[PATCH net v2 0/2] nfp: flower: a few small conntrack offload fixes

List overview All Threads
Download

newer

older

+...

Linux 6.7.2

Louis Peens

24 Jan 2024 24 Jan '24

3:19 p.m.

This small series addresses two bugs in the nfp conntrack offloading code.

The first patch is a check to prevent offloading for a case which is currently not supported by the nfp.

The second patch fixes up parsing of layer4 mangling code so it can be correctly offloaded. Since the masks are an inverse mask and we are shifting it so it can be packed together with the destination we effectively need to 'clear' the lower bits of the mask by setting it to 0xFFFF.

Changes since v1: - Added inline comment to the second patch - Expanded the commit message to better explain the mask setting in the second patch.

Hui Zhou (2): nfp: flower: add hardware offload check for post ct entry nfp: flower: fix hardware offload for the transfer layer port

.../ethernet/netronome/nfp/flower/conntrack.c | 46 +++++++++++++++++-- 1 file changed, 43 insertions(+), 3 deletions(-)

-- 2.34.1

Show replies by date

Louis Peens

24 Jan 24 Jan

3:19 p.m.

New subject: [PATCH net v2 1/2] nfp: flower: add hardware offload check for post ct entry

From: Hui Zhou hui.zhou@corigine.com

The nfp offload flow pay will not allocate a mask id when the out port is openvswitch internal port. This is because these flows are used to configure the pre_tun table and are never actually send to the firmware as an add-flow message. When a tc rule which action contains ct and the post ct entry's out port is openvswitch internal port, the merge offload flow pay with the wrong mask id of 0 will be send to the firmware. Actually, the nfp can not support hardware offload for this situation, so return EOPNOTSUPP.

Fixes: bd0fe7f96a3c ("nfp: flower-ct: add zone table entry when handling pre/post_ct flows") CC: stable@vger.kernel.org # 5.14+ Signed-off-by: Hui Zhou hui.zhou@corigine.com Signed-off-by: Louis Peens louis.peens@corigine.com --- .../ethernet/netronome/nfp/flower/conntrack.c | 22 ++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/netronome/nfp/flower/conntrack.c b/drivers/net/ethernet/netronome/nfp/flower/conntrack.c index 2967bab72505..726d8cdf0b9c 100644 --- a/drivers/net/ethernet/netronome/nfp/flower/conntrack.c +++ b/drivers/net/ethernet/netronome/nfp/flower/conntrack.c @@ -1864,10 +1864,30 @@ int nfp_fl_ct_handle_post_ct(struct nfp_flower_priv *priv, { struct flow_rule *rule = flow_cls_offload_flow_rule(flow); struct nfp_fl_ct_flow_entry *ct_entry; + struct flow_action_entry *ct_goto; struct nfp_fl_ct_zone_entry *zt; + struct flow_action_entry *act; bool wildcarded = false; struct flow_match_ct ct; - struct flow_action_entry *ct_goto; + int i; + + flow_action_for_each(i, act, &rule->action) { + switch (act->id) { + case FLOW_ACTION_REDIRECT: + case FLOW_ACTION_REDIRECT_INGRESS: + case FLOW_ACTION_MIRRED: + case FLOW_ACTION_MIRRED_INGRESS: + if (act->dev->rtnl_link_ops && + !strcmp(act->dev->rtnl_link_ops->kind, "openvswitch")) { + NL_SET_ERR_MSG_MOD(extack, + "unsupported offload: out port is openvswitch internal port"); + return -EOPNOTSUPP; + } + break; + default: + break; + } + }

flow_rule_match_ct(rule, &ct); if (!ct.mask->ct_zone) {

-- 2.34.1

Louis Peens

3:19 p.m.

New subject: [PATCH net v2 2/2] nfp: flower: fix hardware offload for the transfer layer port

From: Hui Zhou hui.zhou@corigine.com

The nfp driver will merge the tp source port and tp destination port into one dword which the offset must be zero to do hardware offload. However, the mangle action for the tp source port and tp destination port is separated for tc ct action. Modify the mangle action for the FLOW_ACT_MANGLE_HDR_TYPE_TCP and FLOW_ACT_MANGLE_HDR_TYPE_UDP to satisfy the nfp driver offload check for the tp port.

