summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2019-07-10drivers: net: use flow block APIPablo Neira Ayuso25-130/+286
This patch updates flow_block_cb_setup_simple() to use the flow block API. Several drivers are also adjusted to use it. This patch introduces the per-driver list of flow blocks to account for blocks that are already in use. Remove tc_block_offload alias. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10net: sched: use flow block APIPablo Neira Ayuso1-1/+87
This patch adds tcf_block_setup() which uses the flow block API. This infrastructure takes the flow block callbacks coming from the driver and register/unregister to/from the cls_api core. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10net: flow_offload: add flow_block_cb_{priv, incref, decref}()Pablo Neira Ayuso2-0/+22
This patch completes the flow block API to introduce: * flow_block_cb_priv() to access callback private data. * flow_block_cb_incref() to bump reference counter on this flow block. * flow_block_cb_decref() to decrement the reference counter. These functions are taken from the existing tcf_block_cb_priv(), tcf_block_cb_incref() and tcf_block_cb_decref(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10net: flow_offload: add list handling functionsPablo Neira Ayuso3-0/+39
This patch adds the list handling functions for the flow block API: * flow_block_cb_lookup() allows drivers to look up for existing flow blocks. * flow_block_cb_add() adds a flow block to the per driver list to be registered by the core. * flow_block_cb_remove() to remove a flow block from the list of existing flow blocks per driver and to request the core to unregister this. The flow block API also annotates the netns this flow block belongs to. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10net: flow_offload: add flow_block_cb_alloc() and flow_block_cb_free()Pablo Neira Ayuso2-0/+42
Add a new helper function to allocate flow_block_cb objects. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10net: flow_offload: rename TCF_BLOCK_BINDER_TYPE_* to FLOW_BLOCK_BINDER_TYPE_*Pablo Neira Ayuso11-27/+26
Rename from TCF_BLOCK_BINDER_TYPE_* to FLOW_BLOCK_BINDER_TYPE_* and remove temporary tcf_block_binder_type alias. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10net: flow_offload: rename TC_BLOCK_{UN}BIND to FLOW_BLOCK_{UN}BINDPablo Neira Ayuso9-28/+27
Rename from TC_BLOCK_{UN}BIND to FLOW_BLOCK_{UN}BIND and remove temporary tc_block_command alias. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10net: flow_offload: add flow_block_cb_setup_simple()Pablo Neira Ayuso17-317/+117
Most drivers do the same thing to set up the flow block callbacks, this patch adds a helper function to do this. This preparation patch reduces the number of changes to adapt the existing drivers to use the flow block callback API. This new helper function takes a flow block list per-driver, which is set to NULL until this driver list is used. This patch also introduces the flow_block_command and flow_block_binder_type enumerations, which are renamed to use FLOW_BLOCK_* in follow up patches. There are three definitions (aliases) in order to reduce the number of updates in this patch, which go away once drivers are fully adapted to use this flow block API. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10Merge branch 'net-hisilicon-Add-support-for-HI13X1-to-hip04_eth'David S. Miller3-23/+136
Jiangfeng Xiao says: ==================== net: hisilicon: Add support for HI13X1 to hip04_eth The main purpose of this patch series is to extend the hip04_eth driver to support HI13X1_GMAC. The offset and bitmap of some registers of HI13X1_GMAC are different from hip04_eth common soc. In addition, the definition of send descriptor and parsing descriptor are different from hip04_eth common soc. So the macro of the register offset is redefined to adapt the HI13X1_GMAC. Clean up the sparse warning by the way. Change since v1: * Add a cover letter. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10net: hisilicon: Add an tx_desc to adapt HI13X1_GMACJiangfeng Xiao1-3/+31
