net: mscc: ocelot: add port mirroring support using tc-matchall

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Ocelot switches perform port-based ingress mirroring if
ANA:PORT:PORT_CFG field SRC_MIRROR_ENA is set, and egress mirroring if
the port is in ANA:ANA:EMIRRORPORTS.

Both ingress-mirrored and egress-mirrored frames are copied to the port
mask from ANA:ANA:MIRRORPORTS.

So the choice of limiting to a single mirror port via ocelot_mirror_get()
and ocelot_mirror_put() may seem bizarre, but the hardware model doesn't
map very well to the user space model. If the user wants to mirror the
ingress of swp1 towards swp2 and the ingress of swp3 towards swp4, we'd
have to program ANA:ANA:MIRRORPORTS with BIT(2) | BIT(4), and that would
make swp1 be mirrored towards swp4 too, and swp3 towards swp2. But there
are no tc-matchall rules to describe those actions.

Now, we could offload a matchall rule with multiple mirred actions, one
per desired mirror port, and force the user to stick to the multi-action
rule format for subsequent matchall filters. But both DSA and ocelot
have the flow_offload_has_one_action() check for the matchall offload,
plus the fact that it will get cumbersome to cross-check matchall
mirrors with flower mirrors (which will be added in the next patch).

As a result, we limit the configuration to a single mirror port, with
the possibility of lifting the restriction in the future.

Frames injected from the CPU don't get egress-mirrored, since they are
sent with the BYPASS bit in the injection frame header, and this
bypasses the analyzer module (effectively also the mirroring logic).
I don't know what to do/say about this.

Functionality was tested with:

tc qdisc add dev swp3 clsact
tc filter add dev swp3 ingress \
matchall skip_sw \
action mirred egress mirror dev swp1

and pinging through swp3, while seeing that the ICMP replies are
mirrored towards swp1.

Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Vladimir Oltean and committed by

