1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright 2018 6WIND S.A.
3 * Copyright 2018 Mellanox Technologies, Ltd
8 #include <libmnl/libmnl.h>
9 #include <linux/gen_stats.h>
10 #include <linux/if_ether.h>
11 #include <linux/netlink.h>
12 #include <linux/pkt_cls.h>
13 #include <linux/pkt_sched.h>
14 #include <linux/rtnetlink.h>
15 #include <linux/tc_act/tc_gact.h>
16 #include <linux/tc_act/tc_mirred.h>
17 #include <netinet/in.h>
23 #include <sys/socket.h>
25 #include <rte_byteorder.h>
26 #include <rte_errno.h>
27 #include <rte_ether.h>
29 #include <rte_malloc.h>
30 #include <rte_common.h>
31 #include <rte_cycles.h>
34 #include "mlx5_flow.h"
35 #include "mlx5_autoconf.h"
37 #ifdef HAVE_TC_ACT_VLAN
39 #include <linux/tc_act/tc_vlan.h>
41 #else /* HAVE_TC_ACT_VLAN */
43 #define TCA_VLAN_ACT_POP 1
44 #define TCA_VLAN_ACT_PUSH 2
45 #define TCA_VLAN_ACT_MODIFY 3
46 #define TCA_VLAN_PARMS 2
47 #define TCA_VLAN_PUSH_VLAN_ID 3
48 #define TCA_VLAN_PUSH_VLAN_PROTOCOL 4
49 #define TCA_VLAN_PAD 5
50 #define TCA_VLAN_PUSH_VLAN_PRIORITY 6
57 #endif /* HAVE_TC_ACT_VLAN */
59 #ifdef HAVE_TC_ACT_PEDIT
61 #include <linux/tc_act/tc_pedit.h>
63 #else /* HAVE_TC_ACT_VLAN */
77 TCA_PEDIT_KEY_EX_HTYPE = 1,
78 TCA_PEDIT_KEY_EX_CMD = 2,
79 __TCA_PEDIT_KEY_EX_MAX
82 enum pedit_header_type {
83 TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK = 0,
84 TCA_PEDIT_KEY_EX_HDR_TYPE_ETH = 1,
85 TCA_PEDIT_KEY_EX_HDR_TYPE_IP4 = 2,
86 TCA_PEDIT_KEY_EX_HDR_TYPE_IP6 = 3,
87 TCA_PEDIT_KEY_EX_HDR_TYPE_TCP = 4,
88 TCA_PEDIT_KEY_EX_HDR_TYPE_UDP = 5,
93 TCA_PEDIT_KEY_EX_CMD_SET = 0,
94 TCA_PEDIT_KEY_EX_CMD_ADD = 1,
101 __u32 off; /*offset */
108 struct tc_pedit_sel {
112 struct tc_pedit_key keys[0];
115 #endif /* HAVE_TC_ACT_VLAN */
117 #ifdef HAVE_TC_ACT_TUNNEL_KEY
119 #include <linux/tc_act/tc_tunnel_key.h>
121 #ifndef HAVE_TCA_TUNNEL_KEY_ENC_DST_PORT
122 #define TCA_TUNNEL_KEY_ENC_DST_PORT 9
125 #ifndef HAVE_TCA_TUNNEL_KEY_NO_CSUM
126 #define TCA_TUNNEL_KEY_NO_CSUM 10
129 #else /* HAVE_TC_ACT_TUNNEL_KEY */
131 #define TCA_ACT_TUNNEL_KEY 17
132 #define TCA_TUNNEL_KEY_ACT_SET 1
133 #define TCA_TUNNEL_KEY_ACT_RELEASE 2
134 #define TCA_TUNNEL_KEY_PARMS 2
135 #define TCA_TUNNEL_KEY_ENC_IPV4_SRC 3
136 #define TCA_TUNNEL_KEY_ENC_IPV4_DST 4
137 #define TCA_TUNNEL_KEY_ENC_IPV6_SRC 5
138 #define TCA_TUNNEL_KEY_ENC_IPV6_DST 6
139 #define TCA_TUNNEL_KEY_ENC_KEY_ID 7
140 #define TCA_TUNNEL_KEY_ENC_DST_PORT 9
141 #define TCA_TUNNEL_KEY_NO_CSUM 10
143 struct tc_tunnel_key {
148 #endif /* HAVE_TC_ACT_TUNNEL_KEY */
150 /* Normally found in linux/netlink.h. */
151 #ifndef NETLINK_CAP_ACK
152 #define NETLINK_CAP_ACK 10
155 /* Normally found in linux/pkt_sched.h. */
156 #ifndef TC_H_MIN_INGRESS
157 #define TC_H_MIN_INGRESS 0xfff2u
160 /* Normally found in linux/pkt_cls.h. */
161 #ifndef TCA_CLS_FLAGS_SKIP_SW
162 #define TCA_CLS_FLAGS_SKIP_SW (1 << 1)
164 #ifndef TCA_CLS_FLAGS_IN_HW
165 #define TCA_CLS_FLAGS_IN_HW (1 << 2)
167 #ifndef HAVE_TCA_CHAIN
170 #ifndef HAVE_TCA_FLOWER_ACT
171 #define TCA_FLOWER_ACT 3
173 #ifndef HAVE_TCA_FLOWER_FLAGS
174 #define TCA_FLOWER_FLAGS 22
176 #ifndef HAVE_TCA_FLOWER_KEY_ETH_TYPE
177 #define TCA_FLOWER_KEY_ETH_TYPE 8
179 #ifndef HAVE_TCA_FLOWER_KEY_ETH_DST
180 #define TCA_FLOWER_KEY_ETH_DST 4
182 #ifndef HAVE_TCA_FLOWER_KEY_ETH_DST_MASK
183 #define TCA_FLOWER_KEY_ETH_DST_MASK 5
185 #ifndef HAVE_TCA_FLOWER_KEY_ETH_SRC
186 #define TCA_FLOWER_KEY_ETH_SRC 6
188 #ifndef HAVE_TCA_FLOWER_KEY_ETH_SRC_MASK
189 #define TCA_FLOWER_KEY_ETH_SRC_MASK 7
191 #ifndef HAVE_TCA_FLOWER_KEY_IP_PROTO
192 #define TCA_FLOWER_KEY_IP_PROTO 9
194 #ifndef HAVE_TCA_FLOWER_KEY_IPV4_SRC
195 #define TCA_FLOWER_KEY_IPV4_SRC 10
197 #ifndef HAVE_TCA_FLOWER_KEY_IPV4_SRC_MASK
198 #define TCA_FLOWER_KEY_IPV4_SRC_MASK 11
200 #ifndef HAVE_TCA_FLOWER_KEY_IPV4_DST
201 #define TCA_FLOWER_KEY_IPV4_DST 12
203 #ifndef HAVE_TCA_FLOWER_KEY_IPV4_DST_MASK
204 #define TCA_FLOWER_KEY_IPV4_DST_MASK 13
206 #ifndef HAVE_TCA_FLOWER_KEY_IPV6_SRC
207 #define TCA_FLOWER_KEY_IPV6_SRC 14
209 #ifndef HAVE_TCA_FLOWER_KEY_IPV6_SRC_MASK
210 #define TCA_FLOWER_KEY_IPV6_SRC_MASK 15
212 #ifndef HAVE_TCA_FLOWER_KEY_IPV6_DST
213 #define TCA_FLOWER_KEY_IPV6_DST 16
215 #ifndef HAVE_TCA_FLOWER_KEY_IPV6_DST_MASK
216 #define TCA_FLOWER_KEY_IPV6_DST_MASK 17
218 #ifndef HAVE_TCA_FLOWER_KEY_TCP_SRC
219 #define TCA_FLOWER_KEY_TCP_SRC 18
221 #ifndef HAVE_TCA_FLOWER_KEY_TCP_SRC_MASK
222 #define TCA_FLOWER_KEY_TCP_SRC_MASK 35
224 #ifndef HAVE_TCA_FLOWER_KEY_TCP_DST
225 #define TCA_FLOWER_KEY_TCP_DST 19
227 #ifndef HAVE_TCA_FLOWER_KEY_TCP_DST_MASK
228 #define TCA_FLOWER_KEY_TCP_DST_MASK 36
230 #ifndef HAVE_TCA_FLOWER_KEY_UDP_SRC
231 #define TCA_FLOWER_KEY_UDP_SRC 20
233 #ifndef HAVE_TCA_FLOWER_KEY_UDP_SRC_MASK
234 #define TCA_FLOWER_KEY_UDP_SRC_MASK 37
236 #ifndef HAVE_TCA_FLOWER_KEY_UDP_DST
237 #define TCA_FLOWER_KEY_UDP_DST 21
239 #ifndef HAVE_TCA_FLOWER_KEY_UDP_DST_MASK
240 #define TCA_FLOWER_KEY_UDP_DST_MASK 38
242 #ifndef HAVE_TCA_FLOWER_KEY_VLAN_ID
243 #define TCA_FLOWER_KEY_VLAN_ID 23
245 #ifndef HAVE_TCA_FLOWER_KEY_VLAN_PRIO
246 #define TCA_FLOWER_KEY_VLAN_PRIO 24
248 #ifndef HAVE_TCA_FLOWER_KEY_VLAN_ETH_TYPE
249 #define TCA_FLOWER_KEY_VLAN_ETH_TYPE 25
251 #ifndef HAVE_TCA_FLOWER_KEY_ENC_KEY_ID
252 #define TCA_FLOWER_KEY_ENC_KEY_ID 26
254 #ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV4_SRC
255 #define TCA_FLOWER_KEY_ENC_IPV4_SRC 27
257 #ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK
258 #define TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK 28
260 #ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV4_DST
261 #define TCA_FLOWER_KEY_ENC_IPV4_DST 29
263 #ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV4_DST_MASK
264 #define TCA_FLOWER_KEY_ENC_IPV4_DST_MASK 30
266 #ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV6_SRC
267 #define TCA_FLOWER_KEY_ENC_IPV6_SRC 31
269 #ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK
270 #define TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK 32
272 #ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV6_DST
273 #define TCA_FLOWER_KEY_ENC_IPV6_DST 33
275 #ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV6_DST_MASK
276 #define TCA_FLOWER_KEY_ENC_IPV6_DST_MASK 34
278 #ifndef HAVE_TCA_FLOWER_KEY_ENC_UDP_SRC_PORT
279 #define TCA_FLOWER_KEY_ENC_UDP_SRC_PORT 43
281 #ifndef HAVE_TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK
282 #define TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK 44
284 #ifndef HAVE_TCA_FLOWER_KEY_ENC_UDP_DST_PORT
285 #define TCA_FLOWER_KEY_ENC_UDP_DST_PORT 45
287 #ifndef HAVE_TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK
288 #define TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK 46
290 #ifndef HAVE_TCA_FLOWER_KEY_TCP_FLAGS
291 #define TCA_FLOWER_KEY_TCP_FLAGS 71
293 #ifndef HAVE_TCA_FLOWER_KEY_TCP_FLAGS_MASK
294 #define TCA_FLOWER_KEY_TCP_FLAGS_MASK 72
296 #ifndef HAVE_TC_ACT_GOTO_CHAIN
297 #define TC_ACT_GOTO_CHAIN 0x20000000
300 #ifndef IPV6_ADDR_LEN
301 #define IPV6_ADDR_LEN 16
304 #ifndef IPV4_ADDR_LEN
305 #define IPV4_ADDR_LEN 4
309 #define TP_PORT_LEN 2 /* Transport Port (UDP/TCP) Length */
316 #ifndef TCA_ACT_MAX_PRIO
317 #define TCA_ACT_MAX_PRIO 32
320 /** UDP port range of VXLAN devices created by driver. */
321 #define MLX5_VXLAN_PORT_MIN 30000
322 #define MLX5_VXLAN_PORT_MAX 60000
323 #define MLX5_VXLAN_DEVICE_PFX "vmlx_"
325 * Timeout in milliseconds to wait VXLAN UDP offloaded port
326 * registration completed within the mlx5 driver.
328 #define MLX5_VXLAN_WAIT_PORT_REG_MS 250
330 /** Tunnel action type, used for @p type in header structure. */
331 enum flow_tcf_tunact_type {
332 FLOW_TCF_TUNACT_VXLAN_DECAP,
333 FLOW_TCF_TUNACT_VXLAN_ENCAP,
336 /** Flags used for @p mask in tunnel action encap descriptors. */
337 #define FLOW_TCF_ENCAP_ETH_SRC (1u << 0)
338 #define FLOW_TCF_ENCAP_ETH_DST (1u << 1)
339 #define FLOW_TCF_ENCAP_IPV4_SRC (1u << 2)
340 #define FLOW_TCF_ENCAP_IPV4_DST (1u << 3)
341 #define FLOW_TCF_ENCAP_IPV6_SRC (1u << 4)
342 #define FLOW_TCF_ENCAP_IPV6_DST (1u << 5)
343 #define FLOW_TCF_ENCAP_UDP_SRC (1u << 6)
344 #define FLOW_TCF_ENCAP_UDP_DST (1u << 7)
345 #define FLOW_TCF_ENCAP_VXLAN_VNI (1u << 8)
348 * Structure for holding netlink context.
349 * Note the size of the message buffer which is MNL_SOCKET_BUFFER_SIZE.
350 * Using this (8KB) buffer size ensures that netlink messages will never be
353 struct mlx5_flow_tcf_context {
354 struct mnl_socket *nl; /* NETLINK_ROUTE libmnl socket. */
355 uint32_t seq; /* Message sequence number. */
356 uint32_t buf_size; /* Message buffer size. */
357 uint8_t *buf; /* Message buffer. */
361 * Neigh rule structure. The neigh rule is applied via Netlink to
362 * outer tunnel iface in order to provide destination MAC address
363 * for the VXLAN encapsultion. The neigh rule is implicitly related
364 * to the Flow itself and can be shared by multiple Flows.
366 struct tcf_neigh_rule {
367 LIST_ENTRY(tcf_neigh_rule) next;
369 struct ether_addr eth;
376 uint8_t dst[IPV6_ADDR_LEN];
382 * Local rule structure. The local rule is applied via Netlink to
383 * outer tunnel iface in order to provide local and peer IP addresses
384 * of the VXLAN tunnel for encapsulation. The local rule is implicitly
385 * related to the Flow itself and can be shared by multiple Flows.
387 struct tcf_local_rule {
388 LIST_ENTRY(tcf_local_rule) next;
397 uint8_t dst[IPV6_ADDR_LEN];
398 uint8_t src[IPV6_ADDR_LEN];
403 /** VXLAN virtual netdev. */
405 LIST_ENTRY(tcf_vtep) next;
406 LIST_HEAD(, tcf_neigh_rule) neigh;
407 LIST_HEAD(, tcf_local_rule) local;
409 unsigned int ifindex; /**< Own interface index. */
410 unsigned int ifouter; /**< Index of device attached to. */
412 uint32_t created:1; /**< Actually created by PMD. */
413 uint32_t waitreg:1; /**< Wait for VXLAN UDP port registration. */
416 /** Tunnel descriptor header, common for all tunnel types. */
417 struct flow_tcf_tunnel_hdr {
418 uint32_t type; /**< Tunnel action type. */
419 struct tcf_vtep *vtep; /**< Virtual tunnel endpoint device. */
420 unsigned int ifindex_org; /**< Original dst/src interface */
421 unsigned int *ifindex_ptr; /**< Interface ptr in message. */
424 struct flow_tcf_vxlan_decap {
425 struct flow_tcf_tunnel_hdr hdr;
429 struct flow_tcf_vxlan_encap {
430 struct flow_tcf_tunnel_hdr hdr;
433 struct ether_addr dst;
434 struct ether_addr src;
442 uint8_t dst[IPV6_ADDR_LEN];
443 uint8_t src[IPV6_ADDR_LEN];
455 /** Structure used when extracting the values of a flow counters
456 * from a netlink message.
458 struct flow_tcf_stats_basic {
460 struct gnet_stats_basic counters;
463 /** Empty masks for known item types. */
465 struct rte_flow_item_port_id port_id;
466 struct rte_flow_item_eth eth;
467 struct rte_flow_item_vlan vlan;
468 struct rte_flow_item_ipv4 ipv4;
469 struct rte_flow_item_ipv6 ipv6;
470 struct rte_flow_item_tcp tcp;
471 struct rte_flow_item_udp udp;
472 struct rte_flow_item_vxlan vxlan;
473 } flow_tcf_mask_empty = {
477 /** Supported masks for known item types. */
478 static const struct {
479 struct rte_flow_item_port_id port_id;
480 struct rte_flow_item_eth eth;
481 struct rte_flow_item_vlan vlan;
482 struct rte_flow_item_ipv4 ipv4;
483 struct rte_flow_item_ipv6 ipv6;
484 struct rte_flow_item_tcp tcp;
485 struct rte_flow_item_udp udp;
486 struct rte_flow_item_vxlan vxlan;
487 } flow_tcf_mask_supported = {
492 .type = RTE_BE16(0xffff),
493 .dst.addr_bytes = "\xff\xff\xff\xff\xff\xff",
494 .src.addr_bytes = "\xff\xff\xff\xff\xff\xff",
497 /* PCP and VID only, no DEI. */
498 .tci = RTE_BE16(0xefff),
499 .inner_type = RTE_BE16(0xffff),
502 .next_proto_id = 0xff,
503 .src_addr = RTE_BE32(0xffffffff),
504 .dst_addr = RTE_BE32(0xffffffff),
509 "\xff\xff\xff\xff\xff\xff\xff\xff"
510 "\xff\xff\xff\xff\xff\xff\xff\xff",
512 "\xff\xff\xff\xff\xff\xff\xff\xff"
513 "\xff\xff\xff\xff\xff\xff\xff\xff",
516 .src_port = RTE_BE16(0xffff),
517 .dst_port = RTE_BE16(0xffff),
521 .src_port = RTE_BE16(0xffff),
522 .dst_port = RTE_BE16(0xffff),
525 .vni = "\xff\xff\xff",
529 #define SZ_NLATTR_HDR MNL_ALIGN(sizeof(struct nlattr))
530 #define SZ_NLATTR_NEST SZ_NLATTR_HDR
531 #define SZ_NLATTR_DATA_OF(len) MNL_ALIGN(SZ_NLATTR_HDR + (len))
532 #define SZ_NLATTR_TYPE_OF(typ) SZ_NLATTR_DATA_OF(sizeof(typ))
533 #define SZ_NLATTR_STRZ_OF(str) SZ_NLATTR_DATA_OF(strlen(str) + 1)
535 #define PTOI_TABLE_SZ_MAX(dev) (mlx5_dev_to_port_id((dev)->device, NULL, 0) + 2)
537 /** DPDK port to network interface index (ifindex) conversion. */
538 struct flow_tcf_ptoi {
539 uint16_t port_id; /**< DPDK port ID. */
540 unsigned int ifindex; /**< Network interface index. */
543 /* Due to a limitation on driver/FW. */
544 #define MLX5_TCF_GROUP_ID_MAX 3
547 * Due to a limitation on driver/FW, priority ranges from 1 to 16 in kernel.
548 * Priority in rte_flow attribute starts from 0 and is added by 1 in
549 * translation. This is subject to be changed to determine the max priority
550 * based on trial-and-error like Verbs driver once the restriction is lifted or
551 * the range is extended.
553 #define MLX5_TCF_GROUP_PRIORITY_MAX 15
555 #define MLX5_TCF_FATE_ACTIONS \
556 (MLX5_FLOW_ACTION_DROP | MLX5_FLOW_ACTION_PORT_ID | \
557 MLX5_FLOW_ACTION_JUMP)
559 #define MLX5_TCF_VLAN_ACTIONS \
560 (MLX5_FLOW_ACTION_OF_POP_VLAN | MLX5_FLOW_ACTION_OF_PUSH_VLAN | \
561 MLX5_FLOW_ACTION_OF_SET_VLAN_VID | MLX5_FLOW_ACTION_OF_SET_VLAN_PCP)
563 #define MLX5_TCF_VXLAN_ACTIONS \
564 (MLX5_FLOW_ACTION_VXLAN_ENCAP | MLX5_FLOW_ACTION_VXLAN_DECAP)
566 #define MLX5_TCF_PEDIT_ACTIONS \
567 (MLX5_FLOW_ACTION_SET_IPV4_SRC | MLX5_FLOW_ACTION_SET_IPV4_DST | \
568 MLX5_FLOW_ACTION_SET_IPV6_SRC | MLX5_FLOW_ACTION_SET_IPV6_DST | \
569 MLX5_FLOW_ACTION_SET_TP_SRC | MLX5_FLOW_ACTION_SET_TP_DST | \
570 MLX5_FLOW_ACTION_SET_TTL | MLX5_FLOW_ACTION_DEC_TTL | \
571 MLX5_FLOW_ACTION_SET_MAC_SRC | MLX5_FLOW_ACTION_SET_MAC_DST)
573 #define MLX5_TCF_CONFIG_ACTIONS \
574 (MLX5_FLOW_ACTION_PORT_ID | MLX5_FLOW_ACTION_JUMP | \
575 MLX5_FLOW_ACTION_OF_PUSH_VLAN | MLX5_FLOW_ACTION_OF_SET_VLAN_VID | \
576 MLX5_FLOW_ACTION_OF_SET_VLAN_PCP | \
577 (MLX5_TCF_PEDIT_ACTIONS & ~MLX5_FLOW_ACTION_DEC_TTL))
579 #define MAX_PEDIT_KEYS 128
580 #define SZ_PEDIT_KEY_VAL 4
582 #define NUM_OF_PEDIT_KEYS(sz) \
583 (((sz) / SZ_PEDIT_KEY_VAL) + (((sz) % SZ_PEDIT_KEY_VAL) ? 1 : 0))
585 struct pedit_key_ex {
586 enum pedit_header_type htype;
590 struct pedit_parser {
591 struct tc_pedit_sel sel;
592 struct tc_pedit_key keys[MAX_PEDIT_KEYS];
593 struct pedit_key_ex keys_ex[MAX_PEDIT_KEYS];
597 * Create space for using the implicitly created TC flow counter.
600 * Pointer to the Ethernet device structure.
603 * A pointer to the counter data structure, NULL otherwise and
606 static struct mlx5_flow_counter *
607 flow_tcf_counter_new(void)
609 struct mlx5_flow_counter *cnt;
612 * eswitch counter cannot be shared and its id is unknown.
613 * currently returning all with id 0.
614 * in the future maybe better to switch to unique numbers.
616 struct mlx5_flow_counter tmpl = {
619 cnt = rte_calloc(__func__, 1, sizeof(*cnt), 0);
625 /* Implicit counter, do not add to list. */
630 * Set pedit key of MAC address
633 * pointer to action specification
634 * @param[in,out] p_parser
635 * pointer to pedit_parser
638 flow_tcf_pedit_key_set_mac(const struct rte_flow_action *actions,
639 struct pedit_parser *p_parser)
641 int idx = p_parser->sel.nkeys;
642 uint32_t off = actions->type == RTE_FLOW_ACTION_TYPE_SET_MAC_SRC ?
643 offsetof(struct ether_hdr, s_addr) :
644 offsetof(struct ether_hdr, d_addr);
645 const struct rte_flow_action_set_mac *conf =
646 (const struct rte_flow_action_set_mac *)actions->conf;
648 p_parser->keys[idx].off = off;
649 p_parser->keys[idx].mask = ~UINT32_MAX;
650 p_parser->keys_ex[idx].htype = TCA_PEDIT_KEY_EX_HDR_TYPE_ETH;
651 p_parser->keys_ex[idx].cmd = TCA_PEDIT_KEY_EX_CMD_SET;
652 memcpy(&p_parser->keys[idx].val,
653 conf->mac_addr, SZ_PEDIT_KEY_VAL);
655 p_parser->keys[idx].off = off + SZ_PEDIT_KEY_VAL;
656 p_parser->keys[idx].mask = 0xFFFF0000;
657 p_parser->keys_ex[idx].htype = TCA_PEDIT_KEY_EX_HDR_TYPE_ETH;
658 p_parser->keys_ex[idx].cmd = TCA_PEDIT_KEY_EX_CMD_SET;
659 memcpy(&p_parser->keys[idx].val,
660 conf->mac_addr + SZ_PEDIT_KEY_VAL,
661 ETHER_ADDR_LEN - SZ_PEDIT_KEY_VAL);
662 p_parser->sel.nkeys = (++idx);
666 * Set pedit key of decrease/set ttl
669 * pointer to action specification
670 * @param[in,out] p_parser
671 * pointer to pedit_parser
672 * @param[in] item_flags
673 * flags of all items presented
676 flow_tcf_pedit_key_set_dec_ttl(const struct rte_flow_action *actions,
677 struct pedit_parser *p_parser,
680 int idx = p_parser->sel.nkeys;
682 p_parser->keys[idx].mask = 0xFFFFFF00;
683 if (item_flags & MLX5_FLOW_LAYER_OUTER_L3_IPV4) {
684 p_parser->keys_ex[idx].htype = TCA_PEDIT_KEY_EX_HDR_TYPE_IP4;
685 p_parser->keys[idx].off =
686 offsetof(struct ipv4_hdr, time_to_live);
688 if (item_flags & MLX5_FLOW_LAYER_OUTER_L3_IPV6) {
689 p_parser->keys_ex[idx].htype = TCA_PEDIT_KEY_EX_HDR_TYPE_IP6;
690 p_parser->keys[idx].off =
691 offsetof(struct ipv6_hdr, hop_limits);
693 if (actions->type == RTE_FLOW_ACTION_TYPE_DEC_TTL) {
694 p_parser->keys_ex[idx].cmd = TCA_PEDIT_KEY_EX_CMD_ADD;
695 p_parser->keys[idx].val = 0x000000FF;
697 p_parser->keys_ex[idx].cmd = TCA_PEDIT_KEY_EX_CMD_SET;
698 p_parser->keys[idx].val =
699 (__u32)((const struct rte_flow_action_set_ttl *)
700 actions->conf)->ttl_value;
702 p_parser->sel.nkeys = (++idx);
706 * Set pedit key of transport (TCP/UDP) port value
709 * pointer to action specification
710 * @param[in,out] p_parser
711 * pointer to pedit_parser
712 * @param[in] item_flags
713 * flags of all items presented
716 flow_tcf_pedit_key_set_tp_port(const struct rte_flow_action *actions,
717 struct pedit_parser *p_parser,
720 int idx = p_parser->sel.nkeys;
722 if (item_flags & MLX5_FLOW_LAYER_OUTER_L4_UDP)
723 p_parser->keys_ex[idx].htype = TCA_PEDIT_KEY_EX_HDR_TYPE_UDP;
724 if (item_flags & MLX5_FLOW_LAYER_OUTER_L4_TCP)
725 p_parser->keys_ex[idx].htype = TCA_PEDIT_KEY_EX_HDR_TYPE_TCP;
726 p_parser->keys_ex[idx].cmd = TCA_PEDIT_KEY_EX_CMD_SET;
727 /* offset of src/dst port is same for TCP and UDP */
728 p_parser->keys[idx].off =
729 actions->type == RTE_FLOW_ACTION_TYPE_SET_TP_SRC ?
730 offsetof(struct tcp_hdr, src_port) :
731 offsetof(struct tcp_hdr, dst_port);
732 p_parser->keys[idx].mask = 0xFFFF0000;
733 p_parser->keys[idx].val =
734 (__u32)((const struct rte_flow_action_set_tp *)
735 actions->conf)->port;
736 p_parser->sel.nkeys = (++idx);
740 * Set pedit key of ipv6 address
743 * pointer to action specification
744 * @param[in,out] p_parser
745 * pointer to pedit_parser
748 flow_tcf_pedit_key_set_ipv6_addr(const struct rte_flow_action *actions,
749 struct pedit_parser *p_parser)
751 int idx = p_parser->sel.nkeys;
752 int keys = NUM_OF_PEDIT_KEYS(IPV6_ADDR_LEN);
754 actions->type == RTE_FLOW_ACTION_TYPE_SET_IPV6_SRC ?