HI13X1 changed the offsets and bitmaps for tx_desc registers in the same peripheral device on different models of the hip04_eth. Signed-off-by: Jiangfeng Xiao <xiaojiangfeng@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10net: hisilicon: Add an rx_desc to adapt HI13X1_GMACJiangfeng Xiao1-0/+9
HI13X1 changed the offsets and bitmaps for rx_desc registers in the same peripheral device on different models of the hip04_eth. Signed-off-by: Jiangfeng Xiao <xiaojiangfeng@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10net: hisilicon: Offset buf address to adapt HI13X1_GMACJiangfeng Xiao1-3/+17
The buf unit size of HI13X1_GMAC is cache_line_size, which is 64, so the address we write to the buf register needs to be shifted right by 6 bits. The 31st bit of the PPE_CFG_CPU_ADD_ADDR register of HI13X1_GMAC indicates whether to release the buffer of the message, and the low indicates that it is valid. Signed-off-by: Jiangfeng Xiao <xiaojiangfeng@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10net: hisilicon: Add group field to adapt HI13X1_GMACJiangfeng Xiao1-3/+5
In general, group is the same as the port, but some boards specify a special group for better load balancing of each processing unit. Signed-off-by: Jiangfeng Xiao <xiaojiangfeng@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10net: hisilicon: dt-bindings: Add an field of port-handleJiangfeng Xiao1-3/+4
In general, group is the same as the port, but some boards specify a special group for better load balancing of each processing unit. Signed-off-by: Jiangfeng Xiao <xiaojiangfeng@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10net: hisilicon: HI13X1_GMAX need dreq reset at firstJiangfeng Xiao1-0/+24
HI13X1_GMAC delete request for soft reset at first, otherwise, the subsequent initialization will not take effect. Signed-off-by: Jiangfeng Xiao <xiaojiangfeng@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10net: hisilicon: HI13X1_GMAX skip write LOCAL_PAGE_REGJiangfeng Xiao1-0/+2
HI13X1_GMAC changed the offsets and bitmaps for GE_TX_LOCAL_PAGE_REG registers in the same peripheral device on different models of the hip04_eth. With the default configuration, HI13X1_GMAC can also work without any writes to the GE_TX_LOCAL_PAGE_REG register. Signed-off-by: Jiangfeng Xiao <xiaojiangfeng@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10net: hisilicon: Cleanup for cast to restricted __be32Jiangfeng Xiao1-2/+2
This patch fixes the following warning from sparse: hip04_eth.c:533:23: warning: cast to restricted __be16 hip04_eth.c:533:23: warning: cast to restricted __be16 hip04_eth.c:533:23: warning: cast to restricted __be16 hip04_eth.c:533:23: warning: cast to restricted __be16 hip04_eth.c:534:23: warning: cast to restricted __be32 hip04_eth.c:534:23: warning: cast to restricted __be32 hip04_eth.c:534:23: warning: cast to restricted __be32 hip04_eth.c:534:23: warning: cast to restricted __be32 hip04_eth.c:534:23: warning: cast to restricted __be32 hip04_eth.c:534:23: warning: cast to restricted __be32 Signed-off-by: Jiangfeng Xiao <xiaojiangfeng@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10net: hisilicon: Cleanup for got restricted __be32Jiangfeng Xiao1-4/+4
This patch fixes the following warning from sparse: hip04_eth.c:468:25: warning: incorrect type in assignment hip04_eth.c:468:25: expected unsigned int [usertype] send_addr hip04_eth.c:468:25: got restricted __be32 [usertype] hip04_eth.c:469:25: warning: incorrect type in assignment hip04_eth.c:469:25: expected unsigned int [usertype] send_size hip04_eth.c:469:25: got restricted __be32 [usertype] hip04_eth.c:470:19: warning: incorrect type in assignment hip04_eth.c:470:19: expected unsigned int [usertype] cfg hip04_eth.c:470:19: got restricted __be32 [usertype] hip04_eth.c:472:23: warning: incorrect type in assignment hip04_eth.c:472:23: expected unsigned int [usertype] wb_addr hip04_eth.c:472:23: got restricted __be32 [usertype] Signed-off-by: Jiangfeng Xiao <xiaojiangfeng@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10net: hisilicon: Add support for HI13X1 to hip04_ethJiangfeng Xiao2-7/+40
