice_tc_flower_lyr_2_4_hdrs *headers = &fltr->outer_headers;
 396	struct ice_adv_rule_info rule_info = { 0 };
 397	struct ice_rule_query_data rule_added;
 398	struct ice_hw *hw = &vsi->back->hw;
 399	struct ice_adv_lkup_elem *list;
 400	u32 flags = fltr->flags;
 401	int lkups_cnt;
 402	int ret;
 403	int i;
 404
 405	if (!flags || (flags & ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT)) {
 406		NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported encap field(s)");
 407		return -EOPNOTSUPP;
 408	}
 409
 410	lkups_cnt = ice_tc_count_lkups(flags, headers, fltr);
 411	list = kcalloc(lkups_cnt, sizeof(*list), GFP_ATOMIC);
 412	if (!list)
 413		return -ENOMEM;
 414
 415	i = ice_tc_fill_rules(hw, flags, fltr, list, &rule_info, NULL);
 416	if (i != lkups_cnt) {
 417		ret = -EINVAL;
 418		goto exit;
 419	}
 420
 421	/* egress traffic is always redirect to uplink */
 422	if (fltr->direction == ICE_ESWITCH_FLTR_EGRESS)
 423		fltr->dest_vsi = vsi->back->switchdev.uplink_vsi;
 424
 425	rule_info.sw_act.fltr_act = fltr->action.fltr_act;
 426	if (fltr->action.fltr_act != ICE_DROP_PACKET)
 427		rule_info.sw_act.vsi_handle = fltr->dest_vsi->idx;
 428	/* For now, making priority to be highest, and it also becomes
 429	 * the priority for recipe which will get created as a result of
 430	 * new extraction sequence based on input set.
 431	 * Priority '7' is max val for switch recipe, higher the number
 432	 * results into order of switch rule evaluation.
 433	 */
 434	rule_info.priority = 7;
 435
 436	if (fltr->direction == ICE_ESWITCH_FLTR_INGRESS) {
 437		rule_info.sw_act.flag |= ICE_FLTR_RX;
 438		rule_info.sw_act.src = hw->pf_id;
 439		rule_info.rx = true;
 440	} else {
 441		rule_info.sw_act.flag |= ICE_FLTR_TX;
 442		rule_info.sw_act.src = vsi->idx;
 443		rule_info.rx = false;
 444		rule_info.flags_info.act = ICE_SINGLE_ACT_LAN_ENABLE;
 445		rule_info.flags_info.act_valid = true;
 446	}
 447
 448	/* specify the cookie as filter_rule_id */
 449	rule_info.fltr_rule_id = fltr->cookie;
 450
 451	ret = ice_add_adv_rule(hw, list, lkups_cnt, &rule_info, &rule_added);
 452	if (ret == -EEXIST) {
 453		NL_SET_ERR_MSG_MOD(fltr->extack, "Unable to add filter because it already exist");
 454		ret = -EINVAL;
 455		goto exit;
 456	} else if (ret) {
 457		NL_SET_ERR_MSG_MOD(fltr->extack, "Unable to add filter due to error");
 458		goto exit;
 459	}
 460
 461	/* store the output params, which are needed later for removing
 462	 * advanced switch filter
 463	 */
 464	fltr->rid = rule_added.rid;
 465	fltr->rule_id = rule_added.rule_id;
 466
 467exit:
 468	kfree(list);
 469	return ret;
 470}
 471
 472/**
 473 * ice_add_tc_flower_adv_fltr - add appropriate filter rules
 474 * @vsi: Pointer to VSI
 475 * @tc_fltr: Pointer to TC flower filter structure
 476 *
 477 * based on filter parameters using Advance recipes supported
 478 * by OS package.
 479 */
 480static int
 481ice_add_tc_flower_adv_fltr(struct ice_vsi *vsi,
 482			   struct ice_tc_flower_fltr *tc_fltr)
 483{
 484	struct ice_tc_flower_lyr_2_4_hdrs *headers = &tc_fltr->outer_headers;
 485	struct ice_adv_rule_info rule_info = {0};
 486	struct ice_rule_query_data rule_added;
 487	struct ice_adv_lkup_elem *list;
 488	struct ice_pf *pf = vsi->back;
 489	struct ice_hw *hw = &pf->hw;
 490	u32 flags = tc_fltr->flags;
 491	struct ice_vsi *ch_vsi;
 492	struct device *dev;
 493	u16 lkups_cnt = 0;
 494	u16 l4_proto = 0;
 495	int ret = 0;
 496	u16 i = 0;
 497
 498	dev = ice_pf_to_dev(pf);
 499	if (ice_is_safe_mode(pf)) {
 500		NL_SET_ERR_MSG_MOD(tc_fltr->extack, "Unable to add filter because driver is in safe mode");
 501		return -EOPNOTSUPP;
 502	}
 503
 504	if (!flags || (flags & (ICE_TC_FLWR_FIELD_ENC_DEST_IPV4 |
 505				ICE_TC_FLWR_FIELD_ENC_SRC_IPV4 |
 506				ICE_TC_FLWR_FIELD_ENC_DEST_IPV6 |
 507				ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 |
 508				ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT))) {