Jakub Kicinski 4 years ago ccb6ed42 4fa72108

+159 -2

4 changed files

expand all

drivers

net

ethernet

mscc

ocelot.c

ocelot.h

ocelot_net.c

include

soc

mscc

ocelot.h

+76

drivers/net/ethernet/mscc/ocelot.c

··· 3023 3023 } 3024 3024 EXPORT_SYMBOL_GPL(ocelot_port_del_dscp_prio); 3025 3025 3026 + static struct ocelot_mirror *ocelot_mirror_get(struct ocelot *ocelot, int to, 3027 + struct netlink_ext_ack *extack) 3028 + { 3029 + struct ocelot_mirror *m = ocelot->mirror; 3030 + 3031 + if (m) { 3032 + if (m->to != to) { 3033 + NL_SET_ERR_MSG_MOD(extack, 3034 + "Mirroring already configured towards different egress port"); 3035 + return ERR_PTR(-EBUSY); 3036 + } 3037 + 3038 + refcount_inc(&m->refcount); 3039 + return m; 3040 + } 3041 + 3042 + m = kzalloc(sizeof(*m), GFP_KERNEL); 3043 + if (!m) 3044 + return ERR_PTR(-ENOMEM); 3045 + 3046 + m->to = to; 3047 + refcount_set(&m->refcount, 1); 3048 + ocelot->mirror = m; 3049 + 3050 + /* Program the mirror port to hardware */ 3051 + ocelot_write(ocelot, BIT(to), ANA_MIRRORPORTS); 3052 + 3053 + return m; 3054 + } 3055 + 3056 + static void ocelot_mirror_put(struct ocelot *ocelot) 3057 + { 3058 + struct ocelot_mirror *m = ocelot->mirror; 3059 + 3060 + if (!refcount_dec_and_test(&m->refcount)) 3061 + return; 3062 + 3063 + ocelot_write(ocelot, 0, ANA_MIRRORPORTS); 3064 + ocelot->mirror = NULL; 3065 + kfree(m); 3066 + } 3067 + 3068 + int ocelot_port_mirror_add(struct ocelot *ocelot, int from, int to, 3069 + bool ingress, struct netlink_ext_ack *extack) 3070 + { 3071 + struct ocelot_mirror *m = ocelot_mirror_get(ocelot, to, extack); 3072 + 3073 + if (IS_ERR(m)) 3074 + return PTR_ERR(m); 3075 + 3076 + if (ingress) { 3077 + ocelot_rmw_gix(ocelot, ANA_PORT_PORT_CFG_SRC_MIRROR_ENA, 3078 + ANA_PORT_PORT_CFG_SRC_MIRROR_ENA, 3079 + ANA_PORT_PORT_CFG, from); 3080 + } else { 3081 + ocelot_rmw(ocelot, BIT(from), BIT(from), 3082 + ANA_EMIRRORPORTS); 3083 + } 3084 + 3085 + return 0; 3086 + } 3087 + EXPORT_SYMBOL_GPL(ocelot_port_mirror_add); 3088 + 3089 + void ocelot_port_mirror_del(struct ocelot *ocelot, int from, bool ingress) 3090 + { 3091 + if (ingress) { 3092 + ocelot_rmw_gix(ocelot, 0, ANA_PORT_PORT_CFG_SRC_MIRROR_ENA, 3093 + ANA_PORT_PORT_CFG, from); 3094 + } else { 3095 + ocelot_rmw(ocelot, 0, BIT(from), ANA_EMIRRORPORTS); 3096 + } 3097 + 3098 + ocelot_mirror_put(ocelot); 3099 + } 3100 + EXPORT_SYMBOL_GPL(ocelot_port_mirror_del); 3101 + 3026 3102 void ocelot_init_port(struct ocelot *ocelot, int port) 3027 3103 { 3028 3104 struct ocelot_port *ocelot_port = ocelot->ports[port];

+2 -1

drivers/net/ethernet/mscc/ocelot.h

··· 38 38 struct ocelot_port_tc { 39 39 bool block_shared; 40 40 unsigned long offload_cnt; 41 - 41 + unsigned long ingress_mirred_id; 42 + unsigned long egress_mirred_id; 42 43 unsigned long police_id; 43 44 }; 44 45