Extend the hip04_eth driver to support HI13X1_GMAC. Enable it with CONFIG_HI13X1_GMAC option. Signed-off-by: Jiangfeng Xiao <xiaojiangfeng@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10Merge branch 'stmmac-hash-table'David S. Miller5-26/+43
Biao Huang says: ==================== stmmac: fix out-of-boundary issue and add taller hash table support Fix mac address out-of-boundary issue in net-next tree. and resend the patch which was discussed in https://lore.kernel.org/patchwork/patch/1082117 but with no further progress. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10net: stmmac: add support for hash table size 128/256 in dwmac4Biao Huang5-25/+42
1. get hash table size in hw feature reigster, and add support for taller hash table(128/256) in dwmac4. 2. only clear GMAC_PACKET_FILTER bits used in this function, to avoid side effect to functions of other bits. stmmac selftests output log with flow control on: ethtool -t eth0 The test result is PASS The test extra info: 1. MAC Loopback 0 2. PHY Loopback -95 3. MMC Counters 0 4. EEE -95 5. Hash Filter MC 0 6. Perfect Filter UC 0 7. MC Filter 0 8. UC Filter 0 9. Flow Control 0 Signed-off-by: Biao Huang <biao.huang@mediatek.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10net: stmmac: dwmac4: mac address array boudary violation issueBiao Huang1-1/+1
The mac address array size is GMAC_MAX_PERFECT_ADDRESSES, so the 'reg' should be less than it, or will affect other registers. Signed-off-by: Biao Huang <biao.huang@mediatek.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10Merge branch 'tc-testing-Add-plugin-for-simple-traffic-generation'David S. Miller4-8/+155
Lucas Bates says: ==================== tc-testing: Add plugin for simple traffic generation This series supersedes the previous submission that included a patch for test case verification using JSON output. It adds a new tdc plugin, scapyPlugin, as a way to send traffic to test tc filters and actions. The first patch makes a change to the TdcPlugin module that will allow tdc plugins to examine the test case currently being executed, so plugins can play a more active role in testing by accepting information or commands from the test case. This is required for scapyPlugin to work. The second patch adds scapyPlugin itself, and an example test case file to demonstrate how the scapy block works in the test cases. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10tc-testing: introduce scapyPlugin for basic trafficLucas Bates2-0/+148
The scapyPlugin allows for simple traffic generation in tdc to test various tc features. It was tested with scapy v2.4.2, but should work with any successive version. In order to use the plugin's functionality, scapy must be installed. This can be done with: pip3 install scapy or to install 2.4.2: pip3 install scapy==2.4.2 If the plugin is unable to import the scapy module, it will terminate the tdc run. The plugin makes use of a new key in the test case data, 'scapy'. This block contains three other elements: 'iface', 'count', and 'packet': "scapy": { "iface": "$DEV0", "count": 1, "packet": "Ether(type=0x800)/IP(src='16.61.16.61')/ICMP()" }, * iface is the name of the device on the host machine from which the packet(s) will be sent. Values contained within tdc_config.py's NAMES dict can be used here - this is useful if paired with nsPlugin * count is the number of copies of this packet to be sent * packet is a string detailing the different layers of the packet to be sent. If a property isn't explicitly set, scapy will set default values for you. Layers in the packet info are separated by slashes. For info about common TCP and IP properties, see: https://blogs.sans.org/pen-testing/files/2016/04/ScapyCheatSheet_v0.2.pdf Caution is advised when running tests using the scapy functionality, since the plugin blindly sends the packet as defined in the test case data. See creating-testcases/scapy-example.json for sample test cases; the first test is intended to pass while the second is intended to fail. Signed-off-by: Lucas Bates <lucasb@mojatatu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-10tc-testing: Allow tdc plugins to see test case dataLucas Bates2-8/+7
Instead of only passing the test case name and ID, pass the entire current test case down to the plugins. This change allows plugins to start accepting commands and directives from the test cases themselves, for greater flexibility in testing. Signed-off-by: Lucas Bates <lucasb@mojatatu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09net: dsa: vsc73xx: fix NET_DSA and OF dependenciesArnd Bergmann1-0/+4
The restructuring of the driver got the dependencies wrong: without CONFIG_NET_DSA we get this build failure: WARNING: unmet direct dependencies detected for NET_DSA_VITESSE_VSC73XX Depends on [n]: NETDEVICES [=y] && HAVE_NET_DSA [=y] && OF [=y] && NET_DSA [=n] Selected by [m]: - NET_DSA_VITESSE_VSC73XX_PLATFORM [=m] && NETDEVICES [=y] && HAVE_NET_DSA [=y] && HAS_IOMEM [=y] ERROR: "dsa_unregister_switch" [drivers/net/dsa/vitesse-vsc73xx-core.ko] undefined! ERROR: "dsa_switch_alloc" [drivers/net/dsa/vitesse-vsc73xx-core.ko] undefined! ERROR: "dsa_register_switch" [drivers/net/dsa/vitesse-vsc73xx-core.ko] undefined! Add the appropriate dependencies. Fixes: 95711cd5f0b4 ("net: dsa: vsc73xx: Split vsc73xx driver") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09Merge branch 'Armada-8040-SoC-in-orion-mdio-hang'David S. Miller2-2/+11
Josua Mayer says: ==================== Fix hang of Armada 8040 SoC in orion-mdio With a modular kernel as configured by Debian a hang was observed with the Armada 8040 SoC in the Clearfog GT and Macchiatobin boards. The 8040 SoC actually requires four clocks to be enabled for the mdio interface to function. All 4 clocks are already specified in armada-cp110.dtsi. It has however been missed that the orion-mdio driver only supports enabling up to three clocks. This patch-set allows the orion-mdio driver to handle four clocks and adds a warning when more clocks are specified to prevent this particular oversight in the future. Changes since v1: - fixed condition for priting the warning (Andrew Lunn) - rephrased commit description for deferred probing (Andrew Lunn) - fixed compiler warnings (kbuild test robot) ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09net: mvmdio: defer probe of orion-mdio if a clock is not readyJosua Mayer1-0/+5
Defer probing of the orion-mdio interface when getting a clock returns EPROBE_DEFER. This avoids locking up the Armada 8k SoC when mdio is used before all clocks have been enabled. Signed-off-by: Josua Mayer <josua@solid-run.com> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09net: mvmdio: print warning when orion-mdio has too many clocksJosua Mayer1-0/+4
Print a warning when device tree specifies more than the maximum of four clocks supported by orion-mdio. Because reading from mdio can lock up the Armada 8k when a required clock is not initialized, it is important to notify the user when a specified clock is ignored. Signed-off-by: Josua Mayer <josua@solid-run.com> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09net: mvmdio: allow up to four clocks to be specified for orion-mdioJosua Mayer1-1/+1
Allow up to four clocks to be specified and enabled for the orion-mdio interface, which are required by the Armada 8k and defined in armada-cp110.dtsi. Fixes a hang in probing the mvmdio driver that was encountered on the Clearfog GT 8K with all drivers built as modules, but also affects other boards such as the MacchiatoBIN. Cc: stable@vger.kernel.org Fixes: 96cb43423822 ("net: mvmdio: allow up to three clocks to be specified for orion-mdio") Reviewed-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: Josua Mayer <josua@solid-run.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09dt-bindings: allow up to four clocks for orion-mdioJosua Mayer1-1/+1