755 offsetof(struct ipv6_hdr, src_addr) :
756 offsetof(struct ipv6_hdr, dst_addr);
757 const struct rte_flow_action_set_ipv6 *conf =
758 (const struct rte_flow_action_set_ipv6 *)actions->conf;
760 for (int i = 0; i < keys; i++, idx++) {
761 p_parser->keys_ex[idx].htype = TCA_PEDIT_KEY_EX_HDR_TYPE_IP6;
762 p_parser->keys_ex[idx].cmd = TCA_PEDIT_KEY_EX_CMD_SET;
763 p_parser->keys[idx].off = off_base + i * SZ_PEDIT_KEY_VAL;
764 p_parser->keys[idx].mask = ~UINT32_MAX;
765 memcpy(&p_parser->keys[idx].val,
766 conf->ipv6_addr + i * SZ_PEDIT_KEY_VAL,
769 p_parser->sel.nkeys += keys;
773 * Set pedit key of ipv4 address
776 * pointer to action specification
777 * @param[in,out] p_parser
778 * pointer to pedit_parser
781 flow_tcf_pedit_key_set_ipv4_addr(const struct rte_flow_action *actions,
782 struct pedit_parser *p_parser)
784 int idx = p_parser->sel.nkeys;
786 p_parser->keys_ex[idx].htype = TCA_PEDIT_KEY_EX_HDR_TYPE_IP4;
787 p_parser->keys_ex[idx].cmd = TCA_PEDIT_KEY_EX_CMD_SET;
788 p_parser->keys[idx].off =
789 actions->type == RTE_FLOW_ACTION_TYPE_SET_IPV4_SRC ?
790 offsetof(struct ipv4_hdr, src_addr) :
791 offsetof(struct ipv4_hdr, dst_addr);
792 p_parser->keys[idx].mask = ~UINT32_MAX;
793 p_parser->keys[idx].val =
794 ((const struct rte_flow_action_set_ipv4 *)
795 actions->conf)->ipv4_addr;
796 p_parser->sel.nkeys = (++idx);
800 * Create the pedit's na attribute in netlink message
801 * on pre-allocate message buffer
804 * pointer to pre-allocated netlink message buffer
805 * @param[in,out] actions
806 * pointer to pointer of actions specification.
807 * @param[in,out] action_flags
808 * pointer to actions flags
809 * @param[in] item_flags
810 * flags of all item presented
813 flow_tcf_create_pedit_mnl_msg(struct nlmsghdr *nl,
814 const struct rte_flow_action **actions,
817 struct pedit_parser p_parser;
818 struct nlattr *na_act_options;
819 struct nlattr *na_pedit_keys;
821 memset(&p_parser, 0, sizeof(p_parser));
822 mnl_attr_put_strz(nl, TCA_ACT_KIND, "pedit");
823 na_act_options = mnl_attr_nest_start(nl, TCA_ACT_OPTIONS);
824 /* all modify header actions should be in one tc-pedit action */
825 for (; (*actions)->type != RTE_FLOW_ACTION_TYPE_END; (*actions)++) {
826 switch ((*actions)->type) {
827 case RTE_FLOW_ACTION_TYPE_SET_IPV4_SRC:
828 case RTE_FLOW_ACTION_TYPE_SET_IPV4_DST:
829 flow_tcf_pedit_key_set_ipv4_addr(*actions, &p_parser);
831 case RTE_FLOW_ACTION_TYPE_SET_IPV6_SRC:
832 case RTE_FLOW_ACTION_TYPE_SET_IPV6_DST:
833 flow_tcf_pedit_key_set_ipv6_addr(*actions, &p_parser);
835 case RTE_FLOW_ACTION_TYPE_SET_TP_SRC:
836 case RTE_FLOW_ACTION_TYPE_SET_TP_DST:
837 flow_tcf_pedit_key_set_tp_port(*actions,
838 &p_parser, item_flags);
840 case RTE_FLOW_ACTION_TYPE_SET_TTL:
841 case RTE_FLOW_ACTION_TYPE_DEC_TTL:
842 flow_tcf_pedit_key_set_dec_ttl(*actions,
843 &p_parser, item_flags);
845 case RTE_FLOW_ACTION_TYPE_SET_MAC_SRC:
846 case RTE_FLOW_ACTION_TYPE_SET_MAC_DST:
847 flow_tcf_pedit_key_set_mac(*actions, &p_parser);
850 goto pedit_mnl_msg_done;
854 p_parser.sel.action = TC_ACT_PIPE;
855 mnl_attr_put(nl, TCA_PEDIT_PARMS_EX,
856 sizeof(p_parser.sel) +
857 p_parser.sel.nkeys * sizeof(struct tc_pedit_key),
860 mnl_attr_nest_start(nl, TCA_PEDIT_KEYS_EX | NLA_F_NESTED);
861 for (int i = 0; i < p_parser.sel.nkeys; i++) {
862 struct nlattr *na_pedit_key =
863 mnl_attr_nest_start(nl,
864 TCA_PEDIT_KEY_EX | NLA_F_NESTED);
865 mnl_attr_put_u16(nl, TCA_PEDIT_KEY_EX_HTYPE,
866 p_parser.keys_ex[i].htype);
867 mnl_attr_put_u16(nl, TCA_PEDIT_KEY_EX_CMD,
868 p_parser.keys_ex[i].cmd);
869 mnl_attr_nest_end(nl, na_pedit_key);
871 mnl_attr_nest_end(nl, na_pedit_keys);
872 mnl_attr_nest_end(nl, na_act_options);
877 * Calculate max memory size of one TC-pedit actions.
878 * One TC-pedit action can contain set of keys each defining
879 * a rewrite element (rte_flow action)
881 * @param[in,out] actions
882 * actions specification.
883 * @param[in,out] action_flags
885 * @param[in,out] size
888 * Max memory size of one TC-pedit action
891 flow_tcf_get_pedit_actions_size(const struct rte_flow_action **actions,
892 uint64_t *action_flags)
898 pedit_size += SZ_NLATTR_NEST + /* na_act_index. */
899 SZ_NLATTR_STRZ_OF("pedit") +
900 SZ_NLATTR_NEST; /* TCA_ACT_OPTIONS. */
901 for (; (*actions)->type != RTE_FLOW_ACTION_TYPE_END; (*actions)++) {
902 switch ((*actions)->type) {
903 case RTE_FLOW_ACTION_TYPE_SET_IPV4_SRC:
904 keys += NUM_OF_PEDIT_KEYS(IPV4_ADDR_LEN);
905 flags |= MLX5_FLOW_ACTION_SET_IPV4_SRC;
907 case RTE_FLOW_ACTION_TYPE_SET_IPV4_DST:
908 keys += NUM_OF_PEDIT_KEYS(IPV4_ADDR_LEN);
909 flags |= MLX5_FLOW_ACTION_SET_IPV4_DST;
911 case RTE_FLOW_ACTION_TYPE_SET_IPV6_SRC:
912 keys += NUM_OF_PEDIT_KEYS(IPV6_ADDR_LEN);
913 flags |= MLX5_FLOW_ACTION_SET_IPV6_SRC;
915 case RTE_FLOW_ACTION_TYPE_SET_IPV6_DST:
916 keys += NUM_OF_PEDIT_KEYS(IPV6_ADDR_LEN);
917 flags |= MLX5_FLOW_ACTION_SET_IPV6_DST;
919 case RTE_FLOW_ACTION_TYPE_SET_TP_SRC:
920 /* TCP is as same as UDP */
921 keys += NUM_OF_PEDIT_KEYS(TP_PORT_LEN);
922 flags |= MLX5_FLOW_ACTION_SET_TP_SRC;
924 case RTE_FLOW_ACTION_TYPE_SET_TP_DST:
925 /* TCP is as same as UDP */
926 keys += NUM_OF_PEDIT_KEYS(TP_PORT_LEN);
927 flags |= MLX5_FLOW_ACTION_SET_TP_DST;
929 case RTE_FLOW_ACTION_TYPE_SET_TTL:
930 keys += NUM_OF_PEDIT_KEYS(TTL_LEN);
931 flags |= MLX5_FLOW_ACTION_SET_TTL;
933 case RTE_FLOW_ACTION_TYPE_DEC_TTL:
934 keys += NUM_OF_PEDIT_KEYS(TTL_LEN);
935 flags |= MLX5_FLOW_ACTION_DEC_TTL;
937 case RTE_FLOW_ACTION_TYPE_SET_MAC_SRC:
938 keys += NUM_OF_PEDIT_KEYS(ETHER_ADDR_LEN);
939 flags |= MLX5_FLOW_ACTION_SET_MAC_SRC;
941 case RTE_FLOW_ACTION_TYPE_SET_MAC_DST:
942 keys += NUM_OF_PEDIT_KEYS(ETHER_ADDR_LEN);
943 flags |= MLX5_FLOW_ACTION_SET_MAC_DST;
946 goto get_pedit_action_size_done;
949 get_pedit_action_size_done:
950 /* TCA_PEDIT_PARAMS_EX */
952 SZ_NLATTR_DATA_OF(sizeof(struct tc_pedit_sel) +
953 keys * sizeof(struct tc_pedit_key));
954 pedit_size += SZ_NLATTR_NEST; /* TCA_PEDIT_KEYS */
956 /* TCA_PEDIT_KEY_EX + HTYPE + CMD */
957 (SZ_NLATTR_NEST + SZ_NLATTR_DATA_OF(2) +
958 SZ_NLATTR_DATA_OF(2));
959 (*action_flags) |= flags;
965 * Retrieve mask for pattern item.
967 * This function does basic sanity checks on a pattern item in order to
968 * return the most appropriate mask for it.
971 * Item specification.
972 * @param[in] mask_default
973 * Default mask for pattern item as specified by the flow API.
974 * @param[in] mask_supported
975 * Mask fields supported by the implementation.
976 * @param[in] mask_empty
977 * Empty mask to return when there is no specification.
979 * Perform verbose error reporting if not NULL.
982 * Either @p item->mask or one of the mask parameters on success, NULL
983 * otherwise and rte_errno is set.
986 flow_tcf_item_mask(const struct rte_flow_item *item, const void *mask_default,
987 const void *mask_supported, const void *mask_empty,
988 size_t mask_size, struct rte_flow_error *error)
993 /* item->last and item->mask cannot exist without item->spec. */
994 if (!item->spec && (item->mask || item->last)) {
995 rte_flow_error_set(error, EINVAL,
996 RTE_FLOW_ERROR_TYPE_ITEM, item,
997 "\"mask\" or \"last\" field provided without"
998 " a corresponding \"spec\"");
1001 /* No spec, no mask, no problem. */
1004 mask = item->mask ? item->mask : mask_default;
1007 * Single-pass check to make sure that:
1008 * - Mask is supported, no bits are set outside mask_supported.
1009 * - Both item->spec and item->last are included in mask.
1011 for (i = 0; i != mask_size; ++i) {
1014 if ((mask[i] | ((const uint8_t *)mask_supported)[i]) !=
1015 ((const uint8_t *)mask_supported)[i]) {
1016 rte_flow_error_set(error, ENOTSUP,
1017 RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1018 "unsupported field found"
1023 (((const uint8_t *)item->spec)[i] & mask[i]) !=
1024 (((const uint8_t *)item->last)[i] & mask[i])) {
1025 rte_flow_error_set(error, EINVAL,
1026 RTE_FLOW_ERROR_TYPE_ITEM_LAST,
1028 "range between \"spec\" and \"last\""
1029 " not comprised in \"mask\"");
1037 * Build a conversion table between port ID and ifindex.
1040 * Pointer to Ethernet device.
1042 * Pointer to ptoi table.
1044 * Size of ptoi table provided.
1047 * Size of ptoi table filled.
1050 flow_tcf_build_ptoi_table(struct rte_eth_dev *dev, struct flow_tcf_ptoi *ptoi,
1053 unsigned int n = mlx5_dev_to_port_id(dev->device, NULL, 0);
1054 uint16_t port_id[n + 1];
1056 unsigned int own = 0;
1058 /* At least one port is needed when no switch domain is present. */
1061 port_id[0] = dev->data->port_id;
1063 n = RTE_MIN(mlx5_dev_to_port_id(dev->device, port_id, n), n);
1067 for (i = 0; i != n; ++i) {
1068 struct rte_eth_dev_info dev_info;
1070 rte_eth_dev_info_get(port_id[i], &dev_info);
1071 if (port_id[i] == dev->data->port_id)
1073 ptoi[i].port_id = port_id[i];
1074 ptoi[i].ifindex = dev_info.if_index;
1076 /* Ensure first entry of ptoi[] is the current device. */
1079 ptoi[0] = ptoi[own];
1080 ptoi[own] = ptoi[n];
1082 /* An entry with zero ifindex terminates ptoi[]. */
1083 ptoi[n].port_id = 0;
1084 ptoi[n].ifindex = 0;
1089 * Verify the @p attr will be correctly understood by the E-switch.
1092 * Pointer to flow attributes
1094 * Pointer to error structure.
1097 * 0 on success, a negative errno value otherwise and rte_errno is set.
1100 flow_tcf_validate_attributes(const struct rte_flow_attr *attr,
1101 struct rte_flow_error *error)
1104 * Supported attributes: groups, some priorities and ingress only.
1105 * group is supported only if kernel supports chain. Don't care about
1106 * transfer as it is the caller's problem.
1108 if (attr->group > MLX5_TCF_GROUP_ID_MAX)
1109 return rte_flow_error_set(error, ENOTSUP,
1110 RTE_FLOW_ERROR_TYPE_ATTR_GROUP, attr,
1111 "group ID larger than "
1112 RTE_STR(MLX5_TCF_GROUP_ID_MAX)
1113 " isn't supported");
1114 else if (attr->priority > MLX5_TCF_GROUP_PRIORITY_MAX)
1115 return rte_flow_error_set(error, ENOTSUP,
1116 RTE_FLOW_ERROR_TYPE_ATTR_PRIORITY,
1118 "priority more than "
1119 RTE_STR(MLX5_TCF_GROUP_PRIORITY_MAX)
1120 " is not supported");
1122 return rte_flow_error_set(error, EINVAL,
1123 RTE_FLOW_ERROR_TYPE_ATTR_INGRESS,
1124 attr, "only ingress is supported");
1126 return rte_flow_error_set(error, ENOTSUP,
1127 RTE_FLOW_ERROR_TYPE_ATTR_INGRESS,
1128 attr, "egress is not supported");
1133 * Validate VXLAN_ENCAP action RTE_FLOW_ITEM_TYPE_ETH item for E-Switch.
1134 * The routine checks the L2 fields to be used in encapsulation header.
1137 * Pointer to the item structure.
1139 * Pointer to the error structure.
1142 * 0 on success, a negative errno value otherwise and rte_errno is set.
1145 flow_tcf_validate_vxlan_encap_eth(const struct rte_flow_item *item,
1146 struct rte_flow_error *error)
1148 const struct rte_flow_item_eth *spec = item->spec;
1149 const struct rte_flow_item_eth *mask = item->mask;
1153 * Specification for L2 addresses can be empty
1154 * because these ones are optional and not
1155 * required directly by tc rule. Kernel tries
1156 * to resolve these ones on its own
1161 /* If mask is not specified use the default one. */
1162 mask = &rte_flow_item_eth_mask;
1164 if (memcmp(&mask->dst,
1165 &flow_tcf_mask_empty.eth.dst,
1166 sizeof(flow_tcf_mask_empty.eth.dst))) {
1167 if (memcmp(&mask->dst,
1168 &rte_flow_item_eth_mask.dst,
1169 sizeof(rte_flow_item_eth_mask.dst)))
1170 return rte_flow_error_set
1172 RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1173 "no support for partial mask on"
1174 " \"eth.dst\" field");
1176 if (memcmp(&mask->src,
1177 &flow_tcf_mask_empty.eth.src,
1178 sizeof(flow_tcf_mask_empty.eth.src))) {
1179 if (memcmp(&mask->src,
1180 &rte_flow_item_eth_mask.src,
1181 sizeof(rte_flow_item_eth_mask.src)))
1182 return rte_flow_error_set
1184 RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1185 "no support for partial mask on"
1186 " \"eth.src\" field");
1188 if (mask->type != RTE_BE16(0x0000)) {
1189 if (mask->type != RTE_BE16(0xffff))
1190 return rte_flow_error_set
1192 RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1193 "no support for partial mask on"
1194 " \"eth.type\" field");
1196 "outer ethernet type field"
1197 " cannot be forced for vxlan"
1198 " encapsulation, parameter ignored");
1204 * Validate VXLAN_ENCAP action RTE_FLOW_ITEM_TYPE_IPV4 item for E-Switch.
1205 * The routine checks the IPv4 fields to be used in encapsulation header.
1208 * Pointer to the item structure.
1210 * Pointer to the error structure.
1213 * 0 on success, a negative errno value otherwise and rte_errno is set.
1216 flow_tcf_validate_vxlan_encap_ipv4(const struct rte_flow_item *item,
1217 struct rte_flow_error *error)
1219 const struct rte_flow_item_ipv4 *spec = item->spec;
1220 const struct rte_flow_item_ipv4 *mask = item->mask;
1224 * Specification for IP addresses cannot be empty
1225 * because it is required by tunnel_key parameter.
1227 return rte_flow_error_set(error, EINVAL,
1228 RTE_FLOW_ERROR_TYPE_ITEM, item,
1229 "NULL outer ipv4 address"
1230 " specification for vxlan"
1234 mask = &rte_flow_item_ipv4_mask;
1235 if (mask->hdr.dst_addr != RTE_BE32(0x00000000)) {
1236 if (mask->hdr.dst_addr != RTE_BE32(0xffffffff))
1237 return rte_flow_error_set
1239 RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1240 "no support for partial mask on"
1241 " \"ipv4.hdr.dst_addr\" field"
1242 " for vxlan encapsulation");
1243 /* More IPv4 address validations can be put here. */
1246 * Kernel uses the destination IP address to determine
1247 * the routing path and obtain the MAC destination
1248 * address, so IP destination address must be
1249 * specified in the tc rule.
1251 return rte_flow_error_set(error, EINVAL,
1252 RTE_FLOW_ERROR_TYPE_ITEM, item,
1253 "outer ipv4 destination address"
1254 " must be specified for"
1255 " vxlan encapsulation");
1257 if (mask->hdr.src_addr != RTE_BE32(0x00000000)) {
1258 if (mask->hdr.src_addr != RTE_BE32(0xffffffff))
1259 return rte_flow_error_set
1261 RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1262 "no support for partial mask on"
1263 " \"ipv4.hdr.src_addr\" field"
1264 " for vxlan encapsulation");
1265 /* More IPv4 address validations can be put here. */
1268 * Kernel uses the source IP address to select the
1269 * interface for egress encapsulated traffic, so
1270 * it must be specified in the tc rule.
1272 return rte_flow_error_set(error, EINVAL,
1273 RTE_FLOW_ERROR_TYPE_ITEM, item,
1274 "outer ipv4 source address"
1275 " must be specified for"
1276 " vxlan encapsulation");
1282 * Validate VXLAN_ENCAP action RTE_FLOW_ITEM_TYPE_IPV6 item for E-Switch.
1283 * The routine checks the IPv6 fields to be used in encapsulation header.
1286 * Pointer to the item structure.
1288 * Pointer to the error structure.
1291 * 0 on success, a negative errno value otherwise and rte_errno is set.
1294 flow_tcf_validate_vxlan_encap_ipv6(const struct rte_flow_item *item,
1295 struct rte_flow_error *error)
1297 const struct rte_flow_item_ipv6 *spec = item->spec;
1298 const struct rte_flow_item_ipv6 *mask = item->mask;
1302 * Specification for IP addresses cannot be empty
1303 * because it is required by tunnel_key parameter.
1305 return rte_flow_error_set(error, EINVAL,
1306 RTE_FLOW_ERROR_TYPE_ITEM, item,
1307 "NULL outer ipv6 address"
1308 " specification for"
1309 " vxlan encapsulation");
1312 mask = &rte_flow_item_ipv6_mask;
1313 if (memcmp(&mask->hdr.dst_addr,
1314 &flow_tcf_mask_empty.ipv6.hdr.dst_addr,
1316 if (memcmp(&mask->hdr.dst_addr,
1317 &rte_flow_item_ipv6_mask.hdr.dst_addr,
1319 return rte_flow_error_set
1321 RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1322 "no support for partial mask on"
1323 " \"ipv6.hdr.dst_addr\" field"
1324 " for vxlan encapsulation");
1325 /* More IPv6 address validations can be put here. */
1328 * Kernel uses the destination IP address to determine
1329 * the routing path and obtain the MAC destination
1330 * address (heigh or gate), so IP destination address
1331 * must be specified within the tc rule.
1333 return rte_flow_error_set(error, EINVAL,
1334 RTE_FLOW_ERROR_TYPE_ITEM, item,
1335 "outer ipv6 destination address"
1336 " must be specified for"
1337 " vxlan encapsulation");
1339 if (memcmp(&mask->hdr.src_addr,
1340 &flow_tcf_mask_empty.ipv6.hdr.src_addr,
1342 if (memcmp(&mask->hdr.src_addr,
1343 &rte_flow_item_ipv6_mask.hdr.src_addr,
1345 return rte_flow_error_set
1347 RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1348 "no support for partial mask on"
1349 " \"ipv6.hdr.src_addr\" field"
1350 " for vxlan encapsulation");
1351 /* More L3 address validation can be put here. */
1354 * Kernel uses the source IP address to select the
1355 * interface for egress encapsulated traffic, so
1356 * it must be specified in the tc rule.
1358 return rte_flow_error_set(error, EINVAL,
1359 RTE_FLOW_ERROR_TYPE_ITEM, item,
1360 "outer L3 source address"
1361 " must be specified for"
1362 " vxlan encapsulation");
1368 * Validate VXLAN_ENCAP action RTE_FLOW_ITEM_TYPE_UDP item for E-Switch.
1369 * The routine checks the UDP fields to be used in encapsulation header.
1372 * Pointer to the item structure.
1374 * Pointer to the error structure.
1377 * 0 on success, a negative errno value otherwise and rte_errno is set.
1380 flow_tcf_validate_vxlan_encap_udp(const struct rte_flow_item *item,
1381 struct rte_flow_error *error)
1383 const struct rte_flow_item_udp *spec = item->spec;
1384 const struct rte_flow_item_udp *mask = item->mask;
1388 * Specification for UDP ports cannot be empty
1389 * because it is required by tunnel_key parameter.
1391 return rte_flow_error_set(error, EINVAL,
1392 RTE_FLOW_ERROR_TYPE_ITEM, item,
1393 "NULL UDP port specification "
1394 " for vxlan encapsulation");
1397 mask = &rte_flow_item_udp_mask;
1398 if (mask->hdr.dst_port != RTE_BE16(0x0000)) {
1399 if (mask->hdr.dst_port != RTE_BE16(0xffff))
1400 return rte_flow_error_set
1402 RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1403 "no support for partial mask on"
1404 " \"udp.hdr.dst_port\" field"
1405 " for vxlan encapsulation");
1406 if (!spec->hdr.dst_port)
1407 return rte_flow_error_set
1409 RTE_FLOW_ERROR_TYPE_ITEM, item,
1410 "outer UDP remote port cannot be"
1411 " 0 for vxlan encapsulation");
1413 return rte_flow_error_set(error, EINVAL,
1414 RTE_FLOW_ERROR_TYPE_ITEM, item,
1415 "outer UDP remote port"
1416 " must be specified for"
1417 " vxlan encapsulation");
1419 if (mask->hdr.src_port != RTE_BE16(0x0000)) {
1420 if (mask->hdr.src_port != RTE_BE16(0xffff))
1421 return rte_flow_error_set
1423 RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1424 "no support for partial mask on"
1425 " \"udp.hdr.src_port\" field"
1426 " for vxlan encapsulation");
1428 "outer UDP source port cannot be"
1429 " forced for vxlan encapsulation,"
1430 " parameter ignored");
1436 * Validate VXLAN_ENCAP action RTE_FLOW_ITEM_TYPE_VXLAN item for E-Switch.
1437 * The routine checks the VNIP fields to be used in encapsulation header.
1440 * Pointer to the item structure.
1442 * Pointer to the error structure.
1445 * 0 on success, a negative errno value otherwise and rte_errno is set.
1448 flow_tcf_validate_vxlan_encap_vni(const struct rte_flow_item *item,
1449 struct rte_flow_error *error)
1451 const struct rte_flow_item_vxlan *spec = item->spec;
1452 const struct rte_flow_item_vxlan *mask = item->mask;
1455 /* Outer VNI is required by tunnel_key parameter. */
1456 return rte_flow_error_set(error, EINVAL,
1457 RTE_FLOW_ERROR_TYPE_ITEM, item,
1458 "NULL VNI specification"
1459 " for vxlan encapsulation");
1462 mask = &rte_flow_item_vxlan_mask;
1463 if (!mask->vni[0] && !mask->vni[1] && !mask->vni[2])
1464 return rte_flow_error_set(error, EINVAL,
1465 RTE_FLOW_ERROR_TYPE_ITEM, item,
1466 "outer VNI must be specified "
1467 "for vxlan encapsulation");
1468 if (mask->vni[0] != 0xff ||
1469 mask->vni[1] != 0xff ||
1470 mask->vni[2] != 0xff)
1471 return rte_flow_error_set(error, ENOTSUP,
1472 RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1473 "no support for partial mask on"
1474 " \"vxlan.vni\" field");
1476 if (!spec->vni[0] && !spec->vni[1] && !spec->vni[2])
1477 return rte_flow_error_set(error, EINVAL,
1478 RTE_FLOW_ERROR_TYPE_ITEM, item,
1479 "vxlan vni cannot be 0");
1484 * Validate VXLAN_ENCAP action item list for E-Switch.
1485 * The routine checks items to be used in encapsulation header.
1488 * Pointer to the VXLAN_ENCAP action structure.
1490 * Pointer to the error structure.
1493 * 0 on success, a negative errno value otherwise and rte_errno is set.