The mangle action provides a 4B value for source, and a 4B value for the destination, but only 2B of each contains the useful information. For offload the 2B of each is combined into a single 4B word. Since the incoming mask for the source is '0xFFFF<mask>' the shift-left will throw away the 0xFFFF part. When this gets combined together in the offload it will clear the destination field. Fix this by setting the lower bits back to 0xFFFF, effectively doing a rotate-left operation on the mask.

Fixes: 5cee92c6f57a ("nfp: flower: support hw offload for ct nat action") CC: stable@vger.kernel.org # 6.1+ Signed-off-by: Hui Zhou hui.zhou@corigine.com Signed-off-by: Louis Peens louis.peens@corigine.com --- .../ethernet/netronome/nfp/flower/conntrack.c | 24 +++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/netronome/nfp/flower/conntrack.c b/drivers/net/ethernet/netronome/nfp/flower/conntrack.c index 726d8cdf0b9c..15180538b80a 100644 --- a/drivers/net/ethernet/netronome/nfp/flower/conntrack.c +++ b/drivers/net/ethernet/netronome/nfp/flower/conntrack.c @@ -1424,10 +1424,30 @@ static void nfp_nft_ct_translate_mangle_action(struct flow_action_entry *mangle_ mangle_action->mangle.mask = (__force u32)cpu_to_be32(mangle_action->mangle.mask); return;

+ /* Both struct tcphdr and struct udphdr start with + * __be16 source; + * __be16 dest; + * so we can use the same code for both. + */ case FLOW_ACT_MANGLE_HDR_TYPE_TCP: case FLOW_ACT_MANGLE_HDR_TYPE_UDP: - mangle_action->mangle.val = (__force u16)cpu_to_be16(mangle_action->mangle.val); - mangle_action->mangle.mask = (__force u16)cpu_to_be16(mangle_action->mangle.mask); + if (mangle_action->mangle.offset == offsetof(struct tcphdr, source)) { + mangle_action->mangle.val = + (__force u32)cpu_to_be32(mangle_action->mangle.val << 16); + /* The mask of mangle action is inverse mask, + * so clear the dest tp port with 0xFFFF to + * instead of rotate-left operation. + */ + mangle_action->mangle.mask = + (__force u32)cpu_to_be32(mangle_action->mangle.mask << 16 | 0xFFFF); + } + if (mangle_action->mangle.offset == offsetof(struct tcphdr, dest)) { + mangle_action->mangle.offset = 0; + mangle_action->mangle.val = + (__force u32)cpu_to_be32(mangle_action->mangle.val); + mangle_action->mangle.mask = + (__force u32)cpu_to_be32(mangle_action->mangle.mask); + } return;

default:

-- 2.34.1

patchwork-bot+netdevbpf＠kernel.org

26 Jan 26 Jan

1:20 a.m.

Hello:

This series was applied to netdev/net.git (main) by Jakub Kicinski kuba@kernel.org:

On Wed, 24 Jan 2024 17:19:07 +0200 you wrote:

...

This small series addresses two bugs in the nfp conntrack offloading code.

The first patch is a check to prevent offloading for a case which is currently not supported by the nfp.

The second patch fixes up parsing of layer4 mangling code so it can be correctly offloaded. Since the masks are an inverse mask and we are shifting it so it can be packed together with the destination we effectively need to 'clear' the lower bits of the mask by setting it to 0xFFFF.

[...]

Here is the summary with links: - [net,v2,1/2] nfp: flower: add hardware offload check for post ct entry https://git.kernel.org/netdev/net/c/cefa98e806fd - [net,v2,2/2] nfp: flower: fix hardware offload for the transfer layer port https://git.kernel.org/netdev/net/c/3a007b8009b5

You are awesome, thank you!

-- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html

349

days inactive

351

days old

linux-stable-mirror@lists.linaro.org

3 comments

participants

tags (0)

participants (2)

Louis Peens
patchwork-bot+netdevbpf＠kernel.org