 509		NL_SET_ERR_MSG_MOD(tc_fltr->extack, "Unsupported encap field(s)");
 510		return -EOPNOTSUPP;
 511	}
 512
 513	/* get the channel (aka ADQ VSI) */
 514	if (tc_fltr->dest_vsi)
 515		ch_vsi = tc_fltr->dest_vsi;
 516	else
 517		ch_vsi = vsi->tc_map_vsi[tc_fltr->action.tc_class];
 518
 519	lkups_cnt = ice_tc_count_lkups(flags, headers, tc_fltr);
 520	list = kcalloc(lkups_cnt, sizeof(*list), GFP_ATOMIC);
 521	if (!list)
 522		return -ENOMEM;
 523
 524	i = ice_tc_fill_rules(hw, flags, tc_fltr, list, &rule_info, &l4_proto);
 525	if (i != lkups_cnt) {
 526		ret = -EINVAL;
 527		goto exit;
 528	}
 529
 530	rule_info.sw_act.fltr_act = tc_fltr->action.fltr_act;
 531	if (tc_fltr->action.tc_class >= ICE_CHNL_START_TC) {
 532		if (!ch_vsi) {
 533			NL_SET_ERR_MSG_MOD(tc_fltr->extack, "Unable to add filter because specified destination doesn't exist");
 534			ret = -EINVAL;
 535			goto exit;
 536		}
 537
 538		rule_info.sw_act.fltr_act = ICE_FWD_TO_VSI;
 539		rule_info.sw_act.vsi_handle = ch_vsi->idx;
 540		rule_info.priority = 7;
 541		rule_info.sw_act.src = hw->pf_id;
 542		rule_info.rx = true;
 543		dev_dbg(dev, "add switch rule for TC:%u vsi_idx:%u, lkups_cnt:%u\n",
 544			tc_fltr->action.tc_class,
 545			rule_info.sw_act.vsi_handle, lkups_cnt);
 546	} else {
 547		rule_info.sw_act.flag |= ICE_FLTR_TX;
 548		rule_info.sw_act.src = vsi->idx;
 549		rule_info.rx = false;
 550	}
 551
 552	/* specify the cookie as filter_rule_id */
 553	rule_info.fltr_rule_id = tc_fltr->cookie;
 554
 555	ret = ice_add_adv_rule(hw, list, lkups_cnt, &rule_info, &rule_added);
 556	if (ret == -EEXIST) {
 557		NL_SET_ERR_MSG_MOD(tc_fltr->extack,
 558				   "Unable to add filter because it already exist");
 559		ret = -EINVAL;
 560		goto exit;
 561	} else if (ret) {
 562		NL_SET_ERR_MSG_MOD(tc_fltr->extack,
 563				   "Unable to add filter due to error");
 564		ret = -EIO;
 565		goto exit;
 566	}
 567
 568	/* store the output params, which are needed later for removing
 569	 * advanced switch filter
 570	 */
 571	tc_fltr->rid = rule_added.rid;
 572	tc_fltr->rule_id = rule_added.rule_id;
 573	if (tc_fltr->action.tc_class > 0 && ch_vsi) {
 574		/* For PF ADQ, VSI type is set as ICE_VSI_CHNL, and
 575		 * for PF ADQ filter, it is not yet set in tc_fltr,
 576		 * hence store the dest_vsi ptr in tc_fltr
 577		 */
 578		if (ch_vsi->type == ICE_VSI_CHNL)
 579			tc_fltr->dest_vsi = ch_vsi;
 580		/* keep track of advanced switch filter for
 581		 * destination VSI (channel VSI)
 582		 */
 583		ch_vsi->num_chnl_fltr++;
 584		/* in this case, dest_id is VSI handle (sw handle) */
 585		tc_fltr->dest_id = rule_added.vsi_handle;
 586
 587		/* keeps track of channel filters for PF VSI */
 588		if (vsi->type == ICE_VSI_PF &&
 589		    (flags & (ICE_TC_FLWR_FIELD_DST_MAC |
 590			      ICE_TC_FLWR_FIELD_ENC_DST_MAC)))
 591			pf->num_dmac_chnl_fltrs++;
 592	}
 593	dev_dbg(dev, "added switch rule (lkups_cnt %u, flags 0x%x) for TC %u, rid %u, rule_id %u, vsi_idx %u\n",
 594		lkups_cnt, flags,
 595		tc_fltr->action.tc_class, rule_added.rid,
 596		rule_added.rule_id, rule_added.vsi_handle);
 597exit:
 598	kfree(list);
 599	return ret;
 600}
 601
 602/**
 603 * ice_tc_set_ipv4 - Parse IPv4 addresses from TC flower filter
 604 * @match: Pointer to flow match structure
 605 * @fltr: Pointer to filter structure
 606 * @headers: inner or outer header fields
 607 * @is_encap: set true for tunnel IPv4 address
 608 */
 609static int
 610ice_tc_set_ipv4(struct flow_match_ipv4_addrs *match,
 611		struct ice_tc_flower_fltr *fltr,
 612		struct ice_tc_flower_lyr_2_4_hdrs *headers, bool is_encap)
 613{
 614	if (match->key->dst) {
 615		if (is_encap)
 616			fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DEST_IPV4;
 617		else
 618			fltr->flags |= ICE_TC_FLWR_FIELD_DEST_IPV4;
 619		headers->l3_key.dst_ipv4 = match->key->dst;
 620		headers->l3_mask.dst_ipv4 = match->mask->dst;
 621	}
 622	if (match->key->src) {
 623		if (is_encap)