1496 flow_tcf_validate_vxlan_encap(const struct rte_flow_action *action,
1497 struct rte_flow_error *error)
1499 const struct rte_flow_item *items;
1501 uint32_t item_flags = 0;
1504 return rte_flow_error_set(error, EINVAL,
1505 RTE_FLOW_ERROR_TYPE_ACTION, action,
1506 "Missing vxlan tunnel"
1507 " action configuration");
1508 items = ((const struct rte_flow_action_vxlan_encap *)
1509 action->conf)->definition;
1511 return rte_flow_error_set(error, EINVAL,
1512 RTE_FLOW_ERROR_TYPE_ACTION, action,
1513 "Missing vxlan tunnel"
1514 " encapsulation parameters");
1515 for (; items->type != RTE_FLOW_ITEM_TYPE_END; items++) {
1516 switch (items->type) {
1517 case RTE_FLOW_ITEM_TYPE_VOID:
1519 case RTE_FLOW_ITEM_TYPE_ETH:
1520 ret = mlx5_flow_validate_item_eth(items, item_flags,
1524 ret = flow_tcf_validate_vxlan_encap_eth(items, error);
1527 item_flags |= MLX5_FLOW_LAYER_OUTER_L2;
1530 case RTE_FLOW_ITEM_TYPE_IPV4:
1531 ret = mlx5_flow_validate_item_ipv4(items, item_flags,
1535 ret = flow_tcf_validate_vxlan_encap_ipv4(items, error);
1538 item_flags |= MLX5_FLOW_LAYER_OUTER_L3_IPV4;
1540 case RTE_FLOW_ITEM_TYPE_IPV6:
1541 ret = mlx5_flow_validate_item_ipv6(items, item_flags,
1545 ret = flow_tcf_validate_vxlan_encap_ipv6(items, error);
1548 item_flags |= MLX5_FLOW_LAYER_OUTER_L3_IPV6;
1550 case RTE_FLOW_ITEM_TYPE_UDP:
1551 ret = mlx5_flow_validate_item_udp(items, item_flags,
1555 ret = flow_tcf_validate_vxlan_encap_udp(items, error);
1558 item_flags |= MLX5_FLOW_LAYER_OUTER_L4_UDP;
1560 case RTE_FLOW_ITEM_TYPE_VXLAN:
1561 ret = mlx5_flow_validate_item_vxlan(items,
1565 ret = flow_tcf_validate_vxlan_encap_vni(items, error);
1568 item_flags |= MLX5_FLOW_LAYER_VXLAN;
1571 return rte_flow_error_set
1573 RTE_FLOW_ERROR_TYPE_ITEM, items,
1574 "vxlan encap item not supported");
1577 if (!(item_flags & MLX5_FLOW_LAYER_OUTER_L3))
1578 return rte_flow_error_set(error, EINVAL,
1579 RTE_FLOW_ERROR_TYPE_ACTION, action,
1580 "no outer IP layer found"
1581 " for vxlan encapsulation");
1582 if (!(item_flags & MLX5_FLOW_LAYER_OUTER_L4_UDP))
1583 return rte_flow_error_set(error, EINVAL,
1584 RTE_FLOW_ERROR_TYPE_ACTION, action,
1585 "no outer UDP layer found"
1586 " for vxlan encapsulation");
1587 if (!(item_flags & MLX5_FLOW_LAYER_VXLAN))
1588 return rte_flow_error_set(error, EINVAL,
1589 RTE_FLOW_ERROR_TYPE_ACTION, action,
1590 "no VXLAN VNI found"
1591 " for vxlan encapsulation");
1596 * Validate outer RTE_FLOW_ITEM_TYPE_UDP item if tunnel item
1597 * RTE_FLOW_ITEM_TYPE_VXLAN is present in item list.
1600 * Outer UDP layer item (if any, NULL otherwise).
1602 * Pointer to the error structure.
1605 * 0 on success, a negative errno value otherwise and rte_errno is set.
1608 flow_tcf_validate_vxlan_decap_udp(const struct rte_flow_item *udp,
1609 struct rte_flow_error *error)
1611 const struct rte_flow_item_udp *spec = udp->spec;
1612 const struct rte_flow_item_udp *mask = udp->mask;
1616 * Specification for UDP ports cannot be empty
1617 * because it is required as decap parameter.
1619 return rte_flow_error_set(error, EINVAL,
1620 RTE_FLOW_ERROR_TYPE_ITEM, udp,
1621 "NULL UDP port specification"
1622 " for VXLAN decapsulation");
1624 mask = &rte_flow_item_udp_mask;
1625 if (mask->hdr.dst_port != RTE_BE16(0x0000)) {
1626 if (mask->hdr.dst_port != RTE_BE16(0xffff))
1627 return rte_flow_error_set
1629 RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1630 "no support for partial mask on"
1631 " \"udp.hdr.dst_port\" field");
1632 if (!spec->hdr.dst_port)
1633 return rte_flow_error_set
1635 RTE_FLOW_ERROR_TYPE_ITEM, udp,
1636 "zero decap local UDP port");
1638 return rte_flow_error_set(error, EINVAL,
1639 RTE_FLOW_ERROR_TYPE_ITEM, udp,
1640 "outer UDP destination port must be "
1641 "specified for vxlan decapsulation");
1643 if (mask->hdr.src_port != RTE_BE16(0x0000)) {
1644 if (mask->hdr.src_port != RTE_BE16(0xffff))
1645 return rte_flow_error_set
1647 RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1648 "no support for partial mask on"
1649 " \"udp.hdr.src_port\" field");
1651 "outer UDP local port cannot be "
1652 "forced for VXLAN encapsulation, "
1653 "parameter ignored");
1659 * Validate flow for E-Switch.
1662 * Pointer to the priv structure.
1664 * Pointer to the flow attributes.
1666 * Pointer to the list of items.
1667 * @param[in] actions
1668 * Pointer to the list of actions.
1670 * Pointer to the error structure.
1673 * 0 on success, a negative errno value otherwise and rte_errno is set.
1676 flow_tcf_validate(struct rte_eth_dev *dev,
1677 const struct rte_flow_attr *attr,
1678 const struct rte_flow_item items[],
1679 const struct rte_flow_action actions[],
1680 struct rte_flow_error *error)
1683 const struct rte_flow_item_port_id *port_id;
1684 const struct rte_flow_item_eth *eth;
1685 const struct rte_flow_item_vlan *vlan;
1686 const struct rte_flow_item_ipv4 *ipv4;
1687 const struct rte_flow_item_ipv6 *ipv6;
1688 const struct rte_flow_item_tcp *tcp;
1689 const struct rte_flow_item_udp *udp;
1690 const struct rte_flow_item_vxlan *vxlan;
1693 const struct rte_flow_action_port_id *port_id;
1694 const struct rte_flow_action_jump *jump;
1695 const struct rte_flow_action_of_push_vlan *of_push_vlan;
1696 const struct rte_flow_action_of_set_vlan_vid *
1698 const struct rte_flow_action_of_set_vlan_pcp *
1700 const struct rte_flow_action_vxlan_encap *vxlan_encap;
1701 const struct rte_flow_action_set_ipv4 *set_ipv4;
1702 const struct rte_flow_action_set_ipv6 *set_ipv6;
1704 const struct rte_flow_item *outer_udp = NULL;
1705 rte_be16_t inner_etype = RTE_BE16(ETH_P_ALL);
1706 rte_be16_t outer_etype = RTE_BE16(ETH_P_ALL);
1707 rte_be16_t vlan_etype = RTE_BE16(ETH_P_ALL);
1708 uint64_t item_flags = 0;
1709 uint64_t action_flags = 0;
1710 uint8_t next_protocol = 0xff;
1711 unsigned int tcm_ifindex = 0;
1712 uint8_t pedit_validated = 0;
1713 struct flow_tcf_ptoi ptoi[PTOI_TABLE_SZ_MAX(dev)];
1714 struct rte_eth_dev *port_id_dev = NULL;
1715 bool in_port_id_set;
1718 claim_nonzero(flow_tcf_build_ptoi_table(dev, ptoi,
1719 PTOI_TABLE_SZ_MAX(dev)));
1720 ret = flow_tcf_validate_attributes(attr, error);
1723 for (; actions->type != RTE_FLOW_ACTION_TYPE_END; actions++) {
1725 uint64_t current_action_flag = 0;
1727 switch (actions->type) {
1728 case RTE_FLOW_ACTION_TYPE_VOID:
1730 case RTE_FLOW_ACTION_TYPE_PORT_ID:
1731 current_action_flag = MLX5_FLOW_ACTION_PORT_ID;
1734 conf.port_id = actions->conf;
1735 if (conf.port_id->original)
1738 for (i = 0; ptoi[i].ifindex; ++i)
1739 if (ptoi[i].port_id == conf.port_id->id)
1741 if (!ptoi[i].ifindex)
1742 return rte_flow_error_set
1744 RTE_FLOW_ERROR_TYPE_ACTION_CONF,
1746 "missing data to convert port ID to"
1748 port_id_dev = &rte_eth_devices[conf.port_id->id];
1750 case RTE_FLOW_ACTION_TYPE_JUMP:
1751 current_action_flag = MLX5_FLOW_ACTION_JUMP;
1754 conf.jump = actions->conf;
1755 if (attr->group >= conf.jump->group)
1756 return rte_flow_error_set
1758 RTE_FLOW_ERROR_TYPE_ACTION,
1760 "can jump only to a group forward");
1762 case RTE_FLOW_ACTION_TYPE_DROP:
1763 current_action_flag = MLX5_FLOW_ACTION_DROP;
1765 case RTE_FLOW_ACTION_TYPE_COUNT:
1767 case RTE_FLOW_ACTION_TYPE_OF_POP_VLAN:
1768 current_action_flag = MLX5_FLOW_ACTION_OF_POP_VLAN;
1770 case RTE_FLOW_ACTION_TYPE_OF_PUSH_VLAN: {
1771 rte_be16_t ethertype;
1773 current_action_flag = MLX5_FLOW_ACTION_OF_PUSH_VLAN;
1776 conf.of_push_vlan = actions->conf;
1777 ethertype = conf.of_push_vlan->ethertype;
1778 if (ethertype != RTE_BE16(ETH_P_8021Q) &&
1779 ethertype != RTE_BE16(ETH_P_8021AD))
1780 return rte_flow_error_set
1782 RTE_FLOW_ERROR_TYPE_ACTION, actions,
1783 "vlan push TPID must be "
1784 "802.1Q or 802.1AD");
1787 case RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_VID:
1788 if (!(action_flags & MLX5_FLOW_ACTION_OF_PUSH_VLAN))
1789 return rte_flow_error_set
1791 RTE_FLOW_ERROR_TYPE_ACTION, actions,
1792 "vlan modify is not supported,"
1793 " set action must follow push action");
1794 current_action_flag = MLX5_FLOW_ACTION_OF_SET_VLAN_VID;
1796 case RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_PCP:
1797 if (!(action_flags & MLX5_FLOW_ACTION_OF_PUSH_VLAN))
1798 return rte_flow_error_set
1800 RTE_FLOW_ERROR_TYPE_ACTION, actions,
1801 "vlan modify is not supported,"
1802 " set action must follow push action");
1803 current_action_flag = MLX5_FLOW_ACTION_OF_SET_VLAN_PCP;
1805 case RTE_FLOW_ACTION_TYPE_VXLAN_DECAP:
1806 current_action_flag = MLX5_FLOW_ACTION_VXLAN_DECAP;
1808 case RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP:
1809 ret = flow_tcf_validate_vxlan_encap(actions, error);
1812 current_action_flag = MLX5_FLOW_ACTION_VXLAN_ENCAP;
1814 case RTE_FLOW_ACTION_TYPE_SET_IPV4_SRC:
1815 current_action_flag = MLX5_FLOW_ACTION_SET_IPV4_SRC;
1817 case RTE_FLOW_ACTION_TYPE_SET_IPV4_DST:
1818 current_action_flag = MLX5_FLOW_ACTION_SET_IPV4_DST;
1820 case RTE_FLOW_ACTION_TYPE_SET_IPV6_SRC:
1821 current_action_flag = MLX5_FLOW_ACTION_SET_IPV6_SRC;
1823 case RTE_FLOW_ACTION_TYPE_SET_IPV6_DST:
1824 current_action_flag = MLX5_FLOW_ACTION_SET_IPV6_DST;
1826 case RTE_FLOW_ACTION_TYPE_SET_TP_SRC:
1827 current_action_flag = MLX5_FLOW_ACTION_SET_TP_SRC;
1829 case RTE_FLOW_ACTION_TYPE_SET_TP_DST:
1830 current_action_flag = MLX5_FLOW_ACTION_SET_TP_DST;
1832 case RTE_FLOW_ACTION_TYPE_SET_TTL:
1833 current_action_flag = MLX5_FLOW_ACTION_SET_TTL;
1835 case RTE_FLOW_ACTION_TYPE_DEC_TTL:
1836 current_action_flag = MLX5_FLOW_ACTION_DEC_TTL;
1838 case RTE_FLOW_ACTION_TYPE_SET_MAC_SRC:
1839 current_action_flag = MLX5_FLOW_ACTION_SET_MAC_SRC;
1841 case RTE_FLOW_ACTION_TYPE_SET_MAC_DST:
1842 current_action_flag = MLX5_FLOW_ACTION_SET_MAC_DST;
1845 return rte_flow_error_set(error, ENOTSUP,
1846 RTE_FLOW_ERROR_TYPE_ACTION,
1848 "action not supported");
1850 if (current_action_flag & MLX5_TCF_CONFIG_ACTIONS) {
1852 return rte_flow_error_set
1854 RTE_FLOW_ERROR_TYPE_ACTION_CONF,
1856 "action configuration not set");
1858 if ((current_action_flag & MLX5_TCF_PEDIT_ACTIONS) &&
1860 return rte_flow_error_set(error, ENOTSUP,
1861 RTE_FLOW_ERROR_TYPE_ACTION,
1863 "set actions should be "
1864 "listed successively");
1865 if ((current_action_flag & ~MLX5_TCF_PEDIT_ACTIONS) &&
1866 (action_flags & MLX5_TCF_PEDIT_ACTIONS))
1867 pedit_validated = 1;
1868 if ((current_action_flag & MLX5_TCF_FATE_ACTIONS) &&
1869 (action_flags & MLX5_TCF_FATE_ACTIONS))
1870 return rte_flow_error_set(error, EINVAL,
1871 RTE_FLOW_ERROR_TYPE_ACTION,
1873 "can't have multiple fate"
1875 if ((current_action_flag & MLX5_TCF_VXLAN_ACTIONS) &&
1876 (action_flags & MLX5_TCF_VXLAN_ACTIONS))
1877 return rte_flow_error_set(error, EINVAL,
1878 RTE_FLOW_ERROR_TYPE_ACTION,
1880 "can't have multiple vxlan"
1882 if ((current_action_flag & MLX5_TCF_VXLAN_ACTIONS) &&
1883 (action_flags & MLX5_TCF_VLAN_ACTIONS))
1884 return rte_flow_error_set(error, ENOTSUP,
1885 RTE_FLOW_ERROR_TYPE_ACTION,
1887 "can't have vxlan and vlan"
1888 " actions in the same rule");
1889 action_flags |= current_action_flag;
1891 for (; items->type != RTE_FLOW_ITEM_TYPE_END; items++) {
1894 switch (items->type) {
1895 case RTE_FLOW_ITEM_TYPE_VOID:
1897 case RTE_FLOW_ITEM_TYPE_PORT_ID:
1898 if (item_flags & MLX5_FLOW_LAYER_TUNNEL)
1899 return rte_flow_error_set
1901 RTE_FLOW_ERROR_TYPE_ITEM, items,
1902 "inner tunnel port id"
1903 " item is not supported");
1904 mask.port_id = flow_tcf_item_mask
1905 (items, &rte_flow_item_port_id_mask,
1906 &flow_tcf_mask_supported.port_id,
1907 &flow_tcf_mask_empty.port_id,
1908 sizeof(flow_tcf_mask_supported.port_id),
1912 if (mask.port_id == &flow_tcf_mask_empty.port_id) {
1916 spec.port_id = items->spec;
1917 if (mask.port_id->id && mask.port_id->id != 0xffffffff)
1918 return rte_flow_error_set
1920 RTE_FLOW_ERROR_TYPE_ITEM_MASK,
1922 "no support for partial mask on"
1924 if (!mask.port_id->id)
1927 for (i = 0; ptoi[i].ifindex; ++i)
1928 if (ptoi[i].port_id == spec.port_id->id)
1930 if (!ptoi[i].ifindex)
1931 return rte_flow_error_set
1933 RTE_FLOW_ERROR_TYPE_ITEM_SPEC,
1935 "missing data to convert port ID to"
1937 if (in_port_id_set && ptoi[i].ifindex != tcm_ifindex)
1938 return rte_flow_error_set
1940 RTE_FLOW_ERROR_TYPE_ITEM_SPEC,
1942 "cannot match traffic for"
1943 " several port IDs through"
1944 " a single flow rule");
1945 tcm_ifindex = ptoi[i].ifindex;
1948 case RTE_FLOW_ITEM_TYPE_ETH:
1949 ret = mlx5_flow_validate_item_eth(items, item_flags,
1953 item_flags |= (item_flags & MLX5_FLOW_LAYER_TUNNEL) ?
1954 MLX5_FLOW_LAYER_INNER_L2 :
1955 MLX5_FLOW_LAYER_OUTER_L2;
1957 * Redundant check due to different supported mask.
1958 * Same for the rest of items.
1960 mask.eth = flow_tcf_item_mask
1961 (items, &rte_flow_item_eth_mask,
1962 &flow_tcf_mask_supported.eth,
1963 &flow_tcf_mask_empty.eth,
1964 sizeof(flow_tcf_mask_supported.eth),
1968 if (mask.eth->type && mask.eth->type !=
1970 return rte_flow_error_set
1972 RTE_FLOW_ERROR_TYPE_ITEM_MASK,
1974 "no support for partial mask on"
1976 assert(items->spec);
1977 spec.eth = items->spec;
1978 if (mask.eth->type &&
1979 (item_flags & MLX5_FLOW_LAYER_TUNNEL) &&
1980 inner_etype != RTE_BE16(ETH_P_ALL) &&
1981 inner_etype != spec.eth->type)
1982 return rte_flow_error_set
1984 RTE_FLOW_ERROR_TYPE_ITEM,
1986 "inner eth_type conflict");
1987 if (mask.eth->type &&
1988 !(item_flags & MLX5_FLOW_LAYER_TUNNEL) &&
1989 outer_etype != RTE_BE16(ETH_P_ALL) &&
1990 outer_etype != spec.eth->type)
1991 return rte_flow_error_set
1993 RTE_FLOW_ERROR_TYPE_ITEM,
1995 "outer eth_type conflict");
1996 if (mask.eth->type) {
1997 if (item_flags & MLX5_FLOW_LAYER_TUNNEL)
1998 inner_etype = spec.eth->type;
2000 outer_etype = spec.eth->type;
2003 case RTE_FLOW_ITEM_TYPE_VLAN:
2004 if (item_flags & MLX5_FLOW_LAYER_TUNNEL)
2005 return rte_flow_error_set
2007 RTE_FLOW_ERROR_TYPE_ITEM, items,
2009 " is not supported");
2010 ret = mlx5_flow_validate_item_vlan(items, item_flags,
2014 item_flags |= MLX5_FLOW_LAYER_OUTER_VLAN;
2015 mask.vlan = flow_tcf_item_mask
2016 (items, &rte_flow_item_vlan_mask,
2017 &flow_tcf_mask_supported.vlan,
2018 &flow_tcf_mask_empty.vlan,
2019 sizeof(flow_tcf_mask_supported.vlan),
2023 if ((mask.vlan->tci & RTE_BE16(0xe000) &&
2024 (mask.vlan->tci & RTE_BE16(0xe000)) !=
2025 RTE_BE16(0xe000)) ||
2026 (mask.vlan->tci & RTE_BE16(0x0fff) &&
2027 (mask.vlan->tci & RTE_BE16(0x0fff)) !=
2028 RTE_BE16(0x0fff)) ||
2029 (mask.vlan->inner_type &&
2030 mask.vlan->inner_type != RTE_BE16(0xffff)))
2031 return rte_flow_error_set
2033 RTE_FLOW_ERROR_TYPE_ITEM_MASK,
2035 "no support for partial masks on"
2036 " \"tci\" (PCP and VID parts) and"
2037 " \"inner_type\" fields");
2038 if (outer_etype != RTE_BE16(ETH_P_ALL) &&
2039 outer_etype != RTE_BE16(ETH_P_8021Q))
2040 return rte_flow_error_set
2042 RTE_FLOW_ERROR_TYPE_ITEM,
2044 "outer eth_type conflict,"
2046 outer_etype = RTE_BE16(ETH_P_8021Q);
2047 assert(items->spec);
2048 spec.vlan = items->spec;
2049 if (mask.vlan->inner_type &&
2050 vlan_etype != RTE_BE16(ETH_P_ALL) &&
2051 vlan_etype != spec.vlan->inner_type)
2052 return rte_flow_error_set
2054 RTE_FLOW_ERROR_TYPE_ITEM,
2056 "vlan eth_type conflict");
2057 if (mask.vlan->inner_type)
2058 vlan_etype = spec.vlan->inner_type;
2060 case RTE_FLOW_ITEM_TYPE_IPV4:
2061 ret = mlx5_flow_validate_item_ipv4(items, item_flags,
2065 item_flags |= (item_flags & MLX5_FLOW_LAYER_TUNNEL) ?
2066 MLX5_FLOW_LAYER_INNER_L3_IPV4 :
2067 MLX5_FLOW_LAYER_OUTER_L3_IPV4;
2068 mask.ipv4 = flow_tcf_item_mask
2069 (items, &rte_flow_item_ipv4_mask,
2070 &flow_tcf_mask_supported.ipv4,
2071 &flow_tcf_mask_empty.ipv4,
2072 sizeof(flow_tcf_mask_supported.ipv4),
2076 if (mask.ipv4->hdr.next_proto_id &&
2077 mask.ipv4->hdr.next_proto_id != 0xff)
2078 return rte_flow_error_set
2080 RTE_FLOW_ERROR_TYPE_ITEM_MASK,
2082 "no support for partial mask on"
2083 " \"hdr.next_proto_id\" field");
2084 else if (mask.ipv4->hdr.next_proto_id)
2086 ((const struct rte_flow_item_ipv4 *)
2087 (items->spec))->hdr.next_proto_id;
2088 if (item_flags & MLX5_FLOW_LAYER_TUNNEL) {
2089 if (inner_etype != RTE_BE16(ETH_P_ALL) &&
2090 inner_etype != RTE_BE16(ETH_P_IP))
2091 return rte_flow_error_set
2093 RTE_FLOW_ERROR_TYPE_ITEM,
2095 "inner eth_type conflict,"
2096 " IPv4 is required");
2097 inner_etype = RTE_BE16(ETH_P_IP);
2098 } else if (item_flags & MLX5_FLOW_LAYER_OUTER_VLAN) {
2099 if (vlan_etype != RTE_BE16(ETH_P_ALL) &&
2100 vlan_etype != RTE_BE16(ETH_P_IP))
2101 return rte_flow_error_set
2103 RTE_FLOW_ERROR_TYPE_ITEM,
2105 "vlan eth_type conflict,"
2106 " IPv4 is required");
2107 vlan_etype = RTE_BE16(ETH_P_IP);
2109 if (outer_etype != RTE_BE16(ETH_P_ALL) &&
2110 outer_etype != RTE_BE16(ETH_P_IP))
2111 return rte_flow_error_set
2113 RTE_FLOW_ERROR_TYPE_ITEM,
2115 "eth_type conflict,"
2116 " IPv4 is required");
2117 outer_etype = RTE_BE16(ETH_P_IP);
2120 case RTE_FLOW_ITEM_TYPE_IPV6:
2121 ret = mlx5_flow_validate_item_ipv6(items, item_flags,
2125 item_flags |= (item_flags & MLX5_FLOW_LAYER_TUNNEL) ?
2126 MLX5_FLOW_LAYER_INNER_L3_IPV6 :
2127 MLX5_FLOW_LAYER_OUTER_L3_IPV6;
2128 mask.ipv6 = flow_tcf_item_mask
2129 (items, &rte_flow_item_ipv6_mask,
2130 &flow_tcf_mask_supported.ipv6,
2131 &flow_tcf_mask_empty.ipv6,
2132 sizeof(flow_tcf_mask_supported.ipv6),
2136 if (mask.ipv6->hdr.proto &&
2137 mask.ipv6->hdr.proto != 0xff)
2138 return rte_flow_error_set
2140 RTE_FLOW_ERROR_TYPE_ITEM_MASK,
2142 "no support for partial mask on"
2143 " \"hdr.proto\" field");
2144 else if (mask.ipv6->hdr.proto)
2146 ((const struct rte_flow_item_ipv6 *)
2147 (items->spec))->hdr.proto;
2148 if (item_flags & MLX5_FLOW_LAYER_TUNNEL) {
2149 if (inner_etype != RTE_BE16(ETH_P_ALL) &&
2150 inner_etype != RTE_BE16(ETH_P_IPV6))
2151 return rte_flow_error_set
2153 RTE_FLOW_ERROR_TYPE_ITEM,
2155 "inner eth_type conflict,"
2156 " IPv6 is required");
2157 inner_etype = RTE_BE16(ETH_P_IPV6);
2158 } else if (item_flags & MLX5_FLOW_LAYER_OUTER_VLAN) {
2159 if (vlan_etype != RTE_BE16(ETH_P_ALL) &&
2160 vlan_etype != RTE_BE16(ETH_P_IPV6))
2161 return rte_flow_error_set
2163 RTE_FLOW_ERROR_TYPE_ITEM,
2165 "vlan eth_type conflict,"
2166 " IPv6 is required");
2167 vlan_etype = RTE_BE16(ETH_P_IPV6);
2169 if (outer_etype != RTE_BE16(ETH_P_ALL) &&
2170 outer_etype != RTE_BE16(ETH_P_IPV6))
2171 return rte_flow_error_set
2173 RTE_FLOW_ERROR_TYPE_ITEM,
2175 "eth_type conflict,"
2176 " IPv6 is required");
2177 outer_etype = RTE_BE16(ETH_P_IPV6);
2180 case RTE_FLOW_ITEM_TYPE_UDP:
2181 ret = mlx5_flow_validate_item_udp(items, item_flags,
2182 next_protocol, error);
2185 item_flags |= (item_flags & MLX5_FLOW_LAYER_TUNNEL) ?
2186 MLX5_FLOW_LAYER_INNER_L4_UDP :
2187 MLX5_FLOW_LAYER_OUTER_L4_UDP;
2188 mask.udp = flow_tcf_item_mask
2189 (items, &rte_flow_item_udp_mask,
2190 &flow_tcf_mask_supported.udp,
2191 &flow_tcf_mask_empty.udp,
2192 sizeof(flow_tcf_mask_supported.udp),
2197 * Save the presumed outer UDP item for extra check
2198 * if the tunnel item will be found later in the list.
2200 if (!(item_flags & MLX5_FLOW_LAYER_TUNNEL))
2203 case RTE_FLOW_ITEM_TYPE_TCP:
2204 ret = mlx5_flow_validate_item_tcp
2207 &flow_tcf_mask_supported.tcp,
2211 item_flags |= (item_flags & MLX5_FLOW_LAYER_TUNNEL) ?
2212 MLX5_FLOW_LAYER_INNER_L4_TCP :
2213 MLX5_FLOW_LAYER_OUTER_L4_TCP;
2214 mask.tcp = flow_tcf_item_mask
2215 (items, &rte_flow_item_tcp_mask,
2216 &flow_tcf_mask_supported.tcp,
2217 &flow_tcf_mask_empty.tcp,
2218 sizeof(flow_tcf_mask_supported.tcp),
2223 case RTE_FLOW_ITEM_TYPE_VXLAN:
2224 if (item_flags & MLX5_FLOW_LAYER_OUTER_VLAN)
2225 return rte_flow_error_set
2227 RTE_FLOW_ERROR_TYPE_ITEM, items,
2228 "vxlan tunnel over vlan"
2229 " is not supported");
2230 ret = mlx5_flow_validate_item_vxlan(items,
2234 item_flags |= MLX5_FLOW_LAYER_VXLAN;
2235 mask.vxlan = flow_tcf_item_mask
2236 (items, &rte_flow_item_vxlan_mask,
2237 &flow_tcf_mask_supported.vxlan,
2238 &flow_tcf_mask_empty.vxlan,
2239 sizeof(flow_tcf_mask_supported.vxlan), error);
2242 if (mask.vxlan->vni[0] != 0xff ||
2243 mask.vxlan->vni[1] != 0xff ||
2244 mask.vxlan->vni[2] != 0xff)
2245 return rte_flow_error_set
2247 RTE_FLOW_ERROR_TYPE_ITEM_MASK,
2249 "no support for partial or "
2250 "empty mask on \"vxlan.vni\" field");
2252 * The VNI item assumes the VXLAN tunnel, it requires
2253 * at least the outer destination UDP port must be
2254 * specified without wildcards to allow kernel select
2255 * the virtual VXLAN device by port. Also outer IPv4
2256 * or IPv6 item must be specified (wilcards or even
2257 * zero mask are allowed) to let driver know the tunnel
2258 * IP version and process UDP traffic correctly.
