lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <711630a2-b810-f8b0-2dcf-1eb7056ecf1d@intel.com>
Date:   Tue, 14 Feb 2023 16:26:54 +0100
From:   Alexander Lobakin <alexandr.lobakin@...el.com>
To:     Gavin Li <gavinl@...dia.com>
CC:     <davem@...emloft.net>, <edumazet@...gle.com>, <kuba@...nel.org>,
        <pabeni@...hat.com>, <roopa@...dia.com>,
        <eng.alaamohamedsoliman.am@...il.com>, <bigeasy@...utronix.de>,
        <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        Roi Dayan <roid@...dia.com>, Maor Dickman <maord@...dia.com>,
        Saeed Mahameed <saeedm@...dia.com>
Subject: Re: [PATCH net-next v1 3/3] net/mlx5e: TC, Add support for VxLAN GBP
 encap/decap flows offload

From: Gavin Li <gavinl@...dia.com>
Date: Tue, 14 Feb 2023 15:41:37 +0200

> Add HW offloading support for TC flows with VxLAN GBP encap/decap.
> 
> Example of encap rule:
> tc filter add dev eth0 protocol ip ingress flower \
>     action tunnel_key set id 42 vxlan_opts 512 \
>     action mirred egress redirect dev vxlan1
> 
> Example of decap rule:
> tc filter add dev vxlan1 protocol ip ingress flower \
>     enc_key_id 42 enc_dst_port 4789 vxlan_opts 1024 \
>     action tunnel_key unset action mirred egress redirect dev eth0
> 
> Change-Id: I48f61d02201bf3f79dcbe5d0f022f7bb27ed630f
> Signed-off-by: Gavin Li <gavinl@...dia.com>
> Reviewed-by: Roi Dayan <roid@...dia.com>
> Reviewed-by: Maor Dickman <maord@...dia.com>
> Acked-by: Saeed Mahameed <saeedm@...dia.com>
> ---
>  .../mellanox/mlx5/core/en/tc_tun_vxlan.c      | 85 ++++++++++++++++++-
>  include/linux/mlx5/device.h                   |  6 ++
>  include/linux/mlx5/mlx5_ifc.h                 | 13 ++-
>  3 files changed, 100 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_vxlan.c b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_vxlan.c
> index 1f62c702b625..444512ca9e0d 100644
> --- a/drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_vxlan.c
> +++ b/drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_vxlan.c
> @@ -1,6 +1,7 @@
>  // SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB
>  /* Copyright (c) 2018 Mellanox Technologies. */
>  
> +#include <net/ip_tunnels.h>
>  #include <net/vxlan.h>
>  #include "lib/vxlan.h"
>  #include "en/tc_tun.h"
> @@ -86,9 +87,11 @@ static int mlx5e_gen_ip_tunnel_header_vxlan(char buf[],
>  	const struct ip_tunnel_key *tun_key = &e->tun_info->key;
>  	__be32 tun_id = tunnel_id_to_key32(tun_key->tun_id);
>  	struct udphdr *udp = (struct udphdr *)(buf);
> +	const struct vxlan_metadata *md;
>  	struct vxlanhdr *vxh;
>  
> -	if (tun_key->tun_flags & TUNNEL_VXLAN_OPT)
> +	if (tun_key->tun_flags & TUNNEL_VXLAN_OPT &&

A separate pair of braces is preferred around bitops.

> +	    e->tun_info->options_len != sizeof(*md))
>  		return -EOPNOTSUPP;
>  	vxh = (struct vxlanhdr *)((char *)udp + sizeof(struct udphdr));
>  	*ip_proto = IPPROTO_UDP;
> @@ -96,6 +99,70 @@ static int mlx5e_gen_ip_tunnel_header_vxlan(char buf[],
>  	udp->dest = tun_key->tp_dst;
>  	vxh->vx_flags = VXLAN_HF_VNI;
>  	vxh->vx_vni = vxlan_vni_field(tun_id);
> +	if (tun_key->tun_flags & TUNNEL_VXLAN_OPT) {
> +		md = ip_tunnel_info_opts((struct ip_tunnel_info *)e->tun_info);
> +		vxlan_build_gbp_hdr(vxh, tun_key->tun_flags,
> +				    (struct vxlan_metadata *)md);

Maybe constify both ip_tunnel_info_opts() and vxlan_build_gbp_hdr()
arguments instead of working around by casting away?