 624			fltr->flags |= ICE_TC_FLWR_FIELD_ENC_SRC_IPV4;
 625		else
 626			fltr->flags |= ICE_TC_FLWR_FIELD_SRC_IPV4;
 627		headers->l3_key.src_ipv4 = match->key->src;
 628		headers->l3_mask.src_ipv4 = match->mask->src;
 629	}
 630	return 0;
 631}
 632
 633/**
 634 * ice_tc_set_ipv6 - Parse IPv6 addresses from TC flower filter
 635 * @match: Pointer to flow match structure
 636 * @fltr: Pointer to filter structure
 637 * @headers: inner or outer header fields
 638 * @is_encap: set true for tunnel IPv6 address
 639 */
 640static int
 641ice_tc_set_ipv6(struct flow_match_ipv6_addrs *match,
 642		struct ice_tc_flower_fltr *fltr,
 643		struct ice_tc_flower_lyr_2_4_hdrs *headers, bool is_encap)
 644{
 645	struct ice_tc_l3_hdr *l3_key, *l3_mask;
 646
 647	/* src and dest IPV6 address should not be LOOPBACK
 648	 * (0:0:0:0:0:0:0:1), which can be represented as ::1
 649	 */
 650	if (ipv6_addr_loopback(&match->key->dst) ||
 651	    ipv6_addr_loopback(&match->key->src)) {
 652		NL_SET_ERR_MSG_MOD(fltr->extack, "Bad IPv6, addr is LOOPBACK");
 653		return -EINVAL;
 654	}
 655	/* if src/dest IPv6 address is *,* error */
 656	if (ipv6_addr_any(&match->mask->dst) &&
 657	    ipv6_addr_any(&match->mask->src)) {
 658		NL_SET_ERR_MSG_MOD(fltr->extack, "Bad src/dest IPv6, addr is any");
 659		return -EINVAL;
 660	}
 661	if (!ipv6_addr_any(&match->mask->dst)) {
 662		if (is_encap)
 663			fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DEST_IPV6;
 664		else
 665			fltr->flags |= ICE_TC_FLWR_FIELD_DEST_IPV6;
 666	}
 667	if (!ipv6_addr_any(&match->mask->src)) {
 668		if (is_encap)
 669			fltr->flags |= ICE_TC_FLWR_FIELD_ENC_SRC_IPV6;
 670		else
 671			fltr->flags |= ICE_TC_FLWR_FIELD_SRC_IPV6;
 672	}
 673
 674	l3_key = &headers->l3_key;
 675	l3_mask = &headers->l3_mask;
 676
 677	if (fltr->flags & (ICE_TC_FLWR_FIELD_ENC_SRC_IPV6 |
 678			   ICE_TC_FLWR_FIELD_SRC_IPV6)) {
 679		memcpy(&l3_key->src_ipv6_addr, &match->key->src.s6_addr,
 680		       sizeof(match->key->src.s6_addr));
 681		memcpy(&l3_mask->src_ipv6_addr, &match->mask->src.s6_addr,
 682		       sizeof(match->mask->src.s6_addr));
 683	}
 684	if (fltr->flags & (ICE_TC_FLWR_FIELD_ENC_DEST_IPV6 |
 685			   ICE_TC_FLWR_FIELD_DEST_IPV6)) {
 686		memcpy(&l3_key->dst_ipv6_addr, &match->key->dst.s6_addr,
 687		       sizeof(match->key->dst.s6_addr));
 688		memcpy(&l3_mask->dst_ipv6_addr, &match->mask->dst.s6_addr,
 689		       sizeof(match->mask->dst.s6_addr));
 690	}
 691
 692	return 0;
 693}
 694
 695/**
 696 * ice_tc_set_port - Parse ports from TC flower filter
 697 * @match: Flow match structure
 698 * @fltr: Pointer to filter structure
 699 * @headers: inner or outer header fields
 700 * @is_encap: set true for tunnel port
 701 */
 702static int
 703ice_tc_set_port(struct flow_match_ports match,
 704		struct ice_tc_flower_fltr *fltr,
 705		struct ice_tc_flower_lyr_2_4_hdrs *headers, bool is_encap)
 706{
 707	if (match.key->dst) {
 708		if (is_encap)
 709			fltr->flags |= ICE_TC_FLWR_FIELD_ENC_DEST_L4_PORT;
 710		else
 711			fltr->flags |= ICE_TC_FLWR_FIELD_DEST_L4_PORT;
 712
 713		headers->l4_key.dst_port = match.key->dst;
 714		headers->l4_mask.dst_port = match.mask->dst;
 715	}
 716	if (match.key->src) {
 717		if (is_encap)
 718			fltr->flags |= ICE_TC_FLWR_FIELD_ENC_SRC_L4_PORT;
 719		else
 720			fltr->flags |= ICE_TC_FLWR_FIELD_SRC_L4_PORT;
 721
 722		headers->l4_key.src_port = match.key->src;
 723		headers->l4_mask.src_port = match.mask->src;
 724	}
 725	return 0;
 726}
 727
 728static struct net_device *
 729ice_get_tunnel_device(struct net_device *dev, struct flow_rule *rule)
 730{
 731	struct flow_action_entry *act;
 732	int i;
 733
 734	if (ice_is_tunnel_supported(dev))
 735		return dev;
 736
 737	flow_action_for_each(i, act, &rule->action) {
 738		if (act->id == FLOW_ACTION_REDIRECT &&
 739		    ice_is_tunnel_supported(act->dev))
 740			return act->dev;
 741	}
 742
 743	return NULL;
 744}
 745
 746static int