2261 (MLX5_FLOW_LAYER_OUTER_L3_IPV4 |
2262 MLX5_FLOW_LAYER_OUTER_L3_IPV6)))
2263 return rte_flow_error_set
2265 RTE_FLOW_ERROR_TYPE_ACTION,
2267 "no outer IP pattern found"
2268 " for vxlan tunnel");
2269 if (!(item_flags & MLX5_FLOW_LAYER_OUTER_L4_UDP))
2270 return rte_flow_error_set
2272 RTE_FLOW_ERROR_TYPE_ACTION,
2274 "no outer UDP pattern found"
2275 " for vxlan tunnel");
2277 * All items preceding the tunnel item become outer
2278 * ones and we should do extra validation for them
2279 * due to tc limitations for tunnel outer parameters.
2280 * Currently only outer UDP item requres extra check,
2281 * use the saved pointer instead of item list rescan.
2284 ret = flow_tcf_validate_vxlan_decap_udp
2288 /* Reset L4 protocol for inner parameters. */
2289 next_protocol = 0xff;
2292 return rte_flow_error_set(error, ENOTSUP,
2293 RTE_FLOW_ERROR_TYPE_ITEM,
2294 items, "item not supported");
2297 if ((action_flags & MLX5_TCF_PEDIT_ACTIONS) &&
2298 (action_flags & MLX5_FLOW_ACTION_DROP))
2299 return rte_flow_error_set(error, ENOTSUP,
2300 RTE_FLOW_ERROR_TYPE_ACTION,
2302 "set action is not compatible with "
2304 if ((action_flags & MLX5_TCF_PEDIT_ACTIONS) &&
2305 !(action_flags & MLX5_FLOW_ACTION_PORT_ID))
2306 return rte_flow_error_set(error, ENOTSUP,
2307 RTE_FLOW_ERROR_TYPE_ACTION,
2309 "set action must be followed by "
2312 (MLX5_FLOW_ACTION_SET_IPV4_SRC | MLX5_FLOW_ACTION_SET_IPV4_DST)) {
2313 if (!(item_flags & MLX5_FLOW_LAYER_OUTER_L3_IPV4))
2314 return rte_flow_error_set(error, EINVAL,
2315 RTE_FLOW_ERROR_TYPE_ACTION,
2317 "no ipv4 item found in"
2321 (MLX5_FLOW_ACTION_SET_IPV6_SRC | MLX5_FLOW_ACTION_SET_IPV6_DST)) {
2322 if (!(item_flags & MLX5_FLOW_LAYER_OUTER_L3_IPV6))
2323 return rte_flow_error_set(error, EINVAL,
2324 RTE_FLOW_ERROR_TYPE_ACTION,
2326 "no ipv6 item found in"
2330 (MLX5_FLOW_ACTION_SET_TP_SRC | MLX5_FLOW_ACTION_SET_TP_DST)) {
2332 (MLX5_FLOW_LAYER_OUTER_L4_UDP |
2333 MLX5_FLOW_LAYER_OUTER_L4_TCP)))
2334 return rte_flow_error_set(error, EINVAL,
2335 RTE_FLOW_ERROR_TYPE_ACTION,
2337 "no TCP/UDP item found in"
2341 * FW syndrome (0xA9C090):
2342 * set_flow_table_entry: push vlan action fte in fdb can ONLY be
2343 * forward to the uplink.
2345 if ((action_flags & MLX5_FLOW_ACTION_OF_PUSH_VLAN) &&
2346 (action_flags & MLX5_FLOW_ACTION_PORT_ID) &&
2347 ((struct priv *)port_id_dev->data->dev_private)->representor)
2348 return rte_flow_error_set(error, ENOTSUP,
2349 RTE_FLOW_ERROR_TYPE_ACTION, actions,
2350 "vlan push can only be applied"
2351 " when forwarding to uplink port");
2353 * FW syndrome (0x294609):
2354 * set_flow_table_entry: modify/pop/push actions in fdb flow table
2355 * are supported only while forwarding to vport.
2357 if ((action_flags & MLX5_TCF_VLAN_ACTIONS) &&
2358 !(action_flags & MLX5_FLOW_ACTION_PORT_ID))
2359 return rte_flow_error_set(error, ENOTSUP,
2360 RTE_FLOW_ERROR_TYPE_ACTION, actions,
2361 "vlan actions are supported"
2362 " only with port_id action");
2363 if ((action_flags & MLX5_TCF_VXLAN_ACTIONS) &&
2364 !(action_flags & MLX5_FLOW_ACTION_PORT_ID))
2365 return rte_flow_error_set(error, ENOTSUP,
2366 RTE_FLOW_ERROR_TYPE_ACTION, NULL,
2367 "vxlan actions are supported"
2368 " only with port_id action");
2369 if (!(action_flags & MLX5_TCF_FATE_ACTIONS))
2370 return rte_flow_error_set(error, EINVAL,
2371 RTE_FLOW_ERROR_TYPE_ACTION, actions,
2372 "no fate action is found");
2374 (MLX5_FLOW_ACTION_SET_TTL | MLX5_FLOW_ACTION_DEC_TTL)) {
2376 (MLX5_FLOW_LAYER_OUTER_L3_IPV4 |
2377 MLX5_FLOW_LAYER_OUTER_L3_IPV6)))
2378 return rte_flow_error_set(error, EINVAL,
2379 RTE_FLOW_ERROR_TYPE_ACTION,
2381 "no IP found in pattern");
2384 (MLX5_FLOW_ACTION_SET_MAC_SRC | MLX5_FLOW_ACTION_SET_MAC_DST)) {
2385 if (!(item_flags & MLX5_FLOW_LAYER_OUTER_L2))
2386 return rte_flow_error_set(error, ENOTSUP,
2387 RTE_FLOW_ERROR_TYPE_ACTION,
2389 "no ethernet found in"
2392 if ((action_flags & MLX5_FLOW_ACTION_VXLAN_DECAP) &&
2393 !(item_flags & MLX5_FLOW_LAYER_VXLAN))
2394 return rte_flow_error_set(error, EINVAL,
2395 RTE_FLOW_ERROR_TYPE_ACTION,
2397 "no VNI pattern found"
2398 " for vxlan decap action");
2399 if ((action_flags & MLX5_FLOW_ACTION_VXLAN_ENCAP) &&
2400 (item_flags & MLX5_FLOW_LAYER_TUNNEL))
2401 return rte_flow_error_set(error, EINVAL,
2402 RTE_FLOW_ERROR_TYPE_ACTION,
2404 "vxlan encap not supported"
2405 " for tunneled traffic");
2410 * Calculate maximum size of memory for flow items of Linux TC flower.
2413 * Pointer to the flow attributes.
2415 * Pointer to the list of items.
2416 * @param[out] action_flags
2417 * Pointer to the detected actions.
2420 * Maximum size of memory for items.
2423 flow_tcf_get_items_size(const struct rte_flow_attr *attr,
2424 const struct rte_flow_item items[],
2425 uint64_t *action_flags)
2429 size += SZ_NLATTR_STRZ_OF("flower") +
2430 SZ_NLATTR_TYPE_OF(uint16_t) + /* Outer ether type. */
2431 SZ_NLATTR_NEST + /* TCA_OPTIONS. */
2432 SZ_NLATTR_TYPE_OF(uint32_t); /* TCA_CLS_FLAGS_SKIP_SW. */
2433 if (attr->group > 0)
2434 size += SZ_NLATTR_TYPE_OF(uint32_t); /* TCA_CHAIN. */
2435 for (; items->type != RTE_FLOW_ITEM_TYPE_END; items++) {
2436 switch (items->type) {
2437 case RTE_FLOW_ITEM_TYPE_VOID:
2439 case RTE_FLOW_ITEM_TYPE_PORT_ID:
2441 case RTE_FLOW_ITEM_TYPE_ETH:
2442 size += SZ_NLATTR_DATA_OF(ETHER_ADDR_LEN) * 4;
2443 /* dst/src MAC addr and mask. */
2445 case RTE_FLOW_ITEM_TYPE_VLAN:
2446 size += SZ_NLATTR_TYPE_OF(uint16_t) +
2447 /* VLAN Ether type. */
2448 SZ_NLATTR_TYPE_OF(uint8_t) + /* VLAN prio. */
2449 SZ_NLATTR_TYPE_OF(uint16_t); /* VLAN ID. */
2451 case RTE_FLOW_ITEM_TYPE_IPV4:
2452 size += SZ_NLATTR_TYPE_OF(uint8_t) + /* IP proto. */
2453 SZ_NLATTR_TYPE_OF(uint32_t) * 4;
2454 /* dst/src IP addr and mask. */
2456 case RTE_FLOW_ITEM_TYPE_IPV6:
2457 size += SZ_NLATTR_TYPE_OF(uint8_t) + /* IP proto. */
2458 SZ_NLATTR_DATA_OF(IPV6_ADDR_LEN) * 4;
2459 /* dst/src IP addr and mask. */
2461 case RTE_FLOW_ITEM_TYPE_UDP:
2462 size += SZ_NLATTR_TYPE_OF(uint8_t) + /* IP proto. */
2463 SZ_NLATTR_TYPE_OF(uint16_t) * 4;
2464 /* dst/src port and mask. */
2466 case RTE_FLOW_ITEM_TYPE_TCP:
2467 size += SZ_NLATTR_TYPE_OF(uint8_t) + /* IP proto. */
2468 SZ_NLATTR_TYPE_OF(uint16_t) * 4;
2469 /* dst/src port and mask. */
2471 case RTE_FLOW_ITEM_TYPE_VXLAN:
2472 size += SZ_NLATTR_TYPE_OF(uint32_t);
2474 * There might be no VXLAN decap action in the action
2475 * list, nonetheless the VXLAN tunnel flow requires
2476 * the decap structure to be correctly applied to
2477 * VXLAN device, set the flag to create the structure.
2478 * Translation routine will not put the decap action
2479 * in tne Netlink message if there is no actual action
2482 *action_flags |= MLX5_FLOW_ACTION_VXLAN_DECAP;
2486 "unsupported item %p type %d,"
2487 " items must be validated before flow creation",
2488 (const void *)items, items->type);
2496 * Calculate size of memory to store the VXLAN encapsultion
2497 * related items in the Netlink message buffer. Items list
2498 * is specified by RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP action.
2499 * The item list should be validated.
2502 * RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP action object.
2503 * List of pattern items to scan data from.
2506 * The size the part of Netlink message buffer to store the
2507 * VXLAN encapsulation item attributes.
2510 flow_tcf_vxlan_encap_size(const struct rte_flow_action *action)
2512 const struct rte_flow_item *items;
2515 assert(action->type == RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP);
2516 assert(action->conf);
2518 items = ((const struct rte_flow_action_vxlan_encap *)
2519 action->conf)->definition;
2521 for (; items->type != RTE_FLOW_ITEM_TYPE_END; items++) {
2522 switch (items->type) {
2523 case RTE_FLOW_ITEM_TYPE_VOID:
2525 case RTE_FLOW_ITEM_TYPE_ETH:
2526 /* This item does not require message buffer. */
2528 case RTE_FLOW_ITEM_TYPE_IPV4:
2529 size += SZ_NLATTR_DATA_OF(IPV4_ADDR_LEN) * 2;
2531 case RTE_FLOW_ITEM_TYPE_IPV6:
2532 size += SZ_NLATTR_DATA_OF(IPV6_ADDR_LEN) * 2;
2534 case RTE_FLOW_ITEM_TYPE_UDP: {
2535 const struct rte_flow_item_udp *udp = items->mask;
2537 size += SZ_NLATTR_TYPE_OF(uint16_t);
2538 if (!udp || udp->hdr.src_port != RTE_BE16(0x0000))
2539 size += SZ_NLATTR_TYPE_OF(uint16_t);
2542 case RTE_FLOW_ITEM_TYPE_VXLAN:
2543 size += SZ_NLATTR_TYPE_OF(uint32_t);
2548 "unsupported item %p type %d,"
2549 " items must be validated"
2550 " before flow creation",
2551 (const void *)items, items->type);
2559 * Calculate maximum size of memory for flow actions of Linux TC flower and
2560 * extract specified actions.
2562 * @param[in] actions
2563 * Pointer to the list of actions.
2564 * @param[out] action_flags
2565 * Pointer to the detected actions.
2568 * Maximum size of memory for actions.
2571 flow_tcf_get_actions_and_size(const struct rte_flow_action actions[],
2572 uint64_t *action_flags)
2575 uint64_t flags = *action_flags;
2577 size += SZ_NLATTR_NEST; /* TCA_FLOWER_ACT. */
2578 for (; actions->type != RTE_FLOW_ACTION_TYPE_END; actions++) {
2579 switch (actions->type) {
2580 case RTE_FLOW_ACTION_TYPE_VOID:
2582 case RTE_FLOW_ACTION_TYPE_PORT_ID:
2583 size += SZ_NLATTR_NEST + /* na_act_index. */
2584 SZ_NLATTR_STRZ_OF("mirred") +
2585 SZ_NLATTR_NEST + /* TCA_ACT_OPTIONS. */
2586 SZ_NLATTR_TYPE_OF(struct tc_mirred);
2587 flags |= MLX5_FLOW_ACTION_PORT_ID;
2589 case RTE_FLOW_ACTION_TYPE_JUMP:
2590 size += SZ_NLATTR_NEST + /* na_act_index. */
2591 SZ_NLATTR_STRZ_OF("gact") +
2592 SZ_NLATTR_NEST + /* TCA_ACT_OPTIONS. */
2593 SZ_NLATTR_TYPE_OF(struct tc_gact);
2594 flags |= MLX5_FLOW_ACTION_JUMP;
2596 case RTE_FLOW_ACTION_TYPE_DROP:
2597 size += SZ_NLATTR_NEST + /* na_act_index. */
2598 SZ_NLATTR_STRZ_OF("gact") +
2599 SZ_NLATTR_NEST + /* TCA_ACT_OPTIONS. */
2600 SZ_NLATTR_TYPE_OF(struct tc_gact);
2601 flags |= MLX5_FLOW_ACTION_DROP;
2603 case RTE_FLOW_ACTION_TYPE_COUNT:
2605 case RTE_FLOW_ACTION_TYPE_OF_POP_VLAN:
2606 flags |= MLX5_FLOW_ACTION_OF_POP_VLAN;
2607 goto action_of_vlan;
2608 case RTE_FLOW_ACTION_TYPE_OF_PUSH_VLAN:
2609 flags |= MLX5_FLOW_ACTION_OF_PUSH_VLAN;
2610 goto action_of_vlan;
2611 case RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_VID:
2612 flags |= MLX5_FLOW_ACTION_OF_SET_VLAN_VID;
2613 goto action_of_vlan;
2614 case RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_PCP:
2615 flags |= MLX5_FLOW_ACTION_OF_SET_VLAN_PCP;
2616 goto action_of_vlan;
2618 size += SZ_NLATTR_NEST + /* na_act_index. */
2619 SZ_NLATTR_STRZ_OF("vlan") +
2620 SZ_NLATTR_NEST + /* TCA_ACT_OPTIONS. */
2621 SZ_NLATTR_TYPE_OF(struct tc_vlan) +
2622 SZ_NLATTR_TYPE_OF(uint16_t) +
2623 /* VLAN protocol. */
2624 SZ_NLATTR_TYPE_OF(uint16_t) + /* VLAN ID. */
2625 SZ_NLATTR_TYPE_OF(uint8_t); /* VLAN prio. */
2627 case RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP:
2628 size += SZ_NLATTR_NEST + /* na_act_index. */
2629 SZ_NLATTR_STRZ_OF("tunnel_key") +
2630 SZ_NLATTR_NEST + /* TCA_ACT_OPTIONS. */
2631 SZ_NLATTR_TYPE_OF(uint8_t);
2632 size += SZ_NLATTR_TYPE_OF(struct tc_tunnel_key);
2633 size += flow_tcf_vxlan_encap_size(actions) +
2634 RTE_ALIGN_CEIL /* preceding encap params. */
2635 (sizeof(struct flow_tcf_vxlan_encap),
2637 flags |= MLX5_FLOW_ACTION_VXLAN_ENCAP;
2639 case RTE_FLOW_ACTION_TYPE_VXLAN_DECAP:
2640 size += SZ_NLATTR_NEST + /* na_act_index. */
2641 SZ_NLATTR_STRZ_OF("tunnel_key") +
2642 SZ_NLATTR_NEST + /* TCA_ACT_OPTIONS. */
2643 SZ_NLATTR_TYPE_OF(uint8_t);
2644 size += SZ_NLATTR_TYPE_OF(struct tc_tunnel_key);
2645 size += RTE_ALIGN_CEIL /* preceding decap params. */
2646 (sizeof(struct flow_tcf_vxlan_decap),
2648 flags |= MLX5_FLOW_ACTION_VXLAN_DECAP;
2650 case RTE_FLOW_ACTION_TYPE_SET_IPV4_SRC:
2651 case RTE_FLOW_ACTION_TYPE_SET_IPV4_DST:
2652 case RTE_FLOW_ACTION_TYPE_SET_IPV6_SRC:
2653 case RTE_FLOW_ACTION_TYPE_SET_IPV6_DST:
2654 case RTE_FLOW_ACTION_TYPE_SET_TP_SRC:
2655 case RTE_FLOW_ACTION_TYPE_SET_TP_DST:
2656 case RTE_FLOW_ACTION_TYPE_SET_TTL:
2657 case RTE_FLOW_ACTION_TYPE_DEC_TTL:
2658 case RTE_FLOW_ACTION_TYPE_SET_MAC_SRC:
2659 case RTE_FLOW_ACTION_TYPE_SET_MAC_DST:
2660 size += flow_tcf_get_pedit_actions_size(&actions,
2665 "unsupported action %p type %d,"
2666 " items must be validated before flow creation",
2667 (const void *)actions, actions->type);
2671 *action_flags = flags;
2676 * Prepare a flow object for Linux TC flower. It calculates the maximum size of
2677 * memory required, allocates the memory, initializes Netlink message headers
2678 * and set unique TC message handle.
2681 * Pointer to the flow attributes.
2683 * Pointer to the list of items.
2684 * @param[in] actions
2685 * Pointer to the list of actions.
2687 * Pointer to the error structure.
2690 * Pointer to mlx5_flow object on success,
2691 * otherwise NULL and rte_errno is set.
2693 static struct mlx5_flow *
2694 flow_tcf_prepare(const struct rte_flow_attr *attr,
2695 const struct rte_flow_item items[],
2696 const struct rte_flow_action actions[],
2697 struct rte_flow_error *error)
2699 size_t size = RTE_ALIGN_CEIL
2700 (sizeof(struct mlx5_flow),
2701 alignof(struct flow_tcf_tunnel_hdr)) +
2702 MNL_ALIGN(sizeof(struct nlmsghdr)) +
2703 MNL_ALIGN(sizeof(struct tcmsg));
2704 struct mlx5_flow *dev_flow;
2705 uint64_t action_flags = 0;
2706 struct nlmsghdr *nlh;
2708 uint8_t *sp, *tun = NULL;
2710 size += flow_tcf_get_items_size(attr, items, &action_flags);
2711 size += flow_tcf_get_actions_and_size(actions, &action_flags);
2712 dev_flow = rte_zmalloc(__func__, size, MNL_ALIGNTO);
2714 rte_flow_error_set(error, ENOMEM,
2715 RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
2716 "not enough memory to create E-Switch flow");
2719 sp = (uint8_t *)(dev_flow + 1);
2720 if (action_flags & MLX5_FLOW_ACTION_VXLAN_ENCAP) {
2722 (sp, alignof(struct flow_tcf_tunnel_hdr));
2724 sp += RTE_ALIGN_CEIL
2725 (sizeof(struct flow_tcf_vxlan_encap),
2728 size -= RTE_ALIGN_CEIL
2729 (sizeof(struct flow_tcf_vxlan_encap),
2732 } else if (action_flags & MLX5_FLOW_ACTION_VXLAN_DECAP) {
2734 (sp, alignof(struct flow_tcf_tunnel_hdr));
2736 sp += RTE_ALIGN_CEIL
2737 (sizeof(struct flow_tcf_vxlan_decap),
2740 size -= RTE_ALIGN_CEIL
2741 (sizeof(struct flow_tcf_vxlan_decap),
2745 sp = RTE_PTR_ALIGN(sp, MNL_ALIGNTO);
2747 nlh = mnl_nlmsg_put_header(sp);
2748 tcm = mnl_nlmsg_put_extra_header(nlh, sizeof(*tcm));
2749 *dev_flow = (struct mlx5_flow){
2750 .tcf = (struct mlx5_flow_tcf){
2752 .nlsize = size - RTE_ALIGN_CEIL
2753 (sizeof(struct mlx5_flow),
2754 alignof(struct flow_tcf_tunnel_hdr)),
2756 .tunnel = (struct flow_tcf_tunnel_hdr *)tun,
2761 if (action_flags & MLX5_FLOW_ACTION_VXLAN_DECAP)
2762 dev_flow->tcf.tunnel->type = FLOW_TCF_TUNACT_VXLAN_DECAP;
2763 else if (action_flags & MLX5_FLOW_ACTION_VXLAN_ENCAP)
2764 dev_flow->tcf.tunnel->type = FLOW_TCF_TUNACT_VXLAN_ENCAP;
2769 * Make adjustments for supporting count actions.
2772 * Pointer to the Ethernet device structure.
2773 * @param[in] dev_flow
2774 * Pointer to mlx5_flow.
2776 * Pointer to error structure.
2779 * 0 On success else a negative errno value is returned and rte_errno is set.
2782 flow_tcf_translate_action_count(struct rte_eth_dev *dev __rte_unused,
2783 struct mlx5_flow *dev_flow,
2784 struct rte_flow_error *error)
2786 struct rte_flow *flow = dev_flow->flow;
2788 if (!flow->counter) {
2789 flow->counter = flow_tcf_counter_new();
2791 return rte_flow_error_set(error, rte_errno,
2792 RTE_FLOW_ERROR_TYPE_ACTION,
2794 "cannot get counter"
2801 * Convert VXLAN VNI to 32-bit integer.
2804 * VXLAN VNI in 24-bit wire format.
2807 * VXLAN VNI as a 32-bit integer value in network endian.
2809 static inline rte_be32_t
2810 vxlan_vni_as_be32(const uint8_t vni[3])
2816 .vni = { 0, vni[0], vni[1], vni[2] },
2822 * Helper function to process RTE_FLOW_ITEM_TYPE_ETH entry in configuration
2823 * of action RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP. Fills the MAC address fields
2824 * in the encapsulation parameters structure. The item must be prevalidated,
2825 * no any validation checks performed by function.
2828 * RTE_FLOW_ITEM_TYPE_ETH entry specification.
2830 * RTE_FLOW_ITEM_TYPE_ETH entry mask.
2832 * Structure to fill the gathered MAC address data.
2835 flow_tcf_parse_vxlan_encap_eth(const struct rte_flow_item_eth *spec,
2836 const struct rte_flow_item_eth *mask,
2837 struct flow_tcf_vxlan_encap *encap)
2839 /* Item must be validated before. No redundant checks. */
2841 if (!mask || !memcmp(&mask->dst,
2842 &rte_flow_item_eth_mask.dst,
2843 sizeof(rte_flow_item_eth_mask.dst))) {
2845 * Ethernet addresses are not supported by
2846 * tc as tunnel_key parameters. Destination
2847 * address is needed to form encap packet
2848 * header and retrieved by kernel from
2849 * implicit sources (ARP table, etc),
2850 * address masks are not supported at all.
2852 encap->eth.dst = spec->dst;
2853 encap->mask |= FLOW_TCF_ENCAP_ETH_DST;
2855 if (!mask || !memcmp(&mask->src,
2856 &rte_flow_item_eth_mask.src,
2857 sizeof(rte_flow_item_eth_mask.src))) {
2859 * Ethernet addresses are not supported by
2860 * tc as tunnel_key parameters. Source ethernet
2861 * address is ignored anyway.
2863 encap->eth.src = spec->src;
2864 encap->mask |= FLOW_TCF_ENCAP_ETH_SRC;
2869 * Helper function to process RTE_FLOW_ITEM_TYPE_IPV4 entry in configuration
2870 * of action RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP. Fills the IPV4 address fields
2871 * in the encapsulation parameters structure. The item must be prevalidated,
2872 * no any validation checks performed by function.
2875 * RTE_FLOW_ITEM_TYPE_IPV4 entry specification.
2877 * Structure to fill the gathered IPV4 address data.
2880 flow_tcf_parse_vxlan_encap_ipv4(const struct rte_flow_item_ipv4 *spec,
2881 struct flow_tcf_vxlan_encap *encap)
2883 /* Item must be validated before. No redundant checks. */
2885 encap->ipv4.dst = spec->hdr.dst_addr;
2886 encap->ipv4.src = spec->hdr.src_addr;
2887 encap->mask |= FLOW_TCF_ENCAP_IPV4_SRC |
2888 FLOW_TCF_ENCAP_IPV4_DST;
2892 * Helper function to process RTE_FLOW_ITEM_TYPE_IPV6 entry in configuration
2893 * of action RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP. Fills the IPV6 address fields
2894 * in the encapsulation parameters structure. The item must be prevalidated,
2895 * no any validation checks performed by function.
2898 * RTE_FLOW_ITEM_TYPE_IPV6 entry specification.
2900 * Structure to fill the gathered IPV6 address data.
2903 flow_tcf_parse_vxlan_encap_ipv6(const struct rte_flow_item_ipv6 *spec,
2904 struct flow_tcf_vxlan_encap *encap)
2906 /* Item must be validated before. No redundant checks. */
2908 memcpy(encap->ipv6.dst, spec->hdr.dst_addr, IPV6_ADDR_LEN);
2909 memcpy(encap->ipv6.src, spec->hdr.src_addr, IPV6_ADDR_LEN);
2910 encap->mask |= FLOW_TCF_ENCAP_IPV6_SRC |
2911 FLOW_TCF_ENCAP_IPV6_DST;
2915 * Helper function to process RTE_FLOW_ITEM_TYPE_UDP entry in configuration
2916 * of action RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP. Fills the UDP port fields
2917 * in the encapsulation parameters structure. The item must be prevalidated,
2918 * no any validation checks performed by function.
2921 * RTE_FLOW_ITEM_TYPE_UDP entry specification.
2923 * RTE_FLOW_ITEM_TYPE_UDP entry mask.
2925 * Structure to fill the gathered UDP port data.
2928 flow_tcf_parse_vxlan_encap_udp(const struct rte_flow_item_udp *spec,
2929 const struct rte_flow_item_udp *mask,
2930 struct flow_tcf_vxlan_encap *encap)
2933 encap->udp.dst = spec->hdr.dst_port;
2934 encap->mask |= FLOW_TCF_ENCAP_UDP_DST;
2935 if (!mask || mask->hdr.src_port != RTE_BE16(0x0000)) {
2936 encap->udp.src = spec->hdr.src_port;
2937 encap->mask |= FLOW_TCF_ENCAP_IPV4_SRC;
2942 * Helper function to process RTE_FLOW_ITEM_TYPE_VXLAN entry in configuration
2943 * of action RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP. Fills the VNI fields
2944 * in the encapsulation parameters structure. The item must be prevalidated,
2945 * no any validation checks performed by function.
2948 * RTE_FLOW_ITEM_TYPE_VXLAN entry specification.