Armada 8040 needs four clocks to be enabled for MDIO accesses to work. Update the binding to allow the extra clock to be specified. Cc: stable@vger.kernel.org Fixes: 6d6a331f44a1 ("dt-bindings: allow up to three clocks for orion-mdio") Reviewed-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: Josua Mayer <josua@solid-run.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09net: netsec: start using buffers if page_pool registration succeededIlias Apalodimas1-8/+9
The current driver starts using page_pool buffers before calling xdp_rxq_info_reg_mem_model(). Start using the buffers after the registration succeeded, so we won't have to call page_pool_request_shutdown() in case of failure Fixes: 5c67bf0ec4d0 ("net: netsec: Use page_pool API") Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09Merge branch 'net-stmmac-Some-improvements-and-a-fix'David S. Miller12-172/+114
Jose Abreu says: ==================== net: stmmac: Some improvements and a fix Some performace improvements (01/03 and 03/03) and a fix (02/03), all for -next. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09net: stmmac: Introducing support for Page PoolJose Abreu3-144/+70
Mapping and unmapping DMA region is an high bottleneck in stmmac driver, specially in the RX path. This commit introduces support for Page Pool API and uses it in all RX queues. With this change, we get more stable troughput and some increase of banwidth with iperf: - MAC1000 - 950 Mbps - XGMAC: 9.22 Gbps Changes from v3: - Use page_pool_destroy() (Ilias) Changes from v2: - Uncoditionally call page_pool_free() (Jesper) Changes from v1: - Use page_pool_get_dma_addr() (Jesper) - Add a comment (Jesper) - Add page_pool_free() call (Jesper) - Reintroduce sync_single_for_device (Arnd / Ilias) Signed-off-by: Jose Abreu <joabreu@synopsys.com> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09net: stmmac: Fix descriptors address being in > 32 bits address spaceJose Abreu7-22/+26
Commit a993db88d17d ("net: stmmac: Enable support for > 32 Bits addressing in XGMAC"), introduced support for > 32 bits addressing in XGMAC but the conversion of descriptors to dma_addr_t was left out. As some devices assing coherent memory in regions > 32 bits we need to set lower and upper value of descriptors address when initializing DMA channels. Luckly, this was working for me because I was assigning CMA to < 4GB address space for performance reasons. Fixes: a993db88d17d ("net: stmmac: Enable support for > 32 Bits addressing in XGMAC") Signed-off-by: Jose Abreu <joabreu@synopsys.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09net: stmmac: Implement RX Coalesce Frames settingJose Abreu4-8/+20
Add support for coalescing RX path by specifying number of frames which don't need to have interrupt on completion bit set. This is only available when RX Watchdog is enabled. Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Jose Abreu <joabreu@synopsys.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09bnxt_en: Add page_pool_destroy() during RX ring cleanup.Michael Chan1-6/+2
Add page_pool_destroy() in bnxt_free_rx_rings() during normal RX ring cleanup, as Ilias has informed us that the following commit has been merged: 1da4bbeffe41 ("net: core: page_pool: add user refcnt and reintroduce page_pool_destroy") The special error handling code to call page_pool_free() can now be removed. bnxt_free_rx_rings() will always be called during normal shutdown or any error paths. Fixes: 322b87ca55f2 ("bnxt_en: add page_pool support") Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org> Cc: Andy Gospodarek <gospo@broadcom.com> Signed-off-by: Michael Chan <michael.chan@broadcom.com> Acked-by: Andy Gospodarek <gospo@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09Merge branch 'net-sched-Introduce-tc-connection-tracking'David S. Miller13-5/+1632