+72 -1

drivers/net/ethernet/mscc/ocelot_net.c

··· 20 20 21 21 #define OCELOT_MAC_QUIRKS OCELOT_QUIRK_QSGMII_PORTS_MUST_BE_UP 22 22 23 + static bool ocelot_netdevice_dev_check(const struct net_device *dev); 24 + 23 25 static struct ocelot *devlink_port_to_ocelot(struct devlink_port *dlp) 24 26 { 25 27 return devlink_priv(dlp->devlink); ··· 259 257 return 0; 260 258 } 261 259 260 + static int ocelot_setup_tc_cls_matchall_mirred(struct ocelot_port_private *priv, 261 + struct tc_cls_matchall_offload *f, 262 + bool ingress, 263 + struct netlink_ext_ack *extack) 264 + { 265 + struct flow_action *action = &f->rule->action; 266 + struct ocelot *ocelot = priv->port.ocelot; 267 + struct ocelot_port_private *other_priv; 268 + const struct flow_action_entry *a; 269 + int err; 270 + 271 + if (f->common.protocol != htons(ETH_P_ALL)) 272 + return -EOPNOTSUPP; 273 + 274 + if (!flow_action_basic_hw_stats_check(action, extack)) 275 + return -EOPNOTSUPP; 276 + 277 + a = &action->entries[0]; 278 + if (!a->dev) 279 + return -EINVAL; 280 + 281 + if (!ocelot_netdevice_dev_check(a->dev)) { 282 + NL_SET_ERR_MSG_MOD(extack, 283 + "Destination not an ocelot port"); 284 + return -EOPNOTSUPP; 285 + } 286 + 287 + other_priv = netdev_priv(a->dev); 288 + 289 + err = ocelot_port_mirror_add(ocelot, priv->chip_port, 290 + other_priv->chip_port, ingress, extack); 291 + if (err) 292 + return err; 293 + 294 + if (ingress) 295 + priv->tc.ingress_mirred_id = f->cookie; 296 + else 297 + priv->tc.egress_mirred_id = f->cookie; 298 + priv->tc.offload_cnt++; 299 + 300 + return 0; 301 + } 302 + 262 303 static int ocelot_del_tc_cls_matchall_police(struct ocelot_port_private *priv, 263 304 struct netlink_ext_ack *extack) 264 305 { ··· 317 272 } 318 273 319 274 priv->tc.police_id = 0; 275 + priv->tc.offload_cnt--; 276 + 277 + return 0; 278 + } 279 + 280 + static int ocelot_del_tc_cls_matchall_mirred(struct ocelot_port_private *priv, 281 + bool ingress, 282 + struct netlink_ext_ack *extack) 283 + { 284 + struct ocelot *ocelot = priv->port.ocelot; 285 + int port = priv->chip_port; 286 + 287 + ocelot_port_mirror_del(ocelot, port, ingress); 288 + 289 + if (ingress) 290 + priv->tc.ingress_mirred_id = 0; 291 + else 292 + priv->tc.egress_mirred_id = 0; 320 293 priv->tc.offload_cnt--; 321 294 322 295 return 0; ··· 357 294 358 295 if (priv->tc.block_shared) { 359 296 NL_SET_ERR_MSG_MOD(extack, 360 - "Rate limit is not supported on shared blocks"); 297 + "Matchall offloads not supported on shared blocks"); 361 298 return -EOPNOTSUPP; 362 299 } 363 300 ··· 369 306 ingress, 370 307 extack); 371 308 break; 309 + case FLOW_ACTION_MIRRED: 310 + return ocelot_setup_tc_cls_matchall_mirred(priv, f, 311 + ingress, 312 + extack); 372 313 default: 373 314 NL_SET_ERR_MSG_MOD(extack, "Unsupported action"); 374 315 return -EOPNOTSUPP; ··· 384 317 385 318 if (f->cookie == priv->tc.police_id) 386 319 return ocelot_del_tc_cls_matchall_police(priv, extack); 320 + else if (f->cookie == priv->tc.ingress_mirred_id || 321 + f->cookie == priv->tc.egress_mirred_id) 322 + return ocelot_del_tc_cls_matchall_mirred(priv, ingress, 323 + extack); 387 324 else 388 325 return -ENOENT; 389 326

include/soc/mscc/ocelot.h

··· 642 642 struct list_head list; 643 643 }; 644 644 645 + struct ocelot_mirror { 646 + refcount_t refcount; 647 + int to; 648 + }; 649 + 645 650 struct ocelot_port { 646 651 struct ocelot *ocelot; 647 652 ··· 728 723 struct ocelot_vcap_block block[3]; 729 724 struct ocelot_vcap_policer vcap_pol; 730 725 struct vcap_props *vcap; 726 + struct ocelot_mirror *mirror; 731 727 732 728 struct ocelot_psfp_list psfp; 733 729 ··· 914 908 int ocelot_port_policer_add(struct ocelot *ocelot, int port, 915 909 struct ocelot_policer *pol); 916 910 int ocelot_port_policer_del(struct ocelot *ocelot, int port); 911 + int ocelot_port_mirror_add(struct ocelot *ocelot, int from, int to, 912 + bool ingress, struct netlink_ext_ack *extack); 913 + void ocelot_port_mirror_del(struct ocelot *ocelot, int from, bool ingress); 917 914 int ocelot_cls_flower_replace(struct ocelot *ocelot, int port, 918 915 struct flow_cls_offload *f, bool ingress); 919 916 int ocelot_cls_flower_destroy(struct ocelot *ocelot, int port,