2950 * Structure to fill the gathered VNI address data.
2953 flow_tcf_parse_vxlan_encap_vni(const struct rte_flow_item_vxlan *spec,
2954 struct flow_tcf_vxlan_encap *encap)
2956 /* Item must be validated before. Do not redundant checks. */
2958 memcpy(encap->vxlan.vni, spec->vni, sizeof(encap->vxlan.vni));
2959 encap->mask |= FLOW_TCF_ENCAP_VXLAN_VNI;
2963 * Populate consolidated encapsulation object from list of pattern items.
2965 * Helper function to process configuration of action such as
2966 * RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP. The item list should be
2967 * validated, there is no way to return an meaningful error.
2970 * RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP action object.
2971 * List of pattern items to gather data from.
2973 * Structure to fill gathered data.
2976 flow_tcf_vxlan_encap_parse(const struct rte_flow_action *action,
2977 struct flow_tcf_vxlan_encap *encap)
2980 const struct rte_flow_item_eth *eth;
2981 const struct rte_flow_item_ipv4 *ipv4;
2982 const struct rte_flow_item_ipv6 *ipv6;
2983 const struct rte_flow_item_udp *udp;
2984 const struct rte_flow_item_vxlan *vxlan;
2986 const struct rte_flow_item *items;
2988 assert(action->type == RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP);
2989 assert(action->conf);
2991 items = ((const struct rte_flow_action_vxlan_encap *)
2992 action->conf)->definition;
2994 for (; items->type != RTE_FLOW_ITEM_TYPE_END; items++) {
2995 switch (items->type) {
2996 case RTE_FLOW_ITEM_TYPE_VOID:
2998 case RTE_FLOW_ITEM_TYPE_ETH:
2999 mask.eth = items->mask;
3000 spec.eth = items->spec;
3001 flow_tcf_parse_vxlan_encap_eth(spec.eth, mask.eth,
3004 case RTE_FLOW_ITEM_TYPE_IPV4:
3005 spec.ipv4 = items->spec;
3006 flow_tcf_parse_vxlan_encap_ipv4(spec.ipv4, encap);
3008 case RTE_FLOW_ITEM_TYPE_IPV6:
3009 spec.ipv6 = items->spec;
3010 flow_tcf_parse_vxlan_encap_ipv6(spec.ipv6, encap);
3012 case RTE_FLOW_ITEM_TYPE_UDP:
3013 mask.udp = items->mask;
3014 spec.udp = items->spec;
3015 flow_tcf_parse_vxlan_encap_udp(spec.udp, mask.udp,
3018 case RTE_FLOW_ITEM_TYPE_VXLAN:
3019 spec.vxlan = items->spec;
3020 flow_tcf_parse_vxlan_encap_vni(spec.vxlan, encap);
3025 "unsupported item %p type %d,"
3026 " items must be validated"
3027 " before flow creation",
3028 (const void *)items, items->type);
3036 * Translate flow for Linux TC flower and construct Netlink message.
3039 * Pointer to the priv structure.
3040 * @param[in, out] flow
3041 * Pointer to the sub flow.
3043 * Pointer to the flow attributes.
3045 * Pointer to the list of items.
3046 * @param[in] actions
3047 * Pointer to the list of actions.
3049 * Pointer to the error structure.
3052 * 0 on success, a negative errno value otherwise and rte_errno is set.
3055 flow_tcf_translate(struct rte_eth_dev *dev, struct mlx5_flow *dev_flow,
3056 const struct rte_flow_attr *attr,
3057 const struct rte_flow_item items[],
3058 const struct rte_flow_action actions[],
3059 struct rte_flow_error *error)
3062 const struct rte_flow_item_port_id *port_id;
3063 const struct rte_flow_item_eth *eth;
3064 const struct rte_flow_item_vlan *vlan;
3065 const struct rte_flow_item_ipv4 *ipv4;
3066 const struct rte_flow_item_ipv6 *ipv6;
3067 const struct rte_flow_item_tcp *tcp;
3068 const struct rte_flow_item_udp *udp;
3069 const struct rte_flow_item_vxlan *vxlan;
3072 const struct rte_flow_action_port_id *port_id;
3073 const struct rte_flow_action_jump *jump;
3074 const struct rte_flow_action_of_push_vlan *of_push_vlan;
3075 const struct rte_flow_action_of_set_vlan_vid *
3077 const struct rte_flow_action_of_set_vlan_pcp *
3081 struct flow_tcf_tunnel_hdr *hdr;
3082 struct flow_tcf_vxlan_decap *vxlan;
3087 struct flow_tcf_tunnel_hdr *hdr;
3088 struct flow_tcf_vxlan_encap *vxlan;
3092 struct flow_tcf_ptoi ptoi[PTOI_TABLE_SZ_MAX(dev)];
3093 struct nlmsghdr *nlh = dev_flow->tcf.nlh;
3094 struct tcmsg *tcm = dev_flow->tcf.tcm;
3095 uint32_t na_act_index_cur;
3096 rte_be16_t inner_etype = RTE_BE16(ETH_P_ALL);
3097 rte_be16_t outer_etype = RTE_BE16(ETH_P_ALL);
3098 rte_be16_t vlan_etype = RTE_BE16(ETH_P_ALL);
3099 bool ip_proto_set = 0;
3100 bool tunnel_outer = 0;
3101 struct nlattr *na_flower;
3102 struct nlattr *na_flower_act;
3103 struct nlattr *na_vlan_id = NULL;
3104 struct nlattr *na_vlan_priority = NULL;
3105 uint64_t item_flags = 0;
3108 claim_nonzero(flow_tcf_build_ptoi_table(dev, ptoi,
3109 PTOI_TABLE_SZ_MAX(dev)));
3110 if (dev_flow->tcf.tunnel) {
3111 switch (dev_flow->tcf.tunnel->type) {
3112 case FLOW_TCF_TUNACT_VXLAN_DECAP:
3113 decap.vxlan = dev_flow->tcf.vxlan_decap;
3116 case FLOW_TCF_TUNACT_VXLAN_ENCAP:
3117 encap.vxlan = dev_flow->tcf.vxlan_encap;
3119 /* New tunnel actions can be added here. */
3125 nlh = dev_flow->tcf.nlh;
3126 tcm = dev_flow->tcf.tcm;
3127 /* Prepare API must have been called beforehand. */
3128 assert(nlh != NULL && tcm != NULL);
3129 tcm->tcm_family = AF_UNSPEC;
3130 tcm->tcm_ifindex = ptoi[0].ifindex;
3131 tcm->tcm_parent = TC_H_MAKE(TC_H_INGRESS, TC_H_MIN_INGRESS);
3133 * Priority cannot be zero to prevent the kernel from picking one
3136 tcm->tcm_info = TC_H_MAKE((attr->priority + 1) << 16, outer_etype);
3137 if (attr->group > 0)
3138 mnl_attr_put_u32(nlh, TCA_CHAIN, attr->group);
3139 mnl_attr_put_strz(nlh, TCA_KIND, "flower");
3140 na_flower = mnl_attr_nest_start(nlh, TCA_OPTIONS);
3141 for (; items->type != RTE_FLOW_ITEM_TYPE_END; items++) {
3144 switch (items->type) {
3145 case RTE_FLOW_ITEM_TYPE_VOID:
3147 case RTE_FLOW_ITEM_TYPE_PORT_ID:
3148 mask.port_id = flow_tcf_item_mask
3149 (items, &rte_flow_item_port_id_mask,
3150 &flow_tcf_mask_supported.port_id,
3151 &flow_tcf_mask_empty.port_id,
3152 sizeof(flow_tcf_mask_supported.port_id),
3154 assert(mask.port_id);
3155 if (mask.port_id == &flow_tcf_mask_empty.port_id)
3157 spec.port_id = items->spec;
3158 if (!mask.port_id->id)
3161 for (i = 0; ptoi[i].ifindex; ++i)
3162 if (ptoi[i].port_id == spec.port_id->id)
3164 assert(ptoi[i].ifindex);
3165 tcm->tcm_ifindex = ptoi[i].ifindex;
3167 case RTE_FLOW_ITEM_TYPE_ETH:
3168 item_flags |= (item_flags & MLX5_FLOW_LAYER_TUNNEL) ?
3169 MLX5_FLOW_LAYER_INNER_L2 :
3170 MLX5_FLOW_LAYER_OUTER_L2;
3171 mask.eth = flow_tcf_item_mask
3172 (items, &rte_flow_item_eth_mask,
3173 &flow_tcf_mask_supported.eth,
3174 &flow_tcf_mask_empty.eth,
3175 sizeof(flow_tcf_mask_supported.eth),
3178 if (mask.eth == &flow_tcf_mask_empty.eth)
3180 spec.eth = items->spec;
3181 if (mask.eth->type) {
3182 if (item_flags & MLX5_FLOW_LAYER_TUNNEL)
3183 inner_etype = spec.eth->type;
3185 outer_etype = spec.eth->type;
3189 "outer L2 addresses cannot be"
3190 " forced is outer ones for tunnel,"
3191 " parameter is ignored");
3194 if (!is_zero_ether_addr(&mask.eth->dst)) {
3195 mnl_attr_put(nlh, TCA_FLOWER_KEY_ETH_DST,
3197 spec.eth->dst.addr_bytes);
3198 mnl_attr_put(nlh, TCA_FLOWER_KEY_ETH_DST_MASK,
3200 mask.eth->dst.addr_bytes);
3202 if (!is_zero_ether_addr(&mask.eth->src)) {
3203 mnl_attr_put(nlh, TCA_FLOWER_KEY_ETH_SRC,
3205 spec.eth->src.addr_bytes);
3206 mnl_attr_put(nlh, TCA_FLOWER_KEY_ETH_SRC_MASK,
3208 mask.eth->src.addr_bytes);
3210 assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3212 case RTE_FLOW_ITEM_TYPE_VLAN:
3215 assert(!tunnel_outer);
3216 item_flags |= MLX5_FLOW_LAYER_OUTER_VLAN;
3217 mask.vlan = flow_tcf_item_mask
3218 (items, &rte_flow_item_vlan_mask,
3219 &flow_tcf_mask_supported.vlan,
3220 &flow_tcf_mask_empty.vlan,
3221 sizeof(flow_tcf_mask_supported.vlan),
3224 if (mask.vlan == &flow_tcf_mask_empty.vlan)
3226 spec.vlan = items->spec;
3227 assert(outer_etype == RTE_BE16(ETH_P_ALL) ||
3228 outer_etype == RTE_BE16(ETH_P_8021Q));
3229 outer_etype = RTE_BE16(ETH_P_8021Q);
3230 if (mask.vlan->inner_type)
3231 vlan_etype = spec.vlan->inner_type;
3232 if (mask.vlan->tci & RTE_BE16(0xe000))
3233 mnl_attr_put_u8(nlh, TCA_FLOWER_KEY_VLAN_PRIO,
3235 (spec.vlan->tci) >> 13) & 0x7);
3236 if (mask.vlan->tci & RTE_BE16(0x0fff))
3237 mnl_attr_put_u16(nlh, TCA_FLOWER_KEY_VLAN_ID,
3241 assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3243 case RTE_FLOW_ITEM_TYPE_IPV4:
3244 item_flags |= (item_flags & MLX5_FLOW_LAYER_TUNNEL) ?
3245 MLX5_FLOW_LAYER_INNER_L3_IPV4 :
3246 MLX5_FLOW_LAYER_OUTER_L3_IPV4;
3247 mask.ipv4 = flow_tcf_item_mask
3248 (items, &rte_flow_item_ipv4_mask,
3249 &flow_tcf_mask_supported.ipv4,
3250 &flow_tcf_mask_empty.ipv4,
3251 sizeof(flow_tcf_mask_supported.ipv4),
3254 if (item_flags & MLX5_FLOW_LAYER_TUNNEL) {
3255 assert(inner_etype == RTE_BE16(ETH_P_ALL) ||
3256 inner_etype == RTE_BE16(ETH_P_IP));
3257 inner_etype = RTE_BE16(ETH_P_IP);
3258 } else if (outer_etype == RTE_BE16(ETH_P_8021Q)) {
3259 assert(vlan_etype == RTE_BE16(ETH_P_ALL) ||
3260 vlan_etype == RTE_BE16(ETH_P_IP));
3261 vlan_etype = RTE_BE16(ETH_P_IP);
3263 assert(outer_etype == RTE_BE16(ETH_P_ALL) ||
3264 outer_etype == RTE_BE16(ETH_P_IP));
3265 outer_etype = RTE_BE16(ETH_P_IP);
3267 spec.ipv4 = items->spec;
3268 if (!tunnel_outer && mask.ipv4->hdr.next_proto_id) {
3270 * No way to set IP protocol for outer tunnel
3271 * layers. Usually it is fixed, for example,
3272 * to UDP for VXLAN/GPE.
3274 assert(spec.ipv4); /* Mask is not empty. */
3275 mnl_attr_put_u8(nlh, TCA_FLOWER_KEY_IP_PROTO,
3276 spec.ipv4->hdr.next_proto_id);
3279 if (mask.ipv4 == &flow_tcf_mask_empty.ipv4 ||
3280 (!mask.ipv4->hdr.src_addr &&
3281 !mask.ipv4->hdr.dst_addr)) {
3285 * For tunnel outer we must set outer IP key
3286 * anyway, even if the specification/mask is
3287 * empty. There is no another way to tell
3288 * kernel about he outer layer protocol.
3291 (nlh, TCA_FLOWER_KEY_ENC_IPV4_SRC,
3292 mask.ipv4->hdr.src_addr);
3294 (nlh, TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
3295 mask.ipv4->hdr.src_addr);
3296 assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3299 if (mask.ipv4->hdr.src_addr) {
3301 (nlh, tunnel_outer ?
3302 TCA_FLOWER_KEY_ENC_IPV4_SRC :
3303 TCA_FLOWER_KEY_IPV4_SRC,
3304 spec.ipv4->hdr.src_addr);
3306 (nlh, tunnel_outer ?
3307 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK :
3308 TCA_FLOWER_KEY_IPV4_SRC_MASK,
3309 mask.ipv4->hdr.src_addr);
3311 if (mask.ipv4->hdr.dst_addr) {
3313 (nlh, tunnel_outer ?
3314 TCA_FLOWER_KEY_ENC_IPV4_DST :
3315 TCA_FLOWER_KEY_IPV4_DST,
3316 spec.ipv4->hdr.dst_addr);
3318 (nlh, tunnel_outer ?
3319 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK :
3320 TCA_FLOWER_KEY_IPV4_DST_MASK,
3321 mask.ipv4->hdr.dst_addr);
3323 assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3325 case RTE_FLOW_ITEM_TYPE_IPV6: {
3326 bool ipv6_src, ipv6_dst;
3328 item_flags |= (item_flags & MLX5_FLOW_LAYER_TUNNEL) ?
3329 MLX5_FLOW_LAYER_INNER_L3_IPV6 :
3330 MLX5_FLOW_LAYER_OUTER_L3_IPV6;
3331 mask.ipv6 = flow_tcf_item_mask
3332 (items, &rte_flow_item_ipv6_mask,
3333 &flow_tcf_mask_supported.ipv6,
3334 &flow_tcf_mask_empty.ipv6,
3335 sizeof(flow_tcf_mask_supported.ipv6),
3338 if (item_flags & MLX5_FLOW_LAYER_TUNNEL) {
3339 assert(inner_etype == RTE_BE16(ETH_P_ALL) ||
3340 inner_etype == RTE_BE16(ETH_P_IPV6));
3341 inner_etype = RTE_BE16(ETH_P_IPV6);
3342 } else if (outer_etype == RTE_BE16(ETH_P_8021Q)) {
3343 assert(vlan_etype == RTE_BE16(ETH_P_ALL) ||
3344 vlan_etype == RTE_BE16(ETH_P_IPV6));
3345 vlan_etype = RTE_BE16(ETH_P_IPV6);
3347 assert(outer_etype == RTE_BE16(ETH_P_ALL) ||
3348 outer_etype == RTE_BE16(ETH_P_IPV6));
3349 outer_etype = RTE_BE16(ETH_P_IPV6);
3351 spec.ipv6 = items->spec;
3352 if (!tunnel_outer && mask.ipv6->hdr.proto) {
3354 * No way to set IP protocol for outer tunnel
3355 * layers. Usually it is fixed, for example,
3356 * to UDP for VXLAN/GPE.
3358 assert(spec.ipv6); /* Mask is not empty. */
3359 mnl_attr_put_u8(nlh, TCA_FLOWER_KEY_IP_PROTO,
3360 spec.ipv6->hdr.proto);
3363 ipv6_dst = !IN6_IS_ADDR_UNSPECIFIED
3364 (mask.ipv6->hdr.dst_addr);
3365 ipv6_src = !IN6_IS_ADDR_UNSPECIFIED
3366 (mask.ipv6->hdr.src_addr);
3367 if (mask.ipv6 == &flow_tcf_mask_empty.ipv6 ||
3368 (!ipv6_dst && !ipv6_src)) {
3372 * For tunnel outer we must set outer IP key
3373 * anyway, even if the specification/mask is
3374 * empty. There is no another way to tell
3375 * kernel about he outer layer protocol.
3378 TCA_FLOWER_KEY_ENC_IPV6_SRC,
3380 mask.ipv6->hdr.src_addr);
3382 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
3384 mask.ipv6->hdr.src_addr);
3385 assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3389 mnl_attr_put(nlh, tunnel_outer ?
3390 TCA_FLOWER_KEY_ENC_IPV6_SRC :
3391 TCA_FLOWER_KEY_IPV6_SRC,
3393 spec.ipv6->hdr.src_addr);
3394 mnl_attr_put(nlh, tunnel_outer ?
3395 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK :
3396 TCA_FLOWER_KEY_IPV6_SRC_MASK,
3398 mask.ipv6->hdr.src_addr);
3401 mnl_attr_put(nlh, tunnel_outer ?
3402 TCA_FLOWER_KEY_ENC_IPV6_DST :
3403 TCA_FLOWER_KEY_IPV6_DST,
3405 spec.ipv6->hdr.dst_addr);
3406 mnl_attr_put(nlh, tunnel_outer ?
3407 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK :
3408 TCA_FLOWER_KEY_IPV6_DST_MASK,
3410 mask.ipv6->hdr.dst_addr);
3412 assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3415 case RTE_FLOW_ITEM_TYPE_UDP:
3416 item_flags |= (item_flags & MLX5_FLOW_LAYER_TUNNEL) ?
3417 MLX5_FLOW_LAYER_INNER_L4_UDP :
3418 MLX5_FLOW_LAYER_OUTER_L4_UDP;
3419 mask.udp = flow_tcf_item_mask
3420 (items, &rte_flow_item_udp_mask,
3421 &flow_tcf_mask_supported.udp,
3422 &flow_tcf_mask_empty.udp,
3423 sizeof(flow_tcf_mask_supported.udp),
3426 spec.udp = items->spec;
3427 if (!tunnel_outer) {
3430 (nlh, TCA_FLOWER_KEY_IP_PROTO,
3432 if (mask.udp == &flow_tcf_mask_empty.udp)
3435 assert(mask.udp != &flow_tcf_mask_empty.udp);
3436 decap.vxlan->udp_port =
3438 (spec.udp->hdr.dst_port);
3440 if (mask.udp->hdr.src_port) {
3442 (nlh, tunnel_outer ?
3443 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT :
3444 TCA_FLOWER_KEY_UDP_SRC,
3445 spec.udp->hdr.src_port);
3447 (nlh, tunnel_outer ?
3448 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK :
3449 TCA_FLOWER_KEY_UDP_SRC_MASK,
3450 mask.udp->hdr.src_port);
3452 if (mask.udp->hdr.dst_port) {
3454 (nlh, tunnel_outer ?
3455 TCA_FLOWER_KEY_ENC_UDP_DST_PORT :
3456 TCA_FLOWER_KEY_UDP_DST,
3457 spec.udp->hdr.dst_port);
3459 (nlh, tunnel_outer ?
3460 TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK :
3461 TCA_FLOWER_KEY_UDP_DST_MASK,
3462 mask.udp->hdr.dst_port);
3464 assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3466 case RTE_FLOW_ITEM_TYPE_TCP:
3467 item_flags |= (item_flags & MLX5_FLOW_LAYER_TUNNEL) ?
3468 MLX5_FLOW_LAYER_INNER_L4_TCP :
3469 MLX5_FLOW_LAYER_OUTER_L4_TCP;
3470 mask.tcp = flow_tcf_item_mask
3471 (items, &rte_flow_item_tcp_mask,
3472 &flow_tcf_mask_supported.tcp,
3473 &flow_tcf_mask_empty.tcp,
3474 sizeof(flow_tcf_mask_supported.tcp),
3478 mnl_attr_put_u8(nlh, TCA_FLOWER_KEY_IP_PROTO,
3480 if (mask.tcp == &flow_tcf_mask_empty.tcp)
3482 spec.tcp = items->spec;
3483 if (mask.tcp->hdr.src_port) {
3484 mnl_attr_put_u16(nlh, TCA_FLOWER_KEY_TCP_SRC,
3485 spec.tcp->hdr.src_port);
3486 mnl_attr_put_u16(nlh,
3487 TCA_FLOWER_KEY_TCP_SRC_MASK,
3488 mask.tcp->hdr.src_port);
3490 if (mask.tcp->hdr.dst_port) {
3491 mnl_attr_put_u16(nlh, TCA_FLOWER_KEY_TCP_DST,
3492 spec.tcp->hdr.dst_port);
3493 mnl_attr_put_u16(nlh,
3494 TCA_FLOWER_KEY_TCP_DST_MASK,
3495 mask.tcp->hdr.dst_port);
3497 if (mask.tcp->hdr.tcp_flags) {
3500 TCA_FLOWER_KEY_TCP_FLAGS,
3502 (spec.tcp->hdr.tcp_flags));
3505 TCA_FLOWER_KEY_TCP_FLAGS_MASK,
3507 (mask.tcp->hdr.tcp_flags));
3509 assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3511 case RTE_FLOW_ITEM_TYPE_VXLAN:
3512 assert(decap.vxlan);
3514 item_flags |= MLX5_FLOW_LAYER_VXLAN;
3515 spec.vxlan = items->spec;
3516 mnl_attr_put_u32(nlh,
3517 TCA_FLOWER_KEY_ENC_KEY_ID,
3518 vxlan_vni_as_be32(spec.vxlan->vni));
3519 assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3522 return rte_flow_error_set(error, ENOTSUP,
3523 RTE_FLOW_ERROR_TYPE_ITEM,
3524 NULL, "item not supported");
3528 * Set the ether_type flower key and tc rule protocol:
3529 * - if there is nor VLAN neither VXLAN the key is taken from
3530 * eth item directly or deduced from L3 items.
3531 * - if there is vlan item then key is fixed to 802.1q.
3532 * - if there is vxlan item then key is set to inner tunnel type.
3533 * - simultaneous vlan and vxlan items are prohibited.
3535 if (outer_etype != RTE_BE16(ETH_P_ALL)) {
3536 tcm->tcm_info = TC_H_MAKE((attr->priority + 1) << 16,
3538 if (item_flags & MLX5_FLOW_LAYER_TUNNEL) {
3539 if (inner_etype != RTE_BE16(ETH_P_ALL))
3540 mnl_attr_put_u16(nlh,
3541 TCA_FLOWER_KEY_ETH_TYPE,
3544 mnl_attr_put_u16(nlh,
3545 TCA_FLOWER_KEY_ETH_TYPE,
3547 if (outer_etype == RTE_BE16(ETH_P_8021Q) &&
3548 vlan_etype != RTE_BE16(ETH_P_ALL))
3549 mnl_attr_put_u16(nlh,
3550 TCA_FLOWER_KEY_VLAN_ETH_TYPE,
3553 assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3555 na_flower_act = mnl_attr_nest_start(nlh, TCA_FLOWER_ACT);
3556 na_act_index_cur = 1;
3557 for (; actions->type != RTE_FLOW_ACTION_TYPE_END; actions++) {
3558 struct nlattr *na_act_index;
3559 struct nlattr *na_act;
3560 unsigned int vlan_act;
3563 switch (actions->type) {
3564 case RTE_FLOW_ACTION_TYPE_VOID:
3566 case RTE_FLOW_ACTION_TYPE_PORT_ID:
3567 conf.port_id = actions->conf;
3568 if (conf.port_id->original)
3571 for (i = 0; ptoi[i].ifindex; ++i)
3572 if (ptoi[i].port_id == conf.port_id->id)
3574 assert(ptoi[i].ifindex);
3576 mnl_attr_nest_start(nlh, na_act_index_cur++);
3577 assert(na_act_index);
3578 mnl_attr_put_strz(nlh, TCA_ACT_KIND, "mirred");
3579 na_act = mnl_attr_nest_start(nlh, TCA_ACT_OPTIONS);
3582 assert(dev_flow->tcf.tunnel);
3583 dev_flow->tcf.tunnel->ifindex_ptr =
3584 &((struct tc_mirred *)
3585 mnl_attr_get_payload
3586 (mnl_nlmsg_get_payload_tail
3588 } else if (decap.hdr) {
3589 assert(dev_flow->tcf.tunnel);
3590 dev_flow->tcf.tunnel->ifindex_ptr =
3591 (unsigned int *)&tcm->tcm_ifindex;
3593 mnl_attr_put(nlh, TCA_MIRRED_PARMS,
3594 sizeof(struct tc_mirred),
3595 &(struct tc_mirred){
3596 .action = TC_ACT_STOLEN,
3597 .eaction = TCA_EGRESS_REDIR,
3598 .ifindex = ptoi[i].ifindex,
3600 mnl_attr_nest_end(nlh, na_act);
3601 mnl_attr_nest_end(nlh, na_act_index);
3603 case RTE_FLOW_ACTION_TYPE_JUMP:
3604 conf.jump = actions->conf;
3606 mnl_attr_nest_start(nlh, na_act_index_cur++);
3607 assert(na_act_index);
3608 mnl_attr_put_strz(nlh, TCA_ACT_KIND, "gact");
3609 na_act = mnl_attr_nest_start(nlh, TCA_ACT_OPTIONS);
3611 mnl_attr_put(nlh, TCA_GACT_PARMS,
3612 sizeof(struct tc_gact),
3614 .action = TC_ACT_GOTO_CHAIN |
3617 mnl_attr_nest_end(nlh, na_act);
3618 mnl_attr_nest_end(nlh, na_act_index);
3620 case RTE_FLOW_ACTION_TYPE_DROP:
3622 mnl_attr_nest_start(nlh, na_act_index_cur++);
3623 assert(na_act_index);
3624 mnl_attr_put_strz(nlh, TCA_ACT_KIND, "gact");
3625 na_act = mnl_attr_nest_start(nlh, TCA_ACT_OPTIONS);
3627 mnl_attr_put(nlh, TCA_GACT_PARMS,
3628 sizeof(struct tc_gact),
3630 .action = TC_ACT_SHOT,
3632 mnl_attr_nest_end(nlh, na_act);
3633 mnl_attr_nest_end(nlh, na_act_index);
3635 case RTE_FLOW_ACTION_TYPE_COUNT:
3637 * Driver adds the count action implicitly for
3638 * each rule it creates.
3640 ret = flow_tcf_translate_action_count(dev,
3645 case RTE_FLOW_ACTION_TYPE_OF_POP_VLAN:
3646 conf.of_push_vlan = NULL;
3647 vlan_act = TCA_VLAN_ACT_POP;
3648 goto action_of_vlan;
3649 case RTE_FLOW_ACTION_TYPE_OF_PUSH_VLAN:
3650 conf.of_push_vlan = actions->conf;
3651 vlan_act = TCA_VLAN_ACT_PUSH;
3652 goto action_of_vlan;
3653 case RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_VID:
3654 conf.of_set_vlan_vid = actions->conf;
3656 goto override_na_vlan_id;
3657 vlan_act = TCA_VLAN_ACT_MODIFY;
3658 goto action_of_vlan;
3659 case RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_PCP:
3660 conf.of_set_vlan_pcp = actions->conf;
3661 if (na_vlan_priority)
3662 goto override_na_vlan_priority;
3663 vlan_act = TCA_VLAN_ACT_MODIFY;
3664 goto action_of_vlan;
3667 mnl_attr_nest_start(nlh, na_act_index_cur++);
3668 assert(na_act_index);
3669 mnl_attr_put_strz(nlh, TCA_ACT_KIND, "vlan");
3670 na_act = mnl_attr_nest_start(nlh, TCA_ACT_OPTIONS);
3672 mnl_attr_put(nlh, TCA_VLAN_PARMS,
3673 sizeof(struct tc_vlan),
3675 .action = TC_ACT_PIPE,
3676 .v_action = vlan_act,
3678 if (vlan_act == TCA_VLAN_ACT_POP) {
3679 mnl_attr_nest_end(nlh, na_act);
3680 mnl_attr_nest_end(nlh, na_act_index);
3683 if (vlan_act == TCA_VLAN_ACT_PUSH)
3684 mnl_attr_put_u16(nlh,
3685 TCA_VLAN_PUSH_VLAN_PROTOCOL,
3686 conf.of_push_vlan->ethertype);
3687 na_vlan_id = mnl_nlmsg_get_payload_tail(nlh);
3688 mnl_attr_put_u16(nlh, TCA_VLAN_PAD, 0);
3689 na_vlan_priority = mnl_nlmsg_get_payload_tail(nlh);
3690 mnl_attr_put_u8(nlh, TCA_VLAN_PAD, 0);
3691 mnl_attr_nest_end(nlh, na_act);
3692 mnl_attr_nest_end(nlh, na_act_index);
3693 if (actions->type ==
3694 RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_VID) {
3695 override_na_vlan_id:
3696 na_vlan_id->nla_type = TCA_VLAN_PUSH_VLAN_ID;
3697 *(uint16_t *)mnl_attr_get_payload(na_vlan_id) =
3699 (conf.of_set_vlan_vid->vlan_vid);
3700 } else if (actions->type ==
3701 RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_PCP) {
3702 override_na_vlan_priority:
3703 na_vlan_priority->nla_type =
3704 TCA_VLAN_PUSH_VLAN_PRIORITY;
3705 *(uint8_t *)mnl_attr_get_payload
3706 (na_vlan_priority) =
3707 conf.of_set_vlan_pcp->vlan_pcp;
3710 case RTE_FLOW_ACTION_TYPE_VXLAN_DECAP:
3711 assert(decap.vxlan);
3712 assert(dev_flow->tcf.tunnel);
3713 dev_flow->tcf.tunnel->ifindex_ptr =
3714 (unsigned int *)&tcm->tcm_ifindex;
3716 mnl_attr_nest_start(nlh, na_act_index_cur++);
3717 assert(na_act_index);
3718 mnl_attr_put_strz(nlh, TCA_ACT_KIND, "tunnel_key");
3719 na_act = mnl_attr_nest_start(nlh, TCA_ACT_OPTIONS);
3721 mnl_attr_put(nlh, TCA_TUNNEL_KEY_PARMS,
3722 sizeof(struct tc_tunnel_key),
3723 &(struct tc_tunnel_key){
3724 .action = TC_ACT_PIPE,
3725 .t_action = TCA_TUNNEL_KEY_ACT_RELEASE,
3727 mnl_attr_nest_end(nlh, na_act);
3728 mnl_attr_nest_end(nlh, na_act_index);
3729 assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3731 case RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP:
3732 assert(encap.vxlan);
3733 flow_tcf_vxlan_encap_parse(actions, encap.vxlan);
3735 mnl_attr_nest_start(nlh, na_act_index_cur++);
3736 assert(na_act_index);
3737 mnl_attr_put_strz(nlh, TCA_ACT_KIND, "tunnel_key");
3738 na_act = mnl_attr_nest_start(nlh, TCA_ACT_OPTIONS);
3740 mnl_attr_put(nlh, TCA_TUNNEL_KEY_PARMS,
3741 sizeof(struct tc_tunnel_key),
3742 &(struct tc_tunnel_key){
3743 .action = TC_ACT_PIPE,
3744 .t_action = TCA_TUNNEL_KEY_ACT_SET,
3746 if (encap.vxlan->mask & FLOW_TCF_ENCAP_UDP_DST)
3747 mnl_attr_put_u16(nlh,
3748 TCA_TUNNEL_KEY_ENC_DST_PORT,
3749 encap.vxlan->udp.dst);
3750 if (encap.vxlan->mask & FLOW_TCF_ENCAP_IPV4_SRC)
3751 mnl_attr_put_u32(nlh,
3752 TCA_TUNNEL_KEY_ENC_IPV4_SRC,
3753 encap.vxlan->ipv4.src);
3754 if (encap.vxlan->mask & FLOW_TCF_ENCAP_IPV4_DST)
3755 mnl_attr_put_u32(nlh,
3756 TCA_TUNNEL_KEY_ENC_IPV4_DST,
3757 encap.vxlan->ipv4.dst);
3758 if (encap.vxlan->mask & FLOW_TCF_ENCAP_IPV6_SRC)
3760 TCA_TUNNEL_KEY_ENC_IPV6_SRC,
3761 sizeof(encap.vxlan->ipv6.src),
3762 &encap.vxlan->ipv6.src);
3763 if (encap.vxlan->mask & FLOW_TCF_ENCAP_IPV6_DST)
3765 TCA_TUNNEL_KEY_ENC_IPV6_DST,
3766 sizeof(encap.vxlan->ipv6.dst),
3767 &encap.vxlan->ipv6.dst);
3768 if (encap.vxlan->mask & FLOW_TCF_ENCAP_VXLAN_VNI)
3769 mnl_attr_put_u32(nlh,
3770 TCA_TUNNEL_KEY_ENC_KEY_ID,
3772 (encap.vxlan->vxlan.vni));
3773 mnl_attr_put_u8(nlh, TCA_TUNNEL_KEY_NO_CSUM, 0);
3774 mnl_attr_nest_end(nlh, na_act);
3775 mnl_attr_nest_end(nlh, na_act_index);
3776 assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3778 case RTE_FLOW_ACTION_TYPE_SET_IPV4_SRC:
3779 case RTE_FLOW_ACTION_TYPE_SET_IPV4_DST:
3780 case RTE_FLOW_ACTION_TYPE_SET_IPV6_SRC:
3781 case RTE_FLOW_ACTION_TYPE_SET_IPV6_DST:
3782 case RTE_FLOW_ACTION_TYPE_SET_TP_SRC:
3783 case RTE_FLOW_ACTION_TYPE_SET_TP_DST:
3784 case RTE_FLOW_ACTION_TYPE_SET_TTL:
3785 case RTE_FLOW_ACTION_TYPE_DEC_TTL:
3786 case RTE_FLOW_ACTION_TYPE_SET_MAC_SRC:
3787 case RTE_FLOW_ACTION_TYPE_SET_MAC_DST:
3789 mnl_attr_nest_start(nlh, na_act_index_cur++);
3790 flow_tcf_create_pedit_mnl_msg(nlh,
3791 &actions, item_flags);
3792 mnl_attr_nest_end(nlh, na_act_index);
3795 return rte_flow_error_set(error, ENOTSUP,
3796 RTE_FLOW_ERROR_TYPE_ACTION,
3798 "action not supported");
3802 assert(na_flower_act);
3803 mnl_attr_nest_end(nlh, na_flower_act);
3804 dev_flow->tcf.ptc_flags = mnl_attr_get_payload
3805 (mnl_nlmsg_get_payload_tail(nlh));
3806 mnl_attr_put_u32(nlh, TCA_FLOWER_FLAGS, decap.vxlan ?
3807 0 : TCA_CLS_FLAGS_SKIP_SW);
3808 mnl_attr_nest_end(nlh, na_flower);
3809 if (dev_flow->tcf.tunnel && dev_flow->tcf.tunnel->ifindex_ptr)
3810 dev_flow->tcf.tunnel->ifindex_org =
3811 *dev_flow->tcf.tunnel->ifindex_ptr;
3812 assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3817 * Send Netlink message with acknowledgment.
3820 * Flow context to use.
3822 * Message to send. This function always raises the NLM_F_ACK flag before
3825 * Callback handler for received message.
3827 * Context pointer for callback handler.
3830 * 0 on success, a negative errno value otherwise and rte_errno is set.
3833 flow_tcf_nl_ack(struct mlx5_flow_tcf_context *tcf,
3834 struct nlmsghdr *nlh,
3835 mnl_cb_t cb, void *arg)
3837 unsigned int portid = mnl_socket_get_portid(tcf->nl);
3838 uint32_t seq = tcf->seq++;
3844 /* seq 0 is reserved for kernel event-driven notifications. */
3847 nlh->nlmsg_seq = seq;
3848 nlh->nlmsg_flags |= NLM_F_ACK;
3849 ret = mnl_socket_sendto(tcf->nl, nlh, nlh->nlmsg_len);
3851 /* Message send error occurres. */
3855 nlh = (struct nlmsghdr *)(tcf->buf);
3857 * The following loop postpones non-fatal errors until multipart
3858 * messages are complete.
3861 ret = mnl_socket_recvfrom(tcf->nl, tcf->buf, tcf->buf_size);
3865 * In case of overflow Will receive till
3866 * end of multipart message. We may lost part
3867 * of reply messages but mark and return an error.
3869 if (err != ENOSPC ||
3870 !(nlh->nlmsg_flags & NLM_F_MULTI) ||
3871 nlh->nlmsg_type == NLMSG_DONE)
3874 ret = mnl_cb_run(nlh, ret, seq, portid, cb, arg);
3877 * libmnl returns 0 if DONE or
3878 * success ACK message found.
3884 * ACK message with error found
3885 * or some error occurred.
3890 /* We should continue receiving. */
3899 #define MNL_BUF_EXTRA_SPACE 16
3900 #define MNL_REQUEST_SIZE_MIN 256
3901 #define MNL_REQUEST_SIZE_MAX 2048
3902 #define MNL_REQUEST_SIZE RTE_MIN(RTE_MAX(sysconf(_SC_PAGESIZE), \
3903 MNL_REQUEST_SIZE_MIN), MNL_REQUEST_SIZE_MAX)
3905 /* Data structures used by flow_tcf_xxx_cb() routines. */
3906 struct tcf_nlcb_buf {
3907 LIST_ENTRY(tcf_nlcb_buf) next;
3909 alignas(struct nlmsghdr)
3910 uint8_t msg[]; /**< Netlink message data. */
3913 struct tcf_nlcb_context {
3914 unsigned int ifindex; /**< Base interface index. */
3916 LIST_HEAD(, tcf_nlcb_buf) nlbuf;
3920 * Allocate space for netlink command in buffer list
3922 * @param[in, out] ctx
3923 * Pointer to callback context with command buffers list.
3925 * Required size of data buffer to be allocated.
3928 * Pointer to allocated memory, aligned as message header.
3929 * NULL if some error occurred.
3931 static struct nlmsghdr *
3932 flow_tcf_alloc_nlcmd(struct tcf_nlcb_context *ctx, uint32_t size)
3934 struct tcf_nlcb_buf *buf;
3935 struct nlmsghdr *nlh;
3937 size = NLMSG_ALIGN(size);
3938 buf = LIST_FIRST(&ctx->nlbuf);
3939 if (buf && (buf->size + size) <= ctx->bufsize) {
3940 nlh = (struct nlmsghdr *)&buf->msg[buf->size];
3944 if (size > ctx->bufsize) {
3945 DRV_LOG(WARNING, "netlink: too long command buffer requested");
3948 buf = rte_malloc(__func__,
3949 ctx->bufsize + sizeof(struct tcf_nlcb_buf),
3950 alignof(struct tcf_nlcb_buf));
3952 DRV_LOG(WARNING, "netlink: no memory for command buffer");
3955 LIST_INSERT_HEAD(&ctx->nlbuf, buf, next);
3957 nlh = (struct nlmsghdr *)&buf->msg[0];
3962 * Send the buffers with prepared netlink commands. Scans the list and
3963 * sends all found buffers. Buffers are sent and freed anyway in order
3964 * to prevent memory leakage if some every message in received packet.
3967 * Context object initialized by mlx5_flow_tcf_context_create().
3968 * @param[in, out] ctx
3969 * Pointer to callback context with command buffers list.
3972 * Zero value on success, negative errno value otherwise
3973 * and rte_errno is set.
3976 flow_tcf_send_nlcmd(struct mlx5_flow_tcf_context *tcf,
3977 struct tcf_nlcb_context *ctx)
3979 struct tcf_nlcb_buf *bc = LIST_FIRST(&ctx->nlbuf);
3983 struct tcf_nlcb_buf *bn = LIST_NEXT(bc, next);
3984 struct nlmsghdr *nlh;
3988 while (msg < bc->size) {
3990 * Send Netlink commands from buffer in one by one
3991 * fashion. If we send multiple rule deletion commands
3992 * in one Netlink message and some error occurs it may
3993 * cause multiple ACK error messages and break sequence
3994 * numbers of Netlink communication, because we expect
3995 * the only one ACK reply.
3997 assert((bc->size - msg) >= sizeof(struct nlmsghdr));
3998 nlh = (struct nlmsghdr *)&bc->msg[msg];
3999 assert((bc->size - msg) >= nlh->nlmsg_len);
4000 msg += nlh->nlmsg_len;
4001 rc = flow_tcf_nl_ack(tcf, nlh, NULL, NULL);
4004 "netlink: cleanup error %d", rc);
4012 LIST_INIT(&ctx->nlbuf);
4017 * Collect local IP address rules with scope link attribute on specified
4018 * network device. This is callback routine called by libmnl mnl_cb_run()
4019 * in loop for every message in received packet.
4022 * Pointer to reply header.
4023 * @param[in, out] arg
4024 * Opaque data pointer for this callback.
4027 * A positive, nonzero value on success, negative errno value otherwise
4028 * and rte_errno is set.
4031 flow_tcf_collect_local_cb(const struct nlmsghdr *nlh, void *arg)
4033 struct tcf_nlcb_context *ctx = arg;
4034 struct nlmsghdr *cmd;
4035 struct ifaddrmsg *ifa;
4037 struct nlattr *na_local = NULL;
4038 struct nlattr *na_peer = NULL;
4039 unsigned char family;
4042 if (nlh->nlmsg_type != RTM_NEWADDR) {
4046 ifa = mnl_nlmsg_get_payload(nlh);
4047 family = ifa->ifa_family;
4048 if (ifa->ifa_index != ctx->ifindex ||
4049 ifa->ifa_scope != RT_SCOPE_LINK ||
4050 !(ifa->ifa_flags & IFA_F_PERMANENT) ||
4051 (family != AF_INET && family != AF_INET6))
4053 mnl_attr_for_each(na, nlh, sizeof(*ifa)) {
4054 switch (mnl_attr_get_type(na)) {
4062 if (na_local && na_peer)
4065 if (!na_local || !na_peer)
4067 /* Local rule found with scope link, permanent and assigned peer. */
4068 size = MNL_ALIGN(sizeof(struct nlmsghdr)) +
4069 MNL_ALIGN(sizeof(struct ifaddrmsg)) +
4070 (family == AF_INET6 ? 2 * SZ_NLATTR_DATA_OF(IPV6_ADDR_LEN)
4071 : 2 * SZ_NLATTR_TYPE_OF(uint32_t));
4072 cmd = flow_tcf_alloc_nlcmd(ctx, size);
4077 cmd = mnl_nlmsg_put_header(cmd);
4078 cmd->nlmsg_type = RTM_DELADDR;
4079 cmd->nlmsg_flags = NLM_F_REQUEST;
4080 ifa = mnl_nlmsg_put_extra_header(cmd, sizeof(*ifa));
4081 ifa->ifa_flags = IFA_F_PERMANENT;
4082 ifa->ifa_scope = RT_SCOPE_LINK;
4083 ifa->ifa_index = ctx->ifindex;
4084 if (family == AF_INET) {
4085 ifa->ifa_family = AF_INET;
4086 ifa->ifa_prefixlen = 32;
4087 mnl_attr_put_u32(cmd, IFA_LOCAL, mnl_attr_get_u32(na_local));
4088 mnl_attr_put_u32(cmd, IFA_ADDRESS, mnl_attr_get_u32(na_peer));
4090 ifa->ifa_family = AF_INET6;
4091 ifa->ifa_prefixlen = 128;
4092 mnl_attr_put(cmd, IFA_LOCAL, IPV6_ADDR_LEN,
4093 mnl_attr_get_payload(na_local));
4094 mnl_attr_put(cmd, IFA_ADDRESS, IPV6_ADDR_LEN,
4095 mnl_attr_get_payload(na_peer));
4097 assert(size == cmd->nlmsg_len);
4102 * Cleanup the local IP addresses on outer interface.
4105 * Context object initialized by mlx5_flow_tcf_context_create().
4106 * @param[in] ifindex
4107 * Network inferface index to perform cleanup.
4110 flow_tcf_encap_local_cleanup(struct mlx5_flow_tcf_context *tcf,
4111 unsigned int ifindex)
4113 struct nlmsghdr *nlh;
4114 struct ifaddrmsg *ifa;
4115 struct tcf_nlcb_context ctx = {
4117 .bufsize = MNL_REQUEST_SIZE,
4118 .nlbuf = LIST_HEAD_INITIALIZER(),
4124 * Seek and destroy leftovers of local IP addresses with
4125 * matching properties "scope link".
4127 nlh = mnl_nlmsg_put_header(tcf->buf);
4128 nlh->nlmsg_type = RTM_GETADDR;
4129 nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP;
4130 ifa = mnl_nlmsg_put_extra_header(nlh, sizeof(*ifa));
4131 ifa->ifa_family = AF_UNSPEC;
4132 ifa->ifa_index = ifindex;
4133 ifa->ifa_scope = RT_SCOPE_LINK;
4134 ret = flow_tcf_nl_ack(tcf, nlh, flow_tcf_collect_local_cb, &ctx);
4136 DRV_LOG(WARNING, "netlink: query device list error %d", ret);
4137 ret = flow_tcf_send_nlcmd(tcf, &ctx);
4139 DRV_LOG(WARNING, "netlink: device delete error %d", ret);
4143 * Collect neigh permament rules on specified network device.
4144 * This is callback routine called by libmnl mnl_cb_run() in loop for
4145 * every message in received packet.
4148 * Pointer to reply header.
4149 * @param[in, out] arg
4150 * Opaque data pointer for this callback.
4153 * A positive, nonzero value on success, negative errno value otherwise
4154 * and rte_errno is set.
4157 flow_tcf_collect_neigh_cb(const struct nlmsghdr *nlh, void *arg)
4159 struct tcf_nlcb_context *ctx = arg;
4160 struct nlmsghdr *cmd;
4163 struct nlattr *na_ip = NULL;
4164 struct nlattr *na_mac = NULL;
4165 unsigned char family;
4168 if (nlh->nlmsg_type != RTM_NEWNEIGH) {
4172 ndm = mnl_nlmsg_get_payload(nlh);
4173 family = ndm->ndm_family;
4174 if (ndm->ndm_ifindex != (int)ctx->ifindex ||
4175 !(ndm->ndm_state & NUD_PERMANENT) ||
4176 (family != AF_INET && family != AF_INET6))
4178 mnl_attr_for_each(na, nlh, sizeof(*ndm)) {
4179 switch (mnl_attr_get_type(na)) {
4187 if (na_mac && na_ip)
4190 if (!na_mac || !na_ip)
4192 /* Neigh rule with permenent attribute found. */
4193 size = MNL_ALIGN(sizeof(struct nlmsghdr)) +
4194 MNL_ALIGN(sizeof(struct ndmsg)) +
4195 SZ_NLATTR_DATA_OF(ETHER_ADDR_LEN) +
4196 (family == AF_INET6 ? SZ_NLATTR_DATA_OF(IPV6_ADDR_LEN)
4197 : SZ_NLATTR_TYPE_OF(uint32_t));
4198 cmd = flow_tcf_alloc_nlcmd(ctx, size);
4203 cmd = mnl_nlmsg_put_header(cmd);
4204 cmd->nlmsg_type = RTM_DELNEIGH;
4205 cmd->nlmsg_flags = NLM_F_REQUEST;
4206 ndm = mnl_nlmsg_put_extra_header(cmd, sizeof(*ndm));
4207 ndm->ndm_ifindex = ctx->ifindex;
4208 ndm->ndm_state = NUD_PERMANENT;
4211 if (family == AF_INET) {
4212 ndm->ndm_family = AF_INET;
4213 mnl_attr_put_u32(cmd, NDA_DST, mnl_attr_get_u32(na_ip));
4215 ndm->ndm_family = AF_INET6;
4216 mnl_attr_put(cmd, NDA_DST, IPV6_ADDR_LEN,
4217 mnl_attr_get_payload(na_ip));
4219 mnl_attr_put(cmd, NDA_LLADDR, ETHER_ADDR_LEN,
4220 mnl_attr_get_payload(na_mac));
4221 assert(size == cmd->nlmsg_len);
4226 * Cleanup the neigh rules on outer interface.
4229 * Context object initialized by mlx5_flow_tcf_context_create().
4230 * @param[in] ifindex
4231 * Network inferface index to perform cleanup.
4234 flow_tcf_encap_neigh_cleanup(struct mlx5_flow_tcf_context *tcf,
4235 unsigned int ifindex)
4237 struct nlmsghdr *nlh;
4239 struct tcf_nlcb_context ctx = {
4241 .bufsize = MNL_REQUEST_SIZE,
4242 .nlbuf = LIST_HEAD_INITIALIZER(),
4247 /* Seek and destroy leftovers of neigh rules. */
4248 nlh = mnl_nlmsg_put_header(tcf->buf);
4249 nlh->nlmsg_type = RTM_GETNEIGH;
4250 nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP;
4251 ndm = mnl_nlmsg_put_extra_header(nlh, sizeof(*ndm));
4252 ndm->ndm_family = AF_UNSPEC;
4253 ndm->ndm_ifindex = ifindex;
4254 ndm->ndm_state = NUD_PERMANENT;
4255 ret = flow_tcf_nl_ack(tcf, nlh, flow_tcf_collect_neigh_cb, &ctx);
4257 DRV_LOG(WARNING, "netlink: query device list error %d", ret);
4258 ret = flow_tcf_send_nlcmd(tcf, &ctx);
4260 DRV_LOG(WARNING, "netlink: device delete error %d", ret);
4264 * Collect indices of VXLAN encap/decap interfaces associated with device.
4265 * This is callback routine called by libmnl mnl_cb_run() in loop for
4266 * every message in received packet.
4269 * Pointer to reply header.
4270 * @param[in, out] arg
4271 * Opaque data pointer for this callback.
4274 * A positive, nonzero value on success, negative errno value otherwise
4275 * and rte_errno is set.
4278 flow_tcf_collect_vxlan_cb(const struct nlmsghdr *nlh, void *arg)
4280 struct tcf_nlcb_context *ctx = arg;
4281 struct nlmsghdr *cmd;
4282 struct ifinfomsg *ifm;
4284 struct nlattr *na_info = NULL;
4285 struct nlattr *na_vxlan = NULL;
4287 unsigned int vxindex;
4290 if (nlh->nlmsg_type != RTM_NEWLINK) {
4294 ifm = mnl_nlmsg_get_payload(nlh);
4295 if (!ifm->ifi_index) {
4299 mnl_attr_for_each(na, nlh, sizeof(*ifm))
4300 if (mnl_attr_get_type(na) == IFLA_LINKINFO) {
4306 mnl_attr_for_each_nested(na, na_info) {
4307 switch (mnl_attr_get_type(na)) {
4308 case IFLA_INFO_KIND:
4309 if (!strncmp("vxlan", mnl_attr_get_str(na),
4310 mnl_attr_get_len(na)))
4313 case IFLA_INFO_DATA:
4317 if (found && na_vxlan)
4320 if (!found || !na_vxlan)
4323 mnl_attr_for_each_nested(na, na_vxlan) {
4324 if (mnl_attr_get_type(na) == IFLA_VXLAN_LINK &&
4325 mnl_attr_get_u32(na) == ctx->ifindex) {
4332 /* Attached VXLAN device found, store the command to delete. */
4333 vxindex = ifm->ifi_index;
4334 size = MNL_ALIGN(sizeof(struct nlmsghdr)) +
4335 MNL_ALIGN(sizeof(struct ifinfomsg));
4336 cmd = flow_tcf_alloc_nlcmd(ctx, size);
4341 cmd = mnl_nlmsg_put_header(cmd);
4342 cmd->nlmsg_type = RTM_DELLINK;
4343 cmd->nlmsg_flags = NLM_F_REQUEST;
4344 ifm = mnl_nlmsg_put_extra_header(cmd, sizeof(*ifm));
4345 ifm->ifi_family = AF_UNSPEC;
4346 ifm->ifi_index = vxindex;
4347 assert(size == cmd->nlmsg_len);
4352 * Cleanup the outer interface. Removes all found vxlan devices
4353 * attached to specified index, flushes the neigh and local IP
4357 * Context object initialized by mlx5_flow_tcf_context_create().
4358 * @param[in] ifindex
4359 * Network inferface index to perform cleanup.
4362 flow_tcf_encap_iface_cleanup(struct mlx5_flow_tcf_context *tcf,
4363 unsigned int ifindex)
4365 struct nlmsghdr *nlh;
4366 struct ifinfomsg *ifm;
4367 struct tcf_nlcb_context ctx = {
4369 .bufsize = MNL_REQUEST_SIZE,
4370 .nlbuf = LIST_HEAD_INITIALIZER(),
4376 * Seek and destroy leftover VXLAN encap/decap interfaces with
4377 * matching properties.
4379 nlh = mnl_nlmsg_put_header(tcf->buf);
4380 nlh->nlmsg_type = RTM_GETLINK;
4381 nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP;
4382 ifm = mnl_nlmsg_put_extra_header(nlh, sizeof(*ifm));
4383 ifm->ifi_family = AF_UNSPEC;
4384 ret = flow_tcf_nl_ack(tcf, nlh, flow_tcf_collect_vxlan_cb, &ctx);
4386 DRV_LOG(WARNING, "netlink: query device list error %d", ret);
4387 ret = flow_tcf_send_nlcmd(tcf, &ctx);
4389 DRV_LOG(WARNING, "netlink: device delete error %d", ret);
4393 * Emit Netlink message to add/remove local address to the outer device.
4394 * The address being added is visible within the link only (scope link).
4396 * Note that an implicit route is maintained by the kernel due to the
4397 * presence of a peer address (IFA_ADDRESS).
4399 * These rules are used for encapsultion only and allow to assign
4400 * the outer tunnel source IP address.
4403 * Libmnl socket context object.
4405 * Encapsulation properties (source address and its peer).
4406 * @param[in] ifindex
4407 * Network interface to apply rule.
4409 * Toggle between add and remove.
4411 * Perform verbose error reporting if not NULL.
4414 * 0 on success, a negative errno value otherwise and rte_errno is set.