 747ice_parse_tunnel_attr(struct net_device *dev, struct flow_rule *rule,
 748		      struct ice_tc_flower_fltr *fltr)
 749{
 750	struct ice_tc_flower_lyr_2_4_hdrs *headers = &fltr->outer_headers;
 751	struct flow_match_control enc_control;
 752
 753	fltr->tunnel_type = ice_tc_tun_get_type(dev);
 754	headers->l3_key.ip_proto = IPPROTO_UDP;
 755
 756	if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_KEYID)) {
 757		struct flow_match_enc_keyid enc_keyid;
 758
 759		flow_rule_match_enc_keyid(rule, &enc_keyid);
 760
 761		if (!enc_keyid.mask->keyid ||
 762		    enc_keyid.mask->keyid != cpu_to_be32(ICE_TC_FLOWER_MASK_32))
 763			return -EINVAL;
 764
 765		fltr->flags |= ICE_TC_FLWR_FIELD_TENANT_ID;
 766		fltr->tenant_id = enc_keyid.key->keyid;
 767	}
 768
 769	flow_rule_match_enc_control(rule, &enc_control);
 770
 771	if (enc_control.key->addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS) {
 772		struct flow_match_ipv4_addrs match;
 773
 774		flow_rule_match_enc_ipv4_addrs(rule, &match);
 775		if (ice_tc_set_ipv4(&match, fltr, headers, true))
 776			return -EINVAL;
 777	} else if (enc_control.key->addr_type ==
 778					FLOW_DISSECTOR_KEY_IPV6_ADDRS) {
 779		struct flow_match_ipv6_addrs match;
 780
 781		flow_rule_match_enc_ipv6_addrs(rule, &match);
 782		if (ice_tc_set_ipv6(&match, fltr, headers, true))
 783			return -EINVAL;
 784	}
 785
 786	if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_IP)) {
 787		struct flow_match_ip match;
 788
 789		flow_rule_match_enc_ip(rule, &match);
 790		headers->l3_key.tos = match.key->tos;
 791		headers->l3_key.ttl = match.key->ttl;
 792		headers->l3_mask.tos = match.mask->tos;
 793		headers->l3_mask.ttl = match.mask->ttl;
 794	}
 795
 796	if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ENC_PORTS) &&
 797	    fltr->tunnel_type != TNL_VXLAN && fltr->tunnel_type != TNL_GENEVE) {
 798		struct flow_match_ports match;
 799
 800		flow_rule_match_enc_ports(rule, &match);
 801		if (ice_tc_set_port(match, fltr, headers, true))
 802			return -EINVAL;
 803	}
 804
 805	return 0;
 806}
 807
 808/**
 809 * ice_parse_cls_flower - Parse TC flower filters provided by kernel
 810 * @vsi: Pointer to the VSI
 811 * @filter_dev: Pointer to device on which filter is being added
 812 * @f: Pointer to struct flow_cls_offload
 813 * @fltr: Pointer to filter structure
 814 */
 815static int
 816ice_parse_cls_flower(struct net_device *filter_dev, struct ice_vsi *vsi,
 817		     struct flow_cls_offload *f,
 818		     struct ice_tc_flower_fltr *fltr)
 819{
 820	struct ice_tc_flower_lyr_2_4_hdrs *headers = &fltr->outer_headers;
 821	struct flow_rule *rule = flow_cls_offload_flow_rule(f);
 822	u16 n_proto_mask = 0, n_proto_key = 0, addr_type = 0;
 823	struct flow_dissector *dissector;
 824	struct net_device *tunnel_dev;
 825
 826	dissector = rule->match.dissector;
 827
 828	if (dissector->used_keys &
 829	    ~(BIT(FLOW_DISSECTOR_KEY_CONTROL) |
 830	      BIT(FLOW_DISSECTOR_KEY_BASIC) |
 831	      BIT(FLOW_DISSECTOR_KEY_ETH_ADDRS) |
 832	      BIT(FLOW_DISSECTOR_KEY_VLAN) |
 833	      BIT(FLOW_DISSECTOR_KEY_IPV4_ADDRS) |
 834	      BIT(FLOW_DISSECTOR_KEY_IPV6_ADDRS) |
 835	      BIT(FLOW_DISSECTOR_KEY_ENC_CONTROL) |
 836	      BIT(FLOW_DISSECTOR_KEY_ENC_KEYID) |
 837	      BIT(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) |
 838	      BIT(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) |
 839	      BIT(FLOW_DISSECTOR_KEY_ENC_PORTS) |
 840	      BIT(FLOW_DISSECTOR_KEY_ENC_IP) |
 841	      BIT(FLOW_DISSECTOR_KEY_PORTS))) {
 842		NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported key used");
 843		return -EOPNOTSUPP;
 844	}
 845
 846	tunnel_dev = ice_get_tunnel_device(filter_dev, rule);
 847	if (tunnel_dev) {
 848		int err;
 849
 850		filter_dev = tunnel_dev;
 851
 852		err = ice_parse_tunnel_attr(filter_dev, rule, fltr);
 853		if (err) {
 854			NL_SET_ERR_MSG_MOD(fltr->extack, "Failed to parse TC flower tunnel attributes");
 855			return err;
 856		}
 857
 858		/* header pointers should point to the inner headers, outer
 859		 * header were already set by ice_parse_tunnel_attr
 860		 */
 861		headers = &fltr->inner_headers;
 862	} else if (dissector->used_keys &
 863		  (BIT(FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS) |
 864		   BIT(FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS) |
 865		   BIT(FLOW_DISSECTOR_KEY_ENC_KEYID) |
 866		   BIT(FLOW_DISSECTOR_KEY_ENC_PORTS))) {
 867		NL_SET_ERR_MSG_MOD(fltr->extack, "Tunnel key used, but device isn't a tunnel");
 868		return -EOPNOTSUPP;
 869	} else {
 870		fltr->tunnel_type = TNL_LAST;
 871	}
 872
 873	if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_BASIC)) {
 874		struct flow_match_basic match;
 875
 876		flow_rule_match_basic(rule, &match);
 877
 878		n_proto_key = ntohs(match.key->n_proto);
 879		n_proto_mask = ntohs(match.mask->n_proto);
 880
 881		if (n_proto_key == ETH_P_ALL || n_proto_key == 0) {
 882			n_proto_key = 0;
 883			n_proto_mask = 0;
 884		} else {
 885			fltr->flags |= ICE_TC_FLWR_FIELD_ETH_TYPE_ID;
 886		}
 887
 888		headers->l2_key.n_proto = cpu_to_be16(n_proto_key);
 889		headers->l2_mask.n_proto = cpu_to_be16(n_proto_mask);
 890		headers->l3_key.ip_proto = match.key->ip_proto;
 891	}
 892
 893	if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_ETH_ADDRS)) {
 894		struct flow_match_eth_addrs match;
 895
 896		flow_rule_match_eth_addrs(rule, &match);
 897
 898		if (!is_zero_ether_addr(match.key->dst)) {
 899			ether_addr_copy(headers->l2_key.dst_mac,
 900					match.key->dst);
 901			ether_addr_copy(headers->l2_mask.dst_mac,
 902					match.mask->dst);
 903			fltr->flags |= ICE_TC_FLWR_FIELD_DST_MAC;
 904		}
 905
 906		if (!is_zero_ether_addr(match.key->src)) {
 907			ether_addr_copy(headers->l2_key.src_mac,
 908					match.key->src);
 909			ether_addr_copy(headers->l2_mask.src_mac,
 910					match.mask->src);
 911			fltr->flags |= ICE_TC_FLWR_FIELD_SRC_MAC;
 912		}
 913	}
 914
 915	if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_VLAN) ||
 916	    is_vlan_dev(filter_dev)) {
 917		struct flow_dissector_key_vlan mask;
 918		struct flow_dissector_key_vlan key;
 919		struct flow_match_vlan match;
 920
 921		if (is_vlan_dev(filter_dev)) {
 922			match.key = &key;
 923			match.key->vlan_id = vlan_dev_vlan_id(filter_dev);
 924			match.key->vlan_priority = 0;
 925			match.mask = &mask;
 926			memset(match.mask, 0xff, sizeof(*match.mask));
 927			match.mask->vlan_priority = 0;
 928		} else {
 929			flow_rule_match_vlan(rule, &match);
 930		}
 931
 932		if (match.mask->vlan_id) {
 933			if (match.mask->vlan_id == VLAN_VID_MASK) {
 934				fltr->flags |= ICE_TC_FLWR_FIELD_VLAN;
 935			} else {
 936				NL_SET_ERR_MSG_MOD(fltr->extack, "Bad VLAN mask");
 937				return -EINVAL;
 938			}
 939		}
 940
 941		headers->vlan_hdr.vlan_id =
 942				cpu_to_be16(match.key->vlan_id & VLAN_VID_MASK);
 943		if (match.mask->vlan_priority)
 944			headers->vlan_hdr.vlan_prio = match.key->vlan_priority;
 945	}
 946
 947	if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_CONTROL)) {
 948		struct flow_match_control match;
 949
 950		flow_rule_match_control(rule, &match);
 951
 952		addr_type = match.key->addr_type;
 953	}
 954
 955	if (addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS) {
 956		struct flow_match_ipv4_addrs match;
 957
 958		flow_rule_match_ipv4_addrs(rule, &match);
 959		if (ice_tc_set_ipv4(&match, fltr, headers, false))
 960			return -EINVAL;
 961	}
 962
 963	if (addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS) {
 964		struct flow_match_ipv6_addrs match;
 965
 966		flow_rule_match_ipv6_addrs(rule, &match);
 967		if (ice_tc_set_ipv6(&match, fltr, headers, false))
 968			return -EINVAL;
 969	}
 970
 971	if (flow_rule_match_key(rule, FLOW_DISSECTOR_KEY_PORTS)) {
 972		struct flow_match_ports match;
 973
 974		flow_rule_match_ports(rule, &match);
 975		if (ice_tc_set_port(match, fltr, headers, false))
 976			return -EINVAL;
 977		switch (headers->l3_key.ip_proto) {
 978		case IPPROTO_TCP:
 979		case IPPROTO_UDP:
 980			break;
 981		default:
 982			NL_SET_ERR_MSG_MOD(fltr->extack, "Only UDP and TCP transport are supported");
 983			return -EINVAL;
 984		}
 985	}
 986	return 0;
 987}
 988
 989/**
 990 * ice_add_switch_fltr - Add TC flower filters
 991 * @vsi: Pointer to VSI
 992 * @fltr: Pointer to struct ice_tc_flower_fltr
 993 *
 994 * Add filter in HW switch block
 995 */
 996static int
 997ice_add_switch_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr)
 998{
 999	if (fltr->action.fltr_act == ICE_FWD_TO_QGRP)
1000		return -EOPNOTSUPP;
1001
1002	if (ice_is_eswitch_mode_switchdev(vsi->back))
1003		return ice_eswitch_add_tc_fltr(vsi, fltr);
1004
1005	return ice_add_tc_flower_adv_fltr(vsi, fltr);
1006}
1007
1008/**
1009 * ice_handle_tclass_action - Support directing to a traffic class
1010 * @vsi: Pointer to VSI
1011 * @cls_flower: Pointer to TC flower offload structure
1012 * @fltr: Pointer to TC flower filter structure
1013 *
1014 * Support directing traffic to a traffic class
1015 */
1016static int
1017ice_handle_tclass_action(struct ice_vsi *vsi,
1018			 struct flow_cls_offload *cls_flower,
1019			 struct ice_tc_flower_fltr *fltr)
1020{
1021	int tc = tc_classid_to_hwtc(vsi->netdev, cls_flower->classid);
1022	struct ice_vsi *main_vsi;
1023
1024	if (tc < 0) {
1025		NL_SET_ERR_MSG_MOD(fltr->extack, "Unable to add filter because specified destination is invalid");
1026		return -EINVAL;
1027	}
1028	if (!tc) {
1029		NL_SET_ERR_MSG_MOD(fltr->extack, "Unable to add filter because of invalid destination");
1030		return -EINVAL;
1031	}
1032
1033	if (!(vsi->all_enatc & BIT(tc))) {
1034		NL_SET_ERR_MSG_MOD(fltr->extack, "Unable to add filter because of non-existence destination");
1035		return -EINVAL;
1036	}
1037
1038	/* Redirect to a TC class or Queue Group */
1039	main_vsi = ice_get_main_vsi(vsi->back);
1040	if (!main_vsi || !main_vsi->netdev) {
1041		NL_SET_ERR_MSG_MOD(fltr->extack,
1042				   "Unable to add filter because of invalid netdevice");
1043		return -EINVAL;
1044	}
1045
1046	if ((fltr->flags & ICE_TC_FLWR_FIELD_TENANT_ID) &&
1047	    (fltr->flags & (ICE_TC_FLWR_FIELD_DST_MAC |
1048			   ICE_TC_FLWR_FIELD_SRC_MAC))) {
1049		NL_SET_ERR_MSG_MOD(fltr->extack,
1050				   "Unable to add filter because filter using tunnel key and inner MAC is unsupported combination");
1051		return -EOPNOTSUPP;
1052	}
1053
1054	/* For ADQ, filter must include dest MAC address, otherwise unwanted
1055	 * packets with unrelated MAC address get delivered to ADQ VSIs as long
1056	 * as remaining filter criteria is satisfied such as dest IP address
1057	 * and dest/src L4 port. Following code is trying to handle:
1058	 * 1. For non-tunnel, if user specify MAC addresses, use them (means
1059	 * this code won't do anything
1060	 * 2. For non-tunnel, if user didn't specify MAC address, add implicit
1061	 * dest MAC to be lower netdev's active unicast MAC address
1062	 */
1063	if (!(fltr->flags & ICE_TC_FLWR_FIELD_DST_MAC)) {
1064		ether_addr_copy(fltr->outer_headers.l2_key.dst_mac,
1065				main_vsi->netdev->dev_addr);
1066		eth_broadcast_addr(fltr->outer_headers.l2_mask.dst_mac);
1067		fltr->flags |= ICE_TC_FLWR_FIELD_DST_MAC;
1068	}
1069
1070	/* validate specified dest MAC address, make sure either it belongs to
1071	 * lower netdev or any of MACVLAN. MACVLANs MAC address are added as
1072	 * unicast MAC filter destined to main VSI.
1073	 */
1074	if (!ice_mac_fltr_exist(&main_vsi->back->hw,
1075				fltr->outer_headers.l2_key.dst_mac,
1076				main_vsi->idx)) {
1077		NL_SET_ERR_MSG_MOD(fltr->extack,
1078				   "Unable to add filter because legacy MAC filter for specified destination doesn't exist");
1079		return -EINVAL;
1080	}
1081
1082	/* Make sure VLAN is already added to main VSI, before allowing ADQ to
1083	 * add a VLAN based filter such as MAC + VLAN + L4 port.
1084	 */
1085	if (fltr->flags & ICE_TC_FLWR_FIELD_VLAN) {
1086		u16 vlan_id = be16_to_cpu(fltr->outer_headers.vlan_hdr.vlan_id);
1087
1088		if (!ice_vlan_fltr_exist(&main_vsi->back->hw, vlan_id,
1089					 main_vsi->idx)) {
1090			NL_SET_ERR_MSG_MOD(fltr->extack,
1091					   "Unable to add filter because legacy VLAN filter for specified destination doesn't exist");
1092			return -EINVAL;
1093		}
1094	}
1095	fltr->action.fltr_act = ICE_FWD_TO_VSI;
1096	fltr->action.tc_class = tc;
1097
1098	return 0;
1099}
1100
1101/**
1102 * ice_parse_tc_flower_actions - Parse the actions for a TC filter
1103 * @vsi: Pointer to VSI
1104 * @cls_flower: Pointer to TC flower offload structure
1105 * @fltr: Pointer to TC flower filter structure
1106 *
1107 * Parse the actions for a TC filter
1108 */
1109static int
1110ice_parse_tc_flower_actions(struct ice_vsi *vsi,
1111			    struct flow_cls_offload *cls_flower,
1112			    struct ice_tc_flower_fltr *fltr)
1113{
1114	struct flow_rule *rule = flow_cls_offload_flow_rule(cls_flower);
1115	struct flow_action *flow_action = &rule->action;
1116	struct flow_action_entry *act;
1117	int i;
1118
1119	if (cls_flower->classid)
1120		return ice_handle_tclass_action(vsi, cls_flower, fltr);
1121
1122	if (!flow_action_has_entries(flow_action))
1123		return -EINVAL;
1124
1125	flow_action_for_each(i, act, flow_action) {
1126		if (ice_is_eswitch_mode_switchdev(vsi->back)) {
1127			int err = ice_eswitch_tc_parse_action(fltr, act);
1128
1129			if (err)
1130				return err;
1131			continue;
1132		}
1133		/* Allow only one rule per filter */
1134
1135		/* Drop action */
1136		if (act->id == FLOW_ACTION_DROP) {
1137			NL_SET_ERR_MSG_MOD(fltr->extack, "Unsupported action DROP");
1138			return -EINVAL;
1139		}
1140		fltr->action.fltr_act = ICE_FWD_TO_VSI;
1141	}
1142	return 0;
1143}
1144
1145/**
1146 * ice_del_tc_fltr - deletes a filter from HW table
1147 * @vsi: Pointer to VSI
1148 * @fltr: Pointer to struct ice_tc_flower_fltr
1149 *
1150 * This function deletes a filter from HW table and manages book-keeping
1151 */
1152static int ice_del_tc_fltr(struct ice_vsi *vsi, struct ice_tc_flower_fltr *fltr)
1153{
1154	struct ice_rule_query_data rule_rem;
1155	struct ice_pf *pf = vsi->back;
1156	int err;
1157
1158	rule_rem.rid = fltr->rid;
1159	rule_rem.rule_id = fltr->rule_id;
1160	rule_rem.vsi_handle = fltr->dest_id;
1161	err = ice_rem_adv_rule_by_id(&pf->hw, &rule_rem);
1162	if (err) {
1163		if (err == -ENOENT) {
1164			NL_SET_ERR_MSG_MOD(fltr->extack, "Filter does not exist");
1165			return -ENOENT;
1166		}
1167		NL_SET_ERR_MSG_MOD(fltr->extack, "Failed to delete TC flower filter");
1168		return -EIO;
1169	}
1170
1171	/* update advanced switch filter count for destination
1172	 * VSI if filter destination was VSI
1173	 */
1174	if (fltr->dest_vsi) {
1175		if (fltr->dest_vsi->type == ICE_VSI_CHNL) {
1176			fltr->dest_vsi->num_chnl_fltr--;
1177
1178			/* keeps track of channel filters for PF VSI */
1179			if (vsi->type == ICE_VSI_PF &&
1180			    (fltr->flags & (ICE_TC_FLWR_FIELD_DST_MAC |
1181					    ICE_TC_FLWR_FIELD_ENC_DST_MAC)))
1182				pf->num_dmac_chnl_fltrs--;
1183		}
1184	}
1185	return 0;
1186}
1187
1188/**
1189 * ice_add_tc_fltr - adds a TC flower filter
1190 * @netdev: Pointer to netdev
1191 * @vsi: Pointer to VSI
1192 * @f: Pointer to flower offload structure
1193 * @__fltr: Pointer to struct ice_tc_flower_fltr
1194 *
1195 * This function parses TC-flower input fields, parses action,
1196 * and adds a filter.