> +	}
> +
> +	return 0;
> +}
> +
> +static int mlx5e_tc_tun_parse_vxlan_gbp_option(struct mlx5e_priv *priv,
> +					       struct mlx5_flow_spec *spec,
> +					       struct flow_cls_offload *f)
> +{
> +	struct flow_rule *rule = flow_cls_offload_flow_rule(f);
> +	struct netlink_ext_ack *extack = f->common.extack;
> +	struct flow_match_enc_opts enc_opts;
> +	void *misc5_c, *misc5_v;
> +	u32 *gbp, *gbp_mask;
> +
> +	flow_rule_match_enc_opts(rule, &enc_opts);
> +
> +	if (memchr_inv(&enc_opts.mask->data, 0, sizeof(enc_opts.mask->data)) &&
> +	    !MLX5_CAP_ESW_FT_FIELD_SUPPORT_2(priv->mdev, tunnel_header_0_1)) {
> +		NL_SET_ERR_MSG_MOD(extack,
> +				   "Matching on VxLAN GBP is not supported");
> +		netdev_warn(priv->netdev,
> +			    "Matching on VxLAN GBP is not supported\n");
> +		return -EOPNOTSUPP;
> +	}
> +
> +	if (enc_opts.key->dst_opt_type != TUNNEL_VXLAN_OPT) {
> +		NL_SET_ERR_MSG_MOD(extack,
> +				   "Wrong VxLAN option type: not GBP");

Fits into one line I believe.

> +		netdev_warn(priv->netdev,
> +			    "Wrong VxLAN option type: not GBP\n");
> +		return -EOPNOTSUPP;
> +	}
> +
> +	if (enc_opts.key->len != sizeof(*gbp) ||
> +	    enc_opts.mask->len != sizeof(*gbp_mask)) {
> +		NL_SET_ERR_MSG_MOD(extack,
> +				   "VxLAN GBP option/mask len is not 32 bits");
> +		netdev_warn(priv->netdev,
> +			    "VxLAN GBP option/mask len is not 32 bits\n");
> +		return -EINVAL;
> +	}
> +
> +	gbp = (u32 *)&enc_opts.key->data[0];
> +	gbp_mask = (u32 *)&enc_opts.mask->data[0];
> +
> +	if (*gbp_mask & ~VXLAN_GBP_MASK) {
> +		NL_SET_ERR_MSG_MOD(extack,
> +				   "Wrong VxLAN GBP mask");

You can use new NL_SET_ERR_MSG_FMT_MOD() here to print @gbp_mask to the
user, as you do it next line.

> +		netdev_warn(priv->netdev,
> +			    "Wrong VxLAN GBP mask(0x%08X)\n", *gbp_mask);
> +		return -EINVAL;
> +	}
> +
> +	misc5_c = MLX5_ADDR_OF(fte_match_param, spec->match_criteria, misc_parameters_5);
> +	misc5_v = MLX5_ADDR_OF(fte_match_param, spec->match_value, misc_parameters_5);
> +	MLX5_SET(fte_match_set_misc5, misc5_c, tunnel_header_0, *gbp_mask);
> +	MLX5_SET(fte_match_set_misc5, misc5_v, tunnel_header_0, *gbp);
> +
> +	spec->match_criteria_enable |= MLX5_MATCH_MISC_PARAMETERS_5;
>  
>  	return 0;
>  }

Thanks,
Olek

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