Paul Blakey says: ==================== net/sched: Introduce tc connection tracking This patch series add connection tracking capabilities in tc sw datapath. It does so via a new tc action, called act_ct, and new tc flower classifier matching on conntrack state, mark and label. Usage is as follows: $ tc qdisc add dev ens1f0_0 ingress $ tc qdisc add dev ens1f0_1 ingress $ tc filter add dev ens1f0_0 ingress \ prio 1 chain 0 proto ip \ flower ip_proto tcp ct_state -trk \ action ct zone 2 pipe \ action goto chain 2 $ tc filter add dev ens1f0_0 ingress \ prio 1 chain 2 proto ip \ flower ct_state +trk+new \ action ct zone 2 commit mark 0xbb nat src addr 5.5.5.7 pipe \ action mirred egress redirect dev ens1f0_1 $ tc filter add dev ens1f0_0 ingress \ prio 1 chain 2 proto ip \ flower ct_zone 2 ct_mark 0xbb ct_state +trk+est \ action ct nat pipe \ action mirred egress redirect dev ens1f0_1 $ tc filter add dev ens1f0_1 ingress \ prio 1 chain 0 proto ip \ flower ip_proto tcp ct_state -trk \ action ct zone 2 pipe \ action goto chain 1 $ tc filter add dev ens1f0_1 ingress \ prio 1 chain 1 proto ip \ flower ct_zone 2 ct_mark 0xbb ct_state +trk+est \ action ct nat pipe \ action mirred egress redirect dev ens1f0_0 The pattern used in the design here closely resembles OvS, as the plan is to also offload OvS conntrack rules to tc. OvS datapath rules uses it's recirculation mechanism to send specific packets to conntrack, and return with the new conntrack state (ct_state) on some other recirc_id to be matched again (we use goto chain for this). This results in the following OvS datapath rules: recirc_id(0),in_port(ens1f0_0),ct_state(-trk),... actions:ct(zone=2),recirc(2) recirc_id(2),in_port(ens1f0_0),ct_state(+new+trk),ct_mark(0xbb),... actions:ct(commit,zone=2,nat(src=5.5.5.7),mark=0xbb),ens1f0_1 recirc_id(2),in_port(ens1f0_0),ct_state(+est+trk),ct_mark(0xbb),... actions:ct(zone=2,nat),ens1f0_1 recirc_id(1),in_port(ens1f0_1),ct_state(-trk),... actions:ct(zone=2),recirc(1) recirc_id(1),in_port(ens1f0_1),ct_state(+est+trk),... actions:ct(zone=2,nat),ens1f0_0 Changelog: See individual patches. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09tc-tests: Add tc action ct testsPaul Blakey1-0/+314
Add 13 tests ensuring the command line is doing what is supposed to do. Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: Marcelo Ricardo Leitner <mleitner@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09net/sched: cls_flower: Add matching on conntrack infoPaul Blakey2-5/+138
New matches for conntrack mark, label, zone, and state. Signed-off-by: Paul Blakey <paulb@mellanox.com> Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: Yossi Kuperman <yossiku@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09net/flow_dissector: add connection tracking dissectionPaul Blakey3-0/+69
Retreives connection tracking zone, mark, label, and state from a SKB. Signed-off-by: Paul Blakey <paulb@mellanox.com> Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09net/sched: Introduce action ctPaul Blakey8-0/+1111
Allow sending a packet to conntrack module for connection tracking. The packet will be marked with conntrack connection's state, and any metadata such as conntrack mark and label. This state metadata can later be matched against with tc classifers, for example with the flower classifier as below. In addition to committing new connections the user can optionally specific a zone to track within, set a mark/label and configure nat with an address range and port range. Usage is as follows: $ tc qdisc add dev ens1f0_0 ingress $ tc qdisc add dev ens1f0_1 ingress $ tc filter add dev ens1f0_0 ingress \ prio 1 chain 0 proto ip \ flower ip_proto tcp ct_state -trk \ action ct zone 2 pipe \ action goto chain 2 $ tc filter add dev ens1f0_0 ingress \ prio 1 chain 2 proto ip \ flower ct_state +trk+new \ action ct zone 2 commit mark 0xbb nat src addr 5.5.5.7 pipe \ action mirred egress redirect dev ens1f0_1 $ tc filter add dev ens1f0_0 ingress \ prio 1 chain 2 proto ip \ flower ct_zone 2 ct_mark 0xbb ct_state +trk+est \ action ct nat pipe \ action mirred egress redirect dev ens1f0_1 $ tc filter add dev ens1f0_1 ingress \ prio 1 chain 0 proto ip \ flower ip_proto tcp ct_state -trk \ action ct zone 2 pipe \ action goto chain 1 $ tc filter add dev ens1f0_1 ingress \ prio 1 chain 1 proto ip \ flower ct_zone 2 ct_mark 0xbb ct_state +trk+est \ action ct nat pipe \ action mirred egress redirect dev ens1f0_0 Signed-off-by: Paul Blakey <paulb@mellanox.com> Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: Yossi Kuperman <yossiku@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Changelog: V5->V6: Added CONFIG_NF_DEFRAG_IPV6 in handle fragments ipv6 case V4->V5: Reordered nf_conntrack_put() in tcf_ct_skb_nfct_cached() V3->V4: Added strict_start_type for act_ct policy V2->V3: Fixed david's comments: Removed extra newline after rcu in tcf_ct_params , and indent of break in act_ct.c V1->V2: Fixed parsing of ranges TCA_CT_NAT_IPV6_MAX as 'else' case overwritten ipv4 max Refactored NAT_PORT_MIN_MAX range handling as well Added ipv4/ipv6 defragmentation Removed extra skb pull push of nw offset in exectute nat Refactored tcf_ct_skb_network_trim after pull Removed TCA_ACT_CT define Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09Merge branch 'devlink-Introduce-PCI-PF-VF-ports-and-attributes'David S. Miller5-53/+232
Parav Pandit says: ==================== devlink: Introduce PCI PF, VF ports and attributes This patchset carry forwards the work initiated in [1] and discussion futher concluded at [2]. To improve visibility of representor netdevice, its association with PF or VF, physical port, two new devlink port flavours are added as PCI PF and PCI VF ports. A sample eswitch view can be seen below, which will be futher extended to mdev subdevices of a PCI function in future. Patch-1 moves physical port's attribute to new structure Patch-2 enhances netlink response to consider port flavour Patch-3,4 extends devlink port attributes and port flavour Patch-5 extends mlx5 driver to register devlink ports for PF, VF and physical link. +---+ +---+ vf| | | | pf +-+-+ +-+-+ physical link <---------+ | | | | | | | | +-+-+ +-+-+ +-+-+ | 1 | | 2 | | 3 | +--+---+-----+---+------+---+--+ | physical vf pf | | port port port | | | | eswitch | | | +------------------------------+ [1] https://www.spinics.net/lists/netdev/msg555797.html [2] https://marc.info/?l=linux-netdev&m=155354609408485&w=2 Changelog: v5->v6: - Fixed port flavour check order for PCI PF vs other flavours in netlink response. - Changed 'physical' to 'phys'. v4->v5: - Split first patch to two patches to handle netlink response in separate patch. - Corrected typo 'otwerwise' to 'otherwise' in patches 3 and 4. v3->v4: - Addressed comments from Jiri. - Split first patch to two patches. - Renamed phys_port to physical to be consistent with pci_pf. - Removed port_number from __devlink_port_attrs_set and moved assignment to caller function. - Used capital letter while moving old comment to new structure. - Removed helper function is_devlink_phy_port_num_supported(). v2->v3: - Made port_number and split_port_number applicable only to physical port flavours. v1->v2: - Updated new APIs and mlx5 driver to drop port_number for PF, VF attributes - Updated port_number comment for its usage - Limited putting port_number to physical ports ==================== Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09net/mlx5e: Register devlink ports for physical link, PCI PF, VFsParav Pandit2-31/+78
Register devlink port of physical port, PCI PF and PCI VF flavour for each PF, VF when a given devlink instance is in switchdev mode. Implement ndo_get_devlink_port callback API to make use of registered devlink ports. This eliminates ndo_get_phys_port_name() and ndo_get_port_parent_id() callbacks. Hence, remove them. An example output with 2 VFs, without a PF and single uplink port is below. $devlink port show pci/0000:06:00.0/65535: type eth netdev ens2f0 flavour physical pci/0000:05:00.0/1: type eth netdev eth1 flavour pcivf pfnum 0 vfnum 0 pci/0000:05:00.0/2: type eth netdev eth2 flavour pcivf pfnum 0 vfnum 1 Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Parav Pandit <parav@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09devlink: Introduce PCI VF port flavour and port attributeParav Pandit3-0/+54
In an eswitch, PCI VF may have port which is normally represented using a representor netdevice. To have better visibility of eswitch port, its association with VF, and its representor netdevice, introduce a PCI VF port flavour. When devlink port flavour is PCI VF, fill up PCI VF attributes of the port. Extend port name creation using PCI PF and VF number scheme on best effort basis, so that vendor drivers can skip defining their own scheme. $ devlink port show pci/0000:05:00.0/0: type eth netdev eth0 flavour pcipf pfnum 0 pci/0000:05:00.0/1: type eth netdev eth1 flavour pcivf pfnum 0 vfnum 0 pci/0000:05:00.0/2: type eth netdev eth2 flavour pcivf pfnum 0 vfnum 1 Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Parav Pandit <parav@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09devlink: Introduce PCI PF port flavour and port attributeParav Pandit3-0/+47
In an eswitch, PCI PF may have port which is normally represented using a representor netdevice. To have better visibility of eswitch port, its association with PF and a representor netdevice, introduce a PCI PF port flavour and port attriute. When devlink port flavour is PCI PF, fill up PCI PF attributes of the port. Extend port name creation using PCI PF number on best effort basis. So that vendor drivers can skip defining their own scheme. $ devlink port show pci/0000:05:00.0/0: type eth netdev eth0 flavour pcipf pfnum 0 Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Parav Pandit <parav@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09devlink: Return physical port fields only for applicable port flavoursParav Pandit1-0/+4
Physical port number and split group fields are applicable only to physical port flavours such as PHYSICAL, CPU and DSA. Hence limit returning those values in netlink response to such port flavours. Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Parav Pandit <parav@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09devlink: Refactor physical port attributesParav Pandit2-22/+49
To support additional devlink port flavours and to support few common and few different port attributes, move physical port attributes to a different structure. Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Parav Pandit <parav@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09Merge branch 'nfp-tls-fixes-for-initial-TLS-support'David S. Miller10-50/+143
Jakub Kicinski says: ==================== nfp: tls: fixes for initial TLS support This series brings various fixes to nfp tls offload recently added to net-next. First 4 patches revolve around device mailbox communication, trying to make it more reliable. Next patch fixes statistical counter. Patch 6 improves the TX resync if device communication failed. Patch 7 makes sure we remove keys from memory after talking to FW. Patch 8 adds missing tls context initialization, we fill in the context information from various places based on the configuration and looks like we missed the init in the case of where TX is offloaded, but RX wasn't initialized yet. Patches 9 and 10 make the nfp driver undo TLS state changes if we need to drop the frame (e.g. due to DMA mapping error). Last but not least TLS fallback should not adjust socket memory after skb_orphan_partial(). This code will go away once we forbid orphaning of skbs in need of crypto, but that's "real" -next material, so lets do a quick fix. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2019-07-09net/tls: fix socket wmem accounting on fallback with netemJakub Kicinski1-0/+4
netem runs skb_orphan_partial() which "disconnects" the skb from normal TCP write memory accounting. We should not adjust sk->sk_wmem_alloc on the fallback path for such skbs. Fixes: e8f69799810c ("net/tls: Add generic NIC offload infrastructure") Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>