1197 */
1198static int
1199ice_add_tc_fltr(struct net_device *netdev, struct ice_vsi *vsi,
1200		struct flow_cls_offload *f,
1201		struct ice_tc_flower_fltr **__fltr)
1202{
1203	struct ice_tc_flower_fltr *fltr;
1204	int err;
1205
1206	/* by default, set output to be INVALID */
1207	*__fltr = NULL;
1208
1209	fltr = kzalloc(sizeof(*fltr), GFP_KERNEL);
1210	if (!fltr)
1211		return -ENOMEM;
1212
1213	fltr->cookie = f->cookie;
1214	fltr->extack = f->common.extack;
1215	fltr->src_vsi = vsi;
1216	INIT_HLIST_NODE(&fltr->tc_flower_node);
1217
1218	err = ice_parse_cls_flower(netdev, vsi, f, fltr);
1219	if (err < 0)
1220		goto err;
1221
1222	err = ice_parse_tc_flower_actions(vsi, f, fltr);
1223	if (err < 0)
1224		goto err;
1225
1226	err = ice_add_switch_fltr(vsi, fltr);
1227	if (err < 0)
1228		goto err;
1229
1230	/* return the newly created filter */
1231	*__fltr = fltr;
1232
1233	return 0;
1234err:
1235	kfree(fltr);
1236	return err;
1237}
1238
1239/**
1240 * ice_find_tc_flower_fltr - Find the TC flower filter in the list
1241 * @pf: Pointer to PF
1242 * @cookie: filter specific cookie
1243 */
1244static struct ice_tc_flower_fltr *
1245ice_find_tc_flower_fltr(struct ice_pf *pf, unsigned long cookie)
1246{
1247	struct ice_tc_flower_fltr *fltr;
1248
1249	hlist_for_each_entry(fltr, &pf->tc_flower_fltr_list, tc_flower_node)
1250		if (cookie == fltr->cookie)
1251			return fltr;
1252
1253	return NULL;
1254}
1255
1256/**
1257 * ice_add_cls_flower - add TC flower filters
1258 * @netdev: Pointer to filter device
1259 * @vsi: Pointer to VSI
1260 * @cls_flower: Pointer to flower offload structure
1261 */
1262int
1263ice_add_cls_flower(struct net_device *netdev, struct ice_vsi *vsi,
1264		   struct flow_cls_offload *cls_flower)
1265{
1266	struct netlink_ext_ack *extack = cls_flower->common.extack;
1267	struct net_device *vsi_netdev = vsi->netdev;
1268	struct ice_tc_flower_fltr *fltr;
1269	struct ice_pf *pf = vsi->back;
1270	int err;
1271
1272	if (ice_is_reset_in_progress(pf->state))
1273		return -EBUSY;
1274	if (test_bit(ICE_FLAG_FW_LLDP_AGENT, pf->flags))
1275		return -EINVAL;
1276
1277	if (ice_is_port_repr_netdev(netdev))
1278		vsi_netdev = netdev;
1279
1280	if (!(vsi_netdev->features & NETIF_F_HW_TC) &&
1281	    !test_bit(ICE_FLAG_CLS_FLOWER, pf->flags)) {
1282		/* Based on TC indirect notifications from kernel, all ice
1283		 * devices get an instance of rule from higher level device.
1284		 * Avoid triggering explicit error in this case.
1285		 */
1286		if (netdev == vsi_netdev)
1287			NL_SET_ERR_MSG_MOD(extack, "can't apply TC flower filters, turn ON hw-tc-offload and try again");
1288		return -EINVAL;
1289	}
1290
1291	/* avoid duplicate entries, if exists - return error */
1292	fltr = ice_find_tc_flower_fltr(pf, cls_flower->cookie);
1293	if (fltr) {
1294		NL_SET_ERR_MSG_MOD(extack, "filter cookie already exists, ignoring");
1295		return -EEXIST;
1296	}
1297
1298	/* prep and add TC-flower filter in HW */
1299	err = ice_add_tc_fltr(netdev, vsi, cls_flower, &fltr);
1300	if (err)
1301		return err;
1302
1303	/* add filter into an ordered list */
1304	hlist_add_head(&fltr->tc_flower_node, &pf->tc_flower_fltr_list);
1305	return 0;
1306}
1307
1308/**
1309 * ice_del_cls_flower - delete TC flower filters
1310 * @vsi: Pointer to VSI
1311 * @cls_flower: Pointer to struct flow_cls_offload
1312 */
1313int
1314ice_del_cls_flower(struct ice_vsi *vsi, struct flow_cls_offload *cls_flower)
1315{
1316	struct ice_tc_flower_fltr *fltr;
1317	struct ice_pf *pf = vsi->back;
1318	int err;
1319
1320	/* find filter */
1321	fltr = ice_find_tc_flower_fltr(pf, cls_flower->cookie);
1322	if (!fltr) {
1323		if (!test_bit(ICE_FLAG_TC_MQPRIO, pf->flags) &&
1324		    hlist_empty(&pf->tc_flower_fltr_list))
1325			return 0;
1326
1327		NL_SET_ERR_MSG_MOD(cls_flower->common.extack, "failed to delete TC flower filter because unable to find it");
1328		return -EINVAL;
1329	}
1330
1331	fltr->extack = cls_flower->common.extack;
1332	/* delete filter from HW */
1333	err = ice_del_tc_fltr(vsi, fltr);
1334	if (err)
1335		return err;
1336
1337	/* delete filter from an ordered list */
1338	hlist_del(&fltr->tc_flower_node);
1339
1340	/* free the filter node */
1341	kfree(fltr);
1342
1343	return 0;
1344}
1345
1346/**
1347 * ice_replay_tc_fltrs - replay TC filters
1348 * @pf: pointer to PF struct
1349 */
1350void ice_replay_tc_fltrs(struct ice_pf *pf)
1351{
1352	struct ice_tc_flower_fltr *fltr;
1353	struct hlist_node *node;
1354
1355	hlist_for_each_entry_safe(fltr, node,
1356				  &pf->tc_flower_fltr_list,
1357				  tc_flower_node) {
1358		fltr->extack = NULL;
1359		ice_add_switch_fltr(fltr->src_vsi, fltr);
1360	}
1361}
Configure Feed

Configure Feed