4417 flow_tcf_rule_local(struct mlx5_flow_tcf_context *tcf,
4418 const struct flow_tcf_vxlan_encap *encap,
4419 unsigned int ifindex,
4421 struct rte_flow_error *error)
4423 struct nlmsghdr *nlh;
4424 struct ifaddrmsg *ifa;
4425 alignas(struct nlmsghdr)
4426 uint8_t buf[mnl_nlmsg_size(sizeof(*ifa) + 128)];
4428 nlh = mnl_nlmsg_put_header(buf);
4429 nlh->nlmsg_type = enable ? RTM_NEWADDR : RTM_DELADDR;
4431 NLM_F_REQUEST | (enable ? NLM_F_CREATE | NLM_F_REPLACE : 0);
4433 ifa = mnl_nlmsg_put_extra_header(nlh, sizeof(*ifa));
4434 ifa->ifa_flags = IFA_F_PERMANENT;
4435 ifa->ifa_scope = RT_SCOPE_LINK;
4436 ifa->ifa_index = ifindex;
4437 if (encap->mask & FLOW_TCF_ENCAP_IPV4_SRC) {
4438 ifa->ifa_family = AF_INET;
4439 ifa->ifa_prefixlen = 32;
4440 mnl_attr_put_u32(nlh, IFA_LOCAL, encap->ipv4.src);
4441 if (encap->mask & FLOW_TCF_ENCAP_IPV4_DST)
4442 mnl_attr_put_u32(nlh, IFA_ADDRESS,
4445 assert(encap->mask & FLOW_TCF_ENCAP_IPV6_SRC);
4446 ifa->ifa_family = AF_INET6;
4447 ifa->ifa_prefixlen = 128;
4448 mnl_attr_put(nlh, IFA_LOCAL,
4449 sizeof(encap->ipv6.src),
4451 if (encap->mask & FLOW_TCF_ENCAP_IPV6_DST)
4452 mnl_attr_put(nlh, IFA_ADDRESS,
4453 sizeof(encap->ipv6.dst),
4456 if (!flow_tcf_nl_ack(tcf, nlh, NULL, NULL))
4458 return rte_flow_error_set(error, rte_errno,
4459 RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
4460 "netlink: cannot complete IFA request"
4465 * Emit Netlink message to add/remove neighbor.
4468 * Libmnl socket context object.
4470 * Encapsulation properties (destination address).
4471 * @param[in] ifindex
4472 * Network interface.
4474 * Toggle between add and remove.
4476 * Perform verbose error reporting if not NULL.
4479 * 0 on success, a negative errno value otherwise and rte_errno is set.
4482 flow_tcf_rule_neigh(struct mlx5_flow_tcf_context *tcf,
4483 const struct flow_tcf_vxlan_encap *encap,
4484 unsigned int ifindex,
4486 struct rte_flow_error *error)
4488 struct nlmsghdr *nlh;
4490 alignas(struct nlmsghdr)
4491 uint8_t buf[mnl_nlmsg_size(sizeof(*ndm) + 128)];
4493 nlh = mnl_nlmsg_put_header(buf);
4494 nlh->nlmsg_type = enable ? RTM_NEWNEIGH : RTM_DELNEIGH;
4496 NLM_F_REQUEST | (enable ? NLM_F_CREATE | NLM_F_REPLACE : 0);
4498 ndm = mnl_nlmsg_put_extra_header(nlh, sizeof(*ndm));
4499 ndm->ndm_ifindex = ifindex;
4500 ndm->ndm_state = NUD_PERMANENT;
4503 if (encap->mask & FLOW_TCF_ENCAP_IPV4_DST) {
4504 ndm->ndm_family = AF_INET;
4505 mnl_attr_put_u32(nlh, NDA_DST, encap->ipv4.dst);
4507 assert(encap->mask & FLOW_TCF_ENCAP_IPV6_DST);
4508 ndm->ndm_family = AF_INET6;
4509 mnl_attr_put(nlh, NDA_DST, sizeof(encap->ipv6.dst),
4512 if (encap->mask & FLOW_TCF_ENCAP_ETH_SRC && enable)
4514 "outer ethernet source address cannot be "
4515 "forced for VXLAN encapsulation");
4516 if (encap->mask & FLOW_TCF_ENCAP_ETH_DST)
4517 mnl_attr_put(nlh, NDA_LLADDR, sizeof(encap->eth.dst),
4519 if (!flow_tcf_nl_ack(tcf, nlh, NULL, NULL))
4521 return rte_flow_error_set(error, rte_errno,
4522 RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
4523 "netlink: cannot complete ND request"
4528 * Manage the local IP addresses and their peers IP addresses on the
4529 * outer interface for encapsulation purposes. The kernel searches the
4530 * appropriate device for tunnel egress traffic using the outer source
4531 * IP, this IP should be assigned to the outer network device, otherwise
4532 * kernel rejects the rule.
4534 * Adds or removes the addresses using the Netlink command like this:
4535 * ip addr add <src_ip> peer <dst_ip> scope link dev <ifouter>
4537 * The addresses are local to the netdev ("scope link"), this reduces
4538 * the risk of conflicts. Note that an implicit route is maintained by
4539 * the kernel due to the presence of a peer address (IFA_ADDRESS).
4542 * Libmnl socket context object.
4544 * VTEP object, contains rule database and ifouter index.
4545 * @param[in] dev_flow
4546 * Flow object, contains the tunnel parameters (for encap only).
4548 * Toggle between add and remove.
4550 * Perform verbose error reporting if not NULL.
4553 * 0 on success, a negative errno value otherwise and rte_errno is set.
4556 flow_tcf_encap_local(struct mlx5_flow_tcf_context *tcf,
4557 struct tcf_vtep *vtep,
4558 struct mlx5_flow *dev_flow,
4560 struct rte_flow_error *error)
4562 const struct flow_tcf_vxlan_encap *encap = dev_flow->tcf.vxlan_encap;
4563 struct tcf_local_rule *rule;
4568 assert(encap->hdr.type == FLOW_TCF_TUNACT_VXLAN_ENCAP);
4569 if (encap->mask & FLOW_TCF_ENCAP_IPV4_SRC) {
4570 assert(encap->mask & FLOW_TCF_ENCAP_IPV4_DST);
4571 LIST_FOREACH(rule, &vtep->local, next) {
4572 if (rule->mask & FLOW_TCF_ENCAP_IPV4_SRC &&
4573 encap->ipv4.src == rule->ipv4.src &&
4574 encap->ipv4.dst == rule->ipv4.dst) {
4580 assert(encap->mask & FLOW_TCF_ENCAP_IPV6_SRC);
4581 assert(encap->mask & FLOW_TCF_ENCAP_IPV6_DST);
4582 LIST_FOREACH(rule, &vtep->local, next) {
4583 if (rule->mask & FLOW_TCF_ENCAP_IPV6_SRC &&
4584 !memcmp(&encap->ipv6.src, &rule->ipv6.src,
4585 sizeof(encap->ipv6.src)) &&
4586 !memcmp(&encap->ipv6.dst, &rule->ipv6.dst,
4587 sizeof(encap->ipv6.dst))) {
4598 if (!rule->refcnt || !--rule->refcnt) {
4599 LIST_REMOVE(rule, next);
4600 return flow_tcf_rule_local(tcf, encap,
4601 vtep->ifouter, false, error);
4606 DRV_LOG(WARNING, "disabling not existing local rule");
4607 rte_flow_error_set(error, ENOENT,
4608 RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
4609 "disabling not existing local rule");
4612 rule = rte_zmalloc(__func__, sizeof(struct tcf_local_rule),
4613 alignof(struct tcf_local_rule));
4615 rte_flow_error_set(error, ENOMEM,
4616 RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
4617 "unable to allocate memory for local rule");
4620 *rule = (struct tcf_local_rule){.refcnt = 0,
4623 if (encap->mask & FLOW_TCF_ENCAP_IPV4_SRC) {
4624 rule->mask = FLOW_TCF_ENCAP_IPV4_SRC
4625 | FLOW_TCF_ENCAP_IPV4_DST;
4626 rule->ipv4.src = encap->ipv4.src;
4627 rule->ipv4.dst = encap->ipv4.dst;
4629 rule->mask = FLOW_TCF_ENCAP_IPV6_SRC
4630 | FLOW_TCF_ENCAP_IPV6_DST;
4631 memcpy(&rule->ipv6.src, &encap->ipv6.src, IPV6_ADDR_LEN);
4632 memcpy(&rule->ipv6.dst, &encap->ipv6.dst, IPV6_ADDR_LEN);
4634 ret = flow_tcf_rule_local(tcf, encap, vtep->ifouter, true, error);
4640 LIST_INSERT_HEAD(&vtep->local, rule, next);
4645 * Manage the destination MAC/IP addresses neigh database, kernel uses
4646 * this one to determine the destination MAC address within encapsulation
4647 * header. Adds or removes the entries using the Netlink command like this:
4648 * ip neigh add dev <ifouter> lladdr <dst_mac> to <dst_ip> nud permanent
4651 * Libmnl socket context object.
4653 * VTEP object, contains rule database and ifouter index.
4654 * @param[in] dev_flow
4655 * Flow object, contains the tunnel parameters (for encap only).
4657 * Toggle between add and remove.
4659 * Perform verbose error reporting if not NULL.
4662 * 0 on success, a negative errno value otherwise and rte_errno is set.
4665 flow_tcf_encap_neigh(struct mlx5_flow_tcf_context *tcf,
4666 struct tcf_vtep *vtep,
4667 struct mlx5_flow *dev_flow,
4669 struct rte_flow_error *error)
4671 const struct flow_tcf_vxlan_encap *encap = dev_flow->tcf.vxlan_encap;
4672 struct tcf_neigh_rule *rule;
4677 assert(encap->hdr.type == FLOW_TCF_TUNACT_VXLAN_ENCAP);
4678 if (encap->mask & FLOW_TCF_ENCAP_IPV4_DST) {
4679 assert(encap->mask & FLOW_TCF_ENCAP_IPV4_SRC);
4680 LIST_FOREACH(rule, &vtep->neigh, next) {
4681 if (rule->mask & FLOW_TCF_ENCAP_IPV4_DST &&
4682 encap->ipv4.dst == rule->ipv4.dst) {
4688 assert(encap->mask & FLOW_TCF_ENCAP_IPV6_SRC);
4689 assert(encap->mask & FLOW_TCF_ENCAP_IPV6_DST);
4690 LIST_FOREACH(rule, &vtep->neigh, next) {
4691 if (rule->mask & FLOW_TCF_ENCAP_IPV6_DST &&
4692 !memcmp(&encap->ipv6.dst, &rule->ipv6.dst,
4693 sizeof(encap->ipv6.dst))) {
4700 if (memcmp(&encap->eth.dst, &rule->eth,
4701 sizeof(encap->eth.dst))) {
4702 DRV_LOG(WARNING, "Destination MAC differs"
4704 rte_flow_error_set(error, EEXIST,
4705 RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
4706 NULL, "Different MAC address"
4707 " neigh rule for the same"
4715 if (!rule->refcnt || !--rule->refcnt) {
4716 LIST_REMOVE(rule, next);
4717 return flow_tcf_rule_neigh(tcf, encap,
4724 DRV_LOG(WARNING, "Disabling not existing neigh rule");
4725 rte_flow_error_set(error, ENOENT,
4726 RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
4727 "unable to allocate memory for neigh rule");
4730 rule = rte_zmalloc(__func__, sizeof(struct tcf_neigh_rule),
4731 alignof(struct tcf_neigh_rule));
4733 rte_flow_error_set(error, ENOMEM,
4734 RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
4735 "unable to allocate memory for neigh rule");
4738 *rule = (struct tcf_neigh_rule){.refcnt = 0,
4741 if (encap->mask & FLOW_TCF_ENCAP_IPV4_DST) {
4742 rule->mask = FLOW_TCF_ENCAP_IPV4_DST;
4743 rule->ipv4.dst = encap->ipv4.dst;
4745 rule->mask = FLOW_TCF_ENCAP_IPV6_DST;
4746 memcpy(&rule->ipv6.dst, &encap->ipv6.dst, IPV6_ADDR_LEN);
4748 memcpy(&rule->eth, &encap->eth.dst, sizeof(rule->eth));
4749 ret = flow_tcf_rule_neigh(tcf, encap, vtep->ifouter, true, error);
4755 LIST_INSERT_HEAD(&vtep->neigh, rule, next);
4759 /* VTEP device list is shared between PMD port instances. */
4760 static LIST_HEAD(, tcf_vtep) vtep_list_vxlan = LIST_HEAD_INITIALIZER();
4761 static pthread_mutex_t vtep_list_mutex = PTHREAD_MUTEX_INITIALIZER;
4764 * Deletes VTEP network device.
4767 * Context object initialized by mlx5_flow_tcf_context_create().
4769 * Object represinting the network device to delete. Memory
4770 * allocated for this object is freed by routine.
4773 flow_tcf_vtep_delete(struct mlx5_flow_tcf_context *tcf,
4774 struct tcf_vtep *vtep)
4776 struct nlmsghdr *nlh;
4777 struct ifinfomsg *ifm;
4778 alignas(struct nlmsghdr)
4779 uint8_t buf[mnl_nlmsg_size(MNL_ALIGN(sizeof(*ifm))) +
4780 MNL_BUF_EXTRA_SPACE];
4783 assert(!vtep->refcnt);
4784 /* Delete only ifaces those we actually created. */
4785 if (vtep->created && vtep->ifindex) {
4786 DRV_LOG(INFO, "VTEP delete (%d)", vtep->ifindex);
4787 nlh = mnl_nlmsg_put_header(buf);
4788 nlh->nlmsg_type = RTM_DELLINK;
4789 nlh->nlmsg_flags = NLM_F_REQUEST;
4790 ifm = mnl_nlmsg_put_extra_header(nlh, sizeof(*ifm));
4791 ifm->ifi_family = AF_UNSPEC;
4792 ifm->ifi_index = vtep->ifindex;
4793 assert(sizeof(buf) >= nlh->nlmsg_len);
4794 ret = flow_tcf_nl_ack(tcf, nlh, NULL, NULL);
4796 DRV_LOG(WARNING, "netlink: error deleting vxlan"
4797 " encap/decap ifindex %u",
4804 * Creates VTEP network device.
4807 * Context object initialized by mlx5_flow_tcf_context_create().
4808 * @param[in] ifouter
4809 * Outer interface to attach new-created VXLAN device
4810 * If zero the VXLAN device will not be attached to any device.
4811 * These VTEPs are used for decapsulation and can be precreated
4812 * and shared between processes.
4814 * UDP port of created VTEP device.
4816 * Perform verbose error reporting if not NULL.
4819 * Pointer to created device structure on success,
4820 * NULL otherwise and rte_errno is set.
4822 #ifdef HAVE_IFLA_VXLAN_COLLECT_METADATA
4823 static struct tcf_vtep*
4824 flow_tcf_vtep_create(struct mlx5_flow_tcf_context *tcf,
4825 unsigned int ifouter,
4826 uint16_t port, struct rte_flow_error *error)
4828 struct tcf_vtep *vtep;
4829 struct nlmsghdr *nlh;
4830 struct ifinfomsg *ifm;
4831 char name[sizeof(MLX5_VXLAN_DEVICE_PFX) + 24];
4832 alignas(struct nlmsghdr)
4833 uint8_t buf[mnl_nlmsg_size(sizeof(*ifm)) +
4834 SZ_NLATTR_DATA_OF(sizeof(name)) +
4835 SZ_NLATTR_NEST * 2 +
4836 SZ_NLATTR_STRZ_OF("vxlan") +
4837 SZ_NLATTR_DATA_OF(sizeof(uint32_t)) +
4838 SZ_NLATTR_DATA_OF(sizeof(uint16_t)) +
4839 SZ_NLATTR_DATA_OF(sizeof(uint8_t)) * 3 +
4840 MNL_BUF_EXTRA_SPACE];
4841 struct nlattr *na_info;
4842 struct nlattr *na_vxlan;
4843 rte_be16_t vxlan_port = rte_cpu_to_be_16(port);
4846 vtep = rte_zmalloc(__func__, sizeof(*vtep), alignof(struct tcf_vtep));
4848 rte_flow_error_set(error, ENOMEM,
4849 RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
4850 "unable to allocate memory for VTEP");
4853 *vtep = (struct tcf_vtep){
4855 .local = LIST_HEAD_INITIALIZER(),
4856 .neigh = LIST_HEAD_INITIALIZER(),
4858 memset(buf, 0, sizeof(buf));
4859 nlh = mnl_nlmsg_put_header(buf);
4860 nlh->nlmsg_type = RTM_NEWLINK;
4861 nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL;
4862 ifm = mnl_nlmsg_put_extra_header(nlh, sizeof(*ifm));
4863 ifm->ifi_family = AF_UNSPEC;
4866 ifm->ifi_flags = IFF_UP;
4867 ifm->ifi_change = 0xffffffff;
4868 snprintf(name, sizeof(name), "%s%u", MLX5_VXLAN_DEVICE_PFX, port);
4869 mnl_attr_put_strz(nlh, IFLA_IFNAME, name);
4870 na_info = mnl_attr_nest_start(nlh, IFLA_LINKINFO);
4872 mnl_attr_put_strz(nlh, IFLA_INFO_KIND, "vxlan");
4873 na_vxlan = mnl_attr_nest_start(nlh, IFLA_INFO_DATA);
4875 mnl_attr_put_u32(nlh, IFLA_VXLAN_LINK, ifouter);
4877 mnl_attr_put_u8(nlh, IFLA_VXLAN_COLLECT_METADATA, 1);
4878 mnl_attr_put_u8(nlh, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, 1);
4879 mnl_attr_put_u8(nlh, IFLA_VXLAN_LEARNING, 0);
4880 mnl_attr_put_u16(nlh, IFLA_VXLAN_PORT, vxlan_port);
4881 mnl_attr_nest_end(nlh, na_vxlan);
4882 mnl_attr_nest_end(nlh, na_info);
4883 assert(sizeof(buf) >= nlh->nlmsg_len);
4884 ret = flow_tcf_nl_ack(tcf, nlh, NULL, NULL);
4887 "netlink: VTEP %s create failure (%d)",
4889 if (rte_errno != EEXIST || ifouter)
4891 * Some unhandled error occurred or device is
4892 * for encapsulation and cannot be shared.
4897 * Mark device we actually created.
4898 * We should explicitly delete
4899 * when we do not need it anymore.
4904 /* Try to get ifindex of created of pre-existing device. */
4905 ret = if_nametoindex(name);
4908 "VTEP %s failed to get index (%d)", name, errno);
4911 RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
4912 "netlink: failed to retrieve VTEP ifindex");
4915 vtep->ifindex = ret;
4916 vtep->ifouter = ifouter;
4917 memset(buf, 0, sizeof(buf));
4918 nlh = mnl_nlmsg_put_header(buf);
4919 nlh->nlmsg_type = RTM_NEWLINK;
4920 nlh->nlmsg_flags = NLM_F_REQUEST;
4921 ifm = mnl_nlmsg_put_extra_header(nlh, sizeof(*ifm));
4922 ifm->ifi_family = AF_UNSPEC;
4924 ifm->ifi_index = vtep->ifindex;
4925 ifm->ifi_flags = IFF_UP;
4926 ifm->ifi_change = IFF_UP;
4927 ret = flow_tcf_nl_ack(tcf, nlh, NULL, NULL);
4929 rte_flow_error_set(error, -errno,
4930 RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
4931 "netlink: failed to set VTEP link up");
4932 DRV_LOG(WARNING, "netlink: VTEP %s set link up failure (%d)",
4936 ret = mlx5_flow_tcf_init(tcf, vtep->ifindex, error);
4938 DRV_LOG(WARNING, "VTEP %s init failure (%d)", name, rte_errno);
4941 DRV_LOG(INFO, "VTEP create (%d, %d)", vtep->port, vtep->ifindex);
4945 flow_tcf_vtep_delete(tcf, vtep);
4952 static struct tcf_vtep*
4953 flow_tcf_vtep_create(struct mlx5_flow_tcf_context *tcf __rte_unused,
4954 unsigned int ifouter __rte_unused,
4955 uint16_t port __rte_unused,
4956 struct rte_flow_error *error)
4958 rte_flow_error_set(error, ENOTSUP,
4959 RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
4960 "netlink: failed to create VTEP, "
4961 "vxlan metadata are not supported by kernel");
4964 #endif /* HAVE_IFLA_VXLAN_COLLECT_METADATA */
4967 * Acquire target interface index for VXLAN tunneling decapsulation.
4968 * In order to share the UDP port within the other interfaces the
4969 * VXLAN device created as not attached to any interface (if created).
4972 * Context object initialized by mlx5_flow_tcf_context_create().
4973 * @param[in] dev_flow
4974 * Flow tcf object with tunnel structure pointer set.
4976 * Perform verbose error reporting if not NULL.
4978 * Interface descriptor pointer on success,
4979 * NULL otherwise and rte_errno is set.
4981 static struct tcf_vtep*
4982 flow_tcf_decap_vtep_acquire(struct mlx5_flow_tcf_context *tcf,
4983 struct mlx5_flow *dev_flow,
4984 struct rte_flow_error *error)
4986 struct tcf_vtep *vtep;
4987 uint16_t port = dev_flow->tcf.vxlan_decap->udp_port;
4989 LIST_FOREACH(vtep, &vtep_list_vxlan, next) {
4990 if (vtep->port == port)
4993 if (vtep && vtep->ifouter) {
4994 rte_flow_error_set(error, -errno,
4995 RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
4996 "Failed to create decap VTEP with specified"
4997 " UDP port, atatched device exists");
5001 /* Device exists, just increment the reference counter. */
5003 assert(vtep->ifindex);
5006 /* No decapsulation device exists, try to create the new one. */
5007 vtep = flow_tcf_vtep_create(tcf, 0, port, error);
5009 LIST_INSERT_HEAD(&vtep_list_vxlan, vtep, next);
5014 * Aqcuire target interface index for VXLAN tunneling encapsulation.
5017 * Context object initialized by mlx5_flow_tcf_context_create().
5018 * @param[in] ifouter
5019 * Network interface index to attach VXLAN encap device to.
5020 * @param[in] dev_flow
5021 * Flow tcf object with tunnel structure pointer set.
5023 * Perform verbose error reporting if not NULL.
5025 * Interface descriptor pointer on success,
5026 * NULL otherwise and rte_errno is set.
5028 static struct tcf_vtep*
5029 flow_tcf_encap_vtep_acquire(struct mlx5_flow_tcf_context *tcf,
5030 unsigned int ifouter,
5031 struct mlx5_flow *dev_flow __rte_unused,
5032 struct rte_flow_error *error)
5034 static uint16_t encap_port = MLX5_VXLAN_PORT_MIN - 1;
5035 struct tcf_vtep *vtep;
5039 /* Look whether the attached VTEP for encap is created. */
5040 LIST_FOREACH(vtep, &vtep_list_vxlan, next) {
5041 if (vtep->ifouter == ifouter)
5045 /* VTEP already exists, just increment the reference. */
5050 /* Not found, we should create the new attached VTEP. */
5051 flow_tcf_encap_iface_cleanup(tcf, ifouter);
5052 flow_tcf_encap_local_cleanup(tcf, ifouter);
5053 flow_tcf_encap_neigh_cleanup(tcf, ifouter);
5054 for (pcnt = 0; pcnt <= (MLX5_VXLAN_PORT_MAX
5055 - MLX5_VXLAN_PORT_MIN); pcnt++) {
5057 /* Wraparound the UDP port index. */
5058 if (encap_port < MLX5_VXLAN_PORT_MIN ||
5059 encap_port > MLX5_VXLAN_PORT_MAX)
5060 encap_port = MLX5_VXLAN_PORT_MIN;
5061 /* Check whether UDP port is in already in use. */
5062 LIST_FOREACH(vtep, &vtep_list_vxlan, next) {
5063 if (vtep->port == encap_port)
5067 /* Port is in use, try the next one. */
5071 vtep = flow_tcf_vtep_create(tcf, ifouter,
5074 LIST_INSERT_HEAD(&vtep_list_vxlan, vtep, next);
5077 if (rte_errno != EEXIST)
5083 assert(vtep->ifouter == ifouter);
5084 assert(vtep->ifindex);
5085 /* Create local ipaddr with peer to specify the outer IPs. */
5086 ret = flow_tcf_encap_local(tcf, vtep, dev_flow, true, error);
5088 /* Create neigh rule to specify outer destination MAC. */
5089 ret = flow_tcf_encap_neigh(tcf, vtep, dev_flow, true, error);
5091 flow_tcf_encap_local(tcf, vtep,
5092 dev_flow, false, error);
5095 if (--vtep->refcnt == 0)
5096 flow_tcf_vtep_delete(tcf, vtep);
5103 * Acquires target interface index for tunneling of any type.
5104 * Creates the new VTEP if needed.
5107 * Context object initialized by mlx5_flow_tcf_context_create().
5108 * @param[in] ifouter
5109 * Network interface index to attach VXLAN encap device to.
5110 * @param[in] dev_flow
5111 * Flow tcf object with tunnel structure pointer set.
5113 * Perform verbose error reporting if not NULL.
5115 * Interface descriptor pointer on success,
5116 * NULL otherwise and rte_errno is set.
5118 static struct tcf_vtep*
5119 flow_tcf_vtep_acquire(struct mlx5_flow_tcf_context *tcf,
5120 unsigned int ifouter,
5121 struct mlx5_flow *dev_flow,
5122 struct rte_flow_error *error)
5124 struct tcf_vtep *vtep = NULL;
5126 assert(dev_flow->tcf.tunnel);
5127 pthread_mutex_lock(&vtep_list_mutex);
5128 switch (dev_flow->tcf.tunnel->type) {
5129 case FLOW_TCF_TUNACT_VXLAN_ENCAP:
5130 vtep = flow_tcf_encap_vtep_acquire(tcf, ifouter,
5133 case FLOW_TCF_TUNACT_VXLAN_DECAP:
5134 vtep = flow_tcf_decap_vtep_acquire(tcf, dev_flow, error);
5137 rte_flow_error_set(error, ENOTSUP,
5138 RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
5139 "unsupported tunnel type");
5142 pthread_mutex_unlock(&vtep_list_mutex);
5147 * Release tunneling interface by ifindex. Decrements reference
5148 * counter and actually removes the device if counter is zero.
5151 * Context object initialized by mlx5_flow_tcf_context_create().
5153 * VTEP device descriptor structure.
5154 * @param[in] dev_flow
5155 * Flow tcf object with tunnel structure pointer set.
5158 flow_tcf_vtep_release(struct mlx5_flow_tcf_context *tcf,
5159 struct tcf_vtep *vtep,
5160 struct mlx5_flow *dev_flow)
5162 assert(dev_flow->tcf.tunnel);
5163 pthread_mutex_lock(&vtep_list_mutex);
5164 switch (dev_flow->tcf.tunnel->type) {
5165 case FLOW_TCF_TUNACT_VXLAN_DECAP:
5167 case FLOW_TCF_TUNACT_VXLAN_ENCAP:
5168 /* Remove the encap ancillary rules first. */
5169 flow_tcf_encap_neigh(tcf, vtep, dev_flow, false, NULL);
5170 flow_tcf_encap_local(tcf, vtep, dev_flow, false, NULL);
5174 DRV_LOG(WARNING, "Unsupported tunnel type");
5177 assert(vtep->refcnt);
5178 if (--vtep->refcnt == 0) {
5179 LIST_REMOVE(vtep, next);
5180 flow_tcf_vtep_delete(tcf, vtep);
5182 pthread_mutex_unlock(&vtep_list_mutex);
5185 struct tcf_nlcb_query {
5188 uint32_t flags_valid:1;
5192 * Collect queried rule attributes. This is callback routine called by
5193 * libmnl mnl_cb_run() in loop for every message in received packet.
5194 * Current implementation collects the flower flags only.
5197 * Pointer to reply header.
5198 * @param[in, out] arg
5199 * Context pointer for this callback.
5202 * A positive, nonzero value on success (required by libmnl
5203 * to continue messages processing).
5206 flow_tcf_collect_query_cb(const struct nlmsghdr *nlh, void *arg)
5208 struct tcf_nlcb_query *query = arg;
5209 struct tcmsg *tcm = mnl_nlmsg_get_payload(nlh);
5210 struct nlattr *na, *na_opt;
5211 bool flower = false;
5213 if (nlh->nlmsg_type != RTM_NEWTFILTER ||
5214 tcm->tcm_handle != query->handle)
5216 mnl_attr_for_each(na, nlh, sizeof(*tcm)) {
5217 switch (mnl_attr_get_type(na)) {
5219 if (strcmp(mnl_attr_get_payload(na), "flower")) {
5220 /* Not flower filter, drop entire message. */
5227 /* Not flower options, drop entire message. */
5230 /* Check nested flower options. */
5231 mnl_attr_for_each_nested(na_opt, na) {
5232 switch (mnl_attr_get_type(na_opt)) {
5233 case TCA_FLOWER_FLAGS:
5234 query->flags_valid = 1;
5236 mnl_attr_get_u32(na_opt);
5247 * Query a TC flower rule flags via netlink.
5250 * Context object initialized by mlx5_flow_tcf_context_create().
5251 * @param[in] dev_flow
5252 * Pointer to the flow.
5253 * @param[out] pflags
5254 * pointer to the data retrieved by the query.
5257 * 0 on success, a negative errno value otherwise.
5260 flow_tcf_query_flags(struct mlx5_flow_tcf_context *tcf,
5261 struct mlx5_flow *dev_flow,
5264 struct nlmsghdr *nlh;
5266 struct tcf_nlcb_query query = {
5267 .handle = dev_flow->tcf.tcm->tcm_handle,
5270 nlh = mnl_nlmsg_put_header(tcf->buf);
5271 nlh->nlmsg_type = RTM_GETTFILTER;
5272 nlh->nlmsg_flags = NLM_F_REQUEST;
5273 tcm = mnl_nlmsg_put_extra_header(nlh, sizeof(*tcm));
5274 memcpy(tcm, dev_flow->tcf.tcm, sizeof(*tcm));
5276 * Ignore Netlink error for filter query operations.
5277 * The reply length is sent by kernel as errno.
5278 * Just check we got the flags option.
5280 flow_tcf_nl_ack(tcf, nlh, flow_tcf_collect_query_cb, &query);
5281 if (!query.flags_valid) {
5285 *pflags = query.tc_flags;
5290 * Query and check the in_hw set for specified rule.
5293 * Context object initialized by mlx5_flow_tcf_context_create().
5294 * @param[in] dev_flow
5295 * Pointer to the flow to check.
5298 * 0 on success, a negative errno value otherwise.
5301 flow_tcf_check_inhw(struct mlx5_flow_tcf_context *tcf,
5302 struct mlx5_flow *dev_flow)
5307 ret = flow_tcf_query_flags(tcf, dev_flow, &flags);
5310 return (flags & TCA_CLS_FLAGS_IN_HW) ? 0 : -ENOENT;
5314 * Remove flow from E-Switch by sending Netlink message.
5317 * Pointer to Ethernet device.
5318 * @param[in, out] flow
5319 * Pointer to the sub flow.
5322 flow_tcf_remove(struct rte_eth_dev *dev, struct rte_flow *flow)
5324 struct priv *priv = dev->data->dev_private;
5325 struct mlx5_flow_tcf_context *ctx = priv->tcf_context;
5326 struct mlx5_flow *dev_flow;
5327 struct nlmsghdr *nlh;
5332 dev_flow = LIST_FIRST(&flow->dev_flows);
5335 /* E-Switch flow can't be expanded. */
5336 assert(!LIST_NEXT(dev_flow, next));
5337 if (dev_flow->tcf.applied) {
5338 nlh = dev_flow->tcf.nlh;
5339 nlh->nlmsg_type = RTM_DELTFILTER;
5340 nlh->nlmsg_flags = NLM_F_REQUEST;
5341 flow_tcf_nl_ack(ctx, nlh, NULL, NULL);
5342 if (dev_flow->tcf.tunnel) {
5343 assert(dev_flow->tcf.tunnel->vtep);
5344 flow_tcf_vtep_release(ctx,
5345 dev_flow->tcf.tunnel->vtep,
5347 dev_flow->tcf.tunnel->vtep = NULL;
5349 /* Cleanup the rule handle value. */
5350 tcm = mnl_nlmsg_get_payload(nlh);
5351 tcm->tcm_handle = 0;
5352 dev_flow->tcf.applied = 0;
5357 * Fetch the applied rule handle. This is callback routine called by
5358 * libmnl mnl_cb_run() in loop for every message in received packet.
5359 * When the NLM_F_ECHO flag i sspecified the kernel sends the created
5360 * rule descriptor back to the application and we can retrieve the
5361 * actual rule handle from updated descriptor.
5364 * Pointer to reply header.
5365 * @param[in, out] arg
5366 * Context pointer for this callback.
5369 * A positive, nonzero value on success (required by libmnl
5370 * to continue messages processing).
5373 flow_tcf_collect_apply_cb(const struct nlmsghdr *nlh, void *arg)
5375 struct nlmsghdr *nlhrq = arg;
5376 struct tcmsg *tcmrq = mnl_nlmsg_get_payload(nlhrq);
5377 struct tcmsg *tcm = mnl_nlmsg_get_payload(nlh);
5380 if (nlh->nlmsg_type != RTM_NEWTFILTER ||
5381 nlh->nlmsg_seq != nlhrq->nlmsg_seq)
5383 mnl_attr_for_each(na, nlh, sizeof(*tcm)) {
5384 switch (mnl_attr_get_type(na)) {
5386 if (strcmp(mnl_attr_get_payload(na), "flower")) {
5387 /* Not flower filter, drop entire message. */
5390 tcmrq->tcm_handle = tcm->tcm_handle;
5397 * Apply flow to E-Switch by sending Netlink message.
5400 * Pointer to Ethernet device.
5401 * @param[in, out] flow
5402 * Pointer to the sub flow.
5404 * Pointer to the error structure.
5407 * 0 on success, a negative errno value otherwise and rte_errno is set.
5410 flow_tcf_apply(struct rte_eth_dev *dev, struct rte_flow *flow,
5411 struct rte_flow_error *error)
5413 struct priv *priv = dev->data->dev_private;
5414 struct mlx5_flow_tcf_context *ctx = priv->tcf_context;
5415 struct mlx5_flow *dev_flow;
5416 struct nlmsghdr *nlh;
5422 dev_flow = LIST_FIRST(&flow->dev_flows);
5423 /* E-Switch flow can't be expanded. */
5424 assert(!LIST_NEXT(dev_flow, next));
5425 if (dev_flow->tcf.applied)
5427 nlh = dev_flow->tcf.nlh;
5428 nlh->nlmsg_type = RTM_NEWTFILTER;
5429 nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE |
5430 NLM_F_EXCL | NLM_F_ECHO;
5431 tcm = mnl_nlmsg_get_payload(nlh);
5432 /* Allow kernel to assign handle on its own. */
5433 tcm->tcm_handle = 0;
5434 if (dev_flow->tcf.tunnel) {
5436 * Replace the interface index, target for
5437 * encapsulation, source for decapsulation.
5439 assert(!dev_flow->tcf.tunnel->vtep);
5440 assert(dev_flow->tcf.tunnel->ifindex_ptr);
5441 /* Acquire actual VTEP device when rule is being applied. */
5442 dev_flow->tcf.tunnel->vtep =
5443 flow_tcf_vtep_acquire(ctx,
5444 dev_flow->tcf.tunnel->ifindex_org,
5446 if (!dev_flow->tcf.tunnel->vtep)
5448 DRV_LOG(INFO, "Replace ifindex: %d->%d",
5449 dev_flow->tcf.tunnel->vtep->ifindex,
5450 dev_flow->tcf.tunnel->ifindex_org);
5451 *dev_flow->tcf.tunnel->ifindex_ptr =
5452 dev_flow->tcf.tunnel->vtep->ifindex;
5453 if (dev_flow->tcf.tunnel->vtep->waitreg) {
5454 /* Clear wait flag for VXLAN port registration. */
5455 dev_flow->tcf.tunnel->vtep->waitreg = 0;
5456 twait = rte_get_timer_hz();
5457 assert(twait > MS_PER_S);
5458 twait = twait * MLX5_VXLAN_WAIT_PORT_REG_MS;
5459 twait = twait / MS_PER_S;
5460 start = rte_get_timer_cycles();
5464 * Kernel creates the VXLAN devices and registers UDP ports to
5465 * be hardware offloaded within the NIC kernel drivers. The
5466 * registration process is being performed into context of
5467 * working kernel thread and the race conditions might happen.
5468 * The VXLAN device is created and success is returned to
5469 * calling application, but the UDP port registration process
5470 * is not completed yet. The next applied rule may be rejected
5471 * by the driver with ENOSUP code. We are going to wait a bit,
5472 * allowing registration process to be completed. The waiting
5473 * is performed once after device been created.
5476 struct timespec onems;
5478 ret = flow_tcf_nl_ack(ctx, nlh,
5479 flow_tcf_collect_apply_cb, nlh);
5480 if (!ret || ret != -ENOTSUP || !twait)
5482 /* Wait one millisecond and try again till timeout. */
5484 onems.tv_nsec = NS_PER_S / MS_PER_S;
5485 nanosleep(&onems, 0);
5486 if ((rte_get_timer_cycles() - start) > twait) {
5487 /* Timeout elapsed, try once more and exit. */
5492 if (!tcm->tcm_handle) {
5493 flow_tcf_remove(dev, flow);
5494 return rte_flow_error_set
5496 RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
5497 "netlink: rule zero handle returned");
5499 dev_flow->tcf.applied = 1;
5500 if (*dev_flow->tcf.ptc_flags & TCA_CLS_FLAGS_SKIP_SW)
5503 * Rule was applied without skip_sw flag set.
5504 * We should check whether the rule was acctually
5505 * accepted by hardware (have look at in_hw flag).
5507 if (flow_tcf_check_inhw(ctx, dev_flow)) {
5508 flow_tcf_remove(dev, flow);
5509 return rte_flow_error_set
5511 RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
5512 "netlink: rule has no in_hw flag set");
5516 if (dev_flow->tcf.tunnel) {
5517 /* Rollback the VTEP configuration if rule apply failed. */
5518 assert(dev_flow->tcf.tunnel->vtep);
5519 flow_tcf_vtep_release(ctx, dev_flow->tcf.tunnel->vtep,
5521 dev_flow->tcf.tunnel->vtep = NULL;
5523 return rte_flow_error_set(error, rte_errno,
5524 RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
5525 "netlink: failed to create TC flow rule");
5529 * Remove flow from E-Switch and release resources of the device flow.
5532 * Pointer to Ethernet device.
5533 * @param[in, out] flow
5534 * Pointer to the sub flow.
5537 flow_tcf_destroy(struct rte_eth_dev *dev, struct rte_flow *flow)
5539 struct mlx5_flow *dev_flow;
5543 flow_tcf_remove(dev, flow);
5544 if (flow->counter) {
5545 if (--flow->counter->ref_cnt == 0) {
5546 rte_free(flow->counter);
5547 flow->counter = NULL;
5550 dev_flow = LIST_FIRST(&flow->dev_flows);
5553 /* E-Switch flow can't be expanded. */
5554 assert(!LIST_NEXT(dev_flow, next));
5555 LIST_REMOVE(dev_flow, next);
5560 * Helper routine for figuring the space size required for a parse buffer.
5563 * array of values to use.
5565 * Current location in array.
5567 * Value to compare with.
5570 * The maximum between the given value and the array value on index.
5573 flow_tcf_arr_val_max(uint16_t array[], int idx, uint16_t value)
5575 return idx < 0 ? (value) : RTE_MAX((array)[idx], value);
5579 * Parse rtnetlink message attributes filling the attribute table with the info
5583 * Attribute table to be filled.
5585 * Maxinum entry in the attribute table.
5587 * The attributes section in the message to be parsed.
5589 * The length of the attributes section in the message.
5592 flow_tcf_nl_parse_rtattr(struct rtattr *tb[], int max,
5593 struct rtattr *rta, int len)
5595 unsigned short type;
5596 memset(tb, 0, sizeof(struct rtattr *) * (max + 1));
5597 while (RTA_OK(rta, len)) {
5598 type = rta->rta_type;
5599 if (type <= max && !tb[type])
5601 rta = RTA_NEXT(rta, len);
5606 * Extract flow counters from flower action.
5609 * flower action stats properties in the Netlink message received.
5611 * The backward sequence of rta_types, as written in the attribute table,
5612 * we need to traverse in order to get to the requested object.
5614 * Current location in rta_type table.
5616 * data holding the count statistics of the rte_flow retrieved from
5620 * 0 if data was found and retrieved, -1 otherwise.
5623 flow_tcf_nl_action_stats_parse_and_get(struct rtattr *rta,
5624 uint16_t rta_type[], int idx,
5625 struct gnet_stats_basic *data)
5627 int tca_stats_max = flow_tcf_arr_val_max(rta_type, idx,
5629 struct rtattr *tbs[tca_stats_max + 1];
5631 if (rta == NULL || idx < 0)
5633 flow_tcf_nl_parse_rtattr(tbs, tca_stats_max,
5634 RTA_DATA(rta), RTA_PAYLOAD(rta));
5635 switch (rta_type[idx]) {
5636 case TCA_STATS_BASIC:
5637 if (tbs[TCA_STATS_BASIC]) {
5638 memcpy(data, RTA_DATA(tbs[TCA_STATS_BASIC]),
5639 RTE_MIN(RTA_PAYLOAD(tbs[TCA_STATS_BASIC]),
5651 * Parse flower single action retrieving the requested action attribute,
5655 * flower action properties in the Netlink message received.
5657 * The backward sequence of rta_types, as written in the attribute table,
5658 * we need to traverse in order to get to the requested object.
5660 * Current location in rta_type table.
5662 * Count statistics retrieved from the message query.
5665 * 0 if data was found and retrieved, -1 otherwise.
5668 flow_tcf_nl_parse_one_action_and_get(struct rtattr *arg,
5669 uint16_t rta_type[], int idx, void *data)
5671 int tca_act_max = flow_tcf_arr_val_max(rta_type, idx, TCA_ACT_STATS);
5672 struct rtattr *tb[tca_act_max + 1];
5674 if (arg == NULL || idx < 0)
5676 flow_tcf_nl_parse_rtattr(tb, tca_act_max,
5677 RTA_DATA(arg), RTA_PAYLOAD(arg));
5678 if (tb[TCA_ACT_KIND] == NULL)
5680 switch (rta_type[idx]) {
5682 if (tb[TCA_ACT_STATS])
5683 return flow_tcf_nl_action_stats_parse_and_get
5686 (struct gnet_stats_basic *)data);
5695 * Parse flower action section in the message retrieving the requested
5696 * attribute from the first action that provides it.
5699 * flower section in the Netlink message received.
5701 * The backward sequence of rta_types, as written in the attribute table,
5702 * we need to traverse in order to get to the requested object.
5704 * Current location in rta_type table.
5706 * data retrieved from the message query.
5709 * 0 if data was found and retrieved, -1 otherwise.
5712 flow_tcf_nl_action_parse_and_get(struct rtattr *arg,
5713 uint16_t rta_type[], int idx, void *data)
5715 struct rtattr *tb[TCA_ACT_MAX_PRIO + 1];
5718 if (arg == NULL || idx < 0)
5720 flow_tcf_nl_parse_rtattr(tb, TCA_ACT_MAX_PRIO,
5721 RTA_DATA(arg), RTA_PAYLOAD(arg));
5722 switch (rta_type[idx]) {
5724 * flow counters are stored in the actions defined by the flow
5725 * and not in the flow itself, therefore we need to traverse the
5726 * flower chain of actions in search for them.
5728 * Note that the index is not decremented here.
5731 for (i = 0; i <= TCA_ACT_MAX_PRIO; i++) {
5733 !flow_tcf_nl_parse_one_action_and_get(tb[i],
5746 * Parse flower classifier options in the message, retrieving the requested
5747 * attribute if found.
5750 * flower section in the Netlink message received.
5752 * The backward sequence of rta_types, as written in the attribute table,
5753 * we need to traverse in order to get to the requested object.
5755 * Current location in rta_type table.
5757 * data retrieved from the message query.
5760 * 0 if data was found and retrieved, -1 otherwise.
5763 flow_tcf_nl_opts_parse_and_get(struct rtattr *opt,
5764 uint16_t rta_type[], int idx, void *data)
5766 int tca_flower_max = flow_tcf_arr_val_max(rta_type, idx,
5768 struct rtattr *tb[tca_flower_max + 1];
5770 if (!opt || idx < 0)
5772 flow_tcf_nl_parse_rtattr(tb, tca_flower_max,
5773 RTA_DATA(opt), RTA_PAYLOAD(opt));
5774 switch (rta_type[idx]) {
5775 case TCA_FLOWER_ACT:
5776 if (tb[TCA_FLOWER_ACT])
5777 return flow_tcf_nl_action_parse_and_get
5778 (tb[TCA_FLOWER_ACT],
5779 rta_type, --idx, data);
5788 * Parse Netlink reply on filter query, retrieving the flow counters.
5791 * Message received from Netlink.
5793 * The backward sequence of rta_types, as written in the attribute table,
5794 * we need to traverse in order to get to the requested object.
5796 * Current location in rta_type table.
5798 * data retrieved from the message query.
5801 * 0 if data was found and retrieved, -1 otherwise.
5804 flow_tcf_nl_filter_parse_and_get(struct nlmsghdr *cnlh,
5805 uint16_t rta_type[], int idx, void *data)
5807 struct nlmsghdr *nlh = cnlh;
5808 struct tcmsg *t = NLMSG_DATA(nlh);
5809 int len = nlh->nlmsg_len;
5810 int tca_max = flow_tcf_arr_val_max(rta_type, idx, TCA_OPTIONS);
5811 struct rtattr *tb[tca_max + 1];
5815 if (nlh->nlmsg_type != RTM_NEWTFILTER &&
5816 nlh->nlmsg_type != RTM_GETTFILTER &&
5817 nlh->nlmsg_type != RTM_DELTFILTER)
5819 len -= NLMSG_LENGTH(sizeof(*t));
5822 flow_tcf_nl_parse_rtattr(tb, tca_max, TCA_RTA(t), len);
5823 /* Not a TC flower flow - bail out */
5824 if (!tb[TCA_KIND] ||
5825 strcmp(RTA_DATA(tb[TCA_KIND]), "flower"))
5827 switch (rta_type[idx]) {
5829 if (tb[TCA_OPTIONS])
5830 return flow_tcf_nl_opts_parse_and_get(tb[TCA_OPTIONS],
5841 * A callback to parse Netlink reply on TC flower query.
5844 * Message received from Netlink.
5846 * Pointer to data area to be filled by the parsing routine.
5847 * assumed to be a pointer to struct flow_tcf_stats_basic.
5853 flow_tcf_nl_message_get_stats_basic(const struct nlmsghdr *nlh, void *data)
5856 * The backward sequence of rta_types to pass in order to get
5859 uint16_t rta_type[] = { TCA_STATS_BASIC, TCA_ACT_STATS,
5860 TCA_FLOWER_ACT, TCA_OPTIONS };
5861 struct flow_tcf_stats_basic *sb_data = data;
5863 const struct nlmsghdr *c;
5864 struct nlmsghdr *nc;
5865 } tnlh = { .c = nlh };
5867 if (!flow_tcf_nl_filter_parse_and_get(tnlh.nc, rta_type,
5868 RTE_DIM(rta_type) - 1,
5869 (void *)&sb_data->counters))
5870 sb_data->valid = true;
5875 * Query a TC flower rule for its statistics via netlink.
5878 * Pointer to Ethernet device.
5880 * Pointer to the sub flow.
5882 * data retrieved by the query.
5884 * Perform verbose error reporting if not NULL.
5887 * 0 on success, a negative errno value otherwise and rte_errno is set.
5890 flow_tcf_query_count(struct rte_eth_dev *dev,
5891 struct rte_flow *flow,
5893 struct rte_flow_error *error)
5895 struct flow_tcf_stats_basic sb_data;
5896 struct rte_flow_query_count *qc = data;
5897 struct priv *priv = dev->data->dev_private;
5898 struct mlx5_flow_tcf_context *ctx = priv->tcf_context;
5899 struct mnl_socket *nl = ctx->nl;
5900 struct mlx5_flow *dev_flow;
5901 struct nlmsghdr *nlh;
5902 uint32_t seq = priv->tcf_context->seq++;
5906 memset(&sb_data, 0, sizeof(sb_data));
5907 dev_flow = LIST_FIRST(&flow->dev_flows);
5908 /* E-Switch flow can't be expanded. */
5909 assert(!LIST_NEXT(dev_flow, next));
5910 if (!dev_flow->flow->counter)
5912 nlh = dev_flow->tcf.nlh;
5913 nlh->nlmsg_type = RTM_GETTFILTER;
5914 nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ECHO;
5915 nlh->nlmsg_seq = seq;
5916 if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) == -1)
5919 ret = mnl_socket_recvfrom(nl, ctx->buf, ctx->buf_size);
5922 ret = mnl_cb_run(ctx->buf, ret, seq,
5923 mnl_socket_get_portid(nl),
5924 flow_tcf_nl_message_get_stats_basic,
5927 /* Return the delta from last reset. */
5928 if (sb_data.valid) {
5929 /* Return the delta from last reset. */
5932 qc->hits = sb_data.counters.packets - flow->counter->hits;
5933 qc->bytes = sb_data.counters.bytes - flow->counter->bytes;
5935 flow->counter->hits = sb_data.counters.packets;
5936 flow->counter->bytes = sb_data.counters.bytes;
5940 return rte_flow_error_set(error, EINVAL,
5941 RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
5943 "flow does not have counter");
5945 return rte_flow_error_set
5946 (error, errno, RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
5947 NULL, "netlink: failed to read flow rule counters");
5949 return rte_flow_error_set
5950 (error, ENOTSUP, RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
5951 NULL, "counters are not available.");
5957 * @see rte_flow_query()
5961 flow_tcf_query(struct rte_eth_dev *dev,
5962 struct rte_flow *flow,
5963 const struct rte_flow_action *actions,
5965 struct rte_flow_error *error)
5969 for (; actions->type != RTE_FLOW_ACTION_TYPE_END; actions++) {
5970 switch (actions->type) {
5971 case RTE_FLOW_ACTION_TYPE_VOID:
5973 case RTE_FLOW_ACTION_TYPE_COUNT:
5974 ret = flow_tcf_query_count(dev, flow, data, error);
5977 return rte_flow_error_set(error, ENOTSUP,
5978 RTE_FLOW_ERROR_TYPE_ACTION,
5980 "action not supported");
5986 const struct mlx5_flow_driver_ops mlx5_flow_tcf_drv_ops = {
5987 .validate = flow_tcf_validate,
5988 .prepare = flow_tcf_prepare,
5989 .translate = flow_tcf_translate,
5990 .apply = flow_tcf_apply,
5991 .remove = flow_tcf_remove,
5992 .destroy = flow_tcf_destroy,
5993 .query = flow_tcf_query,
5997 * Create and configure a libmnl socket for Netlink flow rules.
6000 * A valid libmnl socket object pointer on success, NULL otherwise and
6003 static struct mnl_socket *
6004 flow_tcf_mnl_socket_create(void)
6006 struct mnl_socket *nl = mnl_socket_open(NETLINK_ROUTE);
6009 mnl_socket_setsockopt(nl, NETLINK_CAP_ACK, &(int){ 1 },
6011 if (!mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID))
6016 mnl_socket_close(nl);
6021 * Destroy a libmnl socket.
6024 * Libmnl socket of the @p NETLINK_ROUTE kind.
6027 flow_tcf_mnl_socket_destroy(struct mnl_socket *nl)
6030 mnl_socket_close(nl);
6034 * Initialize ingress qdisc of a given network interface.
6037 * Pointer to tc-flower context to use.
6039 * Index of network interface to initialize.
6041 * Perform verbose error reporting if not NULL.
6044 * 0 on success, a negative errno value otherwise and rte_errno is set.
6047 mlx5_flow_tcf_init(struct mlx5_flow_tcf_context *ctx,
6048 unsigned int ifindex, struct rte_flow_error *error)
6050 struct nlmsghdr *nlh;
6052 alignas(struct nlmsghdr)
6053 uint8_t buf[mnl_nlmsg_size(sizeof(*tcm)) +
6054 SZ_NLATTR_STRZ_OF("ingress") +
6055 MNL_BUF_EXTRA_SPACE];
6057 /* Destroy existing ingress qdisc and everything attached to it. */
6058 nlh = mnl_nlmsg_put_header(buf);
6059 nlh->nlmsg_type = RTM_DELQDISC;
6060 nlh->nlmsg_flags = NLM_F_REQUEST;
6061 tcm = mnl_nlmsg_put_extra_header(nlh, sizeof(*tcm));
6062 tcm->tcm_family = AF_UNSPEC;
6063 tcm->tcm_ifindex = ifindex;
6064 tcm->tcm_handle = TC_H_MAKE(TC_H_INGRESS, 0);
6065 tcm->tcm_parent = TC_H_INGRESS;
6066 assert(sizeof(buf) >= nlh->nlmsg_len);
6067 /* Ignore errors when qdisc is already absent. */
6068 if (flow_tcf_nl_ack(ctx, nlh, NULL, NULL) &&
6069 rte_errno != EINVAL && rte_errno != ENOENT)
6070 return rte_flow_error_set(error, rte_errno,
6071 RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
6072 "netlink: failed to remove ingress"
6074 /* Create fresh ingress qdisc. */
6075 nlh = mnl_nlmsg_put_header(buf);
6076 nlh->nlmsg_type = RTM_NEWQDISC;
6077 nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL;
6078 tcm = mnl_nlmsg_put_extra_header(nlh, sizeof(*tcm));
6079 tcm->tcm_family = AF_UNSPEC;
6080 tcm->tcm_ifindex = ifindex;
6081 tcm->tcm_handle = TC_H_MAKE(TC_H_INGRESS, 0);
6082 tcm->tcm_parent = TC_H_INGRESS;
6083 mnl_attr_put_strz_check(nlh, sizeof(buf), TCA_KIND, "ingress");
6084 assert(sizeof(buf) >= nlh->nlmsg_len);
6085 if (flow_tcf_nl_ack(ctx, nlh, NULL, NULL))
6086 return rte_flow_error_set(error, rte_errno,
6087 RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
6088 "netlink: failed to create ingress"
6094 * Create libmnl context for Netlink flow rules.
6097 * A valid libmnl socket object pointer on success, NULL otherwise and
6100 struct mlx5_flow_tcf_context *
6101 mlx5_flow_tcf_context_create(void)
6103 struct mlx5_flow_tcf_context *ctx = rte_zmalloc(__func__,
6108 ctx->nl = flow_tcf_mnl_socket_create();
6111 ctx->buf_size = MNL_SOCKET_BUFFER_SIZE;
6112 ctx->buf = rte_zmalloc(__func__,
6113 ctx->buf_size, sizeof(uint32_t));
6116 ctx->seq = random();
6119 mlx5_flow_tcf_context_destroy(ctx);
6124 * Destroy a libmnl context.
6127 * Libmnl socket of the @p NETLINK_ROUTE kind.
6130 mlx5_flow_tcf_context_destroy(struct mlx5_flow_tcf_context *ctx)
6134 flow_tcf_mnl_socket_destroy(ctx->nl);