From: Saeed Mahameed <saeed@kernel•org>
To: "David S. Miller" <davem@davemloft•net>,
Jakub Kicinski <kuba@kernel•org>
Cc: netdev@vger•kernel.org, Tariq Toukan <tariqt@nvidia•com>,
Ariel Levkovich <lariel@nvidia•com>,
Saeed Mahameed <saeedm@nvidia•com>
Subject: [net-next 01/16] net/mlx5: CT: Add support for matching on ct_state inv and rel flags
Date: Sat, 3 Apr 2021 21:19:39 -0700 [thread overview]
Message-ID: <20210404041954.146958-2-saeed@kernel.org> (raw)
In-Reply-To: <20210404041954.146958-1-saeed@kernel.org>
From: Ariel Levkovich <lariel@nvidia•com>
Add support for matching on ct_state inv and rel flags.
Currently the support is only for match on -inv and -rel.
Matching on +inv and +rel will be rejected.
Example:
$ tc filter add dev ens1f0_0 ingress prio 1 chain 1 proto ip flower \
ct_state -est-rel+trk \
action mirred egress redirect dev ens1f0_1
$ tc filter add dev ens1f0_1 ingress prio 1 chain 1 proto ip flower \
ct_state +trk+est-inv \
action mirred egress redirect dev ens1f0_0
Signed-off-by: Ariel Levkovich <lariel@nvidia•com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia•com>
---
.../ethernet/mellanox/mlx5/core/en/tc_ct.c | 26 +++++++++++++++++--
1 file changed, 24 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
index df13e5094034..1c44000ad675 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c
@@ -29,6 +29,8 @@
#define MLX5_CT_STATE_TRK_BIT BIT(2)
#define MLX5_CT_STATE_NAT_BIT BIT(3)
#define MLX5_CT_STATE_REPLY_BIT BIT(4)
+#define MLX5_CT_STATE_RELATED_BIT BIT(5)
+#define MLX5_CT_STATE_INVALID_BIT BIT(6)
#define MLX5_FTE_ID_BITS (mlx5e_tc_attr_to_reg_mappings[FTEID_TO_REG].mlen * 8)
#define MLX5_FTE_ID_MAX GENMASK(MLX5_FTE_ID_BITS - 1, 0)
@@ -1207,8 +1209,8 @@ mlx5_tc_ct_match_add(struct mlx5_tc_ct_priv *priv,
struct mlx5_ct_attr *ct_attr,
struct netlink_ext_ack *extack)
{
+ bool trk, est, untrk, unest, new, rpl, unrpl, rel, unrel, inv, uninv;
struct flow_rule *rule = flow_cls_offload_flow_rule(f);
- bool trk, est, untrk, unest, new, rpl, unrpl;
struct flow_dissector_key_ct *mask, *key;
u32 ctstate = 0, ctstate_mask = 0;
u16 ct_state_on, ct_state_off;
@@ -1236,7 +1238,9 @@ mlx5_tc_ct_match_add(struct mlx5_tc_ct_priv *priv,
if (ct_state_mask & ~(TCA_FLOWER_KEY_CT_FLAGS_TRACKED |
TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED |
TCA_FLOWER_KEY_CT_FLAGS_NEW |
- TCA_FLOWER_KEY_CT_FLAGS_REPLY)) {
+ TCA_FLOWER_KEY_CT_FLAGS_REPLY |
+ TCA_FLOWER_KEY_CT_FLAGS_RELATED |
+ TCA_FLOWER_KEY_CT_FLAGS_INVALID)) {
NL_SET_ERR_MSG_MOD(extack,
"only ct_state trk, est, new and rpl are supported for offload");
return -EOPNOTSUPP;
@@ -1248,9 +1252,13 @@ mlx5_tc_ct_match_add(struct mlx5_tc_ct_priv *priv,
new = ct_state_on & TCA_FLOWER_KEY_CT_FLAGS_NEW;
est = ct_state_on & TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED;
rpl = ct_state_on & TCA_FLOWER_KEY_CT_FLAGS_REPLY;
+ rel = ct_state_on & TCA_FLOWER_KEY_CT_FLAGS_RELATED;
+ inv = ct_state_on & TCA_FLOWER_KEY_CT_FLAGS_INVALID;
untrk = ct_state_off & TCA_FLOWER_KEY_CT_FLAGS_TRACKED;
unest = ct_state_off & TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED;
unrpl = ct_state_off & TCA_FLOWER_KEY_CT_FLAGS_REPLY;
+ unrel = ct_state_off & TCA_FLOWER_KEY_CT_FLAGS_RELATED;
+ uninv = ct_state_off & TCA_FLOWER_KEY_CT_FLAGS_INVALID;
ctstate |= trk ? MLX5_CT_STATE_TRK_BIT : 0;
ctstate |= est ? MLX5_CT_STATE_ESTABLISHED_BIT : 0;
@@ -1258,6 +1266,20 @@ mlx5_tc_ct_match_add(struct mlx5_tc_ct_priv *priv,
ctstate_mask |= (untrk || trk) ? MLX5_CT_STATE_TRK_BIT : 0;
ctstate_mask |= (unest || est) ? MLX5_CT_STATE_ESTABLISHED_BIT : 0;
ctstate_mask |= (unrpl || rpl) ? MLX5_CT_STATE_REPLY_BIT : 0;
+ ctstate_mask |= unrel ? MLX5_CT_STATE_RELATED_BIT : 0;
+ ctstate_mask |= uninv ? MLX5_CT_STATE_INVALID_BIT : 0;
+
+ if (rel) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "matching on ct_state +rel isn't supported");
+ return -EOPNOTSUPP;
+ }
+
+ if (inv) {
+ NL_SET_ERR_MSG_MOD(extack,
+ "matching on ct_state +inv isn't supported");
+ return -EOPNOTSUPP;
+ }
if (new) {
NL_SET_ERR_MSG_MOD(extack,
--
2.30.2
next prev parent reply other threads:[~2021-04-04 4:20 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-04 4:19 [pull request][net-next 00/16] mlx5 updates 2021-04-02 Saeed Mahameed
2021-04-04 4:19 ` Saeed Mahameed [this message]
2021-04-04 8:50 ` [net-next 01/16] net/mlx5: CT: Add support for matching on ct_state inv and rel flags patchwork-bot+netdevbpf
2021-04-04 4:19 ` [net-next 02/16] net/mlx5: E-Switch, cut down mlx5_vport_info structure size by 8 bytes Saeed Mahameed
2021-04-04 4:19 ` [net-next 03/16] net/mlx5: E-Switch, move QoS specific fields to existing qos struct Saeed Mahameed
2021-04-04 4:19 ` [net-next 04/16] net/mlx5: Use unsigned int for free_count Saeed Mahameed
2021-04-04 4:19 ` [net-next 05/16] net/mlx5: Pack mlx5_rl_entry structure Saeed Mahameed
2021-04-04 4:19 ` [net-next 06/16] net/mlx5: Do not hold mutex while reading table constants Saeed Mahameed
2021-04-04 4:19 ` [net-next 07/16] net/mlx5: Use helpers to allocate and free rl table entries Saeed Mahameed
2021-04-04 4:19 ` [net-next 08/16] net/mlx5: Use helper to increment, decrement rate entry refcount Saeed Mahameed
2021-04-04 4:19 ` [net-next 09/16] net/mlx5: Allocate rate limit table when rate is configured Saeed Mahameed
2021-04-04 4:19 ` [net-next 10/16] net/mlx5: Pair mutex_destory with mutex_init for rate limit table Saeed Mahameed
2021-04-04 4:19 ` [net-next 11/16] net/mlx5: E-Switch, cut down mlx5_vport_info structure size by 8 bytes Saeed Mahameed
2021-04-04 4:19 ` [net-next 12/16] net/mlx5: E-Switch, move QoS specific fields to existing qos struct Saeed Mahameed
2021-04-04 4:19 ` [net-next 13/16] net/mlx5: Use ida_alloc_range() instead of ida_simple_alloc() Saeed Mahameed
2021-04-04 4:19 ` [net-next 14/16] net/mlx5e: Reject tc rules which redirect from a VF to itself Saeed Mahameed
2021-04-04 4:19 ` [net-next 15/16] net/mlx5e: Dynamic alloc arfs table for netdev when needed Saeed Mahameed
2021-04-04 4:19 ` [net-next 16/16] net/mlx5e: Dynamic alloc vlan " Saeed Mahameed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210404041954.146958-2-saeed@kernel.org \
--to=saeed@kernel$(echo .)org \
--cc=davem@davemloft$(echo .)net \
--cc=kuba@kernel$(echo .)org \
--cc=lariel@nvidia$(echo .)com \
--cc=netdev@vger$(echo .)kernel.org \
--cc=saeedm@nvidia$(echo .)com \
--cc=tariqt@nvidia$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox