net/mlx5: fix VXLAN without decap action for E-Switch
[dpdk.git] / drivers / net / mlx5 / mlx5_flow_tcf.c
1 /* SPDX-License-Identifier: BSD-3-Clause
2  * Copyright 2018 6WIND S.A.
3  * Copyright 2018 Mellanox Technologies, Ltd
4  */
5
6 #include <assert.h>
7 #include <errno.h>
8 #include <libmnl/libmnl.h>
9 #include <linux/gen_stats.h>
10 #include <linux/if_ether.h>
11 #include <linux/netlink.h>
12 #include <linux/pkt_cls.h>
13 #include <linux/pkt_sched.h>
14 #include <linux/rtnetlink.h>
15 #include <linux/tc_act/tc_gact.h>
16 #include <linux/tc_act/tc_mirred.h>
17 #include <netinet/in.h>
18 #include <stdalign.h>
19 #include <stdbool.h>
20 #include <stddef.h>
21 #include <stdint.h>
22 #include <stdlib.h>
23 #include <sys/socket.h>
24
25 #include <rte_byteorder.h>
26 #include <rte_errno.h>
27 #include <rte_ether.h>
28 #include <rte_flow.h>
29 #include <rte_malloc.h>
30 #include <rte_common.h>
31
32 #include "mlx5.h"
33 #include "mlx5_flow.h"
34 #include "mlx5_autoconf.h"
35
36 #ifdef HAVE_TC_ACT_VLAN
37
38 #include <linux/tc_act/tc_vlan.h>
39
40 #else /* HAVE_TC_ACT_VLAN */
41
42 #define TCA_VLAN_ACT_POP 1
43 #define TCA_VLAN_ACT_PUSH 2
44 #define TCA_VLAN_ACT_MODIFY 3
45 #define TCA_VLAN_PARMS 2
46 #define TCA_VLAN_PUSH_VLAN_ID 3
47 #define TCA_VLAN_PUSH_VLAN_PROTOCOL 4
48 #define TCA_VLAN_PAD 5
49 #define TCA_VLAN_PUSH_VLAN_PRIORITY 6
50
51 struct tc_vlan {
52         tc_gen;
53         int v_action;
54 };
55
56 #endif /* HAVE_TC_ACT_VLAN */
57
58 #ifdef HAVE_TC_ACT_PEDIT
59
60 #include <linux/tc_act/tc_pedit.h>
61
62 #else /* HAVE_TC_ACT_VLAN */
63
64 enum {
65         TCA_PEDIT_UNSPEC,
66         TCA_PEDIT_TM,
67         TCA_PEDIT_PARMS,
68         TCA_PEDIT_PAD,
69         TCA_PEDIT_PARMS_EX,
70         TCA_PEDIT_KEYS_EX,
71         TCA_PEDIT_KEY_EX,
72         __TCA_PEDIT_MAX
73 };
74
75 enum {
76         TCA_PEDIT_KEY_EX_HTYPE = 1,
77         TCA_PEDIT_KEY_EX_CMD = 2,
78         __TCA_PEDIT_KEY_EX_MAX
79 };
80
81 enum pedit_header_type {
82         TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK = 0,
83         TCA_PEDIT_KEY_EX_HDR_TYPE_ETH = 1,
84         TCA_PEDIT_KEY_EX_HDR_TYPE_IP4 = 2,
85         TCA_PEDIT_KEY_EX_HDR_TYPE_IP6 = 3,
86         TCA_PEDIT_KEY_EX_HDR_TYPE_TCP = 4,
87         TCA_PEDIT_KEY_EX_HDR_TYPE_UDP = 5,
88         __PEDIT_HDR_TYPE_MAX,
89 };
90
91 enum pedit_cmd {
92         TCA_PEDIT_KEY_EX_CMD_SET = 0,
93         TCA_PEDIT_KEY_EX_CMD_ADD = 1,
94         __PEDIT_CMD_MAX,
95 };
96
97 struct tc_pedit_key {
98         __u32 mask; /* AND */
99         __u32 val; /*XOR */
100         __u32 off; /*offset */
101         __u32 at;
102         __u32 offmask;
103         __u32 shift;
104 };
105
106 __extension__
107 struct tc_pedit_sel {
108         tc_gen;
109         unsigned char nkeys;
110         unsigned char flags;
111         struct tc_pedit_key keys[0];
112 };
113
114 #endif /* HAVE_TC_ACT_VLAN */
115
116 #ifdef HAVE_TC_ACT_TUNNEL_KEY
117
118 #include <linux/tc_act/tc_tunnel_key.h>
119
120 #ifndef HAVE_TCA_TUNNEL_KEY_ENC_DST_PORT
121 #define TCA_TUNNEL_KEY_ENC_DST_PORT 9
122 #endif
123
124 #ifndef HAVE_TCA_TUNNEL_KEY_NO_CSUM
125 #define TCA_TUNNEL_KEY_NO_CSUM 10
126 #endif
127
128 #ifndef HAVE_TCA_TUNNEL_KEY_ENC_TOS
129 #define TCA_TUNNEL_KEY_ENC_TOS 12
130 #endif
131
132 #ifndef HAVE_TCA_TUNNEL_KEY_ENC_TTL
133 #define TCA_TUNNEL_KEY_ENC_TTL 13
134 #endif
135
136 #else /* HAVE_TC_ACT_TUNNEL_KEY */
137
138 #define TCA_ACT_TUNNEL_KEY 17
139 #define TCA_TUNNEL_KEY_ACT_SET 1
140 #define TCA_TUNNEL_KEY_ACT_RELEASE 2
141 #define TCA_TUNNEL_KEY_PARMS 2
142 #define TCA_TUNNEL_KEY_ENC_IPV4_SRC 3
143 #define TCA_TUNNEL_KEY_ENC_IPV4_DST 4
144 #define TCA_TUNNEL_KEY_ENC_IPV6_SRC 5
145 #define TCA_TUNNEL_KEY_ENC_IPV6_DST 6
146 #define TCA_TUNNEL_KEY_ENC_KEY_ID 7
147 #define TCA_TUNNEL_KEY_ENC_DST_PORT 9
148 #define TCA_TUNNEL_KEY_NO_CSUM 10
149 #define TCA_TUNNEL_KEY_ENC_TOS 12
150 #define TCA_TUNNEL_KEY_ENC_TTL 13
151
152 struct tc_tunnel_key {
153         tc_gen;
154         int t_action;
155 };
156
157 #endif /* HAVE_TC_ACT_TUNNEL_KEY */
158
159 /* Normally found in linux/netlink.h. */
160 #ifndef NETLINK_CAP_ACK
161 #define NETLINK_CAP_ACK 10
162 #endif
163
164 /* Normally found in linux/pkt_sched.h. */
165 #ifndef TC_H_MIN_INGRESS
166 #define TC_H_MIN_INGRESS 0xfff2u
167 #endif
168
169 /* Normally found in linux/pkt_cls.h. */
170 #ifndef TCA_CLS_FLAGS_SKIP_SW
171 #define TCA_CLS_FLAGS_SKIP_SW (1 << 1)
172 #endif
173 #ifndef TCA_CLS_FLAGS_IN_HW
174 #define TCA_CLS_FLAGS_IN_HW (1 << 2)
175 #endif
176 #ifndef HAVE_TCA_CHAIN
177 #define TCA_CHAIN 11
178 #endif
179 #ifndef HAVE_TCA_FLOWER_ACT
180 #define TCA_FLOWER_ACT 3
181 #endif
182 #ifndef HAVE_TCA_FLOWER_FLAGS
183 #define TCA_FLOWER_FLAGS 22
184 #endif
185 #ifndef HAVE_TCA_FLOWER_KEY_ETH_TYPE
186 #define TCA_FLOWER_KEY_ETH_TYPE 8
187 #endif
188 #ifndef HAVE_TCA_FLOWER_KEY_ETH_DST
189 #define TCA_FLOWER_KEY_ETH_DST 4
190 #endif
191 #ifndef HAVE_TCA_FLOWER_KEY_ETH_DST_MASK
192 #define TCA_FLOWER_KEY_ETH_DST_MASK 5
193 #endif
194 #ifndef HAVE_TCA_FLOWER_KEY_ETH_SRC
195 #define TCA_FLOWER_KEY_ETH_SRC 6
196 #endif
197 #ifndef HAVE_TCA_FLOWER_KEY_ETH_SRC_MASK
198 #define TCA_FLOWER_KEY_ETH_SRC_MASK 7
199 #endif
200 #ifndef HAVE_TCA_FLOWER_KEY_IP_PROTO
201 #define TCA_FLOWER_KEY_IP_PROTO 9
202 #endif
203 #ifndef HAVE_TCA_FLOWER_KEY_IPV4_SRC
204 #define TCA_FLOWER_KEY_IPV4_SRC 10
205 #endif
206 #ifndef HAVE_TCA_FLOWER_KEY_IPV4_SRC_MASK
207 #define TCA_FLOWER_KEY_IPV4_SRC_MASK 11
208 #endif
209 #ifndef HAVE_TCA_FLOWER_KEY_IPV4_DST
210 #define TCA_FLOWER_KEY_IPV4_DST 12
211 #endif
212 #ifndef HAVE_TCA_FLOWER_KEY_IPV4_DST_MASK
213 #define TCA_FLOWER_KEY_IPV4_DST_MASK 13
214 #endif
215 #ifndef HAVE_TCA_FLOWER_KEY_IPV6_SRC
216 #define TCA_FLOWER_KEY_IPV6_SRC 14
217 #endif
218 #ifndef HAVE_TCA_FLOWER_KEY_IPV6_SRC_MASK
219 #define TCA_FLOWER_KEY_IPV6_SRC_MASK 15
220 #endif
221 #ifndef HAVE_TCA_FLOWER_KEY_IPV6_DST
222 #define TCA_FLOWER_KEY_IPV6_DST 16
223 #endif
224 #ifndef HAVE_TCA_FLOWER_KEY_IPV6_DST_MASK
225 #define TCA_FLOWER_KEY_IPV6_DST_MASK 17
226 #endif
227 #ifndef HAVE_TCA_FLOWER_KEY_TCP_SRC
228 #define TCA_FLOWER_KEY_TCP_SRC 18
229 #endif
230 #ifndef HAVE_TCA_FLOWER_KEY_TCP_SRC_MASK
231 #define TCA_FLOWER_KEY_TCP_SRC_MASK 35
232 #endif
233 #ifndef HAVE_TCA_FLOWER_KEY_TCP_DST
234 #define TCA_FLOWER_KEY_TCP_DST 19
235 #endif
236 #ifndef HAVE_TCA_FLOWER_KEY_TCP_DST_MASK
237 #define TCA_FLOWER_KEY_TCP_DST_MASK 36
238 #endif
239 #ifndef HAVE_TCA_FLOWER_KEY_UDP_SRC
240 #define TCA_FLOWER_KEY_UDP_SRC 20
241 #endif
242 #ifndef HAVE_TCA_FLOWER_KEY_UDP_SRC_MASK
243 #define TCA_FLOWER_KEY_UDP_SRC_MASK 37
244 #endif
245 #ifndef HAVE_TCA_FLOWER_KEY_UDP_DST
246 #define TCA_FLOWER_KEY_UDP_DST 21
247 #endif
248 #ifndef HAVE_TCA_FLOWER_KEY_UDP_DST_MASK
249 #define TCA_FLOWER_KEY_UDP_DST_MASK 38
250 #endif
251 #ifndef HAVE_TCA_FLOWER_KEY_VLAN_ID
252 #define TCA_FLOWER_KEY_VLAN_ID 23
253 #endif
254 #ifndef HAVE_TCA_FLOWER_KEY_VLAN_PRIO
255 #define TCA_FLOWER_KEY_VLAN_PRIO 24
256 #endif
257 #ifndef HAVE_TCA_FLOWER_KEY_VLAN_ETH_TYPE
258 #define TCA_FLOWER_KEY_VLAN_ETH_TYPE 25
259 #endif
260 #ifndef HAVE_TCA_FLOWER_KEY_ENC_KEY_ID
261 #define TCA_FLOWER_KEY_ENC_KEY_ID 26
262 #endif
263 #ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV4_SRC
264 #define TCA_FLOWER_KEY_ENC_IPV4_SRC 27
265 #endif
266 #ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK
267 #define TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK 28
268 #endif
269 #ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV4_DST
270 #define TCA_FLOWER_KEY_ENC_IPV4_DST 29
271 #endif
272 #ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV4_DST_MASK
273 #define TCA_FLOWER_KEY_ENC_IPV4_DST_MASK 30
274 #endif
275 #ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV6_SRC
276 #define TCA_FLOWER_KEY_ENC_IPV6_SRC 31
277 #endif
278 #ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK
279 #define TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK 32
280 #endif
281 #ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV6_DST
282 #define TCA_FLOWER_KEY_ENC_IPV6_DST 33
283 #endif
284 #ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV6_DST_MASK
285 #define TCA_FLOWER_KEY_ENC_IPV6_DST_MASK 34
286 #endif
287 #ifndef HAVE_TCA_FLOWER_KEY_ENC_UDP_SRC_PORT
288 #define TCA_FLOWER_KEY_ENC_UDP_SRC_PORT 43
289 #endif
290 #ifndef HAVE_TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK
291 #define TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK 44
292 #endif
293 #ifndef HAVE_TCA_FLOWER_KEY_ENC_UDP_DST_PORT
294 #define TCA_FLOWER_KEY_ENC_UDP_DST_PORT 45
295 #endif
296 #ifndef HAVE_TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK
297 #define TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK 46
298 #endif
299 #ifndef HAVE_TCA_FLOWER_KEY_TCP_FLAGS
300 #define TCA_FLOWER_KEY_TCP_FLAGS 71
301 #endif
302 #ifndef HAVE_TCA_FLOWER_KEY_TCP_FLAGS_MASK
303 #define TCA_FLOWER_KEY_TCP_FLAGS_MASK 72
304 #endif
305 #ifndef HAVE_TCA_FLOWER_KEY_IP_TOS
306 #define TCA_FLOWER_KEY_IP_TOS 73
307 #endif
308 #ifndef HAVE_TCA_FLOWER_KEY_IP_TOS_MASK
309 #define TCA_FLOWER_KEY_IP_TOS_MASK 74
310 #endif
311 #ifndef HAVE_TCA_FLOWER_KEY_IP_TTL
312 #define TCA_FLOWER_KEY_IP_TTL 75
313 #endif
314 #ifndef HAVE_TCA_FLOWER_KEY_IP_TTL_MASK
315 #define TCA_FLOWER_KEY_IP_TTL_MASK 76
316 #endif
317 #ifndef HAVE_TCA_FLOWER_KEY_ENC_IP_TOS
318 #define TCA_FLOWER_KEY_ENC_IP_TOS 80
319 #endif
320 #ifndef HAVE_TCA_FLOWER_KEY_ENC_IP_TOS_MASK
321 #define TCA_FLOWER_KEY_ENC_IP_TOS_MASK 81
322 #endif
323 #ifndef HAVE_TCA_FLOWER_KEY_ENC_IP_TTL
324 #define TCA_FLOWER_KEY_ENC_IP_TTL 82
325 #endif
326 #ifndef HAVE_TCA_FLOWER_KEY_ENC_IP_TTL_MASK
327 #define TCA_FLOWER_KEY_ENC_IP_TTL_MASK 83
328 #endif
329
330 #ifndef HAVE_TC_ACT_GOTO_CHAIN
331 #define TC_ACT_GOTO_CHAIN 0x20000000
332 #endif
333
334 #ifndef IPV6_ADDR_LEN
335 #define IPV6_ADDR_LEN 16
336 #endif
337
338 #ifndef IPV4_ADDR_LEN
339 #define IPV4_ADDR_LEN 4
340 #endif
341
342 #ifndef TP_PORT_LEN
343 #define TP_PORT_LEN 2 /* Transport Port (UDP/TCP) Length */
344 #endif
345
346 #ifndef TTL_LEN
347 #define TTL_LEN 1
348 #endif
349
350 #ifndef TCA_ACT_MAX_PRIO
351 #define TCA_ACT_MAX_PRIO 32
352 #endif
353
354 /** Parameters of VXLAN devices created by driver. */
355 #define MLX5_VXLAN_DEFAULT_VNI  1
356 #define MLX5_VXLAN_DEVICE_PFX "vmlx_"
357 /**
358  * Timeout in milliseconds to wait VXLAN UDP offloaded port
359  * registration  completed within the mlx5 driver.
360  */
361 #define MLX5_VXLAN_WAIT_PORT_REG_MS 250
362
363 /** Tunnel action type, used for @p type in header structure. */
364 enum flow_tcf_tunact_type {
365         FLOW_TCF_TUNACT_VXLAN_DECAP,
366         FLOW_TCF_TUNACT_VXLAN_ENCAP,
367 };
368
369 /** Flags used for @p mask in tunnel action encap descriptors. */
370 #define FLOW_TCF_ENCAP_ETH_SRC (1u << 0)
371 #define FLOW_TCF_ENCAP_ETH_DST (1u << 1)
372 #define FLOW_TCF_ENCAP_IPV4_SRC (1u << 2)
373 #define FLOW_TCF_ENCAP_IPV4_DST (1u << 3)
374 #define FLOW_TCF_ENCAP_IPV6_SRC (1u << 4)
375 #define FLOW_TCF_ENCAP_IPV6_DST (1u << 5)
376 #define FLOW_TCF_ENCAP_UDP_SRC (1u << 6)
377 #define FLOW_TCF_ENCAP_UDP_DST (1u << 7)
378 #define FLOW_TCF_ENCAP_VXLAN_VNI (1u << 8)
379 #define FLOW_TCF_ENCAP_IP_TTL (1u << 9)
380 #define FLOW_TCF_ENCAP_IP_TOS (1u << 10)
381
382 /**
383  * Structure for holding netlink context.
384  * Note the size of the message buffer which is MNL_SOCKET_BUFFER_SIZE.
385  * Using this (8KB) buffer size ensures that netlink messages will never be
386  * truncated.
387  */
388 struct mlx5_flow_tcf_context {
389         struct mnl_socket *nl; /* NETLINK_ROUTE libmnl socket. */
390         uint32_t seq; /* Message sequence number. */
391         uint32_t buf_size; /* Message buffer size. */
392         uint8_t *buf; /* Message buffer. */
393 };
394
395 /**
396  * Neigh rule structure. The neigh rule is applied via Netlink to
397  * outer tunnel iface in order to provide destination MAC address
398  * for the VXLAN encapsultion. The neigh rule is implicitly related
399  * to the Flow itself and can be shared by multiple Flows.
400  */
401 struct tcf_neigh_rule {
402         LIST_ENTRY(tcf_neigh_rule) next;
403         uint32_t refcnt;
404         struct ether_addr eth;
405         uint16_t mask;
406         union {
407                 struct {
408                         rte_be32_t dst;
409                 } ipv4;
410                 struct {
411                         uint8_t dst[IPV6_ADDR_LEN];
412                 } ipv6;
413         };
414 };
415
416 /**
417  * Local rule structure. The local rule is applied via Netlink to
418  * outer tunnel iface in order to provide local and peer IP addresses
419  * of the VXLAN tunnel for encapsulation. The local rule is implicitly
420  * related to the Flow itself and can be shared by multiple Flows.
421  */
422 struct tcf_local_rule {
423         LIST_ENTRY(tcf_local_rule) next;
424         uint32_t refcnt;
425         uint16_t mask;
426         union {
427                 struct {
428                         rte_be32_t dst;
429                         rte_be32_t src;
430                 } ipv4;
431                 struct {
432                         uint8_t dst[IPV6_ADDR_LEN];
433                         uint8_t src[IPV6_ADDR_LEN];
434                 } ipv6;
435         };
436 };
437
438 /** Outer interface VXLAN encapsulation rules container. */
439 struct tcf_irule {
440         LIST_ENTRY(tcf_irule) next;
441         LIST_HEAD(, tcf_neigh_rule) neigh;
442         LIST_HEAD(, tcf_local_rule) local;
443         uint32_t refcnt;
444         unsigned int ifouter; /**< Own interface index. */
445 };
446
447 /** VXLAN virtual netdev. */
448 struct tcf_vtep {
449         LIST_ENTRY(tcf_vtep) next;
450         uint32_t refcnt;
451         unsigned int ifindex; /**< Own interface index. */
452         uint16_t port;
453         uint32_t created:1; /**< Actually created by PMD. */
454         uint32_t waitreg:1; /**< Wait for VXLAN UDP port registration. */
455 };
456
457 /** Tunnel descriptor header, common for all tunnel types. */
458 struct flow_tcf_tunnel_hdr {
459         uint32_t type; /**< Tunnel action type. */
460         struct tcf_vtep *vtep; /**< Virtual tunnel endpoint device. */
461         unsigned int ifindex_org; /**< Original dst/src interface */
462         unsigned int *ifindex_ptr; /**< Interface ptr in message. */
463 };
464
465 struct flow_tcf_vxlan_decap {
466         struct flow_tcf_tunnel_hdr hdr;
467         uint16_t udp_port;
468 };
469
470 struct flow_tcf_vxlan_encap {
471         struct flow_tcf_tunnel_hdr hdr;
472         struct tcf_irule *iface;
473         uint32_t mask;
474         uint8_t ip_tos;
475         uint8_t ip_ttl_hop;
476         struct {
477                 struct ether_addr dst;
478                 struct ether_addr src;
479         } eth;
480         union {
481                 struct {
482                         rte_be32_t dst;
483                         rte_be32_t src;
484                 } ipv4;
485                 struct {
486                         uint8_t dst[IPV6_ADDR_LEN];
487                         uint8_t src[IPV6_ADDR_LEN];
488                 } ipv6;
489         };
490         struct {
491                 rte_be16_t src;
492                 rte_be16_t dst;
493         } udp;
494         struct {
495                 uint8_t vni[3];
496         } vxlan;
497 };
498
499 /** Structure used when extracting the values of a flow counters
500  * from a netlink message.
501  */
502 struct flow_tcf_stats_basic {
503         bool valid;
504         struct gnet_stats_basic counters;
505 };
506
507 /** Empty masks for known item types. */
508 static const union {
509         struct rte_flow_item_port_id port_id;
510         struct rte_flow_item_eth eth;
511         struct rte_flow_item_vlan vlan;
512         struct rte_flow_item_ipv4 ipv4;
513         struct rte_flow_item_ipv6 ipv6;
514         struct rte_flow_item_tcp tcp;
515         struct rte_flow_item_udp udp;
516         struct rte_flow_item_vxlan vxlan;
517 } flow_tcf_mask_empty = {
518         {0},
519 };
520
521 /** Supported masks for known item types. */
522 static const struct {
523         struct rte_flow_item_port_id port_id;
524         struct rte_flow_item_eth eth;
525         struct rte_flow_item_vlan vlan;
526         struct rte_flow_item_ipv4 ipv4;
527         struct rte_flow_item_ipv6 ipv6;
528         struct rte_flow_item_tcp tcp;
529         struct rte_flow_item_udp udp;
530         struct rte_flow_item_vxlan vxlan;
531 } flow_tcf_mask_supported = {
532         .port_id = {
533                 .id = 0xffffffff,
534         },
535         .eth = {
536                 .type = RTE_BE16(0xffff),
537                 .dst.addr_bytes = "\xff\xff\xff\xff\xff\xff",
538                 .src.addr_bytes = "\xff\xff\xff\xff\xff\xff",
539         },
540         .vlan = {
541                 /* PCP and VID only, no DEI. */
542                 .tci = RTE_BE16(0xefff),
543                 .inner_type = RTE_BE16(0xffff),
544         },
545         .ipv4.hdr = {
546                 .next_proto_id = 0xff,
547                 .time_to_live = 0xff,
548                 .type_of_service = 0xff,
549                 .src_addr = RTE_BE32(0xffffffff),
550                 .dst_addr = RTE_BE32(0xffffffff),
551         },
552         .ipv6.hdr = {
553                 .proto = 0xff,
554                 .vtc_flow = RTE_BE32(0xfful << IPV6_HDR_FL_SHIFT),
555                 .hop_limits = 0xff,
556                 .src_addr =
557                         "\xff\xff\xff\xff\xff\xff\xff\xff"
558                         "\xff\xff\xff\xff\xff\xff\xff\xff",
559                 .dst_addr =
560                         "\xff\xff\xff\xff\xff\xff\xff\xff"
561                         "\xff\xff\xff\xff\xff\xff\xff\xff",
562         },
563         .tcp.hdr = {
564                 .src_port = RTE_BE16(0xffff),
565                 .dst_port = RTE_BE16(0xffff),
566                 .tcp_flags = 0xff,
567         },
568         .udp.hdr = {
569                 .src_port = RTE_BE16(0xffff),
570                 .dst_port = RTE_BE16(0xffff),
571         },
572         .vxlan = {
573                .vni = "\xff\xff\xff",
574         },
575 };
576
577 #define SZ_NLATTR_HDR MNL_ALIGN(sizeof(struct nlattr))
578 #define SZ_NLATTR_NEST SZ_NLATTR_HDR
579 #define SZ_NLATTR_DATA_OF(len) MNL_ALIGN(SZ_NLATTR_HDR + (len))
580 #define SZ_NLATTR_TYPE_OF(typ) SZ_NLATTR_DATA_OF(sizeof(typ))
581 #define SZ_NLATTR_STRZ_OF(str) SZ_NLATTR_DATA_OF(strlen(str) + 1)
582
583 #define PTOI_TABLE_SZ_MAX(dev) (mlx5_dev_to_port_id((dev)->device, NULL, 0) + 2)
584
585 /** DPDK port to network interface index (ifindex) conversion. */
586 struct flow_tcf_ptoi {
587         uint16_t port_id; /**< DPDK port ID. */
588         unsigned int ifindex; /**< Network interface index. */
589 };
590
591 /* Due to a limitation on driver/FW. */
592 #define MLX5_TCF_GROUP_ID_MAX 3
593
594 /*
595  * Due to a limitation on driver/FW, priority ranges from 1 to 16 in kernel.
596  * Priority in rte_flow attribute starts from 0 and is added by 1 in
597  * translation. This is subject to be changed to determine the max priority
598  * based on trial-and-error like Verbs driver once the restriction is lifted or
599  * the range is extended.
600  */
601 #define MLX5_TCF_GROUP_PRIORITY_MAX 15
602
603 #define MLX5_TCF_FATE_ACTIONS \
604         (MLX5_FLOW_ACTION_DROP | MLX5_FLOW_ACTION_PORT_ID | \
605          MLX5_FLOW_ACTION_JUMP)
606
607 #define MLX5_TCF_VLAN_ACTIONS \
608         (MLX5_FLOW_ACTION_OF_POP_VLAN | MLX5_FLOW_ACTION_OF_PUSH_VLAN | \
609          MLX5_FLOW_ACTION_OF_SET_VLAN_VID | MLX5_FLOW_ACTION_OF_SET_VLAN_PCP)
610
611 #define MLX5_TCF_VXLAN_ACTIONS \
612         (MLX5_FLOW_ACTION_VXLAN_ENCAP | MLX5_FLOW_ACTION_VXLAN_DECAP)
613
614 #define MLX5_TCF_PEDIT_ACTIONS \
615         (MLX5_FLOW_ACTION_SET_IPV4_SRC | MLX5_FLOW_ACTION_SET_IPV4_DST | \
616          MLX5_FLOW_ACTION_SET_IPV6_SRC | MLX5_FLOW_ACTION_SET_IPV6_DST | \
617          MLX5_FLOW_ACTION_SET_TP_SRC | MLX5_FLOW_ACTION_SET_TP_DST | \
618          MLX5_FLOW_ACTION_SET_TTL | MLX5_FLOW_ACTION_DEC_TTL | \
619          MLX5_FLOW_ACTION_SET_MAC_SRC | MLX5_FLOW_ACTION_SET_MAC_DST)
620
621 #define MLX5_TCF_CONFIG_ACTIONS \
622         (MLX5_FLOW_ACTION_PORT_ID | MLX5_FLOW_ACTION_JUMP | \
623          MLX5_FLOW_ACTION_OF_PUSH_VLAN | MLX5_FLOW_ACTION_OF_SET_VLAN_VID | \
624          MLX5_FLOW_ACTION_OF_SET_VLAN_PCP | \
625          (MLX5_TCF_PEDIT_ACTIONS & ~MLX5_FLOW_ACTION_DEC_TTL))
626
627 #define MAX_PEDIT_KEYS 128
628 #define SZ_PEDIT_KEY_VAL 4
629
630 #define NUM_OF_PEDIT_KEYS(sz) \
631         (((sz) / SZ_PEDIT_KEY_VAL) + (((sz) % SZ_PEDIT_KEY_VAL) ? 1 : 0))
632
633 struct pedit_key_ex {
634         enum pedit_header_type htype;
635         enum pedit_cmd cmd;
636 };
637
638 struct pedit_parser {
639         struct tc_pedit_sel sel;
640         struct tc_pedit_key keys[MAX_PEDIT_KEYS];
641         struct pedit_key_ex keys_ex[MAX_PEDIT_KEYS];
642 };
643
644 /**
645  * Create space for using the implicitly created TC flow counter.
646  *
647  * @param[in] dev
648  *   Pointer to the Ethernet device structure.
649  *
650  * @return
651  *   A pointer to the counter data structure, NULL otherwise and
652  *   rte_errno is set.
653  */
654 static struct mlx5_flow_counter *
655 flow_tcf_counter_new(void)
656 {
657         struct mlx5_flow_counter *cnt;
658
659         /*
660          * eswitch counter cannot be shared and its id is unknown.
661          * currently returning all with id 0.
662          * in the future maybe better to switch to unique numbers.
663          */
664         struct mlx5_flow_counter tmpl = {
665                 .ref_cnt = 1,
666         };
667         cnt = rte_calloc(__func__, 1, sizeof(*cnt), 0);
668         if (!cnt) {
669                 rte_errno = ENOMEM;
670                 return NULL;
671         }
672         *cnt = tmpl;
673         /* Implicit counter, do not add to list. */
674         return cnt;
675 }
676
677 /**
678  * Set pedit key of MAC address
679  *
680  * @param[in] actions
681  *   pointer to action specification
682  * @param[in,out] p_parser
683  *   pointer to pedit_parser
684  */
685 static void
686 flow_tcf_pedit_key_set_mac(const struct rte_flow_action *actions,
687                            struct pedit_parser *p_parser)
688 {
689         int idx = p_parser->sel.nkeys;
690         uint32_t off = actions->type == RTE_FLOW_ACTION_TYPE_SET_MAC_SRC ?
691                                         offsetof(struct ether_hdr, s_addr) :
692                                         offsetof(struct ether_hdr, d_addr);
693         const struct rte_flow_action_set_mac *conf =
694                 (const struct rte_flow_action_set_mac *)actions->conf;
695
696         p_parser->keys[idx].off = off;
697         p_parser->keys[idx].mask = ~UINT32_MAX;
698         p_parser->keys_ex[idx].htype = TCA_PEDIT_KEY_EX_HDR_TYPE_ETH;
699         p_parser->keys_ex[idx].cmd = TCA_PEDIT_KEY_EX_CMD_SET;
700         memcpy(&p_parser->keys[idx].val,
701                 conf->mac_addr, SZ_PEDIT_KEY_VAL);
702         idx++;
703         p_parser->keys[idx].off = off + SZ_PEDIT_KEY_VAL;
704         p_parser->keys[idx].mask = 0xFFFF0000;
705         p_parser->keys_ex[idx].htype = TCA_PEDIT_KEY_EX_HDR_TYPE_ETH;
706         p_parser->keys_ex[idx].cmd = TCA_PEDIT_KEY_EX_CMD_SET;
707         memcpy(&p_parser->keys[idx].val,
708                 conf->mac_addr + SZ_PEDIT_KEY_VAL,
709                 ETHER_ADDR_LEN - SZ_PEDIT_KEY_VAL);
710         p_parser->sel.nkeys = (++idx);
711 }
712
713 /**
714  * Set pedit key of decrease/set ttl
715  *
716  * @param[in] actions
717  *   pointer to action specification
718  * @param[in,out] p_parser
719  *   pointer to pedit_parser
720  * @param[in] item_flags
721  *   flags of all items presented
722  */
723 static void
724 flow_tcf_pedit_key_set_dec_ttl(const struct rte_flow_action *actions,
725                                 struct pedit_parser *p_parser,
726                                 uint64_t item_flags)
727 {
728         int idx = p_parser->sel.nkeys;
729
730         p_parser->keys[idx].mask = 0xFFFFFF00;
731         if (item_flags & MLX5_FLOW_LAYER_OUTER_L3_IPV4) {
732                 p_parser->keys_ex[idx].htype = TCA_PEDIT_KEY_EX_HDR_TYPE_IP4;
733                 p_parser->keys[idx].off =
734                         offsetof(struct ipv4_hdr, time_to_live);
735         }
736         if (item_flags & MLX5_FLOW_LAYER_OUTER_L3_IPV6) {
737                 p_parser->keys_ex[idx].htype = TCA_PEDIT_KEY_EX_HDR_TYPE_IP6;
738                 p_parser->keys[idx].off =
739                         offsetof(struct ipv6_hdr, hop_limits);
740         }
741         if (actions->type == RTE_FLOW_ACTION_TYPE_DEC_TTL) {
742                 p_parser->keys_ex[idx].cmd = TCA_PEDIT_KEY_EX_CMD_ADD;
743                 p_parser->keys[idx].val = 0x000000FF;
744         } else {
745                 p_parser->keys_ex[idx].cmd = TCA_PEDIT_KEY_EX_CMD_SET;
746                 p_parser->keys[idx].val =
747                         (__u32)((const struct rte_flow_action_set_ttl *)
748                          actions->conf)->ttl_value;
749         }
750         p_parser->sel.nkeys = (++idx);
751 }
752
753 /**
754  * Set pedit key of transport (TCP/UDP) port value
755  *
756  * @param[in] actions
757  *   pointer to action specification
758  * @param[in,out] p_parser
759  *   pointer to pedit_parser
760  * @param[in] item_flags
761  *   flags of all items presented
762  */
763 static void
764 flow_tcf_pedit_key_set_tp_port(const struct rte_flow_action *actions,
765                                 struct pedit_parser *p_parser,
766                                 uint64_t item_flags)
767 {
768         int idx = p_parser->sel.nkeys;
769
770         if (item_flags & MLX5_FLOW_LAYER_OUTER_L4_UDP)
771                 p_parser->keys_ex[idx].htype = TCA_PEDIT_KEY_EX_HDR_TYPE_UDP;
772         if (item_flags & MLX5_FLOW_LAYER_OUTER_L4_TCP)
773                 p_parser->keys_ex[idx].htype = TCA_PEDIT_KEY_EX_HDR_TYPE_TCP;
774         p_parser->keys_ex[idx].cmd = TCA_PEDIT_KEY_EX_CMD_SET;
775         /* offset of src/dst port is same for TCP and UDP */
776         p_parser->keys[idx].off =
777                 actions->type == RTE_FLOW_ACTION_TYPE_SET_TP_SRC ?
778                 offsetof(struct tcp_hdr, src_port) :
779                 offsetof(struct tcp_hdr, dst_port);
780         p_parser->keys[idx].mask = 0xFFFF0000;
781         p_parser->keys[idx].val =
782                 (__u32)((const struct rte_flow_action_set_tp *)
783                                 actions->conf)->port;
784         p_parser->sel.nkeys = (++idx);
785 }
786
787 /**
788  * Set pedit key of ipv6 address
789  *
790  * @param[in] actions
791  *   pointer to action specification
792  * @param[in,out] p_parser
793  *   pointer to pedit_parser
794  */
795 static void
796 flow_tcf_pedit_key_set_ipv6_addr(const struct rte_flow_action *actions,
797                                  struct pedit_parser *p_parser)
798 {
799         int idx = p_parser->sel.nkeys;
800         int keys = NUM_OF_PEDIT_KEYS(IPV6_ADDR_LEN);
801         int off_base =
802                 actions->type == RTE_FLOW_ACTION_TYPE_SET_IPV6_SRC ?
803                 offsetof(struct ipv6_hdr, src_addr) :
804                 offsetof(struct ipv6_hdr, dst_addr);
805         const struct rte_flow_action_set_ipv6 *conf =
806                 (const struct rte_flow_action_set_ipv6 *)actions->conf;
807
808         for (int i = 0; i < keys; i++, idx++) {
809                 p_parser->keys_ex[idx].htype = TCA_PEDIT_KEY_EX_HDR_TYPE_IP6;
810                 p_parser->keys_ex[idx].cmd = TCA_PEDIT_KEY_EX_CMD_SET;
811                 p_parser->keys[idx].off = off_base + i * SZ_PEDIT_KEY_VAL;
812                 p_parser->keys[idx].mask = ~UINT32_MAX;
813                 memcpy(&p_parser->keys[idx].val,
814                         conf->ipv6_addr + i *  SZ_PEDIT_KEY_VAL,
815                         SZ_PEDIT_KEY_VAL);
816         }
817         p_parser->sel.nkeys += keys;
818 }
819
820 /**
821  * Set pedit key of ipv4 address
822  *
823  * @param[in] actions
824  *   pointer to action specification
825  * @param[in,out] p_parser
826  *   pointer to pedit_parser
827  */
828 static void
829 flow_tcf_pedit_key_set_ipv4_addr(const struct rte_flow_action *actions,
830                                  struct pedit_parser *p_parser)
831 {
832         int idx = p_parser->sel.nkeys;
833
834         p_parser->keys_ex[idx].htype = TCA_PEDIT_KEY_EX_HDR_TYPE_IP4;
835         p_parser->keys_ex[idx].cmd = TCA_PEDIT_KEY_EX_CMD_SET;
836         p_parser->keys[idx].off =
837                 actions->type == RTE_FLOW_ACTION_TYPE_SET_IPV4_SRC ?
838                 offsetof(struct ipv4_hdr, src_addr) :
839                 offsetof(struct ipv4_hdr, dst_addr);
840         p_parser->keys[idx].mask = ~UINT32_MAX;
841         p_parser->keys[idx].val =
842                 ((const struct rte_flow_action_set_ipv4 *)
843                  actions->conf)->ipv4_addr;
844         p_parser->sel.nkeys = (++idx);
845 }
846
847 /**
848  * Create the pedit's na attribute in netlink message
849  * on pre-allocate message buffer
850  *
851  * @param[in,out] nl
852  *   pointer to pre-allocated netlink message buffer
853  * @param[in,out] actions
854  *   pointer to pointer of actions specification.
855  * @param[in,out] action_flags
856  *   pointer to actions flags
857  * @param[in] item_flags
858  *   flags of all item presented
859  */
860 static void
861 flow_tcf_create_pedit_mnl_msg(struct nlmsghdr *nl,
862                               const struct rte_flow_action **actions,
863                               uint64_t item_flags)
864 {
865         struct pedit_parser p_parser;
866         struct nlattr *na_act_options;
867         struct nlattr *na_pedit_keys;
868
869         memset(&p_parser, 0, sizeof(p_parser));
870         mnl_attr_put_strz(nl, TCA_ACT_KIND, "pedit");
871         na_act_options = mnl_attr_nest_start(nl, TCA_ACT_OPTIONS);
872         /* all modify header actions should be in one tc-pedit action */
873         for (; (*actions)->type != RTE_FLOW_ACTION_TYPE_END; (*actions)++) {
874                 switch ((*actions)->type) {
875                 case RTE_FLOW_ACTION_TYPE_SET_IPV4_SRC:
876                 case RTE_FLOW_ACTION_TYPE_SET_IPV4_DST:
877                         flow_tcf_pedit_key_set_ipv4_addr(*actions, &p_parser);
878                         break;
879                 case RTE_FLOW_ACTION_TYPE_SET_IPV6_SRC:
880                 case RTE_FLOW_ACTION_TYPE_SET_IPV6_DST:
881                         flow_tcf_pedit_key_set_ipv6_addr(*actions, &p_parser);
882                         break;
883                 case RTE_FLOW_ACTION_TYPE_SET_TP_SRC:
884                 case RTE_FLOW_ACTION_TYPE_SET_TP_DST:
885                         flow_tcf_pedit_key_set_tp_port(*actions,
886                                                         &p_parser, item_flags);
887                         break;
888                 case RTE_FLOW_ACTION_TYPE_SET_TTL:
889                 case RTE_FLOW_ACTION_TYPE_DEC_TTL:
890                         flow_tcf_pedit_key_set_dec_ttl(*actions,
891                                                         &p_parser, item_flags);
892                         break;
893                 case RTE_FLOW_ACTION_TYPE_SET_MAC_SRC:
894                 case RTE_FLOW_ACTION_TYPE_SET_MAC_DST:
895                         flow_tcf_pedit_key_set_mac(*actions, &p_parser);
896                         break;
897                 default:
898                         goto pedit_mnl_msg_done;
899                 }
900         }
901 pedit_mnl_msg_done:
902         p_parser.sel.action = TC_ACT_PIPE;
903         mnl_attr_put(nl, TCA_PEDIT_PARMS_EX,
904                      sizeof(p_parser.sel) +
905                      p_parser.sel.nkeys * sizeof(struct tc_pedit_key),
906                      &p_parser);
907         na_pedit_keys =
908                 mnl_attr_nest_start(nl, TCA_PEDIT_KEYS_EX | NLA_F_NESTED);
909         for (int i = 0; i < p_parser.sel.nkeys; i++) {
910                 struct nlattr *na_pedit_key =
911                         mnl_attr_nest_start(nl,
912                                             TCA_PEDIT_KEY_EX | NLA_F_NESTED);
913                 mnl_attr_put_u16(nl, TCA_PEDIT_KEY_EX_HTYPE,
914                                  p_parser.keys_ex[i].htype);
915                 mnl_attr_put_u16(nl, TCA_PEDIT_KEY_EX_CMD,
916                                  p_parser.keys_ex[i].cmd);
917                 mnl_attr_nest_end(nl, na_pedit_key);
918         }
919         mnl_attr_nest_end(nl, na_pedit_keys);
920         mnl_attr_nest_end(nl, na_act_options);
921         (*actions)--;
922 }
923
924 /**
925  * Calculate max memory size of one TC-pedit actions.
926  * One TC-pedit action can contain set of keys each defining
927  * a rewrite element (rte_flow action)
928  *
929  * @param[in,out] actions
930  *   actions specification.
931  * @param[in,out] action_flags
932  *   actions flags
933  * @param[in,out] size
934  *   accumulated size
935  * @return
936  *   Max memory size of one TC-pedit action
937  */
938 static int
939 flow_tcf_get_pedit_actions_size(const struct rte_flow_action **actions,
940                                 uint64_t *action_flags)
941 {
942         int pedit_size = 0;
943         int keys = 0;
944         uint64_t flags = 0;
945
946         pedit_size += SZ_NLATTR_NEST + /* na_act_index. */
947                       SZ_NLATTR_STRZ_OF("pedit") +
948                       SZ_NLATTR_NEST; /* TCA_ACT_OPTIONS. */
949         for (; (*actions)->type != RTE_FLOW_ACTION_TYPE_END; (*actions)++) {
950                 switch ((*actions)->type) {
951                 case RTE_FLOW_ACTION_TYPE_SET_IPV4_SRC:
952                         keys += NUM_OF_PEDIT_KEYS(IPV4_ADDR_LEN);
953                         flags |= MLX5_FLOW_ACTION_SET_IPV4_SRC;
954                         break;
955                 case RTE_FLOW_ACTION_TYPE_SET_IPV4_DST:
956                         keys += NUM_OF_PEDIT_KEYS(IPV4_ADDR_LEN);
957                         flags |= MLX5_FLOW_ACTION_SET_IPV4_DST;
958                         break;
959                 case RTE_FLOW_ACTION_TYPE_SET_IPV6_SRC:
960                         keys += NUM_OF_PEDIT_KEYS(IPV6_ADDR_LEN);
961                         flags |= MLX5_FLOW_ACTION_SET_IPV6_SRC;
962                         break;
963                 case RTE_FLOW_ACTION_TYPE_SET_IPV6_DST:
964                         keys += NUM_OF_PEDIT_KEYS(IPV6_ADDR_LEN);
965                         flags |= MLX5_FLOW_ACTION_SET_IPV6_DST;
966                         break;
967                 case RTE_FLOW_ACTION_TYPE_SET_TP_SRC:
968                         /* TCP is as same as UDP */
969                         keys += NUM_OF_PEDIT_KEYS(TP_PORT_LEN);
970                         flags |= MLX5_FLOW_ACTION_SET_TP_SRC;
971                         break;
972                 case RTE_FLOW_ACTION_TYPE_SET_TP_DST:
973                         /* TCP is as same as UDP */
974                         keys += NUM_OF_PEDIT_KEYS(TP_PORT_LEN);
975                         flags |= MLX5_FLOW_ACTION_SET_TP_DST;
976                         break;
977                 case RTE_FLOW_ACTION_TYPE_SET_TTL:
978                         keys += NUM_OF_PEDIT_KEYS(TTL_LEN);
979                         flags |= MLX5_FLOW_ACTION_SET_TTL;
980                         break;
981                 case RTE_FLOW_ACTION_TYPE_DEC_TTL:
982                         keys += NUM_OF_PEDIT_KEYS(TTL_LEN);
983                         flags |= MLX5_FLOW_ACTION_DEC_TTL;
984                         break;
985                 case RTE_FLOW_ACTION_TYPE_SET_MAC_SRC:
986                         keys += NUM_OF_PEDIT_KEYS(ETHER_ADDR_LEN);
987                         flags |= MLX5_FLOW_ACTION_SET_MAC_SRC;
988                         break;
989                 case RTE_FLOW_ACTION_TYPE_SET_MAC_DST:
990                         keys += NUM_OF_PEDIT_KEYS(ETHER_ADDR_LEN);
991                         flags |= MLX5_FLOW_ACTION_SET_MAC_DST;
992                         break;
993                 default:
994                         goto get_pedit_action_size_done;
995                 }
996         }
997 get_pedit_action_size_done:
998         /* TCA_PEDIT_PARAMS_EX */
999         pedit_size +=
1000                 SZ_NLATTR_DATA_OF(sizeof(struct tc_pedit_sel) +
1001                                   keys * sizeof(struct tc_pedit_key));
1002         pedit_size += SZ_NLATTR_NEST; /* TCA_PEDIT_KEYS */
1003         pedit_size += keys *
1004                       /* TCA_PEDIT_KEY_EX + HTYPE + CMD */
1005                       (SZ_NLATTR_NEST + SZ_NLATTR_DATA_OF(2) +
1006                        SZ_NLATTR_DATA_OF(2));
1007         (*action_flags) |= flags;
1008         (*actions)--;
1009         return pedit_size;
1010 }
1011
1012 /**
1013  * Retrieve mask for pattern item.
1014  *
1015  * This function does basic sanity checks on a pattern item in order to
1016  * return the most appropriate mask for it.
1017  *
1018  * @param[in] item
1019  *   Item specification.
1020  * @param[in] mask_default
1021  *   Default mask for pattern item as specified by the flow API.
1022  * @param[in] mask_supported
1023  *   Mask fields supported by the implementation.
1024  * @param[in] mask_empty
1025  *   Empty mask to return when there is no specification.
1026  * @param[out] error
1027  *   Perform verbose error reporting if not NULL.
1028  *
1029  * @return
1030  *   Either @p item->mask or one of the mask parameters on success, NULL
1031  *   otherwise and rte_errno is set.
1032  */
1033 static const void *
1034 flow_tcf_item_mask(const struct rte_flow_item *item, const void *mask_default,
1035                    const void *mask_supported, const void *mask_empty,
1036                    size_t mask_size, struct rte_flow_error *error)
1037 {
1038         const uint8_t *mask;
1039         size_t i;
1040
1041         /* item->last and item->mask cannot exist without item->spec. */
1042         if (!item->spec && (item->mask || item->last)) {
1043                 rte_flow_error_set(error, EINVAL,
1044                                    RTE_FLOW_ERROR_TYPE_ITEM, item,
1045                                    "\"mask\" or \"last\" field provided without"
1046                                    " a corresponding \"spec\"");
1047                 return NULL;
1048         }
1049         /* No spec, no mask, no problem. */
1050         if (!item->spec)
1051                 return mask_empty;
1052         mask = item->mask ? item->mask : mask_default;
1053         assert(mask);
1054         /*
1055          * Single-pass check to make sure that:
1056          * - Mask is supported, no bits are set outside mask_supported.
1057          * - Both item->spec and item->last are included in mask.
1058          */
1059         for (i = 0; i != mask_size; ++i) {
1060                 if (!mask[i])
1061                         continue;
1062                 if ((mask[i] | ((const uint8_t *)mask_supported)[i]) !=
1063                     ((const uint8_t *)mask_supported)[i]) {
1064                         rte_flow_error_set(error, ENOTSUP,
1065                                            RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1066                                            "unsupported field found"
1067                                            " in \"mask\"");
1068                         return NULL;
1069                 }
1070                 if (item->last &&
1071                     (((const uint8_t *)item->spec)[i] & mask[i]) !=
1072                     (((const uint8_t *)item->last)[i] & mask[i])) {
1073                         rte_flow_error_set(error, EINVAL,
1074                                            RTE_FLOW_ERROR_TYPE_ITEM_LAST,
1075                                            item->last,
1076                                            "range between \"spec\" and \"last\""
1077                                            " not comprised in \"mask\"");
1078                         return NULL;
1079                 }
1080         }
1081         return mask;
1082 }
1083
1084 /**
1085  * Build a conversion table between port ID and ifindex.
1086  *
1087  * @param[in] dev
1088  *   Pointer to Ethernet device.
1089  * @param[out] ptoi
1090  *   Pointer to ptoi table.
1091  * @param[in] len
1092  *   Size of ptoi table provided.
1093  *
1094  * @return
1095  *   Size of ptoi table filled.
1096  */
1097 static unsigned int
1098 flow_tcf_build_ptoi_table(struct rte_eth_dev *dev, struct flow_tcf_ptoi *ptoi,
1099                           unsigned int len)
1100 {
1101         unsigned int n = mlx5_dev_to_port_id(dev->device, NULL, 0);
1102         uint16_t port_id[n + 1];
1103         unsigned int i;
1104         unsigned int own = 0;
1105
1106         /* At least one port is needed when no switch domain is present. */
1107         if (!n) {
1108                 n = 1;
1109                 port_id[0] = dev->data->port_id;
1110         } else {
1111                 n = RTE_MIN(mlx5_dev_to_port_id(dev->device, port_id, n), n);
1112         }
1113         if (n > len)
1114                 return 0;
1115         for (i = 0; i != n; ++i) {
1116                 struct rte_eth_dev_info dev_info;
1117
1118                 rte_eth_dev_info_get(port_id[i], &dev_info);
1119                 if (port_id[i] == dev->data->port_id)
1120                         own = i;
1121                 ptoi[i].port_id = port_id[i];
1122                 ptoi[i].ifindex = dev_info.if_index;
1123         }
1124         /* Ensure first entry of ptoi[] is the current device. */
1125         if (own) {
1126                 ptoi[n] = ptoi[0];
1127                 ptoi[0] = ptoi[own];
1128                 ptoi[own] = ptoi[n];
1129         }
1130         /* An entry with zero ifindex terminates ptoi[]. */
1131         ptoi[n].port_id = 0;
1132         ptoi[n].ifindex = 0;
1133         return n;
1134 }
1135
1136 /**
1137  * Verify the @p attr will be correctly understood by the E-switch.
1138  *
1139  * @param[in] attr
1140  *   Pointer to flow attributes
1141  * @param[out] error
1142  *   Pointer to error structure.
1143  *
1144  * @return
1145  *   0 on success, a negative errno value otherwise and rte_errno is set.
1146  */
1147 static int
1148 flow_tcf_validate_attributes(const struct rte_flow_attr *attr,
1149                              struct rte_flow_error *error)
1150 {
1151         /*
1152          * Supported attributes: groups, some priorities and ingress only.
1153          * group is supported only if kernel supports chain. Don't care about
1154          * transfer as it is the caller's problem.
1155          */
1156         if (attr->group > MLX5_TCF_GROUP_ID_MAX)
1157                 return rte_flow_error_set(error, ENOTSUP,
1158                                           RTE_FLOW_ERROR_TYPE_ATTR_GROUP, attr,
1159                                           "group ID larger than "
1160                                           RTE_STR(MLX5_TCF_GROUP_ID_MAX)
1161                                           " isn't supported");
1162         else if (attr->priority > MLX5_TCF_GROUP_PRIORITY_MAX)
1163                 return rte_flow_error_set(error, ENOTSUP,
1164                                           RTE_FLOW_ERROR_TYPE_ATTR_PRIORITY,
1165                                           attr,
1166                                           "priority more than "
1167                                           RTE_STR(MLX5_TCF_GROUP_PRIORITY_MAX)
1168                                           " is not supported");
1169         if (!attr->ingress)
1170                 return rte_flow_error_set(error, EINVAL,
1171                                           RTE_FLOW_ERROR_TYPE_ATTR_INGRESS,
1172                                           attr, "only ingress is supported");
1173         if (attr->egress)
1174                 return rte_flow_error_set(error, ENOTSUP,
1175                                           RTE_FLOW_ERROR_TYPE_ATTR_INGRESS,
1176                                           attr, "egress is not supported");
1177         return 0;
1178 }
1179
1180 /**
1181  * Validate VXLAN_ENCAP action RTE_FLOW_ITEM_TYPE_ETH item for E-Switch.
1182  * The routine checks the L2 fields to be used in encapsulation header.
1183  *
1184  * @param[in] item
1185  *   Pointer to the item structure.
1186  * @param[out] error
1187  *   Pointer to the error structure.
1188  *
1189  * @return
1190  *   0 on success, a negative errno value otherwise and rte_errno is set.
1191  **/
1192 static int
1193 flow_tcf_validate_vxlan_encap_eth(const struct rte_flow_item *item,
1194                                   struct rte_flow_error *error)
1195 {
1196         const struct rte_flow_item_eth *spec = item->spec;
1197         const struct rte_flow_item_eth *mask = item->mask;
1198
1199         if (!spec) {
1200                 /*
1201                  * Specification for L2 addresses can be empty
1202                  * because these ones are optional and not
1203                  * required directly by tc rule. Kernel tries
1204                  * to resolve these ones on its own
1205                  */
1206                 return 0;
1207         }
1208         if (!mask) {
1209                 /* If mask is not specified use the default one. */
1210                 mask = &rte_flow_item_eth_mask;
1211         }
1212         if (memcmp(&mask->dst,
1213                    &flow_tcf_mask_empty.eth.dst,
1214                    sizeof(flow_tcf_mask_empty.eth.dst))) {
1215                 if (memcmp(&mask->dst,
1216                            &rte_flow_item_eth_mask.dst,
1217                            sizeof(rte_flow_item_eth_mask.dst)))
1218                         return rte_flow_error_set
1219                                 (error, ENOTSUP,
1220                                  RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1221                                  "no support for partial mask on"
1222                                  " \"eth.dst\" field");
1223         }
1224         if (memcmp(&mask->src,
1225                    &flow_tcf_mask_empty.eth.src,
1226                    sizeof(flow_tcf_mask_empty.eth.src))) {
1227                 if (memcmp(&mask->src,
1228                            &rte_flow_item_eth_mask.src,
1229                            sizeof(rte_flow_item_eth_mask.src)))
1230                         return rte_flow_error_set
1231                                 (error, ENOTSUP,
1232                                  RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1233                                  "no support for partial mask on"
1234                                  " \"eth.src\" field");
1235         }
1236         if (mask->type != RTE_BE16(0x0000)) {
1237                 if (mask->type != RTE_BE16(0xffff))
1238                         return rte_flow_error_set
1239                                 (error, ENOTSUP,
1240                                  RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1241                                  "no support for partial mask on"
1242                                  " \"eth.type\" field");
1243                 DRV_LOG(WARNING,
1244                         "outer ethernet type field"
1245                         " cannot be forced for vxlan"
1246                         " encapsulation, parameter ignored");
1247         }
1248         return 0;
1249 }
1250
1251 /**
1252  * Validate VXLAN_ENCAP action RTE_FLOW_ITEM_TYPE_IPV4 item for E-Switch.
1253  * The routine checks the IPv4 fields to be used in encapsulation header.
1254  *
1255  * @param[in] item
1256  *   Pointer to the item structure.
1257  * @param[out] error
1258  *   Pointer to the error structure.
1259  *
1260  * @return
1261  *   0 on success, a negative errno value otherwise and rte_errno is set.
1262  **/
1263 static int
1264 flow_tcf_validate_vxlan_encap_ipv4(const struct rte_flow_item *item,
1265                                    struct rte_flow_error *error)
1266 {
1267         const struct rte_flow_item_ipv4 *spec = item->spec;
1268         const struct rte_flow_item_ipv4 *mask = item->mask;
1269
1270         if (!spec) {
1271                 /*
1272                  * Specification for IP addresses cannot be empty
1273                  * because it is required by tunnel_key parameter.
1274                  */
1275                 return rte_flow_error_set(error, EINVAL,
1276                                           RTE_FLOW_ERROR_TYPE_ITEM, item,
1277                                           "NULL outer ipv4 address"
1278                                           " specification for vxlan"
1279                                           " encapsulation");
1280         }
1281         if (!mask)
1282                 mask = &rte_flow_item_ipv4_mask;
1283         if (mask->hdr.dst_addr != RTE_BE32(0x00000000)) {
1284                 if (mask->hdr.dst_addr != RTE_BE32(0xffffffff))
1285                         return rte_flow_error_set
1286                                 (error, ENOTSUP,
1287                                  RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1288                                  "no support for partial mask on"
1289                                  " \"ipv4.hdr.dst_addr\" field"
1290                                  " for vxlan encapsulation");
1291                 /* More IPv4 address validations can be put here. */
1292         } else {
1293                 /*
1294                  * Kernel uses the destination IP address to determine
1295                  * the routing path and obtain the MAC destination
1296                  * address, so IP destination address must be
1297                  * specified in the tc rule.
1298                  */
1299                 return rte_flow_error_set(error, EINVAL,
1300                                           RTE_FLOW_ERROR_TYPE_ITEM, item,
1301                                           "outer ipv4 destination address"
1302                                           " must be specified for"
1303                                           " vxlan encapsulation");
1304         }
1305         if (mask->hdr.src_addr != RTE_BE32(0x00000000)) {
1306                 if (mask->hdr.src_addr != RTE_BE32(0xffffffff))
1307                         return rte_flow_error_set
1308                                 (error, ENOTSUP,
1309                                  RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1310                                  "no support for partial mask on"
1311                                  " \"ipv4.hdr.src_addr\" field"
1312                                  " for vxlan encapsulation");
1313                 /* More IPv4 address validations can be put here. */
1314         } else {
1315                 /*
1316                  * Kernel uses the source IP address to select the
1317                  * interface for egress encapsulated traffic, so
1318                  * it must be specified in the tc rule.
1319                  */
1320                 return rte_flow_error_set(error, EINVAL,
1321                                           RTE_FLOW_ERROR_TYPE_ITEM, item,
1322                                           "outer ipv4 source address"
1323                                           " must be specified for"
1324                                           " vxlan encapsulation");
1325         }
1326         if (mask->hdr.type_of_service &&
1327             mask->hdr.type_of_service != 0xff)
1328                 return rte_flow_error_set(error, ENOTSUP,
1329                                           RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1330                                           "no support for partial mask on"
1331                                           " \"ipv4.hdr.type_of_service\" field"
1332                                           " for vxlan encapsulation");
1333         if (mask->hdr.time_to_live &&
1334             mask->hdr.time_to_live != 0xff)
1335                 return rte_flow_error_set(error, ENOTSUP,
1336                                           RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1337                                           "no support for partial mask on"
1338                                           " \"ipv4.hdr.time_to_live\" field"
1339                                           " for vxlan encapsulation");
1340         return 0;
1341 }
1342
1343 /**
1344  * Validate VXLAN_ENCAP action RTE_FLOW_ITEM_TYPE_IPV6 item for E-Switch.
1345  * The routine checks the IPv6 fields to be used in encapsulation header.
1346  *
1347  * @param[in] item
1348  *   Pointer to the item structure.
1349  * @param[out] error
1350  *   Pointer to the error structure.
1351  *
1352  * @return
1353  *   0 on success, a negative errno value otherwise and rte_errno is set.
1354  **/
1355 static int
1356 flow_tcf_validate_vxlan_encap_ipv6(const struct rte_flow_item *item,
1357                                    struct rte_flow_error *error)
1358 {
1359         const struct rte_flow_item_ipv6 *spec = item->spec;
1360         const struct rte_flow_item_ipv6 *mask = item->mask;
1361         uint8_t msk6;
1362
1363         if (!spec) {
1364                 /*
1365                  * Specification for IP addresses cannot be empty
1366                  * because it is required by tunnel_key parameter.
1367                  */
1368                 return rte_flow_error_set(error, EINVAL,
1369                                           RTE_FLOW_ERROR_TYPE_ITEM, item,
1370                                           "NULL outer ipv6 address"
1371                                           " specification for"
1372                                           " vxlan encapsulation");
1373         }
1374         if (!mask)
1375                 mask = &rte_flow_item_ipv6_mask;
1376         if (memcmp(&mask->hdr.dst_addr,
1377                    &flow_tcf_mask_empty.ipv6.hdr.dst_addr,
1378                    IPV6_ADDR_LEN)) {
1379                 if (memcmp(&mask->hdr.dst_addr,
1380                            &rte_flow_item_ipv6_mask.hdr.dst_addr,
1381                            IPV6_ADDR_LEN))
1382                         return rte_flow_error_set
1383                                         (error, ENOTSUP,
1384                                          RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1385                                          "no support for partial mask on"
1386                                          " \"ipv6.hdr.dst_addr\" field"
1387                                          " for vxlan encapsulation");
1388                 /* More IPv6 address validations can be put here. */
1389         } else {
1390                 /*
1391                  * Kernel uses the destination IP address to determine
1392                  * the routing path and obtain the MAC destination
1393                  * address (heigh or gate), so IP destination address
1394                  * must be specified within the tc rule.
1395                  */
1396                 return rte_flow_error_set(error, EINVAL,
1397                                           RTE_FLOW_ERROR_TYPE_ITEM, item,
1398                                           "outer ipv6 destination address"
1399                                           " must be specified for"
1400                                           " vxlan encapsulation");
1401         }
1402         if (memcmp(&mask->hdr.src_addr,
1403                    &flow_tcf_mask_empty.ipv6.hdr.src_addr,
1404                    IPV6_ADDR_LEN)) {
1405                 if (memcmp(&mask->hdr.src_addr,
1406                            &rte_flow_item_ipv6_mask.hdr.src_addr,
1407                            IPV6_ADDR_LEN))
1408                         return rte_flow_error_set
1409                                         (error, ENOTSUP,
1410                                          RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1411                                          "no support for partial mask on"
1412                                          " \"ipv6.hdr.src_addr\" field"
1413                                          " for vxlan encapsulation");
1414                 /* More L3 address validation can be put here. */
1415         } else {
1416                 /*
1417                  * Kernel uses the source IP address to select the
1418                  * interface for egress encapsulated traffic, so
1419                  * it must be specified in the tc rule.
1420                  */
1421                 return rte_flow_error_set(error, EINVAL,
1422                                           RTE_FLOW_ERROR_TYPE_ITEM, item,
1423                                           "outer L3 source address"
1424                                           " must be specified for"
1425                                           " vxlan encapsulation");
1426         }
1427         msk6 = (rte_be_to_cpu_32(mask->hdr.vtc_flow) >>
1428                 IPV6_HDR_TC_SHIFT) & 0xff;
1429         if (msk6 && msk6 != 0xff)
1430                 return rte_flow_error_set(error, ENOTSUP,
1431                                           RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1432                                           "no support for partial mask on"
1433                                           " \"ipv6.hdr.vtc_flow.tos\" field"
1434                                           " for vxlan encapsulation");
1435         if (mask->hdr.hop_limits && mask->hdr.hop_limits != 0xff)
1436                 return rte_flow_error_set(error, ENOTSUP,
1437                                           RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1438                                           "no support for partial mask on"
1439                                           " \"ipv6.hdr.hop_limits\" field"
1440                                           " for vxlan encapsulation");
1441         return 0;
1442 }
1443
1444 /**
1445  * Validate VXLAN_ENCAP action RTE_FLOW_ITEM_TYPE_UDP item for E-Switch.
1446  * The routine checks the UDP fields to be used in encapsulation header.
1447  *
1448  * @param[in] item
1449  *   Pointer to the item structure.
1450  * @param[out] error
1451  *   Pointer to the error structure.
1452  *
1453  * @return
1454  *   0 on success, a negative errno value otherwise and rte_errno is set.
1455  **/
1456 static int
1457 flow_tcf_validate_vxlan_encap_udp(const struct rte_flow_item *item,
1458                                   struct rte_flow_error *error)
1459 {
1460         const struct rte_flow_item_udp *spec = item->spec;
1461         const struct rte_flow_item_udp *mask = item->mask;
1462
1463         if (!spec) {
1464                 /*
1465                  * Specification for UDP ports cannot be empty
1466                  * because it is required by tunnel_key parameter.
1467                  */
1468                 return rte_flow_error_set(error, EINVAL,
1469                                           RTE_FLOW_ERROR_TYPE_ITEM, item,
1470                                           "NULL UDP port specification "
1471                                           " for vxlan encapsulation");
1472         }
1473         if (!mask)
1474                 mask = &rte_flow_item_udp_mask;
1475         if (mask->hdr.dst_port != RTE_BE16(0x0000)) {
1476                 if (mask->hdr.dst_port != RTE_BE16(0xffff))
1477                         return rte_flow_error_set
1478                                         (error, ENOTSUP,
1479                                          RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1480                                          "no support for partial mask on"
1481                                          " \"udp.hdr.dst_port\" field"
1482                                          " for vxlan encapsulation");
1483                 if (!spec->hdr.dst_port)
1484                         return rte_flow_error_set
1485                                         (error, EINVAL,
1486                                          RTE_FLOW_ERROR_TYPE_ITEM, item,
1487                                          "outer UDP remote port cannot be"
1488                                          " 0 for vxlan encapsulation");
1489         } else {
1490                 return rte_flow_error_set(error, EINVAL,
1491                                           RTE_FLOW_ERROR_TYPE_ITEM, item,
1492                                           "outer UDP remote port"
1493                                           " must be specified for"
1494                                           " vxlan encapsulation");
1495         }
1496         if (mask->hdr.src_port != RTE_BE16(0x0000)) {
1497                 if (mask->hdr.src_port != RTE_BE16(0xffff))
1498                         return rte_flow_error_set
1499                                         (error, ENOTSUP,
1500                                          RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1501                                          "no support for partial mask on"
1502                                          " \"udp.hdr.src_port\" field"
1503                                          " for vxlan encapsulation");
1504                 DRV_LOG(WARNING,
1505                         "outer UDP source port cannot be"
1506                         " forced for vxlan encapsulation,"
1507                         " parameter ignored");
1508         }
1509         return 0;
1510 }
1511
1512 /**
1513  * Validate VXLAN_ENCAP action RTE_FLOW_ITEM_TYPE_VXLAN item for E-Switch.
1514  * The routine checks the VNIP fields to be used in encapsulation header.
1515  *
1516  * @param[in] item
1517  *   Pointer to the item structure.
1518  * @param[out] error
1519  *   Pointer to the error structure.
1520  *
1521  * @return
1522  *   0 on success, a negative errno value otherwise and rte_errno is set.
1523  **/
1524 static int
1525 flow_tcf_validate_vxlan_encap_vni(const struct rte_flow_item *item,
1526                                   struct rte_flow_error *error)
1527 {
1528         const struct rte_flow_item_vxlan *spec = item->spec;
1529         const struct rte_flow_item_vxlan *mask = item->mask;
1530
1531         if (!spec) {
1532                 /* Outer VNI is required by tunnel_key parameter. */
1533                 return rte_flow_error_set(error, EINVAL,
1534                                           RTE_FLOW_ERROR_TYPE_ITEM, item,
1535                                           "NULL VNI specification"
1536                                           " for vxlan encapsulation");
1537         }
1538         if (!mask)
1539                 mask = &rte_flow_item_vxlan_mask;
1540         if (!mask->vni[0] && !mask->vni[1] && !mask->vni[2])
1541                 return rte_flow_error_set(error, EINVAL,
1542                                           RTE_FLOW_ERROR_TYPE_ITEM, item,
1543                                           "outer VNI must be specified "
1544                                           "for vxlan encapsulation");
1545         if (mask->vni[0] != 0xff ||
1546             mask->vni[1] != 0xff ||
1547             mask->vni[2] != 0xff)
1548                 return rte_flow_error_set(error, ENOTSUP,
1549                                           RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1550                                           "no support for partial mask on"
1551                                           " \"vxlan.vni\" field");
1552
1553         if (!spec->vni[0] && !spec->vni[1] && !spec->vni[2])
1554                 return rte_flow_error_set(error, EINVAL,
1555                                           RTE_FLOW_ERROR_TYPE_ITEM, item,
1556                                           "vxlan vni cannot be 0");
1557         return 0;
1558 }
1559
1560 /**
1561  * Validate VXLAN_ENCAP action item list for E-Switch.
1562  * The routine checks items to be used in encapsulation header.
1563  *
1564  * @param[in] action
1565  *   Pointer to the VXLAN_ENCAP action structure.
1566  * @param[out] error
1567  *   Pointer to the error structure.
1568  *
1569  * @return
1570  *   0 on success, a negative errno value otherwise and rte_errno is set.
1571  **/
1572 static int
1573 flow_tcf_validate_vxlan_encap(const struct rte_flow_action *action,
1574                               struct rte_flow_error *error)
1575 {
1576         const struct rte_flow_item *items;
1577         int ret;
1578         uint32_t item_flags = 0;
1579
1580         if (!action->conf)
1581                 return rte_flow_error_set(error, EINVAL,
1582                                           RTE_FLOW_ERROR_TYPE_ACTION, action,
1583                                           "Missing vxlan tunnel"
1584                                           " action configuration");
1585         items = ((const struct rte_flow_action_vxlan_encap *)
1586                                         action->conf)->definition;
1587         if (!items)
1588                 return rte_flow_error_set(error, EINVAL,
1589                                           RTE_FLOW_ERROR_TYPE_ACTION, action,
1590                                           "Missing vxlan tunnel"
1591                                           " encapsulation parameters");
1592         for (; items->type != RTE_FLOW_ITEM_TYPE_END; items++) {
1593                 switch (items->type) {
1594                 case RTE_FLOW_ITEM_TYPE_VOID:
1595                         break;
1596                 case RTE_FLOW_ITEM_TYPE_ETH:
1597                         ret = mlx5_flow_validate_item_eth(items, item_flags,
1598                                                           error);
1599                         if (ret < 0)
1600                                 return ret;
1601                         ret = flow_tcf_validate_vxlan_encap_eth(items, error);
1602                         if (ret < 0)
1603                                 return ret;
1604                         item_flags |= MLX5_FLOW_LAYER_OUTER_L2;
1605                         break;
1606                 break;
1607                 case RTE_FLOW_ITEM_TYPE_IPV4:
1608                         ret = mlx5_flow_validate_item_ipv4
1609                                         (items, item_flags,
1610                                          &flow_tcf_mask_supported.ipv4, error);
1611                         if (ret < 0)
1612                                 return ret;
1613                         ret = flow_tcf_validate_vxlan_encap_ipv4(items, error);
1614                         if (ret < 0)
1615                                 return ret;
1616                         item_flags |= MLX5_FLOW_LAYER_OUTER_L3_IPV4;
1617                         break;
1618                 case RTE_FLOW_ITEM_TYPE_IPV6:
1619                         ret = mlx5_flow_validate_item_ipv6
1620                                         (items, item_flags,
1621                                          &flow_tcf_mask_supported.ipv6, error);
1622                         if (ret < 0)
1623                                 return ret;
1624                         ret = flow_tcf_validate_vxlan_encap_ipv6(items, error);
1625                         if (ret < 0)
1626                                 return ret;
1627                         item_flags |= MLX5_FLOW_LAYER_OUTER_L3_IPV6;
1628                         break;
1629                 case RTE_FLOW_ITEM_TYPE_UDP:
1630                         ret = mlx5_flow_validate_item_udp(items, item_flags,
1631                                                            0xFF, error);
1632                         if (ret < 0)
1633                                 return ret;
1634                         ret = flow_tcf_validate_vxlan_encap_udp(items, error);
1635                         if (ret < 0)
1636                                 return ret;
1637                         item_flags |= MLX5_FLOW_LAYER_OUTER_L4_UDP;
1638                         break;
1639                 case RTE_FLOW_ITEM_TYPE_VXLAN:
1640                         ret = mlx5_flow_validate_item_vxlan(items,
1641                                                             item_flags, error);
1642                         if (ret < 0)
1643                                 return ret;
1644                         ret = flow_tcf_validate_vxlan_encap_vni(items, error);
1645                         if (ret < 0)
1646                                 return ret;
1647                         item_flags |= MLX5_FLOW_LAYER_VXLAN;
1648                         break;
1649                 default:
1650                         return rte_flow_error_set
1651                                         (error, ENOTSUP,
1652                                          RTE_FLOW_ERROR_TYPE_ITEM, items,
1653                                          "vxlan encap item not supported");
1654                 }
1655         }
1656         if (!(item_flags & MLX5_FLOW_LAYER_OUTER_L3))
1657                 return rte_flow_error_set(error, EINVAL,
1658                                           RTE_FLOW_ERROR_TYPE_ACTION, action,
1659                                           "no outer IP layer found"
1660                                           " for vxlan encapsulation");
1661         if (!(item_flags & MLX5_FLOW_LAYER_OUTER_L4_UDP))
1662                 return rte_flow_error_set(error, EINVAL,
1663                                           RTE_FLOW_ERROR_TYPE_ACTION, action,
1664                                           "no outer UDP layer found"
1665                                           " for vxlan encapsulation");
1666         if (!(item_flags & MLX5_FLOW_LAYER_VXLAN))
1667                 return rte_flow_error_set(error, EINVAL,
1668                                           RTE_FLOW_ERROR_TYPE_ACTION, action,
1669                                           "no VXLAN VNI found"
1670                                           " for vxlan encapsulation");
1671         return 0;
1672 }
1673
1674 /**
1675  * Validate outer RTE_FLOW_ITEM_TYPE_UDP item if tunnel item
1676  * RTE_FLOW_ITEM_TYPE_VXLAN is present in item list.
1677  *
1678  * @param[in] udp
1679  *   Outer UDP layer item (if any, NULL otherwise).
1680  * @param[out] error
1681  *   Pointer to the error structure.
1682  *
1683  * @return
1684  *   0 on success, a negative errno value otherwise and rte_errno is set.
1685  **/
1686 static int
1687 flow_tcf_validate_vxlan_decap_udp(const struct rte_flow_item *udp,
1688                                   struct rte_flow_error *error)
1689 {
1690         const struct rte_flow_item_udp *spec = udp->spec;
1691         const struct rte_flow_item_udp *mask = udp->mask;
1692
1693         if (!spec)
1694                 /*
1695                  * Specification for UDP ports cannot be empty
1696                  * because it is required as decap parameter.
1697                  */
1698                 return rte_flow_error_set(error, EINVAL,
1699                                           RTE_FLOW_ERROR_TYPE_ITEM, udp,
1700                                           "NULL UDP port specification"
1701                                           " for VXLAN decapsulation");
1702         if (!mask)
1703                 mask = &rte_flow_item_udp_mask;
1704         if (mask->hdr.dst_port != RTE_BE16(0x0000)) {
1705                 if (mask->hdr.dst_port != RTE_BE16(0xffff))
1706                         return rte_flow_error_set
1707                                         (error, ENOTSUP,
1708                                          RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1709                                          "no support for partial mask on"
1710                                          " \"udp.hdr.dst_port\" field");
1711                 if (!spec->hdr.dst_port)
1712                         return rte_flow_error_set
1713                                         (error, EINVAL,
1714                                          RTE_FLOW_ERROR_TYPE_ITEM, udp,
1715                                          "zero decap local UDP port");
1716         } else {
1717                 return rte_flow_error_set(error, EINVAL,
1718                                           RTE_FLOW_ERROR_TYPE_ITEM, udp,
1719                                           "outer UDP destination port must be "
1720                                           "specified for vxlan decapsulation");
1721         }
1722         if (mask->hdr.src_port != RTE_BE16(0x0000)) {
1723                 if (mask->hdr.src_port != RTE_BE16(0xffff))
1724                         return rte_flow_error_set
1725                                         (error, ENOTSUP,
1726                                          RTE_FLOW_ERROR_TYPE_ITEM_MASK, mask,
1727                                          "no support for partial mask on"
1728                                          " \"udp.hdr.src_port\" field");
1729                 DRV_LOG(WARNING,
1730                         "outer UDP local port cannot be "
1731                         "forced for VXLAN encapsulation, "
1732                         "parameter ignored");
1733         }
1734         return 0;
1735 }
1736
1737 /**
1738  * Validate flow for E-Switch.
1739  *
1740  * @param[in] priv
1741  *   Pointer to the priv structure.
1742  * @param[in] attr
1743  *   Pointer to the flow attributes.
1744  * @param[in] items
1745  *   Pointer to the list of items.
1746  * @param[in] actions
1747  *   Pointer to the list of actions.
1748  * @param[out] error
1749  *   Pointer to the error structure.
1750  *
1751  * @return
1752  *   0 on success, a negative errno value otherwise and rte_errno is set.
1753  */
1754 static int
1755 flow_tcf_validate(struct rte_eth_dev *dev,
1756                   const struct rte_flow_attr *attr,
1757                   const struct rte_flow_item items[],
1758                   const struct rte_flow_action actions[],
1759                   struct rte_flow_error *error)
1760 {
1761         union {
1762                 const struct rte_flow_item_port_id *port_id;
1763                 const struct rte_flow_item_eth *eth;
1764                 const struct rte_flow_item_vlan *vlan;
1765                 const struct rte_flow_item_ipv4 *ipv4;
1766                 const struct rte_flow_item_ipv6 *ipv6;
1767                 const struct rte_flow_item_tcp *tcp;
1768                 const struct rte_flow_item_udp *udp;
1769                 const struct rte_flow_item_vxlan *vxlan;
1770         } spec, mask;
1771         union {
1772                 const struct rte_flow_action_port_id *port_id;
1773                 const struct rte_flow_action_jump *jump;
1774                 const struct rte_flow_action_of_push_vlan *of_push_vlan;
1775                 const struct rte_flow_action_of_set_vlan_vid *
1776                         of_set_vlan_vid;
1777                 const struct rte_flow_action_of_set_vlan_pcp *
1778                         of_set_vlan_pcp;
1779                 const struct rte_flow_action_vxlan_encap *vxlan_encap;
1780                 const struct rte_flow_action_set_ipv4 *set_ipv4;
1781                 const struct rte_flow_action_set_ipv6 *set_ipv6;
1782         } conf;
1783         const struct rte_flow_item *outer_udp = NULL;
1784         rte_be16_t inner_etype = RTE_BE16(ETH_P_ALL);
1785         rte_be16_t outer_etype = RTE_BE16(ETH_P_ALL);
1786         rte_be16_t vlan_etype = RTE_BE16(ETH_P_ALL);
1787         uint64_t item_flags = 0;
1788         uint64_t action_flags = 0;
1789         uint8_t next_protocol = 0xff;
1790         unsigned int tcm_ifindex = 0;
1791         uint8_t pedit_validated = 0;
1792         struct flow_tcf_ptoi ptoi[PTOI_TABLE_SZ_MAX(dev)];
1793         struct rte_eth_dev *port_id_dev = NULL;
1794         bool in_port_id_set;
1795         int ret;
1796
1797         claim_nonzero(flow_tcf_build_ptoi_table(dev, ptoi,
1798                                                 PTOI_TABLE_SZ_MAX(dev)));
1799         ret = flow_tcf_validate_attributes(attr, error);
1800         if (ret < 0)
1801                 return ret;
1802         for (; actions->type != RTE_FLOW_ACTION_TYPE_END; actions++) {
1803                 unsigned int i;
1804                 uint64_t current_action_flag = 0;
1805
1806                 switch (actions->type) {
1807                 case RTE_FLOW_ACTION_TYPE_VOID:
1808                         break;
1809                 case RTE_FLOW_ACTION_TYPE_PORT_ID:
1810                         current_action_flag = MLX5_FLOW_ACTION_PORT_ID;
1811                         if (!actions->conf)
1812                                 break;
1813                         conf.port_id = actions->conf;
1814                         if (conf.port_id->original)
1815                                 i = 0;
1816                         else
1817                                 for (i = 0; ptoi[i].ifindex; ++i)
1818                                         if (ptoi[i].port_id == conf.port_id->id)
1819                                                 break;
1820                         if (!ptoi[i].ifindex)
1821                                 return rte_flow_error_set
1822                                         (error, ENODEV,
1823                                          RTE_FLOW_ERROR_TYPE_ACTION_CONF,
1824                                          conf.port_id,
1825                                          "missing data to convert port ID to"
1826                                          " ifindex");
1827                         port_id_dev = &rte_eth_devices[conf.port_id->id];
1828                         break;
1829                 case RTE_FLOW_ACTION_TYPE_JUMP:
1830                         current_action_flag = MLX5_FLOW_ACTION_JUMP;
1831                         if (!actions->conf)
1832                                 break;
1833                         conf.jump = actions->conf;
1834                         if (attr->group >= conf.jump->group)
1835                                 return rte_flow_error_set
1836                                         (error, ENOTSUP,
1837                                          RTE_FLOW_ERROR_TYPE_ACTION,
1838                                          actions,
1839                                          "can jump only to a group forward");
1840                         break;
1841                 case RTE_FLOW_ACTION_TYPE_DROP:
1842                         current_action_flag = MLX5_FLOW_ACTION_DROP;
1843                         break;
1844                 case RTE_FLOW_ACTION_TYPE_COUNT:
1845                         break;
1846                 case RTE_FLOW_ACTION_TYPE_OF_POP_VLAN:
1847                         current_action_flag = MLX5_FLOW_ACTION_OF_POP_VLAN;
1848                         break;
1849                 case RTE_FLOW_ACTION_TYPE_OF_PUSH_VLAN: {
1850                         rte_be16_t ethertype;
1851
1852                         current_action_flag = MLX5_FLOW_ACTION_OF_PUSH_VLAN;
1853                         if (!actions->conf)
1854                                 break;
1855                         conf.of_push_vlan = actions->conf;
1856                         ethertype = conf.of_push_vlan->ethertype;
1857                         if (ethertype != RTE_BE16(ETH_P_8021Q) &&
1858                             ethertype != RTE_BE16(ETH_P_8021AD))
1859                                 return rte_flow_error_set
1860                                         (error, EINVAL,
1861                                          RTE_FLOW_ERROR_TYPE_ACTION, actions,
1862                                          "vlan push TPID must be "
1863                                          "802.1Q or 802.1AD");
1864                         break;
1865                 }
1866                 case RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_VID:
1867                         if (!(action_flags & MLX5_FLOW_ACTION_OF_PUSH_VLAN))
1868                                 return rte_flow_error_set
1869                                         (error, ENOTSUP,
1870                                          RTE_FLOW_ERROR_TYPE_ACTION, actions,
1871                                          "vlan modify is not supported,"
1872                                          " set action must follow push action");
1873                         current_action_flag = MLX5_FLOW_ACTION_OF_SET_VLAN_VID;
1874                         break;
1875                 case RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_PCP:
1876                         if (!(action_flags & MLX5_FLOW_ACTION_OF_PUSH_VLAN))
1877                                 return rte_flow_error_set
1878                                         (error, ENOTSUP,
1879                                          RTE_FLOW_ERROR_TYPE_ACTION, actions,
1880                                          "vlan modify is not supported,"
1881                                          " set action must follow push action");
1882                         current_action_flag = MLX5_FLOW_ACTION_OF_SET_VLAN_PCP;
1883                         break;
1884                 case RTE_FLOW_ACTION_TYPE_VXLAN_DECAP:
1885                         current_action_flag = MLX5_FLOW_ACTION_VXLAN_DECAP;
1886                         break;
1887                 case RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP:
1888                         ret = flow_tcf_validate_vxlan_encap(actions, error);
1889                         if (ret < 0)
1890                                 return ret;
1891                         current_action_flag = MLX5_FLOW_ACTION_VXLAN_ENCAP;
1892                         break;
1893                 case RTE_FLOW_ACTION_TYPE_SET_IPV4_SRC:
1894                         current_action_flag = MLX5_FLOW_ACTION_SET_IPV4_SRC;
1895                         break;
1896                 case RTE_FLOW_ACTION_TYPE_SET_IPV4_DST:
1897                         current_action_flag = MLX5_FLOW_ACTION_SET_IPV4_DST;
1898                         break;
1899                 case RTE_FLOW_ACTION_TYPE_SET_IPV6_SRC:
1900                         current_action_flag = MLX5_FLOW_ACTION_SET_IPV6_SRC;
1901                         break;
1902                 case RTE_FLOW_ACTION_TYPE_SET_IPV6_DST:
1903                         current_action_flag = MLX5_FLOW_ACTION_SET_IPV6_DST;
1904                         break;
1905                 case RTE_FLOW_ACTION_TYPE_SET_TP_SRC:
1906                         current_action_flag = MLX5_FLOW_ACTION_SET_TP_SRC;
1907                         break;
1908                 case RTE_FLOW_ACTION_TYPE_SET_TP_DST:
1909                         current_action_flag = MLX5_FLOW_ACTION_SET_TP_DST;
1910                         break;
1911                 case RTE_FLOW_ACTION_TYPE_SET_TTL:
1912                         current_action_flag = MLX5_FLOW_ACTION_SET_TTL;
1913                         break;
1914                 case RTE_FLOW_ACTION_TYPE_DEC_TTL:
1915                         current_action_flag = MLX5_FLOW_ACTION_DEC_TTL;
1916                         break;
1917                 case RTE_FLOW_ACTION_TYPE_SET_MAC_SRC:
1918                         current_action_flag = MLX5_FLOW_ACTION_SET_MAC_SRC;
1919                         break;
1920                 case RTE_FLOW_ACTION_TYPE_SET_MAC_DST:
1921                         current_action_flag = MLX5_FLOW_ACTION_SET_MAC_DST;
1922                         break;
1923                 default:
1924                         return rte_flow_error_set(error, ENOTSUP,
1925                                                   RTE_FLOW_ERROR_TYPE_ACTION,
1926                                                   actions,
1927                                                   "action not supported");
1928                 }
1929                 if (current_action_flag & MLX5_TCF_CONFIG_ACTIONS) {
1930                         if (!actions->conf)
1931                                 return rte_flow_error_set
1932                                         (error, EINVAL,
1933                                          RTE_FLOW_ERROR_TYPE_ACTION_CONF,
1934                                          actions,
1935                                          "action configuration not set");
1936                 }
1937                 if ((current_action_flag & MLX5_TCF_PEDIT_ACTIONS) &&
1938                     pedit_validated)
1939                         return rte_flow_error_set(error, ENOTSUP,
1940                                                   RTE_FLOW_ERROR_TYPE_ACTION,
1941                                                   actions,
1942                                                   "set actions should be "
1943                                                   "listed successively");
1944                 if ((current_action_flag & ~MLX5_TCF_PEDIT_ACTIONS) &&
1945                     (action_flags & MLX5_TCF_PEDIT_ACTIONS))
1946                         pedit_validated = 1;
1947                 if ((current_action_flag & MLX5_TCF_FATE_ACTIONS) &&
1948                     (action_flags & MLX5_TCF_FATE_ACTIONS))
1949                         return rte_flow_error_set(error, EINVAL,
1950                                                   RTE_FLOW_ERROR_TYPE_ACTION,
1951                                                   actions,
1952                                                   "can't have multiple fate"
1953                                                   " actions");
1954                 if ((current_action_flag & MLX5_TCF_VXLAN_ACTIONS) &&
1955                     (action_flags & MLX5_TCF_VXLAN_ACTIONS))
1956                         return rte_flow_error_set(error, EINVAL,
1957                                                   RTE_FLOW_ERROR_TYPE_ACTION,
1958                                                   actions,
1959                                                   "can't have multiple vxlan"
1960                                                   " actions");
1961                 if ((current_action_flag & MLX5_TCF_VXLAN_ACTIONS) &&
1962                     (action_flags & MLX5_TCF_VLAN_ACTIONS))
1963                         return rte_flow_error_set(error, ENOTSUP,
1964                                                   RTE_FLOW_ERROR_TYPE_ACTION,
1965                                                   actions,
1966                                                   "can't have vxlan and vlan"
1967                                                   " actions in the same rule");
1968                 action_flags |= current_action_flag;
1969         }
1970         for (; items->type != RTE_FLOW_ITEM_TYPE_END; items++) {
1971                 unsigned int i;
1972
1973                 switch (items->type) {
1974                 case RTE_FLOW_ITEM_TYPE_VOID:
1975                         break;
1976                 case RTE_FLOW_ITEM_TYPE_PORT_ID:
1977                         if (item_flags & MLX5_FLOW_LAYER_TUNNEL)
1978                                 return rte_flow_error_set
1979                                         (error, ENOTSUP,
1980                                          RTE_FLOW_ERROR_TYPE_ITEM, items,
1981                                          "inner tunnel port id"
1982                                          " item is not supported");
1983                         mask.port_id = flow_tcf_item_mask
1984                                 (items, &rte_flow_item_port_id_mask,
1985                                  &flow_tcf_mask_supported.port_id,
1986                                  &flow_tcf_mask_empty.port_id,
1987                                  sizeof(flow_tcf_mask_supported.port_id),
1988                                  error);
1989                         if (!mask.port_id)
1990                                 return -rte_errno;
1991                         if (mask.port_id == &flow_tcf_mask_empty.port_id) {
1992                                 in_port_id_set = 1;
1993                                 break;
1994                         }
1995                         spec.port_id = items->spec;
1996                         if (mask.port_id->id && mask.port_id->id != 0xffffffff)
1997                                 return rte_flow_error_set
1998                                         (error, ENOTSUP,
1999                                          RTE_FLOW_ERROR_TYPE_ITEM_MASK,
2000                                          mask.port_id,
2001                                          "no support for partial mask on"
2002                                          " \"id\" field");
2003                         if (!mask.port_id->id)
2004                                 i = 0;
2005                         else
2006                                 for (i = 0; ptoi[i].ifindex; ++i)
2007                                         if (ptoi[i].port_id == spec.port_id->id)
2008                                                 break;
2009                         if (!ptoi[i].ifindex)
2010                                 return rte_flow_error_set
2011                                         (error, ENODEV,
2012                                          RTE_FLOW_ERROR_TYPE_ITEM_SPEC,
2013                                          spec.port_id,
2014                                          "missing data to convert port ID to"
2015                                          " ifindex");
2016                         if (in_port_id_set && ptoi[i].ifindex != tcm_ifindex)
2017                                 return rte_flow_error_set
2018                                         (error, ENOTSUP,
2019                                          RTE_FLOW_ERROR_TYPE_ITEM_SPEC,
2020                                          spec.port_id,
2021                                          "cannot match traffic for"
2022                                          " several port IDs through"
2023                                          " a single flow rule");
2024                         tcm_ifindex = ptoi[i].ifindex;
2025                         in_port_id_set = 1;
2026                         break;
2027                 case RTE_FLOW_ITEM_TYPE_ETH:
2028                         ret = mlx5_flow_validate_item_eth(items, item_flags,
2029                                                           error);
2030                         if (ret < 0)
2031                                 return ret;
2032                         item_flags |= (item_flags & MLX5_FLOW_LAYER_TUNNEL) ?
2033                                       MLX5_FLOW_LAYER_INNER_L2 :
2034                                       MLX5_FLOW_LAYER_OUTER_L2;
2035                         /* TODO:
2036                          * Redundant check due to different supported mask.
2037                          * Same for the rest of items.
2038                          */
2039                         mask.eth = flow_tcf_item_mask
2040                                 (items, &rte_flow_item_eth_mask,
2041                                  &flow_tcf_mask_supported.eth,
2042                                  &flow_tcf_mask_empty.eth,
2043                                  sizeof(flow_tcf_mask_supported.eth),
2044                                  error);
2045                         if (!mask.eth)
2046                                 return -rte_errno;
2047                         if (mask.eth->type && mask.eth->type !=
2048                             RTE_BE16(0xffff))
2049                                 return rte_flow_error_set
2050                                         (error, ENOTSUP,
2051                                          RTE_FLOW_ERROR_TYPE_ITEM_MASK,
2052                                          mask.eth,
2053                                          "no support for partial mask on"
2054                                          " \"type\" field");
2055                         assert(items->spec);
2056                         spec.eth = items->spec;
2057                         if (mask.eth->type &&
2058                             (item_flags & MLX5_FLOW_LAYER_TUNNEL) &&
2059                             inner_etype != RTE_BE16(ETH_P_ALL) &&
2060                             inner_etype != spec.eth->type)
2061                                 return rte_flow_error_set
2062                                         (error, EINVAL,
2063                                          RTE_FLOW_ERROR_TYPE_ITEM,
2064                                          items,
2065                                          "inner eth_type conflict");
2066                         if (mask.eth->type &&
2067                             !(item_flags & MLX5_FLOW_LAYER_TUNNEL) &&
2068                             outer_etype != RTE_BE16(ETH_P_ALL) &&
2069                             outer_etype != spec.eth->type)
2070                                 return rte_flow_error_set
2071                                         (error, EINVAL,
2072                                          RTE_FLOW_ERROR_TYPE_ITEM,
2073                                          items,
2074                                          "outer eth_type conflict");
2075                         if (mask.eth->type) {
2076                                 if (item_flags & MLX5_FLOW_LAYER_TUNNEL)
2077                                         inner_etype = spec.eth->type;
2078                                 else
2079                                         outer_etype = spec.eth->type;
2080                         }
2081                         break;
2082                 case RTE_FLOW_ITEM_TYPE_VLAN:
2083                         if (item_flags & MLX5_FLOW_LAYER_TUNNEL)
2084                                 return rte_flow_error_set
2085                                         (error, ENOTSUP,
2086                                          RTE_FLOW_ERROR_TYPE_ITEM, items,
2087                                          "inner tunnel VLAN"
2088                                          " is not supported");
2089                         ret = mlx5_flow_validate_item_vlan(items, item_flags,
2090                                                            error);
2091                         if (ret < 0)
2092                                 return ret;
2093                         item_flags |= MLX5_FLOW_LAYER_OUTER_VLAN;
2094                         mask.vlan = flow_tcf_item_mask
2095                                 (items, &rte_flow_item_vlan_mask,
2096                                  &flow_tcf_mask_supported.vlan,
2097                                  &flow_tcf_mask_empty.vlan,
2098                                  sizeof(flow_tcf_mask_supported.vlan),
2099                                  error);
2100                         if (!mask.vlan)
2101                                 return -rte_errno;
2102                         if ((mask.vlan->tci & RTE_BE16(0xe000) &&
2103                              (mask.vlan->tci & RTE_BE16(0xe000)) !=
2104                               RTE_BE16(0xe000)) ||
2105                             (mask.vlan->tci & RTE_BE16(0x0fff) &&
2106                              (mask.vlan->tci & RTE_BE16(0x0fff)) !=
2107                               RTE_BE16(0x0fff)) ||
2108                             (mask.vlan->inner_type &&
2109                              mask.vlan->inner_type != RTE_BE16(0xffff)))
2110                                 return rte_flow_error_set
2111                                         (error, ENOTSUP,
2112                                          RTE_FLOW_ERROR_TYPE_ITEM_MASK,
2113                                          mask.vlan,
2114                                          "no support for partial masks on"
2115                                          " \"tci\" (PCP and VID parts) and"
2116                                          " \"inner_type\" fields");
2117                         if (outer_etype != RTE_BE16(ETH_P_ALL) &&
2118                             outer_etype != RTE_BE16(ETH_P_8021Q))
2119                                 return rte_flow_error_set
2120                                         (error, EINVAL,
2121                                          RTE_FLOW_ERROR_TYPE_ITEM,
2122                                          items,
2123                                          "outer eth_type conflict,"
2124                                          " must be 802.1Q");
2125                         outer_etype = RTE_BE16(ETH_P_8021Q);
2126                         assert(items->spec);
2127                         spec.vlan = items->spec;
2128                         if (mask.vlan->inner_type &&
2129                             vlan_etype != RTE_BE16(ETH_P_ALL) &&
2130                             vlan_etype != spec.vlan->inner_type)
2131                                 return rte_flow_error_set
2132                                         (error, EINVAL,
2133                                          RTE_FLOW_ERROR_TYPE_ITEM,
2134                                          items,
2135                                          "vlan eth_type conflict");
2136                         if (mask.vlan->inner_type)
2137                                 vlan_etype = spec.vlan->inner_type;
2138                         break;
2139                 case RTE_FLOW_ITEM_TYPE_IPV4:
2140                         ret = mlx5_flow_validate_item_ipv4
2141                                         (items, item_flags,
2142                                          &flow_tcf_mask_supported.ipv4, error);
2143                         if (ret < 0)
2144                                 return ret;
2145                         item_flags |= (item_flags & MLX5_FLOW_LAYER_TUNNEL) ?
2146                                       MLX5_FLOW_LAYER_INNER_L3_IPV4 :
2147                                       MLX5_FLOW_LAYER_OUTER_L3_IPV4;
2148                         mask.ipv4 = flow_tcf_item_mask
2149                                 (items, &rte_flow_item_ipv4_mask,
2150                                  &flow_tcf_mask_supported.ipv4,
2151                                  &flow_tcf_mask_empty.ipv4,
2152                                  sizeof(flow_tcf_mask_supported.ipv4),
2153                                  error);
2154                         if (!mask.ipv4)
2155                                 return -rte_errno;
2156                         if (mask.ipv4->hdr.next_proto_id &&
2157                             mask.ipv4->hdr.next_proto_id != 0xff)
2158                                 return rte_flow_error_set
2159                                         (error, ENOTSUP,
2160                                          RTE_FLOW_ERROR_TYPE_ITEM_MASK,
2161                                          mask.ipv4,
2162                                          "no support for partial mask on"
2163                                          " \"hdr.next_proto_id\" field");
2164                         else if (mask.ipv4->hdr.next_proto_id)
2165                                 next_protocol =
2166                                         ((const struct rte_flow_item_ipv4 *)
2167                                          (items->spec))->hdr.next_proto_id;
2168                         if (item_flags & MLX5_FLOW_LAYER_TUNNEL) {
2169                                 if (inner_etype != RTE_BE16(ETH_P_ALL) &&
2170                                     inner_etype != RTE_BE16(ETH_P_IP))
2171                                         return rte_flow_error_set
2172                                                 (error, EINVAL,
2173                                                  RTE_FLOW_ERROR_TYPE_ITEM,
2174                                                  items,
2175                                                  "inner eth_type conflict,"
2176                                                  " IPv4 is required");
2177                                 inner_etype = RTE_BE16(ETH_P_IP);
2178                         } else if (item_flags & MLX5_FLOW_LAYER_OUTER_VLAN) {
2179                                 if (vlan_etype != RTE_BE16(ETH_P_ALL) &&
2180                                     vlan_etype != RTE_BE16(ETH_P_IP))
2181                                         return rte_flow_error_set
2182                                                 (error, EINVAL,
2183                                                  RTE_FLOW_ERROR_TYPE_ITEM,
2184                                                  items,
2185                                                  "vlan eth_type conflict,"
2186                                                  " IPv4 is required");
2187                                 vlan_etype = RTE_BE16(ETH_P_IP);
2188                         } else {
2189                                 if (outer_etype != RTE_BE16(ETH_P_ALL) &&
2190                                     outer_etype != RTE_BE16(ETH_P_IP))
2191                                         return rte_flow_error_set
2192                                                 (error, EINVAL,
2193                                                  RTE_FLOW_ERROR_TYPE_ITEM,
2194                                                  items,
2195                                                  "eth_type conflict,"
2196                                                  " IPv4 is required");
2197                                 outer_etype = RTE_BE16(ETH_P_IP);
2198                         }
2199                         break;
2200                 case RTE_FLOW_ITEM_TYPE_IPV6:
2201                         ret = mlx5_flow_validate_item_ipv6
2202                                         (items, item_flags,
2203                                          &flow_tcf_mask_supported.ipv6, error);
2204                         if (ret < 0)
2205                                 return ret;
2206                         item_flags |= (item_flags & MLX5_FLOW_LAYER_TUNNEL) ?
2207                                       MLX5_FLOW_LAYER_INNER_L3_IPV6 :
2208                                       MLX5_FLOW_LAYER_OUTER_L3_IPV6;
2209                         mask.ipv6 = flow_tcf_item_mask
2210                                 (items, &rte_flow_item_ipv6_mask,
2211                                  &flow_tcf_mask_supported.ipv6,
2212                                  &flow_tcf_mask_empty.ipv6,
2213                                  sizeof(flow_tcf_mask_supported.ipv6),
2214                                  error);
2215                         if (!mask.ipv6)
2216                                 return -rte_errno;
2217                         if (mask.ipv6->hdr.proto &&
2218                             mask.ipv6->hdr.proto != 0xff)
2219                                 return rte_flow_error_set
2220                                         (error, ENOTSUP,
2221                                          RTE_FLOW_ERROR_TYPE_ITEM_MASK,
2222                                          mask.ipv6,
2223                                          "no support for partial mask on"
2224                                          " \"hdr.proto\" field");
2225                         else if (mask.ipv6->hdr.proto)
2226                                 next_protocol =
2227                                         ((const struct rte_flow_item_ipv6 *)
2228                                          (items->spec))->hdr.proto;
2229                         if (item_flags & MLX5_FLOW_LAYER_TUNNEL) {
2230                                 if (inner_etype != RTE_BE16(ETH_P_ALL) &&
2231                                     inner_etype != RTE_BE16(ETH_P_IPV6))
2232                                         return rte_flow_error_set
2233                                                 (error, EINVAL,
2234                                                  RTE_FLOW_ERROR_TYPE_ITEM,
2235                                                  items,
2236                                                  "inner eth_type conflict,"
2237                                                  " IPv6 is required");
2238                                 inner_etype = RTE_BE16(ETH_P_IPV6);
2239                         } else if (item_flags & MLX5_FLOW_LAYER_OUTER_VLAN) {
2240                                 if (vlan_etype != RTE_BE16(ETH_P_ALL) &&
2241                                     vlan_etype != RTE_BE16(ETH_P_IPV6))
2242                                         return rte_flow_error_set
2243                                                 (error, EINVAL,
2244                                                  RTE_FLOW_ERROR_TYPE_ITEM,
2245                                                  items,
2246                                                  "vlan eth_type conflict,"
2247                                                  " IPv6 is required");
2248                                 vlan_etype = RTE_BE16(ETH_P_IPV6);
2249                         } else {
2250                                 if (outer_etype != RTE_BE16(ETH_P_ALL) &&
2251                                     outer_etype != RTE_BE16(ETH_P_IPV6))
2252                                         return rte_flow_error_set
2253                                                 (error, EINVAL,
2254                                                  RTE_FLOW_ERROR_TYPE_ITEM,
2255                                                  items,
2256                                                  "eth_type conflict,"
2257                                                  " IPv6 is required");
2258                                 outer_etype = RTE_BE16(ETH_P_IPV6);
2259                         }
2260                         break;
2261                 case RTE_FLOW_ITEM_TYPE_UDP:
2262                         ret = mlx5_flow_validate_item_udp(items, item_flags,
2263                                                           next_protocol, error);
2264                         if (ret < 0)
2265                                 return ret;
2266                         item_flags |= (item_flags & MLX5_FLOW_LAYER_TUNNEL) ?
2267                                       MLX5_FLOW_LAYER_INNER_L4_UDP :
2268                                       MLX5_FLOW_LAYER_OUTER_L4_UDP;
2269                         mask.udp = flow_tcf_item_mask
2270                                 (items, &rte_flow_item_udp_mask,
2271                                  &flow_tcf_mask_supported.udp,
2272                                  &flow_tcf_mask_empty.udp,
2273                                  sizeof(flow_tcf_mask_supported.udp),
2274                                  error);
2275                         if (!mask.udp)
2276                                 return -rte_errno;
2277                         /*
2278                          * Save the presumed outer UDP item for extra check
2279                          * if the tunnel item will be found later in the list.
2280                          */
2281                         if (!(item_flags & MLX5_FLOW_LAYER_TUNNEL))
2282                                 outer_udp = items;
2283                         break;
2284                 case RTE_FLOW_ITEM_TYPE_TCP:
2285                         ret = mlx5_flow_validate_item_tcp
2286                                              (items, item_flags,
2287                                               next_protocol,
2288                                               &flow_tcf_mask_supported.tcp,
2289                                               error);
2290                         if (ret < 0)
2291                                 return ret;
2292                         item_flags |= (item_flags & MLX5_FLOW_LAYER_TUNNEL) ?
2293                                       MLX5_FLOW_LAYER_INNER_L4_TCP :
2294                                       MLX5_FLOW_LAYER_OUTER_L4_TCP;
2295                         mask.tcp = flow_tcf_item_mask
2296                                 (items, &rte_flow_item_tcp_mask,
2297                                  &flow_tcf_mask_supported.tcp,
2298                                  &flow_tcf_mask_empty.tcp,
2299                                  sizeof(flow_tcf_mask_supported.tcp),
2300                                  error);
2301                         if (!mask.tcp)
2302                                 return -rte_errno;
2303                         break;
2304                 case RTE_FLOW_ITEM_TYPE_VXLAN:
2305                         if (item_flags & MLX5_FLOW_LAYER_OUTER_VLAN)
2306                                 return rte_flow_error_set
2307                                         (error, ENOTSUP,
2308                                          RTE_FLOW_ERROR_TYPE_ITEM, items,
2309                                          "vxlan tunnel over vlan"
2310                                          " is not supported");
2311                         ret = mlx5_flow_validate_item_vxlan(items,
2312                                                             item_flags, error);
2313                         if (ret < 0)
2314                                 return ret;
2315                         item_flags |= MLX5_FLOW_LAYER_VXLAN;
2316                         mask.vxlan = flow_tcf_item_mask
2317                                 (items, &rte_flow_item_vxlan_mask,
2318                                  &flow_tcf_mask_supported.vxlan,
2319                                  &flow_tcf_mask_empty.vxlan,
2320                                  sizeof(flow_tcf_mask_supported.vxlan), error);
2321                         if (!mask.vxlan)
2322                                 return -rte_errno;
2323                         if (mask.vxlan->vni[0] != 0xff ||
2324                             mask.vxlan->vni[1] != 0xff ||
2325                             mask.vxlan->vni[2] != 0xff)
2326                                 return rte_flow_error_set
2327                                         (error, ENOTSUP,
2328                                          RTE_FLOW_ERROR_TYPE_ITEM_MASK,
2329                                          mask.vxlan,
2330                                          "no support for partial or "
2331                                          "empty mask on \"vxlan.vni\" field");
2332                         /*
2333                          * The VNI item assumes the VXLAN tunnel, it requires
2334                          * at least the outer destination UDP port must be
2335                          * specified without wildcards to allow kernel select
2336                          * the virtual VXLAN device by port. Also outer IPv4
2337                          * or IPv6 item must be specified (wilcards or even
2338                          * zero mask are allowed) to let driver know the tunnel
2339                          * IP version and process UDP traffic correctly.
2340                          */
2341                         if (!(item_flags &
2342                              (MLX5_FLOW_LAYER_OUTER_L3_IPV4 |
2343                               MLX5_FLOW_LAYER_OUTER_L3_IPV6)))
2344                                 return rte_flow_error_set
2345                                                  (error, EINVAL,
2346                                                   RTE_FLOW_ERROR_TYPE_ACTION,
2347                                                   NULL,
2348                                                   "no outer IP pattern found"
2349                                                   " for vxlan tunnel");
2350                         if (!(item_flags & MLX5_FLOW_LAYER_OUTER_L4_UDP))
2351                                 return rte_flow_error_set
2352                                                  (error, EINVAL,
2353                                                   RTE_FLOW_ERROR_TYPE_ACTION,
2354                                                   NULL,
2355                                                   "no outer UDP pattern found"
2356                                                   " for vxlan tunnel");
2357                         /*
2358                          * All items preceding the tunnel item become outer
2359                          * ones and we should do extra validation for them
2360                          * due to tc limitations for tunnel outer parameters.
2361                          * Currently only outer UDP item requres extra check,
2362                          * use the saved pointer instead of item list rescan.
2363                          */
2364                         assert(outer_udp);
2365                         ret = flow_tcf_validate_vxlan_decap_udp
2366                                                 (outer_udp, error);
2367                         if (ret < 0)
2368                                 return ret;
2369                         /* Reset L4 protocol for inner parameters. */
2370                         next_protocol = 0xff;
2371                         break;
2372                 default:
2373                         return rte_flow_error_set(error, ENOTSUP,
2374                                                   RTE_FLOW_ERROR_TYPE_ITEM,
2375                                                   items, "item not supported");
2376                 }
2377         }
2378         if ((action_flags & MLX5_TCF_PEDIT_ACTIONS) &&
2379             (action_flags & MLX5_FLOW_ACTION_DROP))
2380                 return rte_flow_error_set(error, ENOTSUP,
2381                                           RTE_FLOW_ERROR_TYPE_ACTION,
2382                                           actions,
2383                                           "set action is not compatible with "
2384                                           "drop action");
2385         if ((action_flags & MLX5_TCF_PEDIT_ACTIONS) &&
2386             !(action_flags & MLX5_FLOW_ACTION_PORT_ID))
2387                 return rte_flow_error_set(error, ENOTSUP,
2388                                           RTE_FLOW_ERROR_TYPE_ACTION,
2389                                           actions,
2390                                           "set action must be followed by "
2391                                           "port_id action");
2392         if (action_flags &
2393            (MLX5_FLOW_ACTION_SET_IPV4_SRC | MLX5_FLOW_ACTION_SET_IPV4_DST)) {
2394                 if (!(item_flags & MLX5_FLOW_LAYER_OUTER_L3_IPV4))
2395                         return rte_flow_error_set(error, EINVAL,
2396                                                   RTE_FLOW_ERROR_TYPE_ACTION,
2397                                                   actions,
2398                                                   "no ipv4 item found in"
2399                                                   " pattern");
2400         }
2401         if (action_flags &
2402            (MLX5_FLOW_ACTION_SET_IPV6_SRC | MLX5_FLOW_ACTION_SET_IPV6_DST)) {
2403                 if (!(item_flags & MLX5_FLOW_LAYER_OUTER_L3_IPV6))
2404                         return rte_flow_error_set(error, EINVAL,
2405                                                   RTE_FLOW_ERROR_TYPE_ACTION,
2406                                                   actions,
2407                                                   "no ipv6 item found in"
2408                                                   " pattern");
2409         }
2410         if (action_flags &
2411            (MLX5_FLOW_ACTION_SET_TP_SRC | MLX5_FLOW_ACTION_SET_TP_DST)) {
2412                 if (!(item_flags &
2413                      (MLX5_FLOW_LAYER_OUTER_L4_UDP |
2414                       MLX5_FLOW_LAYER_OUTER_L4_TCP)))
2415                         return rte_flow_error_set(error, EINVAL,
2416                                                   RTE_FLOW_ERROR_TYPE_ACTION,
2417                                                   actions,
2418                                                   "no TCP/UDP item found in"
2419                                                   " pattern");
2420         }
2421         /*
2422          * FW syndrome (0xA9C090):
2423          *     set_flow_table_entry: push vlan action fte in fdb can ONLY be
2424          *     forward to the uplink.
2425          */
2426         if ((action_flags & MLX5_FLOW_ACTION_OF_PUSH_VLAN) &&
2427             (action_flags & MLX5_FLOW_ACTION_PORT_ID) &&
2428             ((struct priv *)port_id_dev->data->dev_private)->representor)
2429                 return rte_flow_error_set(error, ENOTSUP,
2430                                           RTE_FLOW_ERROR_TYPE_ACTION, actions,
2431                                           "vlan push can only be applied"
2432                                           " when forwarding to uplink port");
2433         /*
2434          * FW syndrome (0x294609):
2435          *     set_flow_table_entry: modify/pop/push actions in fdb flow table
2436          *     are supported only while forwarding to vport.
2437          */
2438         if ((action_flags & MLX5_TCF_VLAN_ACTIONS) &&
2439             !(action_flags & MLX5_FLOW_ACTION_PORT_ID))
2440                 return rte_flow_error_set(error, ENOTSUP,
2441                                           RTE_FLOW_ERROR_TYPE_ACTION, actions,
2442                                           "vlan actions are supported"
2443                                           " only with port_id action");
2444         if ((action_flags & MLX5_TCF_VXLAN_ACTIONS) &&
2445             !(action_flags & MLX5_FLOW_ACTION_PORT_ID))
2446                 return rte_flow_error_set(error, ENOTSUP,
2447                                           RTE_FLOW_ERROR_TYPE_ACTION, NULL,
2448                                           "vxlan actions are supported"
2449                                           " only with port_id action");
2450         if (!(action_flags & MLX5_TCF_FATE_ACTIONS))
2451                 return rte_flow_error_set(error, EINVAL,
2452                                           RTE_FLOW_ERROR_TYPE_ACTION, actions,
2453                                           "no fate action is found");
2454         if (action_flags &
2455            (MLX5_FLOW_ACTION_SET_TTL | MLX5_FLOW_ACTION_DEC_TTL)) {
2456                 if (!(item_flags &
2457                      (MLX5_FLOW_LAYER_OUTER_L3_IPV4 |
2458                       MLX5_FLOW_LAYER_OUTER_L3_IPV6)))
2459                         return rte_flow_error_set(error, EINVAL,
2460                                                   RTE_FLOW_ERROR_TYPE_ACTION,
2461                                                   actions,
2462                                                   "no IP found in pattern");
2463         }
2464         if (action_flags &
2465             (MLX5_FLOW_ACTION_SET_MAC_SRC | MLX5_FLOW_ACTION_SET_MAC_DST)) {
2466                 if (!(item_flags & MLX5_FLOW_LAYER_OUTER_L2))
2467                         return rte_flow_error_set(error, ENOTSUP,
2468                                                   RTE_FLOW_ERROR_TYPE_ACTION,
2469                                                   actions,
2470                                                   "no ethernet found in"
2471                                                   " pattern");
2472         }
2473         if ((action_flags & MLX5_FLOW_ACTION_VXLAN_DECAP) &&
2474             !(item_flags & MLX5_FLOW_LAYER_VXLAN))
2475                 return rte_flow_error_set(error, EINVAL,
2476                                           RTE_FLOW_ERROR_TYPE_ACTION,
2477                                           NULL,
2478                                           "no VNI pattern found"
2479                                           " for vxlan decap action");
2480         if ((action_flags & MLX5_FLOW_ACTION_VXLAN_ENCAP) &&
2481             (item_flags & MLX5_FLOW_LAYER_TUNNEL))
2482                 return rte_flow_error_set(error, EINVAL,
2483                                           RTE_FLOW_ERROR_TYPE_ACTION,
2484                                           NULL,
2485                                           "vxlan encap not supported"
2486                                           " for tunneled traffic");
2487         return 0;
2488 }
2489
2490 /**
2491  * Calculate maximum size of memory for flow items of Linux TC flower.
2492  *
2493  * @param[in] attr
2494  *   Pointer to the flow attributes.
2495  * @param[in] items
2496  *   Pointer to the list of items.
2497  * @param[out] action_flags
2498  *   Pointer to the detected actions.
2499  *
2500  * @return
2501  *   Maximum size of memory for items.
2502  */
2503 static int
2504 flow_tcf_get_items_size(const struct rte_flow_attr *attr,
2505                         const struct rte_flow_item items[],
2506                         uint64_t *action_flags)
2507 {
2508         int size = 0;
2509
2510         size += SZ_NLATTR_STRZ_OF("flower") +
2511                 SZ_NLATTR_TYPE_OF(uint16_t) + /* Outer ether type. */
2512                 SZ_NLATTR_NEST + /* TCA_OPTIONS. */
2513                 SZ_NLATTR_TYPE_OF(uint32_t); /* TCA_CLS_FLAGS_SKIP_SW. */
2514         if (attr->group > 0)
2515                 size += SZ_NLATTR_TYPE_OF(uint32_t); /* TCA_CHAIN. */
2516         for (; items->type != RTE_FLOW_ITEM_TYPE_END; items++) {
2517                 switch (items->type) {
2518                 case RTE_FLOW_ITEM_TYPE_VOID:
2519                         break;
2520                 case RTE_FLOW_ITEM_TYPE_PORT_ID:
2521                         break;
2522                 case RTE_FLOW_ITEM_TYPE_ETH:
2523                         size += SZ_NLATTR_DATA_OF(ETHER_ADDR_LEN) * 4;
2524                                 /* dst/src MAC addr and mask. */
2525                         break;
2526                 case RTE_FLOW_ITEM_TYPE_VLAN:
2527                         size += SZ_NLATTR_TYPE_OF(uint16_t) +
2528                                 /* VLAN Ether type. */
2529                                 SZ_NLATTR_TYPE_OF(uint8_t) + /* VLAN prio. */
2530                                 SZ_NLATTR_TYPE_OF(uint16_t); /* VLAN ID. */
2531                         break;
2532                 case RTE_FLOW_ITEM_TYPE_IPV4: {
2533                         const struct rte_flow_item_ipv4 *ipv4 = items->mask;
2534
2535                         size += SZ_NLATTR_TYPE_OF(uint8_t) + /* IP proto. */
2536                                 SZ_NLATTR_TYPE_OF(uint32_t) * 4;
2537                                 /* dst/src IP addr and mask. */
2538                         if (ipv4 && ipv4->hdr.time_to_live)
2539                                 size += SZ_NLATTR_TYPE_OF(uint8_t) * 2;
2540                         if (ipv4 && ipv4->hdr.type_of_service)
2541                                 size += SZ_NLATTR_TYPE_OF(uint8_t) * 2;
2542                         break;
2543                 }
2544                 case RTE_FLOW_ITEM_TYPE_IPV6: {
2545                         const struct rte_flow_item_ipv6 *ipv6 = items->mask;
2546
2547                         size += SZ_NLATTR_TYPE_OF(uint8_t) + /* IP proto. */
2548                                 SZ_NLATTR_DATA_OF(IPV6_ADDR_LEN) * 4;
2549                                 /* dst/src IP addr and mask. */
2550                         if (ipv6 && ipv6->hdr.hop_limits)
2551                                 size += SZ_NLATTR_TYPE_OF(uint8_t) * 2;
2552                         if (ipv6 && (rte_be_to_cpu_32(ipv6->hdr.vtc_flow) &
2553                                      (0xfful << IPV6_HDR_TC_SHIFT)))
2554                                 size += SZ_NLATTR_TYPE_OF(uint8_t) * 2;
2555                         break;
2556                 }
2557                 case RTE_FLOW_ITEM_TYPE_UDP:
2558                         size += SZ_NLATTR_TYPE_OF(uint8_t) + /* IP proto. */
2559                                 SZ_NLATTR_TYPE_OF(uint16_t) * 4;
2560                                 /* dst/src port and mask. */
2561                         break;
2562                 case RTE_FLOW_ITEM_TYPE_TCP:
2563                         size += SZ_NLATTR_TYPE_OF(uint8_t) + /* IP proto. */
2564                                 SZ_NLATTR_TYPE_OF(uint16_t) * 4;
2565                                 /* dst/src port and mask. */
2566                         break;
2567                 case RTE_FLOW_ITEM_TYPE_VXLAN:
2568                         size += SZ_NLATTR_TYPE_OF(uint32_t);
2569                         /*
2570                          * There might be no VXLAN decap action in the action
2571                          * list, nonetheless the VXLAN tunnel flow requires
2572                          * the decap structure to be correctly applied to
2573                          * VXLAN device, set the flag to create the structure.
2574                          * Translation routine will not put the decap action
2575                          * in tne Netlink message if there is no actual action
2576                          * in the list.
2577                          */
2578                         *action_flags |= MLX5_FLOW_ACTION_VXLAN_DECAP;
2579                         break;
2580                 default:
2581                         DRV_LOG(WARNING,
2582                                 "unsupported item %p type %d,"
2583                                 " items must be validated before flow creation",
2584                                 (const void *)items, items->type);
2585                         break;
2586                 }
2587         }
2588         return size;
2589 }
2590
2591 /**
2592  * Calculate size of memory to store the VXLAN encapsultion
2593  * related items in the Netlink message buffer. Items list
2594  * is specified by RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP action.
2595  * The item list should be validated.
2596  *
2597  * @param[in] action
2598  *   RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP action object.
2599  *   List of pattern items to scan data from.
2600  *
2601  * @return
2602  *   The size the part of Netlink message buffer to store the
2603  *   VXLAN encapsulation item attributes.
2604  */
2605 static int
2606 flow_tcf_vxlan_encap_size(const struct rte_flow_action *action)
2607 {
2608         const struct rte_flow_item *items;
2609         int size = 0;
2610
2611         assert(action->type == RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP);
2612         assert(action->conf);
2613
2614         items = ((const struct rte_flow_action_vxlan_encap *)
2615                                         action->conf)->definition;
2616         assert(items);
2617         for (; items->type != RTE_FLOW_ITEM_TYPE_END; items++) {
2618                 switch (items->type) {
2619                 case RTE_FLOW_ITEM_TYPE_VOID:
2620                         break;
2621                 case RTE_FLOW_ITEM_TYPE_ETH:
2622                         /* This item does not require message buffer. */
2623                         break;
2624                 case RTE_FLOW_ITEM_TYPE_IPV4: {
2625                         const struct rte_flow_item_ipv4 *ipv4 = items->mask;
2626
2627                         size += SZ_NLATTR_DATA_OF(IPV4_ADDR_LEN) * 2;
2628                         if (ipv4 && ipv4->hdr.time_to_live)
2629                                 size += SZ_NLATTR_TYPE_OF(uint8_t) * 2;
2630                         if (ipv4 && ipv4->hdr.type_of_service)
2631                                 size += SZ_NLATTR_TYPE_OF(uint8_t) * 2;
2632                         break;
2633                 }
2634                 case RTE_FLOW_ITEM_TYPE_IPV6: {
2635                         const struct rte_flow_item_ipv6 *ipv6 = items->mask;
2636
2637                         size += SZ_NLATTR_DATA_OF(IPV6_ADDR_LEN) * 2;
2638                         if (ipv6 && ipv6->hdr.hop_limits)
2639                                 size += SZ_NLATTR_TYPE_OF(uint8_t) * 2;
2640                         if (ipv6 && (rte_be_to_cpu_32(ipv6->hdr.vtc_flow) &
2641                                      (0xfful << IPV6_HDR_TC_SHIFT)))
2642                                 size += SZ_NLATTR_TYPE_OF(uint8_t) * 2;
2643                         break;
2644                 }
2645                 case RTE_FLOW_ITEM_TYPE_UDP: {
2646                         const struct rte_flow_item_udp *udp = items->mask;
2647
2648                         size += SZ_NLATTR_TYPE_OF(uint16_t);
2649                         if (!udp || udp->hdr.src_port != RTE_BE16(0x0000))
2650                                 size += SZ_NLATTR_TYPE_OF(uint16_t);
2651                         break;
2652                 }
2653                 case RTE_FLOW_ITEM_TYPE_VXLAN:
2654                         size += SZ_NLATTR_TYPE_OF(uint32_t);
2655                         break;
2656                 default:
2657                         assert(false);
2658                         DRV_LOG(WARNING,
2659                                 "unsupported item %p type %d,"
2660                                 " items must be validated"
2661                                 " before flow creation",
2662                                 (const void *)items, items->type);
2663                         return 0;
2664                 }
2665         }
2666         return size;
2667 }
2668
2669 /**
2670  * Calculate maximum size of memory for flow actions of Linux TC flower and
2671  * extract specified actions.
2672  *
2673  * @param[in] actions
2674  *   Pointer to the list of actions.
2675  * @param[out] action_flags
2676  *   Pointer to the detected actions.
2677  *
2678  * @return
2679  *   Maximum size of memory for actions.
2680  */
2681 static int
2682 flow_tcf_get_actions_and_size(const struct rte_flow_action actions[],
2683                               uint64_t *action_flags)
2684 {
2685         int size = 0;
2686         uint64_t flags = *action_flags;
2687
2688         size += SZ_NLATTR_NEST; /* TCA_FLOWER_ACT. */
2689         for (; actions->type != RTE_FLOW_ACTION_TYPE_END; actions++) {
2690                 switch (actions->type) {
2691                 case RTE_FLOW_ACTION_TYPE_VOID:
2692                         break;
2693                 case RTE_FLOW_ACTION_TYPE_PORT_ID:
2694                         size += SZ_NLATTR_NEST + /* na_act_index. */
2695                                 SZ_NLATTR_STRZ_OF("mirred") +
2696                                 SZ_NLATTR_NEST + /* TCA_ACT_OPTIONS. */
2697                                 SZ_NLATTR_TYPE_OF(struct tc_mirred);
2698                         flags |= MLX5_FLOW_ACTION_PORT_ID;
2699                         break;
2700                 case RTE_FLOW_ACTION_TYPE_JUMP:
2701                         size += SZ_NLATTR_NEST + /* na_act_index. */
2702                                 SZ_NLATTR_STRZ_OF("gact") +
2703                                 SZ_NLATTR_NEST + /* TCA_ACT_OPTIONS. */
2704                                 SZ_NLATTR_TYPE_OF(struct tc_gact);
2705                         flags |= MLX5_FLOW_ACTION_JUMP;
2706                         break;
2707                 case RTE_FLOW_ACTION_TYPE_DROP:
2708                         size += SZ_NLATTR_NEST + /* na_act_index. */
2709                                 SZ_NLATTR_STRZ_OF("gact") +
2710                                 SZ_NLATTR_NEST + /* TCA_ACT_OPTIONS. */
2711                                 SZ_NLATTR_TYPE_OF(struct tc_gact);
2712                         flags |= MLX5_FLOW_ACTION_DROP;
2713                         break;
2714                 case RTE_FLOW_ACTION_TYPE_COUNT:
2715                         break;
2716                 case RTE_FLOW_ACTION_TYPE_OF_POP_VLAN:
2717                         flags |= MLX5_FLOW_ACTION_OF_POP_VLAN;
2718                         goto action_of_vlan;
2719                 case RTE_FLOW_ACTION_TYPE_OF_PUSH_VLAN:
2720                         flags |= MLX5_FLOW_ACTION_OF_PUSH_VLAN;
2721                         goto action_of_vlan;
2722                 case RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_VID:
2723                         flags |= MLX5_FLOW_ACTION_OF_SET_VLAN_VID;
2724                         goto action_of_vlan;
2725                 case RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_PCP:
2726                         flags |= MLX5_FLOW_ACTION_OF_SET_VLAN_PCP;
2727                         goto action_of_vlan;
2728 action_of_vlan:
2729                         size += SZ_NLATTR_NEST + /* na_act_index. */
2730                                 SZ_NLATTR_STRZ_OF("vlan") +
2731                                 SZ_NLATTR_NEST + /* TCA_ACT_OPTIONS. */
2732                                 SZ_NLATTR_TYPE_OF(struct tc_vlan) +
2733                                 SZ_NLATTR_TYPE_OF(uint16_t) +
2734                                 /* VLAN protocol. */
2735                                 SZ_NLATTR_TYPE_OF(uint16_t) + /* VLAN ID. */
2736                                 SZ_NLATTR_TYPE_OF(uint8_t); /* VLAN prio. */
2737                         break;
2738                 case RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP:
2739                         size += SZ_NLATTR_NEST + /* na_act_index. */
2740                                 SZ_NLATTR_STRZ_OF("tunnel_key") +
2741                                 SZ_NLATTR_NEST + /* TCA_ACT_OPTIONS. */
2742                                 SZ_NLATTR_TYPE_OF(uint8_t);
2743                         size += SZ_NLATTR_TYPE_OF(struct tc_tunnel_key);
2744                         size += flow_tcf_vxlan_encap_size(actions) +
2745                                 RTE_ALIGN_CEIL /* preceding encap params. */
2746                                 (sizeof(struct flow_tcf_vxlan_encap),
2747                                 MNL_ALIGNTO);
2748                         flags |= MLX5_FLOW_ACTION_VXLAN_ENCAP;
2749                         break;
2750                 case RTE_FLOW_ACTION_TYPE_VXLAN_DECAP:
2751                         size += SZ_NLATTR_NEST + /* na_act_index. */
2752                                 SZ_NLATTR_STRZ_OF("tunnel_key") +
2753                                 SZ_NLATTR_NEST + /* TCA_ACT_OPTIONS. */
2754                                 SZ_NLATTR_TYPE_OF(uint8_t);
2755                         size += SZ_NLATTR_TYPE_OF(struct tc_tunnel_key);
2756                         size += RTE_ALIGN_CEIL /* preceding decap params. */
2757                                 (sizeof(struct flow_tcf_vxlan_decap),
2758                                 MNL_ALIGNTO);
2759                         flags |= MLX5_FLOW_ACTION_VXLAN_DECAP;
2760                         break;
2761                 case RTE_FLOW_ACTION_TYPE_SET_IPV4_SRC:
2762                 case RTE_FLOW_ACTION_TYPE_SET_IPV4_DST:
2763                 case RTE_FLOW_ACTION_TYPE_SET_IPV6_SRC:
2764                 case RTE_FLOW_ACTION_TYPE_SET_IPV6_DST:
2765                 case RTE_FLOW_ACTION_TYPE_SET_TP_SRC:
2766                 case RTE_FLOW_ACTION_TYPE_SET_TP_DST:
2767                 case RTE_FLOW_ACTION_TYPE_SET_TTL:
2768                 case RTE_FLOW_ACTION_TYPE_DEC_TTL:
2769                 case RTE_FLOW_ACTION_TYPE_SET_MAC_SRC:
2770                 case RTE_FLOW_ACTION_TYPE_SET_MAC_DST:
2771                         size += flow_tcf_get_pedit_actions_size(&actions,
2772                                                                 &flags);
2773                         break;
2774                 default:
2775                         DRV_LOG(WARNING,
2776                                 "unsupported action %p type %d,"
2777                                 " items must be validated before flow creation",
2778                                 (const void *)actions, actions->type);
2779                         break;
2780                 }
2781         }
2782         *action_flags = flags;
2783         return size;
2784 }
2785
2786 /**
2787  * Prepare a flow object for Linux TC flower. It calculates the maximum size of
2788  * memory required, allocates the memory, initializes Netlink message headers
2789  * and set unique TC message handle.
2790  *
2791  * @param[in] attr
2792  *   Pointer to the flow attributes.
2793  * @param[in] items
2794  *   Pointer to the list of items.
2795  * @param[in] actions
2796  *   Pointer to the list of actions.
2797  * @param[out] error
2798  *   Pointer to the error structure.
2799  *
2800  * @return
2801  *   Pointer to mlx5_flow object on success,
2802  *   otherwise NULL and rte_errno is set.
2803  */
2804 static struct mlx5_flow *
2805 flow_tcf_prepare(const struct rte_flow_attr *attr,
2806                  const struct rte_flow_item items[],
2807                  const struct rte_flow_action actions[],
2808                  struct rte_flow_error *error)
2809 {
2810         size_t size = RTE_ALIGN_CEIL
2811                         (sizeof(struct mlx5_flow),
2812                          alignof(struct flow_tcf_tunnel_hdr)) +
2813                       MNL_ALIGN(sizeof(struct nlmsghdr)) +
2814                       MNL_ALIGN(sizeof(struct tcmsg));
2815         struct mlx5_flow *dev_flow;
2816         uint64_t action_flags = 0;
2817         struct nlmsghdr *nlh;
2818         struct tcmsg *tcm;
2819         uint8_t *sp, *tun = NULL;
2820
2821         size += flow_tcf_get_items_size(attr, items, &action_flags);
2822         size += flow_tcf_get_actions_and_size(actions, &action_flags);
2823         dev_flow = rte_zmalloc(__func__, size, MNL_ALIGNTO);
2824         if (!dev_flow) {
2825                 rte_flow_error_set(error, ENOMEM,
2826                                    RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
2827                                    "not enough memory to create E-Switch flow");
2828                 return NULL;
2829         }
2830         sp = (uint8_t *)(dev_flow + 1);
2831         if (action_flags & MLX5_FLOW_ACTION_VXLAN_ENCAP) {
2832                 sp = RTE_PTR_ALIGN
2833                         (sp, alignof(struct flow_tcf_tunnel_hdr));
2834                 tun = sp;
2835                 sp += RTE_ALIGN_CEIL
2836                         (sizeof(struct flow_tcf_vxlan_encap),
2837                         MNL_ALIGNTO);
2838 #ifndef NDEBUG
2839                 size -= RTE_ALIGN_CEIL
2840                         (sizeof(struct flow_tcf_vxlan_encap),
2841                         MNL_ALIGNTO);
2842 #endif
2843         } else if (action_flags & MLX5_FLOW_ACTION_VXLAN_DECAP) {
2844                 sp = RTE_PTR_ALIGN
2845                         (sp, alignof(struct flow_tcf_tunnel_hdr));
2846                 tun = sp;
2847                 sp += RTE_ALIGN_CEIL
2848                         (sizeof(struct flow_tcf_vxlan_decap),
2849                         MNL_ALIGNTO);
2850 #ifndef NDEBUG
2851                 size -= RTE_ALIGN_CEIL
2852                         (sizeof(struct flow_tcf_vxlan_decap),
2853                         MNL_ALIGNTO);
2854 #endif
2855         } else {
2856                 sp = RTE_PTR_ALIGN(sp, MNL_ALIGNTO);
2857         }
2858         nlh = mnl_nlmsg_put_header(sp);
2859         tcm = mnl_nlmsg_put_extra_header(nlh, sizeof(*tcm));
2860         *dev_flow = (struct mlx5_flow){
2861                 .tcf = (struct mlx5_flow_tcf){
2862 #ifndef NDEBUG
2863                         .nlsize = size - RTE_ALIGN_CEIL
2864                                 (sizeof(struct mlx5_flow),
2865                                  alignof(struct flow_tcf_tunnel_hdr)),
2866 #endif
2867                         .tunnel = (struct flow_tcf_tunnel_hdr *)tun,
2868                         .nlh = nlh,
2869                         .tcm = tcm,
2870                 },
2871         };
2872         if (action_flags & MLX5_FLOW_ACTION_VXLAN_DECAP)
2873                 dev_flow->tcf.tunnel->type = FLOW_TCF_TUNACT_VXLAN_DECAP;
2874         else if (action_flags & MLX5_FLOW_ACTION_VXLAN_ENCAP)
2875                 dev_flow->tcf.tunnel->type = FLOW_TCF_TUNACT_VXLAN_ENCAP;
2876         return dev_flow;
2877 }
2878
2879 /**
2880  * Make adjustments for supporting count actions.
2881  *
2882  * @param[in] dev
2883  *   Pointer to the Ethernet device structure.
2884  * @param[in] dev_flow
2885  *   Pointer to mlx5_flow.
2886  * @param[out] error
2887  *   Pointer to error structure.
2888  *
2889  * @return
2890  *   0 On success else a negative errno value is returned and rte_errno is set.
2891  */
2892 static int
2893 flow_tcf_translate_action_count(struct rte_eth_dev *dev __rte_unused,
2894                                   struct mlx5_flow *dev_flow,
2895                                   struct rte_flow_error *error)
2896 {
2897         struct rte_flow *flow = dev_flow->flow;
2898
2899         if (!flow->counter) {
2900                 flow->counter = flow_tcf_counter_new();
2901                 if (!flow->counter)
2902                         return rte_flow_error_set(error, rte_errno,
2903                                                   RTE_FLOW_ERROR_TYPE_ACTION,
2904                                                   NULL,
2905                                                   "cannot get counter"
2906                                                   " context.");
2907         }
2908         return 0;
2909 }
2910
2911 /**
2912  * Convert VXLAN VNI to 32-bit integer.
2913  *
2914  * @param[in] vni
2915  *   VXLAN VNI in 24-bit wire format.
2916  *
2917  * @return
2918  *   VXLAN VNI as a 32-bit integer value in network endian.
2919  */
2920 static inline rte_be32_t
2921 vxlan_vni_as_be32(const uint8_t vni[3])
2922 {
2923         union {
2924                 uint8_t vni[4];
2925                 rte_be32_t dword;
2926         } ret = {
2927                 .vni = { 0, vni[0], vni[1], vni[2] },
2928         };
2929         return ret.dword;
2930 }
2931
2932 /**
2933  * Helper function to process RTE_FLOW_ITEM_TYPE_ETH entry in configuration
2934  * of action RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP. Fills the MAC address fields
2935  * in the encapsulation parameters structure. The item must be prevalidated,
2936  * no any validation checks performed by function.
2937  *
2938  * @param[in] spec
2939  *   RTE_FLOW_ITEM_TYPE_ETH entry specification.
2940  * @param[in] mask
2941  *   RTE_FLOW_ITEM_TYPE_ETH entry mask.
2942  * @param[out] encap
2943  *   Structure to fill the gathered MAC address data.
2944  */
2945 static void
2946 flow_tcf_parse_vxlan_encap_eth(const struct rte_flow_item_eth *spec,
2947                                const struct rte_flow_item_eth *mask,
2948                                struct flow_tcf_vxlan_encap *encap)
2949 {
2950         /* Item must be validated before. No redundant checks. */
2951         assert(spec);
2952         if (!mask || !memcmp(&mask->dst,
2953                              &rte_flow_item_eth_mask.dst,
2954                              sizeof(rte_flow_item_eth_mask.dst))) {
2955                 /*
2956                  * Ethernet addresses are not supported by
2957                  * tc as tunnel_key parameters. Destination
2958                  * address is needed to form encap packet
2959                  * header and retrieved by kernel from
2960                  * implicit sources (ARP table, etc),
2961                  * address masks are not supported at all.
2962                  */
2963                 encap->eth.dst = spec->dst;
2964                 encap->mask |= FLOW_TCF_ENCAP_ETH_DST;
2965         }
2966         if (!mask || !memcmp(&mask->src,
2967                              &rte_flow_item_eth_mask.src,
2968                              sizeof(rte_flow_item_eth_mask.src))) {
2969                 /*
2970                  * Ethernet addresses are not supported by
2971                  * tc as tunnel_key parameters. Source ethernet
2972                  * address is ignored anyway.
2973                  */
2974                 encap->eth.src = spec->src;
2975                 encap->mask |= FLOW_TCF_ENCAP_ETH_SRC;
2976         }
2977 }
2978
2979 /**
2980  * Helper function to process RTE_FLOW_ITEM_TYPE_IPV4 entry in configuration
2981  * of action RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP. Fills the IPV4 address fields
2982  * in the encapsulation parameters structure. The item must be prevalidated,
2983  * no any validation checks performed by function.
2984  *
2985  * @param[in] spec
2986  *   RTE_FLOW_ITEM_TYPE_IPV4 entry specification.
2987  * @param[in] mask
2988  *  RTE_FLOW_ITEM_TYPE_IPV4 entry mask.
2989  * @param[out] encap
2990  *   Structure to fill the gathered IPV4 address data.
2991  */
2992 static void
2993 flow_tcf_parse_vxlan_encap_ipv4(const struct rte_flow_item_ipv4 *spec,
2994                                 const struct rte_flow_item_ipv4 *mask,
2995                                 struct flow_tcf_vxlan_encap *encap)
2996 {
2997         /* Item must be validated before. No redundant checks. */
2998         assert(spec);
2999         encap->ipv4.dst = spec->hdr.dst_addr;
3000         encap->ipv4.src = spec->hdr.src_addr;
3001         encap->mask |= FLOW_TCF_ENCAP_IPV4_SRC |
3002                        FLOW_TCF_ENCAP_IPV4_DST;
3003         if (mask && mask->hdr.type_of_service) {
3004                 encap->mask |= FLOW_TCF_ENCAP_IP_TOS;
3005                 encap->ip_tos = spec->hdr.type_of_service;
3006         }
3007         if (mask && mask->hdr.time_to_live) {
3008                 encap->mask |= FLOW_TCF_ENCAP_IP_TTL;
3009                 encap->ip_ttl_hop = spec->hdr.time_to_live;
3010         }
3011 }
3012
3013 /**
3014  * Helper function to process RTE_FLOW_ITEM_TYPE_IPV6 entry in configuration
3015  * of action RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP. Fills the IPV6 address fields
3016  * in the encapsulation parameters structure. The item must be prevalidated,
3017  * no any validation checks performed by function.
3018  *
3019  * @param[in] spec
3020  *   RTE_FLOW_ITEM_TYPE_IPV6 entry specification.
3021  * @param[in] mask
3022  *  RTE_FLOW_ITEM_TYPE_IPV6 entry mask.
3023  * @param[out] encap
3024  *   Structure to fill the gathered IPV6 address data.
3025  */
3026 static void
3027 flow_tcf_parse_vxlan_encap_ipv6(const struct rte_flow_item_ipv6 *spec,
3028                                 const struct rte_flow_item_ipv6 *mask,
3029                                 struct flow_tcf_vxlan_encap *encap)
3030 {
3031         /* Item must be validated before. No redundant checks. */
3032         assert(spec);
3033         memcpy(encap->ipv6.dst, spec->hdr.dst_addr, IPV6_ADDR_LEN);
3034         memcpy(encap->ipv6.src, spec->hdr.src_addr, IPV6_ADDR_LEN);
3035         encap->mask |= FLOW_TCF_ENCAP_IPV6_SRC |
3036                        FLOW_TCF_ENCAP_IPV6_DST;
3037         if (mask) {
3038                 if ((rte_be_to_cpu_32(mask->hdr.vtc_flow) >>
3039                     IPV6_HDR_TC_SHIFT) & 0xff) {
3040                         encap->mask |= FLOW_TCF_ENCAP_IP_TOS;
3041                         encap->ip_tos = (rte_be_to_cpu_32
3042                                                 (spec->hdr.vtc_flow) >>
3043                                                  IPV6_HDR_TC_SHIFT) & 0xff;
3044                 }
3045                 if (mask->hdr.hop_limits) {
3046                         encap->mask |= FLOW_TCF_ENCAP_IP_TTL;
3047                         encap->ip_ttl_hop = spec->hdr.hop_limits;
3048                 }
3049         }
3050 }
3051
3052 /**
3053  * Helper function to process RTE_FLOW_ITEM_TYPE_UDP entry in configuration
3054  * of action RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP. Fills the UDP port fields
3055  * in the encapsulation parameters structure. The item must be prevalidated,
3056  * no any validation checks performed by function.
3057  *
3058  * @param[in] spec
3059  *   RTE_FLOW_ITEM_TYPE_UDP entry specification.
3060  * @param[in] mask
3061  *   RTE_FLOW_ITEM_TYPE_UDP entry mask.
3062  * @param[out] encap
3063  *   Structure to fill the gathered UDP port data.
3064  */
3065 static void
3066 flow_tcf_parse_vxlan_encap_udp(const struct rte_flow_item_udp *spec,
3067                                const struct rte_flow_item_udp *mask,
3068                                struct flow_tcf_vxlan_encap *encap)
3069 {
3070         assert(spec);
3071         encap->udp.dst = spec->hdr.dst_port;
3072         encap->mask |= FLOW_TCF_ENCAP_UDP_DST;
3073         if (!mask || mask->hdr.src_port != RTE_BE16(0x0000)) {
3074                 encap->udp.src = spec->hdr.src_port;
3075                 encap->mask |= FLOW_TCF_ENCAP_IPV4_SRC;
3076         }
3077 }
3078
3079 /**
3080  * Helper function to process RTE_FLOW_ITEM_TYPE_VXLAN entry in configuration
3081  * of action RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP. Fills the VNI fields
3082  * in the encapsulation parameters structure. The item must be prevalidated,
3083  * no any validation checks performed by function.
3084  *
3085  * @param[in] spec
3086  *   RTE_FLOW_ITEM_TYPE_VXLAN entry specification.
3087  * @param[out] encap
3088  *   Structure to fill the gathered VNI address data.
3089  */
3090 static void
3091 flow_tcf_parse_vxlan_encap_vni(const struct rte_flow_item_vxlan *spec,
3092                                struct flow_tcf_vxlan_encap *encap)
3093 {
3094         /* Item must be validated before. Do not redundant checks. */
3095         assert(spec);
3096         memcpy(encap->vxlan.vni, spec->vni, sizeof(encap->vxlan.vni));
3097         encap->mask |= FLOW_TCF_ENCAP_VXLAN_VNI;
3098 }
3099
3100 /**
3101  * Populate consolidated encapsulation object from list of pattern items.
3102  *
3103  * Helper function to process configuration of action such as
3104  * RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP. The item list should be
3105  * validated, there is no way to return an meaningful error.
3106  *
3107  * @param[in] action
3108  *   RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP action object.
3109  *   List of pattern items to gather data from.
3110  * @param[out] src
3111  *   Structure to fill gathered data.
3112  */
3113 static void
3114 flow_tcf_vxlan_encap_parse(const struct rte_flow_action *action,
3115                            struct flow_tcf_vxlan_encap *encap)
3116 {
3117         union {
3118                 const struct rte_flow_item_eth *eth;
3119                 const struct rte_flow_item_ipv4 *ipv4;
3120                 const struct rte_flow_item_ipv6 *ipv6;
3121                 const struct rte_flow_item_udp *udp;
3122                 const struct rte_flow_item_vxlan *vxlan;
3123         } spec, mask;
3124         const struct rte_flow_item *items;
3125
3126         assert(action->type == RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP);
3127         assert(action->conf);
3128
3129         items = ((const struct rte_flow_action_vxlan_encap *)
3130                                         action->conf)->definition;
3131         assert(items);
3132         for (; items->type != RTE_FLOW_ITEM_TYPE_END; items++) {
3133                 switch (items->type) {
3134                 case RTE_FLOW_ITEM_TYPE_VOID:
3135                         break;
3136                 case RTE_FLOW_ITEM_TYPE_ETH:
3137                         mask.eth = items->mask;
3138                         spec.eth = items->spec;
3139                         flow_tcf_parse_vxlan_encap_eth(spec.eth, mask.eth,
3140                                                        encap);
3141                         break;
3142                 case RTE_FLOW_ITEM_TYPE_IPV4:
3143                         spec.ipv4 = items->spec;
3144                         mask.ipv4 = items->mask;
3145                         flow_tcf_parse_vxlan_encap_ipv4(spec.ipv4, mask.ipv4,
3146                                                         encap);
3147                         break;
3148                 case RTE_FLOW_ITEM_TYPE_IPV6:
3149                         spec.ipv6 = items->spec;
3150                         mask.ipv6 = items->mask;
3151                         flow_tcf_parse_vxlan_encap_ipv6(spec.ipv6, mask.ipv6,
3152                                                         encap);
3153                         break;
3154                 case RTE_FLOW_ITEM_TYPE_UDP:
3155                         mask.udp = items->mask;
3156                         spec.udp = items->spec;
3157                         flow_tcf_parse_vxlan_encap_udp(spec.udp, mask.udp,
3158                                                        encap);
3159                         break;
3160                 case RTE_FLOW_ITEM_TYPE_VXLAN:
3161                         spec.vxlan = items->spec;
3162                         flow_tcf_parse_vxlan_encap_vni(spec.vxlan, encap);
3163                         break;
3164                 default:
3165                         assert(false);
3166                         DRV_LOG(WARNING,
3167                                 "unsupported item %p type %d,"
3168                                 " items must be validated"
3169                                 " before flow creation",
3170                                 (const void *)items, items->type);
3171                         encap->mask = 0;
3172                         return;
3173                 }
3174         }
3175 }
3176
3177 /**
3178  * Translate flow for Linux TC flower and construct Netlink message.
3179  *
3180  * @param[in] priv
3181  *   Pointer to the priv structure.
3182  * @param[in, out] flow
3183  *   Pointer to the sub flow.
3184  * @param[in] attr
3185  *   Pointer to the flow attributes.
3186  * @param[in] items
3187  *   Pointer to the list of items.
3188  * @param[in] actions
3189  *   Pointer to the list of actions.
3190  * @param[out] error
3191  *   Pointer to the error structure.
3192  *
3193  * @return
3194  *   0 on success, a negative errno value otherwise and rte_errno is set.
3195  */
3196 static int
3197 flow_tcf_translate(struct rte_eth_dev *dev, struct mlx5_flow *dev_flow,
3198                    const struct rte_flow_attr *attr,
3199                    const struct rte_flow_item items[],
3200                    const struct rte_flow_action actions[],
3201                    struct rte_flow_error *error)
3202 {
3203         union {
3204                 const struct rte_flow_item_port_id *port_id;
3205                 const struct rte_flow_item_eth *eth;
3206                 const struct rte_flow_item_vlan *vlan;
3207                 const struct rte_flow_item_ipv4 *ipv4;
3208                 const struct rte_flow_item_ipv6 *ipv6;
3209                 const struct rte_flow_item_tcp *tcp;
3210                 const struct rte_flow_item_udp *udp;
3211                 const struct rte_flow_item_vxlan *vxlan;
3212         } spec, mask;
3213         union {
3214                 const struct rte_flow_action_port_id *port_id;
3215                 const struct rte_flow_action_jump *jump;
3216                 const struct rte_flow_action_of_push_vlan *of_push_vlan;
3217                 const struct rte_flow_action_of_set_vlan_vid *
3218                         of_set_vlan_vid;
3219                 const struct rte_flow_action_of_set_vlan_pcp *
3220                         of_set_vlan_pcp;
3221         } conf;
3222         union {
3223                 struct flow_tcf_tunnel_hdr *hdr;
3224                 struct flow_tcf_vxlan_decap *vxlan;
3225         } decap = {
3226                 .hdr = NULL,
3227         };
3228         union {
3229                 struct flow_tcf_tunnel_hdr *hdr;
3230                 struct flow_tcf_vxlan_encap *vxlan;
3231         } encap = {
3232                 .hdr = NULL,
3233         };
3234         struct flow_tcf_ptoi ptoi[PTOI_TABLE_SZ_MAX(dev)];
3235         struct nlmsghdr *nlh = dev_flow->tcf.nlh;
3236         struct tcmsg *tcm = dev_flow->tcf.tcm;
3237         uint32_t na_act_index_cur;
3238         rte_be16_t inner_etype = RTE_BE16(ETH_P_ALL);
3239         rte_be16_t outer_etype = RTE_BE16(ETH_P_ALL);
3240         rte_be16_t vlan_etype = RTE_BE16(ETH_P_ALL);
3241         bool ip_proto_set = 0;
3242         bool tunnel_outer = 0;
3243         struct nlattr *na_flower;
3244         struct nlattr *na_flower_act;
3245         struct nlattr *na_vlan_id = NULL;
3246         struct nlattr *na_vlan_priority = NULL;
3247         uint64_t item_flags = 0;
3248         int ret;
3249
3250         claim_nonzero(flow_tcf_build_ptoi_table(dev, ptoi,
3251                                                 PTOI_TABLE_SZ_MAX(dev)));
3252         if (dev_flow->tcf.tunnel) {
3253                 switch (dev_flow->tcf.tunnel->type) {
3254                 case FLOW_TCF_TUNACT_VXLAN_DECAP:
3255                         decap.vxlan = dev_flow->tcf.vxlan_decap;
3256                         tunnel_outer = 1;
3257                         break;
3258                 case FLOW_TCF_TUNACT_VXLAN_ENCAP:
3259                         encap.vxlan = dev_flow->tcf.vxlan_encap;
3260                         break;
3261                 /* New tunnel actions can be added here. */
3262                 default:
3263                         assert(false);
3264                         break;
3265                 }
3266         }
3267         nlh = dev_flow->tcf.nlh;
3268         tcm = dev_flow->tcf.tcm;
3269         /* Prepare API must have been called beforehand. */
3270         assert(nlh != NULL && tcm != NULL);
3271         tcm->tcm_family = AF_UNSPEC;
3272         tcm->tcm_ifindex = ptoi[0].ifindex;
3273         tcm->tcm_parent = TC_H_MAKE(TC_H_INGRESS, TC_H_MIN_INGRESS);
3274         /*
3275          * Priority cannot be zero to prevent the kernel from picking one
3276          * automatically.
3277          */
3278         tcm->tcm_info = TC_H_MAKE((attr->priority + 1) << 16, outer_etype);
3279         if (attr->group > 0)
3280                 mnl_attr_put_u32(nlh, TCA_CHAIN, attr->group);
3281         mnl_attr_put_strz(nlh, TCA_KIND, "flower");
3282         na_flower = mnl_attr_nest_start(nlh, TCA_OPTIONS);
3283         for (; items->type != RTE_FLOW_ITEM_TYPE_END; items++) {
3284                 unsigned int i;
3285
3286                 switch (items->type) {
3287                 case RTE_FLOW_ITEM_TYPE_VOID:
3288                         break;
3289                 case RTE_FLOW_ITEM_TYPE_PORT_ID:
3290                         mask.port_id = flow_tcf_item_mask
3291                                 (items, &rte_flow_item_port_id_mask,
3292                                  &flow_tcf_mask_supported.port_id,
3293                                  &flow_tcf_mask_empty.port_id,
3294                                  sizeof(flow_tcf_mask_supported.port_id),
3295                                  error);
3296                         assert(mask.port_id);
3297                         if (mask.port_id == &flow_tcf_mask_empty.port_id)
3298                                 break;
3299                         spec.port_id = items->spec;
3300                         if (!mask.port_id->id)
3301                                 i = 0;
3302                         else
3303                                 for (i = 0; ptoi[i].ifindex; ++i)
3304                                         if (ptoi[i].port_id == spec.port_id->id)
3305                                                 break;
3306                         assert(ptoi[i].ifindex);
3307                         tcm->tcm_ifindex = ptoi[i].ifindex;
3308                         break;
3309                 case RTE_FLOW_ITEM_TYPE_ETH:
3310                         item_flags |= (item_flags & MLX5_FLOW_LAYER_TUNNEL) ?
3311                                       MLX5_FLOW_LAYER_INNER_L2 :
3312                                       MLX5_FLOW_LAYER_OUTER_L2;
3313                         mask.eth = flow_tcf_item_mask
3314                                 (items, &rte_flow_item_eth_mask,
3315                                  &flow_tcf_mask_supported.eth,
3316                                  &flow_tcf_mask_empty.eth,
3317                                  sizeof(flow_tcf_mask_supported.eth),
3318                                  error);
3319                         assert(mask.eth);
3320                         if (mask.eth == &flow_tcf_mask_empty.eth)
3321                                 break;
3322                         spec.eth = items->spec;
3323                         if (mask.eth->type) {
3324                                 if (item_flags & MLX5_FLOW_LAYER_TUNNEL)
3325                                         inner_etype = spec.eth->type;
3326                                 else
3327                                         outer_etype = spec.eth->type;
3328                         }
3329                         if (tunnel_outer) {
3330                                 DRV_LOG(WARNING,
3331                                         "outer L2 addresses cannot be"
3332                                         " forced is outer ones for tunnel,"
3333                                         " parameter is ignored");
3334                                 break;
3335                         }
3336                         if (!is_zero_ether_addr(&mask.eth->dst)) {
3337                                 mnl_attr_put(nlh, TCA_FLOWER_KEY_ETH_DST,
3338                                              ETHER_ADDR_LEN,
3339                                              spec.eth->dst.addr_bytes);
3340                                 mnl_attr_put(nlh, TCA_FLOWER_KEY_ETH_DST_MASK,
3341                                              ETHER_ADDR_LEN,
3342                                              mask.eth->dst.addr_bytes);
3343                         }
3344                         if (!is_zero_ether_addr(&mask.eth->src)) {
3345                                 mnl_attr_put(nlh, TCA_FLOWER_KEY_ETH_SRC,
3346                                              ETHER_ADDR_LEN,
3347                                              spec.eth->src.addr_bytes);
3348                                 mnl_attr_put(nlh, TCA_FLOWER_KEY_ETH_SRC_MASK,
3349                                              ETHER_ADDR_LEN,
3350                                              mask.eth->src.addr_bytes);
3351                         }
3352                         assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3353                         break;
3354                 case RTE_FLOW_ITEM_TYPE_VLAN:
3355                         assert(!encap.hdr);
3356                         assert(!decap.hdr);
3357                         assert(!tunnel_outer);
3358                         item_flags |= MLX5_FLOW_LAYER_OUTER_VLAN;
3359                         mask.vlan = flow_tcf_item_mask
3360                                 (items, &rte_flow_item_vlan_mask,
3361                                  &flow_tcf_mask_supported.vlan,
3362                                  &flow_tcf_mask_empty.vlan,
3363                                  sizeof(flow_tcf_mask_supported.vlan),
3364                                  error);
3365                         assert(mask.vlan);
3366                         if (mask.vlan == &flow_tcf_mask_empty.vlan)
3367                                 break;
3368                         spec.vlan = items->spec;
3369                         assert(outer_etype == RTE_BE16(ETH_P_ALL) ||
3370                                outer_etype == RTE_BE16(ETH_P_8021Q));
3371                         outer_etype = RTE_BE16(ETH_P_8021Q);
3372                         if (mask.vlan->inner_type)
3373                                 vlan_etype = spec.vlan->inner_type;
3374                         if (mask.vlan->tci & RTE_BE16(0xe000))
3375                                 mnl_attr_put_u8(nlh, TCA_FLOWER_KEY_VLAN_PRIO,
3376                                                 (rte_be_to_cpu_16
3377                                                  (spec.vlan->tci) >> 13) & 0x7);
3378                         if (mask.vlan->tci & RTE_BE16(0x0fff))
3379                                 mnl_attr_put_u16(nlh, TCA_FLOWER_KEY_VLAN_ID,
3380                                                  rte_be_to_cpu_16
3381                                                  (spec.vlan->tci &
3382                                                   RTE_BE16(0x0fff)));
3383                         assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3384                         break;
3385                 case RTE_FLOW_ITEM_TYPE_IPV4:
3386                         item_flags |= (item_flags & MLX5_FLOW_LAYER_TUNNEL) ?
3387                                       MLX5_FLOW_LAYER_INNER_L3_IPV4 :
3388                                       MLX5_FLOW_LAYER_OUTER_L3_IPV4;
3389                         mask.ipv4 = flow_tcf_item_mask
3390                                 (items, &rte_flow_item_ipv4_mask,
3391                                  &flow_tcf_mask_supported.ipv4,
3392                                  &flow_tcf_mask_empty.ipv4,
3393                                  sizeof(flow_tcf_mask_supported.ipv4),
3394                                  error);
3395                         assert(mask.ipv4);
3396                         if (item_flags & MLX5_FLOW_LAYER_TUNNEL) {
3397                                 assert(inner_etype == RTE_BE16(ETH_P_ALL) ||
3398                                        inner_etype == RTE_BE16(ETH_P_IP));
3399                                 inner_etype = RTE_BE16(ETH_P_IP);
3400                         } else if (outer_etype == RTE_BE16(ETH_P_8021Q)) {
3401                                 assert(vlan_etype == RTE_BE16(ETH_P_ALL) ||
3402                                        vlan_etype == RTE_BE16(ETH_P_IP));
3403                                 vlan_etype = RTE_BE16(ETH_P_IP);
3404                         } else {
3405                                 assert(outer_etype == RTE_BE16(ETH_P_ALL) ||
3406                                        outer_etype == RTE_BE16(ETH_P_IP));
3407                                 outer_etype = RTE_BE16(ETH_P_IP);
3408                         }
3409                         spec.ipv4 = items->spec;
3410                         if (!tunnel_outer && mask.ipv4->hdr.next_proto_id) {
3411                                 /*
3412                                  * No way to set IP protocol for outer tunnel
3413                                  * layers. Usually it is fixed, for example,
3414                                  * to UDP for VXLAN/GPE.
3415                                  */
3416                                 assert(spec.ipv4); /* Mask is not empty. */
3417                                 mnl_attr_put_u8(nlh, TCA_FLOWER_KEY_IP_PROTO,
3418                                                 spec.ipv4->hdr.next_proto_id);
3419                                 ip_proto_set = 1;
3420                         }
3421                         if (mask.ipv4 == &flow_tcf_mask_empty.ipv4 ||
3422                              (!mask.ipv4->hdr.src_addr &&
3423                               !mask.ipv4->hdr.dst_addr)) {
3424                                 if (!tunnel_outer)
3425                                         break;
3426                                 /*
3427                                  * For tunnel outer we must set outer IP key
3428                                  * anyway, even if the specification/mask is
3429                                  * empty. There is no another way to tell
3430                                  * kernel about he outer layer protocol.
3431                                  */
3432                                 mnl_attr_put_u32
3433                                         (nlh, TCA_FLOWER_KEY_ENC_IPV4_SRC,
3434                                          mask.ipv4->hdr.src_addr);
3435                                 mnl_attr_put_u32
3436                                         (nlh, TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
3437                                          mask.ipv4->hdr.src_addr);
3438                                 assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3439                                 break;
3440                         }
3441                         if (mask.ipv4->hdr.src_addr) {
3442                                 mnl_attr_put_u32
3443                                         (nlh, tunnel_outer ?
3444                                          TCA_FLOWER_KEY_ENC_IPV4_SRC :
3445                                          TCA_FLOWER_KEY_IPV4_SRC,
3446                                          spec.ipv4->hdr.src_addr);
3447                                 mnl_attr_put_u32
3448                                         (nlh, tunnel_outer ?
3449                                          TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK :
3450                                          TCA_FLOWER_KEY_IPV4_SRC_MASK,
3451                                          mask.ipv4->hdr.src_addr);
3452                         }
3453                         if (mask.ipv4->hdr.dst_addr) {
3454                                 mnl_attr_put_u32
3455                                         (nlh, tunnel_outer ?
3456                                          TCA_FLOWER_KEY_ENC_IPV4_DST :
3457                                          TCA_FLOWER_KEY_IPV4_DST,
3458                                          spec.ipv4->hdr.dst_addr);
3459                                 mnl_attr_put_u32
3460                                         (nlh, tunnel_outer ?
3461                                          TCA_FLOWER_KEY_ENC_IPV4_DST_MASK :
3462                                          TCA_FLOWER_KEY_IPV4_DST_MASK,
3463                                          mask.ipv4->hdr.dst_addr);
3464                         }
3465                         if (mask.ipv4->hdr.time_to_live) {
3466                                 mnl_attr_put_u8
3467                                         (nlh, tunnel_outer ?
3468                                          TCA_FLOWER_KEY_ENC_IP_TTL :
3469                                          TCA_FLOWER_KEY_IP_TTL,
3470                                          spec.ipv4->hdr.time_to_live);
3471                                 mnl_attr_put_u8
3472                                         (nlh, tunnel_outer ?
3473                                          TCA_FLOWER_KEY_ENC_IP_TTL_MASK :
3474                                          TCA_FLOWER_KEY_IP_TTL_MASK,
3475                                          mask.ipv4->hdr.time_to_live);
3476                         }
3477                         if (mask.ipv4->hdr.type_of_service) {
3478                                 mnl_attr_put_u8
3479                                         (nlh, tunnel_outer ?
3480                                          TCA_FLOWER_KEY_ENC_IP_TOS :
3481                                          TCA_FLOWER_KEY_IP_TOS,
3482                                          spec.ipv4->hdr.type_of_service);
3483                                 mnl_attr_put_u8
3484                                         (nlh, tunnel_outer ?
3485                                          TCA_FLOWER_KEY_ENC_IP_TOS_MASK :
3486                                          TCA_FLOWER_KEY_IP_TOS_MASK,
3487                                          mask.ipv4->hdr.type_of_service);
3488                         }
3489                         assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3490                         break;
3491                 case RTE_FLOW_ITEM_TYPE_IPV6: {
3492                         bool ipv6_src, ipv6_dst;
3493                         uint8_t msk6, tos6;
3494
3495                         item_flags |= (item_flags & MLX5_FLOW_LAYER_TUNNEL) ?
3496                                       MLX5_FLOW_LAYER_INNER_L3_IPV6 :
3497                                       MLX5_FLOW_LAYER_OUTER_L3_IPV6;
3498                         mask.ipv6 = flow_tcf_item_mask
3499                                 (items, &rte_flow_item_ipv6_mask,
3500                                  &flow_tcf_mask_supported.ipv6,
3501                                  &flow_tcf_mask_empty.ipv6,
3502                                  sizeof(flow_tcf_mask_supported.ipv6),
3503                                  error);
3504                         assert(mask.ipv6);
3505                         if (item_flags & MLX5_FLOW_LAYER_TUNNEL) {
3506                                 assert(inner_etype == RTE_BE16(ETH_P_ALL) ||
3507                                        inner_etype == RTE_BE16(ETH_P_IPV6));
3508                                 inner_etype = RTE_BE16(ETH_P_IPV6);
3509                         } else if (outer_etype == RTE_BE16(ETH_P_8021Q)) {
3510                                 assert(vlan_etype == RTE_BE16(ETH_P_ALL) ||
3511                                        vlan_etype == RTE_BE16(ETH_P_IPV6));
3512                                 vlan_etype = RTE_BE16(ETH_P_IPV6);
3513                         } else {
3514                                 assert(outer_etype == RTE_BE16(ETH_P_ALL) ||
3515                                        outer_etype == RTE_BE16(ETH_P_IPV6));
3516                                 outer_etype = RTE_BE16(ETH_P_IPV6);
3517                         }
3518                         spec.ipv6 = items->spec;
3519                         if (!tunnel_outer && mask.ipv6->hdr.proto) {
3520                                 /*
3521                                  * No way to set IP protocol for outer tunnel
3522                                  * layers. Usually it is fixed, for example,
3523                                  * to UDP for VXLAN/GPE.
3524                                  */
3525                                 assert(spec.ipv6); /* Mask is not empty. */
3526                                 mnl_attr_put_u8(nlh, TCA_FLOWER_KEY_IP_PROTO,
3527                                                 spec.ipv6->hdr.proto);
3528                                 ip_proto_set = 1;
3529                         }
3530                         ipv6_dst = !IN6_IS_ADDR_UNSPECIFIED
3531                                                 (mask.ipv6->hdr.dst_addr);
3532                         ipv6_src = !IN6_IS_ADDR_UNSPECIFIED
3533                                                 (mask.ipv6->hdr.src_addr);
3534                         if (mask.ipv6 == &flow_tcf_mask_empty.ipv6 ||
3535                              (!ipv6_dst && !ipv6_src)) {
3536                                 if (!tunnel_outer)
3537                                         break;
3538                                 /*
3539                                  * For tunnel outer we must set outer IP key
3540                                  * anyway, even if the specification/mask is
3541                                  * empty. There is no another way to tell
3542                                  * kernel about he outer layer protocol.
3543                                  */
3544                                 mnl_attr_put(nlh,
3545                                              TCA_FLOWER_KEY_ENC_IPV6_SRC,
3546                                              IPV6_ADDR_LEN,
3547                                              mask.ipv6->hdr.src_addr);
3548                                 mnl_attr_put(nlh,
3549                                              TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
3550                                              IPV6_ADDR_LEN,
3551                                              mask.ipv6->hdr.src_addr);
3552                                 assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3553                                 break;
3554                         }
3555                         if (ipv6_src) {
3556                                 mnl_attr_put(nlh, tunnel_outer ?
3557                                              TCA_FLOWER_KEY_ENC_IPV6_SRC :
3558                                              TCA_FLOWER_KEY_IPV6_SRC,
3559                                              IPV6_ADDR_LEN,
3560                                              spec.ipv6->hdr.src_addr);
3561                                 mnl_attr_put(nlh, tunnel_outer ?
3562                                              TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK :
3563                                              TCA_FLOWER_KEY_IPV6_SRC_MASK,
3564                                              IPV6_ADDR_LEN,
3565                                              mask.ipv6->hdr.src_addr);
3566                         }
3567                         if (ipv6_dst) {
3568                                 mnl_attr_put(nlh, tunnel_outer ?
3569                                              TCA_FLOWER_KEY_ENC_IPV6_DST :
3570                                              TCA_FLOWER_KEY_IPV6_DST,
3571                                              IPV6_ADDR_LEN,
3572                                              spec.ipv6->hdr.dst_addr);
3573                                 mnl_attr_put(nlh, tunnel_outer ?
3574                                              TCA_FLOWER_KEY_ENC_IPV6_DST_MASK :
3575                                              TCA_FLOWER_KEY_IPV6_DST_MASK,
3576                                              IPV6_ADDR_LEN,
3577                                              mask.ipv6->hdr.dst_addr);
3578                         }
3579                         if (mask.ipv6->hdr.hop_limits) {
3580                                 mnl_attr_put_u8
3581                                         (nlh, tunnel_outer ?
3582                                          TCA_FLOWER_KEY_ENC_IP_TTL :
3583                                          TCA_FLOWER_KEY_IP_TTL,
3584                                          spec.ipv6->hdr.hop_limits);
3585                                 mnl_attr_put_u8
3586                                         (nlh, tunnel_outer ?
3587                                          TCA_FLOWER_KEY_ENC_IP_TTL_MASK :
3588                                          TCA_FLOWER_KEY_IP_TTL_MASK,
3589                                          mask.ipv6->hdr.hop_limits);
3590                         }
3591                         msk6 = (rte_be_to_cpu_32(mask.ipv6->hdr.vtc_flow) >>
3592                                 IPV6_HDR_TC_SHIFT) & 0xff;
3593                         if (msk6) {
3594                                 tos6 = (rte_be_to_cpu_32
3595                                         (spec.ipv6->hdr.vtc_flow) >>
3596                                                 IPV6_HDR_TC_SHIFT) & 0xff;
3597                                 mnl_attr_put_u8
3598                                         (nlh, tunnel_outer ?
3599                                          TCA_FLOWER_KEY_ENC_IP_TOS :
3600                                          TCA_FLOWER_KEY_IP_TOS, tos6);
3601                                 mnl_attr_put_u8
3602                                         (nlh, tunnel_outer ?
3603                                          TCA_FLOWER_KEY_ENC_IP_TOS_MASK :
3604                                          TCA_FLOWER_KEY_IP_TOS_MASK, msk6);
3605                         }
3606                         assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3607                         break;
3608                 }
3609                 case RTE_FLOW_ITEM_TYPE_UDP:
3610                         item_flags |= (item_flags & MLX5_FLOW_LAYER_TUNNEL) ?
3611                                       MLX5_FLOW_LAYER_INNER_L4_UDP :
3612                                       MLX5_FLOW_LAYER_OUTER_L4_UDP;
3613                         mask.udp = flow_tcf_item_mask
3614                                 (items, &rte_flow_item_udp_mask,
3615                                  &flow_tcf_mask_supported.udp,
3616                                  &flow_tcf_mask_empty.udp,
3617                                  sizeof(flow_tcf_mask_supported.udp),
3618                                  error);
3619                         assert(mask.udp);
3620                         spec.udp = items->spec;
3621                         if (!tunnel_outer) {
3622                                 if (!ip_proto_set)
3623                                         mnl_attr_put_u8
3624                                                 (nlh, TCA_FLOWER_KEY_IP_PROTO,
3625                                                 IPPROTO_UDP);
3626                                 if (mask.udp == &flow_tcf_mask_empty.udp)
3627                                         break;
3628                         } else {
3629                                 assert(mask.udp != &flow_tcf_mask_empty.udp);
3630                                 decap.vxlan->udp_port =
3631                                         rte_be_to_cpu_16
3632                                                 (spec.udp->hdr.dst_port);
3633                         }
3634                         if (mask.udp->hdr.src_port) {
3635                                 mnl_attr_put_u16
3636                                         (nlh, tunnel_outer ?
3637                                          TCA_FLOWER_KEY_ENC_UDP_SRC_PORT :
3638                                          TCA_FLOWER_KEY_UDP_SRC,
3639                                          spec.udp->hdr.src_port);
3640                                 mnl_attr_put_u16
3641                                         (nlh, tunnel_outer ?
3642                                          TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK :
3643                                          TCA_FLOWER_KEY_UDP_SRC_MASK,
3644                                          mask.udp->hdr.src_port);
3645                         }
3646                         if (mask.udp->hdr.dst_port) {
3647                                 mnl_attr_put_u16
3648                                         (nlh, tunnel_outer ?
3649                                          TCA_FLOWER_KEY_ENC_UDP_DST_PORT :
3650                                          TCA_FLOWER_KEY_UDP_DST,
3651                                          spec.udp->hdr.dst_port);
3652                                 mnl_attr_put_u16
3653                                         (nlh, tunnel_outer ?
3654                                          TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK :
3655                                          TCA_FLOWER_KEY_UDP_DST_MASK,
3656                                          mask.udp->hdr.dst_port);
3657                         }
3658                         assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3659                         break;
3660                 case RTE_FLOW_ITEM_TYPE_TCP:
3661                         item_flags |= (item_flags & MLX5_FLOW_LAYER_TUNNEL) ?
3662                                       MLX5_FLOW_LAYER_INNER_L4_TCP :
3663                                       MLX5_FLOW_LAYER_OUTER_L4_TCP;
3664                         mask.tcp = flow_tcf_item_mask
3665                                 (items, &rte_flow_item_tcp_mask,
3666                                  &flow_tcf_mask_supported.tcp,
3667                                  &flow_tcf_mask_empty.tcp,
3668                                  sizeof(flow_tcf_mask_supported.tcp),
3669                                  error);
3670                         assert(mask.tcp);
3671                         if (!ip_proto_set)
3672                                 mnl_attr_put_u8(nlh, TCA_FLOWER_KEY_IP_PROTO,
3673                                                 IPPROTO_TCP);
3674                         if (mask.tcp == &flow_tcf_mask_empty.tcp)
3675                                 break;
3676                         spec.tcp = items->spec;
3677                         if (mask.tcp->hdr.src_port) {
3678                                 mnl_attr_put_u16(nlh, TCA_FLOWER_KEY_TCP_SRC,
3679                                                  spec.tcp->hdr.src_port);
3680                                 mnl_attr_put_u16(nlh,
3681                                                  TCA_FLOWER_KEY_TCP_SRC_MASK,
3682                                                  mask.tcp->hdr.src_port);
3683                         }
3684                         if (mask.tcp->hdr.dst_port) {
3685                                 mnl_attr_put_u16(nlh, TCA_FLOWER_KEY_TCP_DST,
3686                                                  spec.tcp->hdr.dst_port);
3687                                 mnl_attr_put_u16(nlh,
3688                                                  TCA_FLOWER_KEY_TCP_DST_MASK,
3689                                                  mask.tcp->hdr.dst_port);
3690                         }
3691                         if (mask.tcp->hdr.tcp_flags) {
3692                                 mnl_attr_put_u16
3693                                         (nlh,
3694                                          TCA_FLOWER_KEY_TCP_FLAGS,
3695                                          rte_cpu_to_be_16
3696                                                 (spec.tcp->hdr.tcp_flags));
3697                                 mnl_attr_put_u16
3698                                         (nlh,
3699                                          TCA_FLOWER_KEY_TCP_FLAGS_MASK,
3700                                          rte_cpu_to_be_16
3701                                                 (mask.tcp->hdr.tcp_flags));
3702                         }
3703                         assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3704                         break;
3705                 case RTE_FLOW_ITEM_TYPE_VXLAN:
3706                         assert(decap.vxlan);
3707                         tunnel_outer = 0;
3708                         item_flags |= MLX5_FLOW_LAYER_VXLAN;
3709                         spec.vxlan = items->spec;
3710                         mnl_attr_put_u32(nlh,
3711                                          TCA_FLOWER_KEY_ENC_KEY_ID,
3712                                          vxlan_vni_as_be32(spec.vxlan->vni));
3713                         assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3714                         break;
3715                 default:
3716                         return rte_flow_error_set(error, ENOTSUP,
3717                                                   RTE_FLOW_ERROR_TYPE_ITEM,
3718                                                   NULL, "item not supported");
3719                 }
3720         }
3721         /*
3722          * Set the ether_type flower key and tc rule protocol:
3723          * - if there is nor VLAN neither VXLAN the key is taken from
3724          *   eth item directly or deduced from L3 items.
3725          * - if there is vlan item then key is fixed to 802.1q.
3726          * - if there is vxlan item then key is set to inner tunnel type.
3727          * - simultaneous vlan and vxlan items are prohibited.
3728          */
3729         if (outer_etype != RTE_BE16(ETH_P_ALL)) {
3730                 tcm->tcm_info = TC_H_MAKE((attr->priority + 1) << 16,
3731                                            outer_etype);
3732                 if (item_flags & MLX5_FLOW_LAYER_TUNNEL) {
3733                         if (inner_etype != RTE_BE16(ETH_P_ALL))
3734                                 mnl_attr_put_u16(nlh,
3735                                                  TCA_FLOWER_KEY_ETH_TYPE,
3736                                                  inner_etype);
3737                 } else {
3738                         mnl_attr_put_u16(nlh,
3739                                          TCA_FLOWER_KEY_ETH_TYPE,
3740                                          outer_etype);
3741                         if (outer_etype == RTE_BE16(ETH_P_8021Q) &&
3742                             vlan_etype != RTE_BE16(ETH_P_ALL))
3743                                 mnl_attr_put_u16(nlh,
3744                                                  TCA_FLOWER_KEY_VLAN_ETH_TYPE,
3745                                                  vlan_etype);
3746                 }
3747                 assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3748         }
3749         na_flower_act = mnl_attr_nest_start(nlh, TCA_FLOWER_ACT);
3750         na_act_index_cur = 1;
3751         for (; actions->type != RTE_FLOW_ACTION_TYPE_END; actions++) {
3752                 struct nlattr *na_act_index;
3753                 struct nlattr *na_act;
3754                 unsigned int vlan_act;
3755                 unsigned int i;
3756
3757                 switch (actions->type) {
3758                 case RTE_FLOW_ACTION_TYPE_VOID:
3759                         break;
3760                 case RTE_FLOW_ACTION_TYPE_PORT_ID:
3761                         conf.port_id = actions->conf;
3762                         if (conf.port_id->original)
3763                                 i = 0;
3764                         else
3765                                 for (i = 0; ptoi[i].ifindex; ++i)
3766                                         if (ptoi[i].port_id == conf.port_id->id)
3767                                                 break;
3768                         assert(ptoi[i].ifindex);
3769                         na_act_index =
3770                                 mnl_attr_nest_start(nlh, na_act_index_cur++);
3771                         assert(na_act_index);
3772                         mnl_attr_put_strz(nlh, TCA_ACT_KIND, "mirred");
3773                         na_act = mnl_attr_nest_start(nlh, TCA_ACT_OPTIONS);
3774                         assert(na_act);
3775                         if (encap.hdr) {
3776                                 assert(dev_flow->tcf.tunnel);
3777                                 dev_flow->tcf.tunnel->ifindex_ptr =
3778                                         &((struct tc_mirred *)
3779                                         mnl_attr_get_payload
3780                                         (mnl_nlmsg_get_payload_tail
3781                                                 (nlh)))->ifindex;
3782                         } else if (decap.hdr) {
3783                                 assert(dev_flow->tcf.tunnel);
3784                                 dev_flow->tcf.tunnel->ifindex_ptr =
3785                                         (unsigned int *)&tcm->tcm_ifindex;
3786                         }
3787                         mnl_attr_put(nlh, TCA_MIRRED_PARMS,
3788                                      sizeof(struct tc_mirred),
3789                                      &(struct tc_mirred){
3790                                         .action = TC_ACT_STOLEN,
3791                                         .eaction = TCA_EGRESS_REDIR,
3792                                         .ifindex = ptoi[i].ifindex,
3793                                      });
3794                         mnl_attr_nest_end(nlh, na_act);
3795                         mnl_attr_nest_end(nlh, na_act_index);
3796                         break;
3797                 case RTE_FLOW_ACTION_TYPE_JUMP:
3798                         conf.jump = actions->conf;
3799                         na_act_index =
3800                                 mnl_attr_nest_start(nlh, na_act_index_cur++);
3801                         assert(na_act_index);
3802                         mnl_attr_put_strz(nlh, TCA_ACT_KIND, "gact");
3803                         na_act = mnl_attr_nest_start(nlh, TCA_ACT_OPTIONS);
3804                         assert(na_act);
3805                         mnl_attr_put(nlh, TCA_GACT_PARMS,
3806                                      sizeof(struct tc_gact),
3807                                      &(struct tc_gact){
3808                                         .action = TC_ACT_GOTO_CHAIN |
3809                                                   conf.jump->group,
3810                                      });
3811                         mnl_attr_nest_end(nlh, na_act);
3812                         mnl_attr_nest_end(nlh, na_act_index);
3813                         break;
3814                 case RTE_FLOW_ACTION_TYPE_DROP:
3815                         na_act_index =
3816                                 mnl_attr_nest_start(nlh, na_act_index_cur++);
3817                         assert(na_act_index);
3818                         mnl_attr_put_strz(nlh, TCA_ACT_KIND, "gact");
3819                         na_act = mnl_attr_nest_start(nlh, TCA_ACT_OPTIONS);
3820                         assert(na_act);
3821                         mnl_attr_put(nlh, TCA_GACT_PARMS,
3822                                      sizeof(struct tc_gact),
3823                                      &(struct tc_gact){
3824                                         .action = TC_ACT_SHOT,
3825                                      });
3826                         mnl_attr_nest_end(nlh, na_act);
3827                         mnl_attr_nest_end(nlh, na_act_index);
3828                         break;
3829                 case RTE_FLOW_ACTION_TYPE_COUNT:
3830                         /*
3831                          * Driver adds the count action implicitly for
3832                          * each rule it creates.
3833                          */
3834                         ret = flow_tcf_translate_action_count(dev,
3835                                                               dev_flow, error);
3836                         if (ret < 0)
3837                                 return ret;
3838                         break;
3839                 case RTE_FLOW_ACTION_TYPE_OF_POP_VLAN:
3840                         conf.of_push_vlan = NULL;
3841                         vlan_act = TCA_VLAN_ACT_POP;
3842                         goto action_of_vlan;
3843                 case RTE_FLOW_ACTION_TYPE_OF_PUSH_VLAN:
3844                         conf.of_push_vlan = actions->conf;
3845                         vlan_act = TCA_VLAN_ACT_PUSH;
3846                         goto action_of_vlan;
3847                 case RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_VID:
3848                         conf.of_set_vlan_vid = actions->conf;
3849                         if (na_vlan_id)
3850                                 goto override_na_vlan_id;
3851                         vlan_act = TCA_VLAN_ACT_MODIFY;
3852                         goto action_of_vlan;
3853                 case RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_PCP:
3854                         conf.of_set_vlan_pcp = actions->conf;
3855                         if (na_vlan_priority)
3856                                 goto override_na_vlan_priority;
3857                         vlan_act = TCA_VLAN_ACT_MODIFY;
3858                         goto action_of_vlan;
3859 action_of_vlan:
3860                         na_act_index =
3861                                 mnl_attr_nest_start(nlh, na_act_index_cur++);
3862                         assert(na_act_index);
3863                         mnl_attr_put_strz(nlh, TCA_ACT_KIND, "vlan");
3864                         na_act = mnl_attr_nest_start(nlh, TCA_ACT_OPTIONS);
3865                         assert(na_act);
3866                         mnl_attr_put(nlh, TCA_VLAN_PARMS,
3867                                      sizeof(struct tc_vlan),
3868                                      &(struct tc_vlan){
3869                                         .action = TC_ACT_PIPE,
3870                                         .v_action = vlan_act,
3871                                      });
3872                         if (vlan_act == TCA_VLAN_ACT_POP) {
3873                                 mnl_attr_nest_end(nlh, na_act);
3874                                 mnl_attr_nest_end(nlh, na_act_index);
3875                                 break;
3876                         }
3877                         if (vlan_act == TCA_VLAN_ACT_PUSH)
3878                                 mnl_attr_put_u16(nlh,
3879                                                  TCA_VLAN_PUSH_VLAN_PROTOCOL,
3880                                                  conf.of_push_vlan->ethertype);
3881                         na_vlan_id = mnl_nlmsg_get_payload_tail(nlh);
3882                         mnl_attr_put_u16(nlh, TCA_VLAN_PAD, 0);
3883                         na_vlan_priority = mnl_nlmsg_get_payload_tail(nlh);
3884                         mnl_attr_put_u8(nlh, TCA_VLAN_PAD, 0);
3885                         mnl_attr_nest_end(nlh, na_act);
3886                         mnl_attr_nest_end(nlh, na_act_index);
3887                         if (actions->type ==
3888                             RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_VID) {
3889 override_na_vlan_id:
3890                                 na_vlan_id->nla_type = TCA_VLAN_PUSH_VLAN_ID;
3891                                 *(uint16_t *)mnl_attr_get_payload(na_vlan_id) =
3892                                         rte_be_to_cpu_16
3893                                         (conf.of_set_vlan_vid->vlan_vid);
3894                         } else if (actions->type ==
3895                                    RTE_FLOW_ACTION_TYPE_OF_SET_VLAN_PCP) {
3896 override_na_vlan_priority:
3897                                 na_vlan_priority->nla_type =
3898                                         TCA_VLAN_PUSH_VLAN_PRIORITY;
3899                                 *(uint8_t *)mnl_attr_get_payload
3900                                         (na_vlan_priority) =
3901                                         conf.of_set_vlan_pcp->vlan_pcp;
3902                         }
3903                         break;
3904                 case RTE_FLOW_ACTION_TYPE_VXLAN_DECAP:
3905                         assert(decap.vxlan);
3906                         assert(dev_flow->tcf.tunnel);
3907                         dev_flow->tcf.tunnel->ifindex_ptr =
3908                                 (unsigned int *)&tcm->tcm_ifindex;
3909                         na_act_index =
3910                                 mnl_attr_nest_start(nlh, na_act_index_cur++);
3911                         assert(na_act_index);
3912                         mnl_attr_put_strz(nlh, TCA_ACT_KIND, "tunnel_key");
3913                         na_act = mnl_attr_nest_start(nlh, TCA_ACT_OPTIONS);
3914                         assert(na_act);
3915                         mnl_attr_put(nlh, TCA_TUNNEL_KEY_PARMS,
3916                                 sizeof(struct tc_tunnel_key),
3917                                 &(struct tc_tunnel_key){
3918                                         .action = TC_ACT_PIPE,
3919                                         .t_action = TCA_TUNNEL_KEY_ACT_RELEASE,
3920                                         });
3921                         mnl_attr_nest_end(nlh, na_act);
3922                         mnl_attr_nest_end(nlh, na_act_index);
3923                         assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3924                         break;
3925                 case RTE_FLOW_ACTION_TYPE_VXLAN_ENCAP:
3926                         assert(encap.vxlan);
3927                         flow_tcf_vxlan_encap_parse(actions, encap.vxlan);
3928                         na_act_index =
3929                                 mnl_attr_nest_start(nlh, na_act_index_cur++);
3930                         assert(na_act_index);
3931                         mnl_attr_put_strz(nlh, TCA_ACT_KIND, "tunnel_key");
3932                         na_act = mnl_attr_nest_start(nlh, TCA_ACT_OPTIONS);
3933                         assert(na_act);
3934                         mnl_attr_put(nlh, TCA_TUNNEL_KEY_PARMS,
3935                                 sizeof(struct tc_tunnel_key),
3936                                 &(struct tc_tunnel_key){
3937                                         .action = TC_ACT_PIPE,
3938                                         .t_action = TCA_TUNNEL_KEY_ACT_SET,
3939                                         });
3940                         if (encap.vxlan->mask & FLOW_TCF_ENCAP_UDP_DST)
3941                                 mnl_attr_put_u16(nlh,
3942                                          TCA_TUNNEL_KEY_ENC_DST_PORT,
3943                                          encap.vxlan->udp.dst);
3944                         if (encap.vxlan->mask & FLOW_TCF_ENCAP_IPV4_SRC)
3945                                 mnl_attr_put_u32(nlh,
3946                                          TCA_TUNNEL_KEY_ENC_IPV4_SRC,
3947                                          encap.vxlan->ipv4.src);
3948                         if (encap.vxlan->mask & FLOW_TCF_ENCAP_IPV4_DST)
3949                                 mnl_attr_put_u32(nlh,
3950                                          TCA_TUNNEL_KEY_ENC_IPV4_DST,
3951                                          encap.vxlan->ipv4.dst);
3952                         if (encap.vxlan->mask & FLOW_TCF_ENCAP_IPV6_SRC)
3953                                 mnl_attr_put(nlh,
3954                                          TCA_TUNNEL_KEY_ENC_IPV6_SRC,
3955                                          sizeof(encap.vxlan->ipv6.src),
3956                                          &encap.vxlan->ipv6.src);
3957                         if (encap.vxlan->mask & FLOW_TCF_ENCAP_IPV6_DST)
3958                                 mnl_attr_put(nlh,
3959                                          TCA_TUNNEL_KEY_ENC_IPV6_DST,
3960                                          sizeof(encap.vxlan->ipv6.dst),
3961                                          &encap.vxlan->ipv6.dst);
3962                         if (encap.vxlan->mask & FLOW_TCF_ENCAP_IP_TTL)
3963                                 mnl_attr_put_u8(nlh,
3964                                          TCA_TUNNEL_KEY_ENC_TTL,
3965                                          encap.vxlan->ip_ttl_hop);
3966                         if (encap.vxlan->mask & FLOW_TCF_ENCAP_IP_TOS)
3967                                 mnl_attr_put_u8(nlh,
3968                                          TCA_TUNNEL_KEY_ENC_TOS,
3969                                          encap.vxlan->ip_tos);
3970                         if (encap.vxlan->mask & FLOW_TCF_ENCAP_VXLAN_VNI)
3971                                 mnl_attr_put_u32(nlh,
3972                                          TCA_TUNNEL_KEY_ENC_KEY_ID,
3973                                          vxlan_vni_as_be32
3974                                                 (encap.vxlan->vxlan.vni));
3975                         mnl_attr_put_u8(nlh, TCA_TUNNEL_KEY_NO_CSUM, 0);
3976                         mnl_attr_nest_end(nlh, na_act);
3977                         mnl_attr_nest_end(nlh, na_act_index);
3978                         assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
3979                         break;
3980                 case RTE_FLOW_ACTION_TYPE_SET_IPV4_SRC:
3981                 case RTE_FLOW_ACTION_TYPE_SET_IPV4_DST:
3982                 case RTE_FLOW_ACTION_TYPE_SET_IPV6_SRC:
3983                 case RTE_FLOW_ACTION_TYPE_SET_IPV6_DST:
3984                 case RTE_FLOW_ACTION_TYPE_SET_TP_SRC:
3985                 case RTE_FLOW_ACTION_TYPE_SET_TP_DST:
3986                 case RTE_FLOW_ACTION_TYPE_SET_TTL:
3987                 case RTE_FLOW_ACTION_TYPE_DEC_TTL:
3988                 case RTE_FLOW_ACTION_TYPE_SET_MAC_SRC:
3989                 case RTE_FLOW_ACTION_TYPE_SET_MAC_DST:
3990                         na_act_index =
3991                                 mnl_attr_nest_start(nlh, na_act_index_cur++);
3992                         flow_tcf_create_pedit_mnl_msg(nlh,
3993                                                       &actions, item_flags);
3994                         mnl_attr_nest_end(nlh, na_act_index);
3995                         break;
3996                 default:
3997                         return rte_flow_error_set(error, ENOTSUP,
3998                                                   RTE_FLOW_ERROR_TYPE_ACTION,
3999                                                   actions,
4000                                                   "action not supported");
4001                 }
4002         }
4003         assert(na_flower);
4004         assert(na_flower_act);
4005         mnl_attr_nest_end(nlh, na_flower_act);
4006         dev_flow->tcf.ptc_flags = mnl_attr_get_payload
4007                                         (mnl_nlmsg_get_payload_tail(nlh));
4008         mnl_attr_put_u32(nlh, TCA_FLOWER_FLAGS, decap.vxlan ?
4009                                                 0 : TCA_CLS_FLAGS_SKIP_SW);
4010         mnl_attr_nest_end(nlh, na_flower);
4011         if (dev_flow->tcf.tunnel && dev_flow->tcf.tunnel->ifindex_ptr)
4012                 dev_flow->tcf.tunnel->ifindex_org =
4013                         *dev_flow->tcf.tunnel->ifindex_ptr;
4014         assert(dev_flow->tcf.nlsize >= nlh->nlmsg_len);
4015         return 0;
4016 }
4017
4018 /**
4019  * Send Netlink message with acknowledgment.
4020  *
4021  * @param tcf
4022  *   Flow context to use.
4023  * @param nlh
4024  *   Message to send. This function always raises the NLM_F_ACK flag before
4025  *   sending.
4026  * @param[in] cb
4027  *   Callback handler for received message.
4028  * @param[in] arg
4029  *   Context pointer for callback handler.
4030  *
4031  * @return
4032  *   0 on success, a negative errno value otherwise and rte_errno is set.
4033  */
4034 static int
4035 flow_tcf_nl_ack(struct mlx5_flow_tcf_context *tcf,
4036                 struct nlmsghdr *nlh,
4037                 mnl_cb_t cb, void *arg)
4038 {
4039         unsigned int portid = mnl_socket_get_portid(tcf->nl);
4040         uint32_t seq = tcf->seq++;
4041         int ret, err = 0;
4042
4043         assert(tcf->nl);
4044         assert(tcf->buf);
4045         if (!seq) {
4046                 /* seq 0 is reserved for kernel event-driven notifications. */
4047                 seq = tcf->seq++;
4048         }
4049         nlh->nlmsg_seq = seq;
4050         nlh->nlmsg_flags |= NLM_F_ACK;
4051         ret = mnl_socket_sendto(tcf->nl, nlh, nlh->nlmsg_len);
4052         if (ret <= 0) {
4053                 /* Message send error occurres. */
4054                 rte_errno = errno;
4055                 return -rte_errno;
4056         }
4057         nlh = (struct nlmsghdr *)(tcf->buf);
4058         /*
4059          * The following loop postpones non-fatal errors until multipart
4060          * messages are complete.
4061          */
4062         while (true) {
4063                 ret = mnl_socket_recvfrom(tcf->nl, tcf->buf, tcf->buf_size);
4064                 if (ret < 0) {
4065                         err = errno;
4066                         /*
4067                          * In case of overflow Will receive till
4068                          * end of multipart message. We may lost part
4069                          * of reply messages but mark and return an error.
4070                          */
4071                         if (err != ENOSPC ||
4072                             !(nlh->nlmsg_flags & NLM_F_MULTI) ||
4073                             nlh->nlmsg_type == NLMSG_DONE)
4074                                 break;
4075                 } else {
4076                         ret = mnl_cb_run(nlh, ret, seq, portid, cb, arg);
4077                         if (!ret) {
4078                                 /*
4079                                  * libmnl returns 0 if DONE or
4080                                  * success ACK message found.
4081                                  */
4082                                 break;
4083                         }
4084                         if (ret < 0) {
4085                                 /*
4086                                  * ACK message with error found
4087                                  * or some error occurred.
4088                                  */
4089                                 err = errno;
4090                                 break;
4091                         }
4092                         /* We should continue receiving. */
4093                 }
4094         }
4095         if (!err)
4096                 return 0;
4097         rte_errno = err;
4098         return -err;
4099 }
4100
4101 #define MNL_BUF_EXTRA_SPACE 16
4102 #define MNL_REQUEST_SIZE_MIN 256
4103 #define MNL_REQUEST_SIZE_MAX 2048
4104 #define MNL_REQUEST_SIZE RTE_MIN(RTE_MAX(sysconf(_SC_PAGESIZE), \
4105                                  MNL_REQUEST_SIZE_MIN), MNL_REQUEST_SIZE_MAX)
4106
4107 /* Data structures used by flow_tcf_xxx_cb() routines. */
4108 struct tcf_nlcb_buf {
4109         LIST_ENTRY(tcf_nlcb_buf) next;
4110         uint32_t size;
4111         alignas(struct nlmsghdr)
4112         uint8_t msg[]; /**< Netlink message data. */
4113 };
4114
4115 struct tcf_nlcb_context {
4116         unsigned int ifindex; /**< Base interface index. */
4117         uint32_t bufsize;
4118         LIST_HEAD(, tcf_nlcb_buf) nlbuf;
4119 };
4120
4121 /**
4122  * Allocate space for netlink command in buffer list
4123  *
4124  * @param[in, out] ctx
4125  *   Pointer to callback context with command buffers list.
4126  * @param[in] size
4127  *   Required size of data buffer to be allocated.
4128  *
4129  * @return
4130  *   Pointer to allocated memory, aligned as message header.
4131  *   NULL if some error occurred.
4132  */
4133 static struct nlmsghdr *
4134 flow_tcf_alloc_nlcmd(struct tcf_nlcb_context *ctx, uint32_t size)
4135 {
4136         struct tcf_nlcb_buf *buf;
4137         struct nlmsghdr *nlh;
4138
4139         size = NLMSG_ALIGN(size);
4140         buf = LIST_FIRST(&ctx->nlbuf);
4141         if (buf && (buf->size + size) <= ctx->bufsize) {
4142                 nlh = (struct nlmsghdr *)&buf->msg[buf->size];
4143                 buf->size += size;
4144                 return nlh;
4145         }
4146         if (size > ctx->bufsize) {
4147                 DRV_LOG(WARNING, "netlink: too long command buffer requested");
4148                 return NULL;
4149         }
4150         buf = rte_malloc(__func__,
4151                         ctx->bufsize + sizeof(struct tcf_nlcb_buf),
4152                         alignof(struct tcf_nlcb_buf));
4153         if (!buf) {
4154                 DRV_LOG(WARNING, "netlink: no memory for command buffer");
4155                 return NULL;
4156         }
4157         LIST_INSERT_HEAD(&ctx->nlbuf, buf, next);
4158         buf->size = size;
4159         nlh = (struct nlmsghdr *)&buf->msg[0];
4160         return nlh;
4161 }
4162
4163 /**
4164  * Send the buffers with prepared netlink commands. Scans the list and
4165  * sends all found buffers. Buffers are sent and freed anyway in order
4166  * to prevent memory leakage if some every message in received packet.
4167  *
4168  * @param[in] tcf
4169  *   Context object initialized by mlx5_flow_tcf_context_create().
4170  * @param[in, out] ctx
4171  *   Pointer to callback context with command buffers list.
4172  *
4173  * @return
4174  *   Zero value on success, negative errno value otherwise
4175  *   and rte_errno is set.
4176  */
4177 static int
4178 flow_tcf_send_nlcmd(struct mlx5_flow_tcf_context *tcf,
4179                     struct tcf_nlcb_context *ctx)
4180 {
4181         struct tcf_nlcb_buf *bc = LIST_FIRST(&ctx->nlbuf);
4182         int ret = 0;
4183
4184         while (bc) {
4185                 struct tcf_nlcb_buf *bn = LIST_NEXT(bc, next);
4186                 struct nlmsghdr *nlh;
4187                 uint32_t msg = 0;
4188                 int rc;
4189
4190                 while (msg < bc->size) {
4191                         /*
4192                          * Send Netlink commands from buffer in one by one
4193                          * fashion. If we send multiple rule deletion commands
4194                          * in one Netlink message and some error occurs it may
4195                          * cause multiple ACK error messages and break sequence
4196                          * numbers of Netlink communication, because we expect
4197                          * the only one ACK reply.
4198                          */
4199                         assert((bc->size - msg) >= sizeof(struct nlmsghdr));
4200                         nlh = (struct nlmsghdr *)&bc->msg[msg];
4201                         assert((bc->size - msg) >= nlh->nlmsg_len);
4202                         msg += nlh->nlmsg_len;
4203                         rc = flow_tcf_nl_ack(tcf, nlh, NULL, NULL);
4204                         if (rc) {
4205                                 DRV_LOG(WARNING,
4206                                         "netlink: cleanup error %d", rc);
4207                                 if (!ret)
4208                                         ret = rc;
4209                         }
4210                 }
4211                 rte_free(bc);
4212                 bc = bn;
4213         }
4214         LIST_INIT(&ctx->nlbuf);
4215         return ret;
4216 }
4217
4218 /**
4219  * Collect local IP address rules with scope link attribute  on specified
4220  * network device. This is callback routine called by libmnl mnl_cb_run()
4221  * in loop for every message in received packet.
4222  *
4223  * @param[in] nlh
4224  *   Pointer to reply header.
4225  * @param[in, out] arg
4226  *   Opaque data pointer for this callback.
4227  *
4228  * @return
4229  *   A positive, nonzero value on success, negative errno value otherwise
4230  *   and rte_errno is set.
4231  */
4232 static int
4233 flow_tcf_collect_local_cb(const struct nlmsghdr *nlh, void *arg)
4234 {
4235         struct tcf_nlcb_context *ctx = arg;
4236         struct nlmsghdr *cmd;
4237         struct ifaddrmsg *ifa;
4238         struct nlattr *na;
4239         struct nlattr *na_local = NULL;
4240         struct nlattr *na_peer = NULL;
4241         unsigned char family;
4242         uint32_t size;
4243
4244         if (nlh->nlmsg_type != RTM_NEWADDR) {
4245                 rte_errno = EINVAL;
4246                 return -rte_errno;
4247         }
4248         ifa = mnl_nlmsg_get_payload(nlh);
4249         family = ifa->ifa_family;
4250         if (ifa->ifa_index != ctx->ifindex ||
4251             ifa->ifa_scope != RT_SCOPE_LINK ||
4252             !(ifa->ifa_flags & IFA_F_PERMANENT) ||
4253             (family != AF_INET && family != AF_INET6))
4254                 return 1;
4255         mnl_attr_for_each(na, nlh, sizeof(*ifa)) {
4256                 switch (mnl_attr_get_type(na)) {
4257                 case IFA_LOCAL:
4258                         na_local = na;
4259                         break;
4260                 case IFA_ADDRESS:
4261                         na_peer = na;
4262                         break;
4263                 }
4264                 if (na_local && na_peer)
4265                         break;
4266         }
4267         if (!na_local || !na_peer)
4268                 return 1;
4269         /* Local rule found with scope link, permanent and assigned peer. */
4270         size = MNL_ALIGN(sizeof(struct nlmsghdr)) +
4271                MNL_ALIGN(sizeof(struct ifaddrmsg)) +
4272                (family == AF_INET6 ? 2 * SZ_NLATTR_DATA_OF(IPV6_ADDR_LEN)
4273                                    : 2 * SZ_NLATTR_TYPE_OF(uint32_t));
4274         cmd = flow_tcf_alloc_nlcmd(ctx, size);
4275         if (!cmd) {
4276                 rte_errno = ENOMEM;
4277                 return -rte_errno;
4278         }
4279         cmd = mnl_nlmsg_put_header(cmd);
4280         cmd->nlmsg_type = RTM_DELADDR;
4281         cmd->nlmsg_flags = NLM_F_REQUEST;
4282         ifa = mnl_nlmsg_put_extra_header(cmd, sizeof(*ifa));
4283         ifa->ifa_flags = IFA_F_PERMANENT;
4284         ifa->ifa_scope = RT_SCOPE_LINK;
4285         ifa->ifa_index = ctx->ifindex;
4286         if (family == AF_INET) {
4287                 ifa->ifa_family = AF_INET;
4288                 ifa->ifa_prefixlen = 32;
4289                 mnl_attr_put_u32(cmd, IFA_LOCAL, mnl_attr_get_u32(na_local));
4290                 mnl_attr_put_u32(cmd, IFA_ADDRESS, mnl_attr_get_u32(na_peer));
4291         } else {
4292                 ifa->ifa_family = AF_INET6;
4293                 ifa->ifa_prefixlen = 128;
4294                 mnl_attr_put(cmd, IFA_LOCAL, IPV6_ADDR_LEN,
4295                         mnl_attr_get_payload(na_local));
4296                 mnl_attr_put(cmd, IFA_ADDRESS, IPV6_ADDR_LEN,
4297                         mnl_attr_get_payload(na_peer));
4298         }
4299         assert(size == cmd->nlmsg_len);
4300         return 1;
4301 }
4302
4303 /**
4304  * Cleanup the local IP addresses on outer interface.
4305  *
4306  * @param[in] tcf
4307  *   Context object initialized by mlx5_flow_tcf_context_create().
4308  * @param[in] ifindex
4309  *   Network inferface index to perform cleanup.
4310  */
4311 static void
4312 flow_tcf_encap_local_cleanup(struct mlx5_flow_tcf_context *tcf,
4313                             unsigned int ifindex)
4314 {
4315         struct nlmsghdr *nlh;
4316         struct ifaddrmsg *ifa;
4317         struct tcf_nlcb_context ctx = {
4318                 .ifindex = ifindex,
4319                 .bufsize = MNL_REQUEST_SIZE,
4320                 .nlbuf = LIST_HEAD_INITIALIZER(),
4321         };
4322         int ret;
4323
4324         assert(ifindex);
4325         /*
4326          * Seek and destroy leftovers of local IP addresses with
4327          * matching properties "scope link".
4328          */
4329         nlh = mnl_nlmsg_put_header(tcf->buf);
4330         nlh->nlmsg_type = RTM_GETADDR;
4331         nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP;
4332         ifa = mnl_nlmsg_put_extra_header(nlh, sizeof(*ifa));
4333         ifa->ifa_family = AF_UNSPEC;
4334         ifa->ifa_index = ifindex;
4335         ifa->ifa_scope = RT_SCOPE_LINK;
4336         ret = flow_tcf_nl_ack(tcf, nlh, flow_tcf_collect_local_cb, &ctx);
4337         if (ret)
4338                 DRV_LOG(WARNING, "netlink: query device list error %d", ret);
4339         ret = flow_tcf_send_nlcmd(tcf, &ctx);
4340         if (ret)
4341                 DRV_LOG(WARNING, "netlink: device delete error %d", ret);
4342 }
4343
4344 /**
4345  * Collect neigh permament rules on specified network device.
4346  * This is callback routine called by libmnl mnl_cb_run() in loop for
4347  * every message in received packet.
4348  *
4349  * @param[in] nlh
4350  *   Pointer to reply header.
4351  * @param[in, out] arg
4352  *   Opaque data pointer for this callback.
4353  *
4354  * @return
4355  *   A positive, nonzero value on success, negative errno value otherwise
4356  *   and rte_errno is set.
4357  */
4358 static int
4359 flow_tcf_collect_neigh_cb(const struct nlmsghdr *nlh, void *arg)
4360 {
4361         struct tcf_nlcb_context *ctx = arg;
4362         struct nlmsghdr *cmd;
4363         struct ndmsg *ndm;
4364         struct nlattr *na;
4365         struct nlattr *na_ip = NULL;
4366         struct nlattr *na_mac = NULL;
4367         unsigned char family;
4368         uint32_t size;
4369
4370         if (nlh->nlmsg_type != RTM_NEWNEIGH) {
4371                 rte_errno = EINVAL;
4372                 return -rte_errno;
4373         }
4374         ndm = mnl_nlmsg_get_payload(nlh);
4375         family = ndm->ndm_family;
4376         if (ndm->ndm_ifindex != (int)ctx->ifindex ||
4377            !(ndm->ndm_state & NUD_PERMANENT) ||
4378            (family != AF_INET && family != AF_INET6))
4379                 return 1;
4380         mnl_attr_for_each(na, nlh, sizeof(*ndm)) {
4381                 switch (mnl_attr_get_type(na)) {
4382                 case NDA_DST:
4383                         na_ip = na;
4384                         break;
4385                 case NDA_LLADDR:
4386                         na_mac = na;
4387                         break;
4388                 }
4389                 if (na_mac && na_ip)
4390                         break;
4391         }
4392         if (!na_mac || !na_ip)
4393                 return 1;
4394         /* Neigh rule with permenent attribute found. */
4395         size = MNL_ALIGN(sizeof(struct nlmsghdr)) +
4396                MNL_ALIGN(sizeof(struct ndmsg)) +
4397                SZ_NLATTR_DATA_OF(ETHER_ADDR_LEN) +
4398                (family == AF_INET6 ? SZ_NLATTR_DATA_OF(IPV6_ADDR_LEN)
4399                                    : SZ_NLATTR_TYPE_OF(uint32_t));
4400         cmd = flow_tcf_alloc_nlcmd(ctx, size);
4401         if (!cmd) {
4402                 rte_errno = ENOMEM;
4403                 return -rte_errno;
4404         }
4405         cmd = mnl_nlmsg_put_header(cmd);
4406         cmd->nlmsg_type = RTM_DELNEIGH;
4407         cmd->nlmsg_flags = NLM_F_REQUEST;
4408         ndm = mnl_nlmsg_put_extra_header(cmd, sizeof(*ndm));
4409         ndm->ndm_ifindex = ctx->ifindex;
4410         ndm->ndm_state = NUD_PERMANENT;
4411         ndm->ndm_flags = 0;
4412         ndm->ndm_type = 0;
4413         if (family == AF_INET) {
4414                 ndm->ndm_family = AF_INET;
4415                 mnl_attr_put_u32(cmd, NDA_DST, mnl_attr_get_u32(na_ip));
4416         } else {
4417                 ndm->ndm_family = AF_INET6;
4418                 mnl_attr_put(cmd, NDA_DST, IPV6_ADDR_LEN,
4419                              mnl_attr_get_payload(na_ip));
4420         }
4421         mnl_attr_put(cmd, NDA_LLADDR, ETHER_ADDR_LEN,
4422                      mnl_attr_get_payload(na_mac));
4423         assert(size == cmd->nlmsg_len);
4424         return 1;
4425 }
4426
4427 /**
4428  * Cleanup the neigh rules on outer interface.
4429  *
4430  * @param[in] tcf
4431  *   Context object initialized by mlx5_flow_tcf_context_create().
4432  * @param[in] ifindex
4433  *   Network inferface index to perform cleanup.
4434  */
4435 static void
4436 flow_tcf_encap_neigh_cleanup(struct mlx5_flow_tcf_context *tcf,
4437                             unsigned int ifindex)
4438 {
4439         struct nlmsghdr *nlh;
4440         struct ndmsg *ndm;
4441         struct tcf_nlcb_context ctx = {
4442                 .ifindex = ifindex,
4443                 .bufsize = MNL_REQUEST_SIZE,
4444                 .nlbuf = LIST_HEAD_INITIALIZER(),
4445         };
4446         int ret;
4447
4448         assert(ifindex);
4449         /* Seek and destroy leftovers of neigh rules. */
4450         nlh = mnl_nlmsg_put_header(tcf->buf);
4451         nlh->nlmsg_type = RTM_GETNEIGH;
4452         nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP;
4453         ndm = mnl_nlmsg_put_extra_header(nlh, sizeof(*ndm));
4454         ndm->ndm_family = AF_UNSPEC;
4455         ndm->ndm_ifindex = ifindex;
4456         ndm->ndm_state = NUD_PERMANENT;
4457         ret = flow_tcf_nl_ack(tcf, nlh, flow_tcf_collect_neigh_cb, &ctx);
4458         if (ret)
4459                 DRV_LOG(WARNING, "netlink: query device list error %d", ret);
4460         ret = flow_tcf_send_nlcmd(tcf, &ctx);
4461         if (ret)
4462                 DRV_LOG(WARNING, "netlink: device delete error %d", ret);
4463 }
4464
4465 /**
4466  * Collect indices of VXLAN encap/decap interfaces associated with device.
4467  * This is callback routine called by libmnl mnl_cb_run() in loop for
4468  * every message in received packet.
4469  *
4470  * @param[in] nlh
4471  *   Pointer to reply header.
4472  * @param[in, out] arg
4473  *   Opaque data pointer for this callback.
4474  *
4475  * @return
4476  *   A positive, nonzero value on success, negative errno value otherwise
4477  *   and rte_errno is set.
4478  */
4479 static int
4480 flow_tcf_collect_vxlan_cb(const struct nlmsghdr *nlh, void *arg)
4481 {
4482         struct tcf_nlcb_context *ctx = arg;
4483         struct nlmsghdr *cmd;
4484         struct ifinfomsg *ifm;
4485         struct nlattr *na;
4486         struct nlattr *na_info = NULL;
4487         struct nlattr *na_vxlan = NULL;
4488         bool found = false;
4489         unsigned int vxindex;
4490         uint32_t size;
4491
4492         if (nlh->nlmsg_type != RTM_NEWLINK) {
4493                 rte_errno = EINVAL;
4494                 return -rte_errno;
4495         }
4496         ifm = mnl_nlmsg_get_payload(nlh);
4497         if (!ifm->ifi_index) {
4498                 rte_errno = EINVAL;
4499                 return -rte_errno;
4500         }
4501         mnl_attr_for_each(na, nlh, sizeof(*ifm))
4502                 if (mnl_attr_get_type(na) == IFLA_LINKINFO) {
4503                         na_info = na;
4504                         break;
4505                 }
4506         if (!na_info)
4507                 return 1;
4508         mnl_attr_for_each_nested(na, na_info) {
4509                 switch (mnl_attr_get_type(na)) {
4510                 case IFLA_INFO_KIND:
4511                         if (!strncmp("vxlan", mnl_attr_get_str(na),
4512                                      mnl_attr_get_len(na)))
4513                                 found = true;
4514                         break;
4515                 case IFLA_INFO_DATA:
4516                         na_vxlan = na;
4517                         break;
4518                 }
4519                 if (found && na_vxlan)
4520                         break;
4521         }
4522         if (!found || !na_vxlan)
4523                 return 1;
4524         found = false;
4525         mnl_attr_for_each_nested(na, na_vxlan) {
4526                 if (mnl_attr_get_type(na) == IFLA_VXLAN_LINK &&
4527                     mnl_attr_get_u32(na) == ctx->ifindex) {
4528                         found = true;
4529                         break;
4530                 }
4531         }
4532         if (!found)
4533                 return 1;
4534         /* Attached VXLAN device found, store the command to delete. */
4535         vxindex = ifm->ifi_index;
4536         size = MNL_ALIGN(sizeof(struct nlmsghdr)) +
4537                MNL_ALIGN(sizeof(struct ifinfomsg));
4538         cmd = flow_tcf_alloc_nlcmd(ctx, size);
4539         if (!cmd) {
4540                 rte_errno = ENOMEM;
4541                 return -rte_errno;
4542         }
4543         cmd = mnl_nlmsg_put_header(cmd);
4544         cmd->nlmsg_type = RTM_DELLINK;
4545         cmd->nlmsg_flags = NLM_F_REQUEST;
4546         ifm = mnl_nlmsg_put_extra_header(cmd, sizeof(*ifm));
4547         ifm->ifi_family = AF_UNSPEC;
4548         ifm->ifi_index = vxindex;
4549         assert(size == cmd->nlmsg_len);
4550         return 1;
4551 }
4552
4553 /**
4554  * Cleanup the outer interface. Removes all found vxlan devices
4555  * attached to specified index, flushes the neigh and local IP
4556  * database.
4557  *
4558  * @param[in] tcf
4559  *   Context object initialized by mlx5_flow_tcf_context_create().
4560  * @param[in] ifindex
4561  *   Network inferface index to perform cleanup.
4562  */
4563 static void
4564 flow_tcf_encap_iface_cleanup(struct mlx5_flow_tcf_context *tcf,
4565                             unsigned int ifindex)
4566 {
4567         struct nlmsghdr *nlh;
4568         struct ifinfomsg *ifm;
4569         struct tcf_nlcb_context ctx = {
4570                 .ifindex = ifindex,
4571                 .bufsize = MNL_REQUEST_SIZE,
4572                 .nlbuf = LIST_HEAD_INITIALIZER(),
4573         };
4574         int ret;
4575
4576         assert(ifindex);
4577         /*
4578          * Seek and destroy leftover VXLAN encap/decap interfaces with
4579          * matching properties.
4580          */
4581         nlh = mnl_nlmsg_put_header(tcf->buf);
4582         nlh->nlmsg_type = RTM_GETLINK;
4583         nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_DUMP;
4584         ifm = mnl_nlmsg_put_extra_header(nlh, sizeof(*ifm));
4585         ifm->ifi_family = AF_UNSPEC;
4586         ret = flow_tcf_nl_ack(tcf, nlh, flow_tcf_collect_vxlan_cb, &ctx);
4587         if (ret)
4588                 DRV_LOG(WARNING, "netlink: query device list error %d", ret);
4589         ret = flow_tcf_send_nlcmd(tcf, &ctx);
4590         if (ret)
4591                 DRV_LOG(WARNING, "netlink: device delete error %d", ret);
4592 }
4593
4594 /**
4595  * Emit Netlink message to add/remove local address to the outer device.
4596  * The address being added is visible within the link only (scope link).
4597  *
4598  * Note that an implicit route is maintained by the kernel due to the
4599  * presence of a peer address (IFA_ADDRESS).
4600  *
4601  * These rules are used for encapsultion only and allow to assign
4602  * the outer tunnel source IP address.
4603  *
4604  * @param[in] tcf
4605  *   Libmnl socket context object.
4606  * @param[in] encap
4607  *   Encapsulation properties (source address and its peer).
4608  * @param[in] ifindex
4609  *   Network interface to apply rule.
4610  * @param[in] enable
4611  *   Toggle between add and remove.
4612  * @param[out] error
4613  *   Perform verbose error reporting if not NULL.
4614  *
4615  * @return
4616  *   0 on success, a negative errno value otherwise and rte_errno is set.
4617  */
4618 static int
4619 flow_tcf_rule_local(struct mlx5_flow_tcf_context *tcf,
4620                     const struct flow_tcf_vxlan_encap *encap,
4621                     unsigned int ifindex,
4622                     bool enable,
4623                     struct rte_flow_error *error)
4624 {
4625         struct nlmsghdr *nlh;
4626         struct ifaddrmsg *ifa;
4627         alignas(struct nlmsghdr)
4628         uint8_t buf[mnl_nlmsg_size(sizeof(*ifa) + 128)];
4629
4630         nlh = mnl_nlmsg_put_header(buf);
4631         nlh->nlmsg_type = enable ? RTM_NEWADDR : RTM_DELADDR;
4632         nlh->nlmsg_flags =
4633                 NLM_F_REQUEST | (enable ? NLM_F_CREATE | NLM_F_REPLACE : 0);
4634         nlh->nlmsg_seq = 0;
4635         ifa = mnl_nlmsg_put_extra_header(nlh, sizeof(*ifa));
4636         ifa->ifa_flags = IFA_F_PERMANENT;
4637         ifa->ifa_scope = RT_SCOPE_LINK;
4638         ifa->ifa_index = ifindex;
4639         if (encap->mask & FLOW_TCF_ENCAP_IPV4_SRC) {
4640                 ifa->ifa_family = AF_INET;
4641                 ifa->ifa_prefixlen = 32;
4642                 mnl_attr_put_u32(nlh, IFA_LOCAL, encap->ipv4.src);
4643                 if (encap->mask & FLOW_TCF_ENCAP_IPV4_DST)
4644                         mnl_attr_put_u32(nlh, IFA_ADDRESS,
4645                                               encap->ipv4.dst);
4646         } else {
4647                 assert(encap->mask & FLOW_TCF_ENCAP_IPV6_SRC);
4648                 ifa->ifa_family = AF_INET6;
4649                 ifa->ifa_prefixlen = 128;
4650                 mnl_attr_put(nlh, IFA_LOCAL,
4651                                   sizeof(encap->ipv6.src),
4652                                   &encap->ipv6.src);
4653                 if (encap->mask & FLOW_TCF_ENCAP_IPV6_DST)
4654                         mnl_attr_put(nlh, IFA_ADDRESS,
4655                                           sizeof(encap->ipv6.dst),
4656                                           &encap->ipv6.dst);
4657         }
4658         if (!flow_tcf_nl_ack(tcf, nlh, NULL, NULL))
4659                 return 0;
4660         return rte_flow_error_set(error, rte_errno,
4661                                   RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
4662                                   "netlink: cannot complete IFA request"
4663                                   " (ip addr add)");
4664 }
4665
4666 /**
4667  * Emit Netlink message to add/remove neighbor.
4668  *
4669  * @param[in] tcf
4670  *   Libmnl socket context object.
4671  * @param[in] encap
4672  *   Encapsulation properties (destination address).
4673  * @param[in] ifindex
4674  *   Network interface.
4675  * @param[in] enable
4676  *   Toggle between add and remove.
4677  * @param[out] error
4678  *   Perform verbose error reporting if not NULL.
4679  *
4680  * @return
4681  *   0 on success, a negative errno value otherwise and rte_errno is set.
4682  */
4683 static int
4684 flow_tcf_rule_neigh(struct mlx5_flow_tcf_context *tcf,
4685                      const struct flow_tcf_vxlan_encap *encap,
4686                      unsigned int ifindex,
4687                      bool enable,
4688                      struct rte_flow_error *error)
4689 {
4690         struct nlmsghdr *nlh;
4691         struct ndmsg *ndm;
4692         alignas(struct nlmsghdr)
4693         uint8_t buf[mnl_nlmsg_size(sizeof(*ndm) + 128)];
4694
4695         nlh = mnl_nlmsg_put_header(buf);
4696         nlh->nlmsg_type = enable ? RTM_NEWNEIGH : RTM_DELNEIGH;
4697         nlh->nlmsg_flags =
4698                 NLM_F_REQUEST | (enable ? NLM_F_CREATE | NLM_F_REPLACE : 0);
4699         nlh->nlmsg_seq = 0;
4700         ndm = mnl_nlmsg_put_extra_header(nlh, sizeof(*ndm));
4701         ndm->ndm_ifindex = ifindex;
4702         ndm->ndm_state = NUD_PERMANENT;
4703         ndm->ndm_flags = 0;
4704         ndm->ndm_type = 0;
4705         if (encap->mask & FLOW_TCF_ENCAP_IPV4_DST) {
4706                 ndm->ndm_family = AF_INET;
4707                 mnl_attr_put_u32(nlh, NDA_DST, encap->ipv4.dst);
4708         } else {
4709                 assert(encap->mask & FLOW_TCF_ENCAP_IPV6_DST);
4710                 ndm->ndm_family = AF_INET6;
4711                 mnl_attr_put(nlh, NDA_DST, sizeof(encap->ipv6.dst),
4712                                                  &encap->ipv6.dst);
4713         }
4714         if (encap->mask & FLOW_TCF_ENCAP_ETH_SRC && enable)
4715                 DRV_LOG(WARNING,
4716                         "outer ethernet source address cannot be "
4717                         "forced for VXLAN encapsulation");
4718         if (encap->mask & FLOW_TCF_ENCAP_ETH_DST)
4719                 mnl_attr_put(nlh, NDA_LLADDR, sizeof(encap->eth.dst),
4720                                                     &encap->eth.dst);
4721         if (!flow_tcf_nl_ack(tcf, nlh, NULL, NULL))
4722                 return 0;
4723         return rte_flow_error_set(error, rte_errno,
4724                                   RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
4725                                   "netlink: cannot complete ND request"
4726                                   " (ip neigh)");
4727 }
4728
4729 /**
4730  * Manage the local IP addresses and their peers IP addresses on the
4731  * outer interface for encapsulation purposes. The kernel searches the
4732  * appropriate device for tunnel egress traffic using the outer source
4733  * IP, this IP should be assigned to the outer network device, otherwise
4734  * kernel rejects the rule.
4735  *
4736  * Adds or removes the addresses using the Netlink command like this:
4737  *   ip addr add <src_ip> peer <dst_ip> scope link dev <ifouter>
4738  *
4739  * The addresses are local to the netdev ("scope link"), this reduces
4740  * the risk of conflicts. Note that an implicit route is maintained by
4741  * the kernel due to the presence of a peer address (IFA_ADDRESS).
4742  *
4743  * @param[in] tcf
4744  *   Libmnl socket context object.
4745  * @param[in] iface
4746  *   Object, contains rule database and ifouter index.
4747  * @param[in] dev_flow
4748  *   Flow object, contains the tunnel parameters (for encap only).
4749  * @param[in] enable
4750  *   Toggle between add and remove.
4751  * @param[out] error
4752  *   Perform verbose error reporting if not NULL.
4753  *
4754  * @return
4755  *   0 on success, a negative errno value otherwise and rte_errno is set.
4756  */
4757 static int
4758 flow_tcf_encap_local(struct mlx5_flow_tcf_context *tcf,
4759                      struct tcf_irule *iface,
4760                      struct mlx5_flow *dev_flow,
4761                      bool enable,
4762                      struct rte_flow_error *error)
4763 {
4764         const struct flow_tcf_vxlan_encap *encap = dev_flow->tcf.vxlan_encap;
4765         struct tcf_local_rule *rule = NULL;
4766         int ret;
4767
4768         assert(encap);
4769         assert(encap->hdr.type == FLOW_TCF_TUNACT_VXLAN_ENCAP);
4770         if (encap->mask & FLOW_TCF_ENCAP_IPV4_SRC) {
4771                 assert(encap->mask & FLOW_TCF_ENCAP_IPV4_DST);
4772                 LIST_FOREACH(rule, &iface->local, next) {
4773                         if (rule->mask & FLOW_TCF_ENCAP_IPV4_SRC &&
4774                             encap->ipv4.src == rule->ipv4.src &&
4775                             encap->ipv4.dst == rule->ipv4.dst) {
4776                                 break;
4777                         }
4778                 }
4779         } else {
4780                 assert(encap->mask & FLOW_TCF_ENCAP_IPV6_SRC);
4781                 assert(encap->mask & FLOW_TCF_ENCAP_IPV6_DST);
4782                 LIST_FOREACH(rule, &iface->local, next) {
4783                         if (rule->mask & FLOW_TCF_ENCAP_IPV6_SRC &&
4784                             !memcmp(&encap->ipv6.src, &rule->ipv6.src,
4785                                             sizeof(encap->ipv6.src)) &&
4786                             !memcmp(&encap->ipv6.dst, &rule->ipv6.dst,
4787                                             sizeof(encap->ipv6.dst))) {
4788                                 break;
4789                         }
4790                 }
4791         }
4792         if (rule) {
4793                 if (enable) {
4794                         rule->refcnt++;
4795                         return 0;
4796                 }
4797                 if (!rule->refcnt || !--rule->refcnt) {
4798                         LIST_REMOVE(rule, next);
4799                         return flow_tcf_rule_local(tcf, encap,
4800                                         iface->ifouter, false, error);
4801                 }
4802                 return 0;
4803         }
4804         if (!enable) {
4805                 DRV_LOG(WARNING, "disabling not existing local rule");
4806                 rte_flow_error_set(error, ENOENT,
4807                                    RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
4808                                    "disabling not existing local rule");
4809                 return -ENOENT;
4810         }
4811         rule = rte_zmalloc(__func__, sizeof(struct tcf_local_rule),
4812                                 alignof(struct tcf_local_rule));
4813         if (!rule) {
4814                 rte_flow_error_set(error, ENOMEM,
4815                                    RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
4816                                    "unable to allocate memory for local rule");
4817                 return -rte_errno;
4818         }
4819         *rule = (struct tcf_local_rule){.refcnt = 0,
4820                                         .mask = 0,
4821                                         };
4822         if (encap->mask & FLOW_TCF_ENCAP_IPV4_SRC) {
4823                 rule->mask = FLOW_TCF_ENCAP_IPV4_SRC
4824                            | FLOW_TCF_ENCAP_IPV4_DST;
4825                 rule->ipv4.src = encap->ipv4.src;
4826                 rule->ipv4.dst = encap->ipv4.dst;
4827         } else {
4828                 rule->mask = FLOW_TCF_ENCAP_IPV6_SRC
4829                            | FLOW_TCF_ENCAP_IPV6_DST;
4830                 memcpy(&rule->ipv6.src, &encap->ipv6.src, IPV6_ADDR_LEN);
4831                 memcpy(&rule->ipv6.dst, &encap->ipv6.dst, IPV6_ADDR_LEN);
4832         }
4833         ret = flow_tcf_rule_local(tcf, encap, iface->ifouter, true, error);
4834         if (ret) {
4835                 rte_free(rule);
4836                 return ret;
4837         }
4838         rule->refcnt++;
4839         LIST_INSERT_HEAD(&iface->local, rule, next);
4840         return 0;
4841 }
4842
4843 /**
4844  * Manage the destination MAC/IP addresses neigh database, kernel uses
4845  * this one to determine the destination MAC address within encapsulation
4846  * header. Adds or removes the entries using the Netlink command like this:
4847  *   ip neigh add dev <ifouter> lladdr <dst_mac> to <dst_ip> nud permanent
4848  *
4849  * @param[in] tcf
4850  *   Libmnl socket context object.
4851  * @param[in] iface
4852  *   Object, contains rule database and ifouter index.
4853  * @param[in] dev_flow
4854  *   Flow object, contains the tunnel parameters (for encap only).
4855  * @param[in] enable
4856  *   Toggle between add and remove.
4857  * @param[out] error
4858  *   Perform verbose error reporting if not NULL.
4859  *
4860  * @return
4861  *   0 on success, a negative errno value otherwise and rte_errno is set.
4862  */
4863 static int
4864 flow_tcf_encap_neigh(struct mlx5_flow_tcf_context *tcf,
4865                      struct tcf_irule *iface,
4866                      struct mlx5_flow *dev_flow,
4867                      bool enable,
4868                      struct rte_flow_error *error)
4869 {
4870         const struct flow_tcf_vxlan_encap *encap = dev_flow->tcf.vxlan_encap;
4871         struct tcf_neigh_rule *rule = NULL;
4872         int ret;
4873
4874         assert(encap);
4875         assert(encap->hdr.type == FLOW_TCF_TUNACT_VXLAN_ENCAP);
4876         if (encap->mask & FLOW_TCF_ENCAP_IPV4_DST) {
4877                 assert(encap->mask & FLOW_TCF_ENCAP_IPV4_SRC);
4878                 LIST_FOREACH(rule, &iface->neigh, next) {
4879                         if (rule->mask & FLOW_TCF_ENCAP_IPV4_DST &&
4880                             encap->ipv4.dst == rule->ipv4.dst) {
4881                                 break;
4882                         }
4883                 }
4884         } else {
4885                 assert(encap->mask & FLOW_TCF_ENCAP_IPV6_SRC);
4886                 assert(encap->mask & FLOW_TCF_ENCAP_IPV6_DST);
4887                 LIST_FOREACH(rule, &iface->neigh, next) {
4888                         if (rule->mask & FLOW_TCF_ENCAP_IPV6_DST &&
4889                             !memcmp(&encap->ipv6.dst, &rule->ipv6.dst,
4890                                                 sizeof(encap->ipv6.dst))) {
4891                                 break;
4892                         }
4893                 }
4894         }
4895         if (rule) {
4896                 if (memcmp(&encap->eth.dst, &rule->eth,
4897                            sizeof(encap->eth.dst))) {
4898                         DRV_LOG(WARNING, "Destination MAC differs"
4899                                          " in neigh rule");
4900                         rte_flow_error_set(error, EEXIST,
4901                                            RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
4902                                            NULL, "Different MAC address"
4903                                            " neigh rule for the same"
4904                                            " destination IP");
4905                                         return -EEXIST;
4906                 }
4907                 if (enable) {
4908                         rule->refcnt++;
4909                         return 0;
4910                 }
4911                 if (!rule->refcnt || !--rule->refcnt) {
4912                         LIST_REMOVE(rule, next);
4913                         return flow_tcf_rule_neigh(tcf, encap,
4914                                                    iface->ifouter,
4915                                                    false, error);
4916                 }
4917                 return 0;
4918         }
4919         if (!enable) {
4920                 DRV_LOG(WARNING, "Disabling not existing neigh rule");
4921                 rte_flow_error_set(error, ENOENT,
4922                                    RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
4923                                    "unable to allocate memory for neigh rule");
4924                 return -ENOENT;
4925         }
4926         rule = rte_zmalloc(__func__, sizeof(struct tcf_neigh_rule),
4927                                 alignof(struct tcf_neigh_rule));
4928         if (!rule) {
4929                 rte_flow_error_set(error, ENOMEM,
4930                                    RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
4931                                    "unable to allocate memory for neigh rule");
4932                 return -rte_errno;
4933         }
4934         *rule = (struct tcf_neigh_rule){.refcnt = 0,
4935                                         .mask = 0,
4936                                         };
4937         if (encap->mask & FLOW_TCF_ENCAP_IPV4_DST) {
4938                 rule->mask = FLOW_TCF_ENCAP_IPV4_DST;
4939                 rule->ipv4.dst = encap->ipv4.dst;
4940         } else {
4941                 rule->mask = FLOW_TCF_ENCAP_IPV6_DST;
4942                 memcpy(&rule->ipv6.dst, &encap->ipv6.dst, IPV6_ADDR_LEN);
4943         }
4944         memcpy(&rule->eth, &encap->eth.dst, sizeof(rule->eth));
4945         ret = flow_tcf_rule_neigh(tcf, encap, iface->ifouter, true, error);
4946         if (ret) {
4947                 rte_free(rule);
4948                 return ret;
4949         }
4950         rule->refcnt++;
4951         LIST_INSERT_HEAD(&iface->neigh, rule, next);
4952         return 0;
4953 }
4954
4955 /* VXLAN encap rule database for outer interfaces. */
4956 static  LIST_HEAD(, tcf_irule) iface_list_vxlan = LIST_HEAD_INITIALIZER();
4957
4958 /* VTEP device list is shared between PMD port instances. */
4959 static LIST_HEAD(, tcf_vtep) vtep_list_vxlan = LIST_HEAD_INITIALIZER();
4960 static pthread_mutex_t vtep_list_mutex = PTHREAD_MUTEX_INITIALIZER;
4961
4962 /**
4963  * Acquire the VXLAN encap rules container for specified interface.
4964  * First looks for the container in the existing ones list, creates
4965  * and initializes the new container if existing not found.
4966  *
4967  * @param[in] tcf
4968  *   Context object initialized by mlx5_flow_tcf_context_create().
4969  * @param[in] ifouter
4970  *   Network interface index to create VXLAN encap rules on.
4971  * @param[out] error
4972  *   Perform verbose error reporting if not NULL.
4973  * @return
4974  *   Rule container pointer on success,
4975  *   NULL otherwise and rte_errno is set.
4976  */
4977 static struct tcf_irule*
4978 flow_tcf_encap_irule_acquire(struct mlx5_flow_tcf_context *tcf,
4979                              unsigned int ifouter,
4980                              struct rte_flow_error *error)
4981 {
4982         struct tcf_irule *iface;
4983
4984         /* Look whether the container for encap rules is created. */
4985         assert(ifouter);
4986         LIST_FOREACH(iface, &iface_list_vxlan, next) {
4987                 if (iface->ifouter == ifouter)
4988                         break;
4989         }
4990         if (iface) {
4991                 /* Container already exists, just increment the reference. */
4992                 iface->refcnt++;
4993                 return iface;
4994         }
4995         /* Not found, we should create the new container. */
4996         iface = rte_zmalloc(__func__, sizeof(*iface),
4997                             alignof(struct tcf_irule));
4998         if (!iface) {
4999                 rte_flow_error_set(error, ENOMEM,
5000                                    RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
5001                                    "unable to allocate memory for container");
5002                 return NULL;
5003         }
5004         *iface = (struct tcf_irule){
5005                         .local = LIST_HEAD_INITIALIZER(),
5006                         .neigh = LIST_HEAD_INITIALIZER(),
5007                         .ifouter = ifouter,
5008                         .refcnt = 1,
5009         };
5010         /* Interface cleanup for new container created. */
5011         flow_tcf_encap_iface_cleanup(tcf, ifouter);
5012         flow_tcf_encap_local_cleanup(tcf, ifouter);
5013         flow_tcf_encap_neigh_cleanup(tcf, ifouter);
5014         LIST_INSERT_HEAD(&iface_list_vxlan, iface, next);
5015         return iface;
5016 }
5017
5018 /**
5019  * Releases VXLAN encap rules container by pointer. Decrements the
5020  * reference cointer and deletes the container if counter is zero.
5021  *
5022  * @param[in] irule
5023  *   VXLAN rule container pointer to release.
5024  */
5025 static void
5026 flow_tcf_encap_irule_release(struct tcf_irule *iface)
5027 {
5028         assert(iface->refcnt);
5029         if (--iface->refcnt == 0) {
5030                 /* Reference counter is zero, delete the container. */
5031                 assert(LIST_EMPTY(&iface->local));
5032                 assert(LIST_EMPTY(&iface->neigh));
5033                 LIST_REMOVE(iface, next);
5034                 rte_free(iface);
5035         }
5036 }
5037
5038 /**
5039  * Deletes VTEP network device.
5040  *
5041  * @param[in] tcf
5042  *   Context object initialized by mlx5_flow_tcf_context_create().
5043  * @param[in] vtep
5044  *   Object represinting the network device to delete. Memory
5045  *   allocated for this object is freed by routine.
5046  */
5047 static void
5048 flow_tcf_vtep_delete(struct mlx5_flow_tcf_context *tcf,
5049                      struct tcf_vtep *vtep)
5050 {
5051         struct nlmsghdr *nlh;
5052         struct ifinfomsg *ifm;
5053         alignas(struct nlmsghdr)
5054         uint8_t buf[mnl_nlmsg_size(MNL_ALIGN(sizeof(*ifm))) +
5055                     MNL_BUF_EXTRA_SPACE];
5056         int ret;
5057
5058         assert(!vtep->refcnt);
5059         /* Delete only ifaces those we actually created. */
5060         if (vtep->created && vtep->ifindex) {
5061                 DRV_LOG(INFO, "VTEP delete (%d)", vtep->ifindex);
5062                 nlh = mnl_nlmsg_put_header(buf);
5063                 nlh->nlmsg_type = RTM_DELLINK;
5064                 nlh->nlmsg_flags = NLM_F_REQUEST;
5065                 ifm = mnl_nlmsg_put_extra_header(nlh, sizeof(*ifm));
5066                 ifm->ifi_family = AF_UNSPEC;
5067                 ifm->ifi_index = vtep->ifindex;
5068                 assert(sizeof(buf) >= nlh->nlmsg_len);
5069                 ret = flow_tcf_nl_ack(tcf, nlh, NULL, NULL);
5070                 if (ret)
5071                         DRV_LOG(WARNING, "netlink: error deleting vxlan"
5072                                          " encap/decap ifindex %u",
5073                                          ifm->ifi_index);
5074         }
5075         rte_free(vtep);
5076 }
5077
5078 /**
5079  * Creates VTEP network device.
5080  *
5081  * @param[in] tcf
5082  *   Context object initialized by mlx5_flow_tcf_context_create().
5083  * @param[in] port
5084  *   UDP port of created VTEP device.
5085  * @param[out] error
5086  *   Perform verbose error reporting if not NULL.
5087  *
5088  * @return
5089  * Pointer to created device structure on success,
5090  * NULL otherwise and rte_errno is set.
5091  */
5092 static struct tcf_vtep*
5093 flow_tcf_vtep_create(struct mlx5_flow_tcf_context *tcf,
5094                      uint16_t port, struct rte_flow_error *error)
5095 {
5096         struct tcf_vtep *vtep;
5097         struct nlmsghdr *nlh;
5098         struct ifinfomsg *ifm;
5099         char name[sizeof(MLX5_VXLAN_DEVICE_PFX) + 24];
5100         alignas(struct nlmsghdr)
5101         uint8_t buf[mnl_nlmsg_size(sizeof(*ifm)) +
5102                     SZ_NLATTR_DATA_OF(sizeof(name)) +
5103                     SZ_NLATTR_NEST * 2 +
5104                     SZ_NLATTR_STRZ_OF("vxlan") +
5105                     SZ_NLATTR_DATA_OF(sizeof(uint32_t)) +
5106                     SZ_NLATTR_DATA_OF(sizeof(uint16_t)) +
5107                     SZ_NLATTR_DATA_OF(sizeof(uint8_t)) * 3 +
5108                     MNL_BUF_EXTRA_SPACE];
5109         struct nlattr *na_info;
5110         struct nlattr *na_vxlan;
5111         rte_be16_t vxlan_port = rte_cpu_to_be_16(port);
5112         int ret;
5113
5114         vtep = rte_zmalloc(__func__, sizeof(*vtep), alignof(struct tcf_vtep));
5115         if (!vtep) {
5116                 rte_flow_error_set(error, ENOMEM,
5117                                    RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
5118                                    "unable to allocate memory for VTEP");
5119                 return NULL;
5120         }
5121         *vtep = (struct tcf_vtep){
5122                         .port = port,
5123         };
5124         memset(buf, 0, sizeof(buf));
5125         nlh = mnl_nlmsg_put_header(buf);
5126         nlh->nlmsg_type = RTM_NEWLINK;
5127         nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE  | NLM_F_EXCL;
5128         ifm = mnl_nlmsg_put_extra_header(nlh, sizeof(*ifm));
5129         ifm->ifi_family = AF_UNSPEC;
5130         ifm->ifi_type = 0;
5131         ifm->ifi_index = 0;
5132         ifm->ifi_flags = IFF_UP;
5133         ifm->ifi_change = 0xffffffff;
5134         snprintf(name, sizeof(name), "%s%u", MLX5_VXLAN_DEVICE_PFX, port);
5135         mnl_attr_put_strz(nlh, IFLA_IFNAME, name);
5136         na_info = mnl_attr_nest_start(nlh, IFLA_LINKINFO);
5137         assert(na_info);
5138         mnl_attr_put_strz(nlh, IFLA_INFO_KIND, "vxlan");
5139         na_vxlan = mnl_attr_nest_start(nlh, IFLA_INFO_DATA);
5140         assert(na_vxlan);
5141 #ifdef HAVE_IFLA_VXLAN_COLLECT_METADATA
5142         /*
5143          * RH 7.2 does not support metadata for tunnel device.
5144          * It does not matter because we are going to use the
5145          * hardware offload by mlx5 driver.
5146          */
5147         mnl_attr_put_u8(nlh, IFLA_VXLAN_COLLECT_METADATA, 1);
5148 #endif
5149         mnl_attr_put_u8(nlh, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, 1);
5150         mnl_attr_put_u8(nlh, IFLA_VXLAN_LEARNING, 0);
5151         mnl_attr_put_u16(nlh, IFLA_VXLAN_PORT, vxlan_port);
5152 #ifndef HAVE_IFLA_VXLAN_COLLECT_METADATA
5153         /*
5154          *  We must specify VNI explicitly if metadata not supported.
5155          *  Note, VNI is transferred with native endianness format.
5156          */
5157         mnl_attr_put_u16(nlh, IFLA_VXLAN_ID, MLX5_VXLAN_DEFAULT_VNI);
5158 #endif
5159         mnl_attr_nest_end(nlh, na_vxlan);
5160         mnl_attr_nest_end(nlh, na_info);
5161         assert(sizeof(buf) >= nlh->nlmsg_len);
5162         ret = flow_tcf_nl_ack(tcf, nlh, NULL, NULL);
5163         if (ret) {
5164                 DRV_LOG(WARNING,
5165                         "netlink: VTEP %s create failure (%d)",
5166                         name, rte_errno);
5167                 if (rte_errno != EEXIST)
5168                         /*
5169                          * Some unhandled error occurred or device is
5170                          * for encapsulation and cannot be shared.
5171                          */
5172                         goto error;
5173         } else {
5174                 /*
5175                  * Mark device we actually created.
5176                  * We should explicitly delete
5177                  * when we do not need it anymore.
5178                  */
5179                 vtep->created = 1;
5180                 vtep->waitreg = 1;
5181         }
5182         /* Try to get ifindex of created of pre-existing device. */
5183         ret = if_nametoindex(name);
5184         if (!ret) {
5185                 DRV_LOG(WARNING,
5186                         "VTEP %s failed to get index (%d)", name, errno);
5187                 rte_flow_error_set
5188                         (error, -errno,
5189                          RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
5190                          "netlink: failed to retrieve VTEP ifindex");
5191                 goto error;
5192         }
5193         vtep->ifindex = ret;
5194         memset(buf, 0, sizeof(buf));
5195         nlh = mnl_nlmsg_put_header(buf);
5196         nlh->nlmsg_type = RTM_NEWLINK;
5197         nlh->nlmsg_flags = NLM_F_REQUEST;
5198         ifm = mnl_nlmsg_put_extra_header(nlh, sizeof(*ifm));
5199         ifm->ifi_family = AF_UNSPEC;
5200         ifm->ifi_type = 0;
5201         ifm->ifi_index = vtep->ifindex;
5202         ifm->ifi_flags = IFF_UP;
5203         ifm->ifi_change = IFF_UP;
5204         ret = flow_tcf_nl_ack(tcf, nlh, NULL, NULL);
5205         if (ret) {
5206                 rte_flow_error_set(error, -errno,
5207                                    RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
5208                                    "netlink: failed to set VTEP link up");
5209                 DRV_LOG(WARNING, "netlink: VTEP %s set link up failure (%d)",
5210                         name, rte_errno);
5211                 goto clean;
5212         }
5213         ret = mlx5_flow_tcf_init(tcf, vtep->ifindex, error);
5214         if (ret) {
5215                 DRV_LOG(WARNING, "VTEP %s init failure (%d)", name, rte_errno);
5216                 goto clean;
5217         }
5218         DRV_LOG(INFO, "VTEP create (%d, %d)", vtep->port, vtep->ifindex);
5219         vtep->refcnt = 1;
5220         return vtep;
5221 clean:
5222         flow_tcf_vtep_delete(tcf, vtep);
5223         return NULL;
5224 error:
5225         rte_free(vtep);
5226         return NULL;
5227 }
5228
5229 /**
5230  * Acquire target interface index for VXLAN tunneling decapsulation.
5231  * In order to share the UDP port within the other interfaces the
5232  * VXLAN device created as not attached to any interface (if created).
5233  *
5234  * @param[in] tcf
5235  *   Context object initialized by mlx5_flow_tcf_context_create().
5236  * @param[in] dev_flow
5237  *   Flow tcf object with tunnel structure pointer set.
5238  * @param[out] error
5239  *   Perform verbose error reporting if not NULL.
5240  * @return
5241  *   Interface descriptor pointer on success,
5242  *   NULL otherwise and rte_errno is set.
5243  */
5244 static struct tcf_vtep*
5245 flow_tcf_decap_vtep_acquire(struct mlx5_flow_tcf_context *tcf,
5246                             struct mlx5_flow *dev_flow,
5247                             struct rte_flow_error *error)
5248 {
5249         struct tcf_vtep *vtep;
5250         uint16_t port = dev_flow->tcf.vxlan_decap->udp_port;
5251
5252         LIST_FOREACH(vtep, &vtep_list_vxlan, next) {
5253                 if (vtep->port == port)
5254                         break;
5255         }
5256         if (vtep) {
5257                 /* Device exists, just increment the reference counter. */
5258                 vtep->refcnt++;
5259                 assert(vtep->ifindex);
5260                 return vtep;
5261         }
5262         /* No decapsulation device exists, try to create the new one. */
5263         vtep = flow_tcf_vtep_create(tcf, port, error);
5264         if (vtep)
5265                 LIST_INSERT_HEAD(&vtep_list_vxlan, vtep, next);
5266         return vtep;
5267 }
5268
5269 /**
5270  * Aqcuire target interface index for VXLAN tunneling encapsulation.
5271  *
5272  * @param[in] tcf
5273  *   Context object initialized by mlx5_flow_tcf_context_create().
5274  * @param[in] ifouter
5275  *   Network interface index to attach VXLAN encap device to.
5276  * @param[in] dev_flow
5277  *   Flow tcf object with tunnel structure pointer set.
5278  * @param[out] error
5279  *   Perform verbose error reporting if not NULL.
5280  * @return
5281  *   Interface descriptor pointer on success,
5282  *   NULL otherwise and rte_errno is set.
5283  */
5284 static struct tcf_vtep*
5285 flow_tcf_encap_vtep_acquire(struct mlx5_flow_tcf_context *tcf,
5286                             unsigned int ifouter,
5287                             struct mlx5_flow *dev_flow,
5288                             struct rte_flow_error *error)
5289 {
5290         static uint16_t port;
5291         struct tcf_vtep *vtep;
5292         struct tcf_irule *iface;
5293         int ret;
5294
5295         assert(ifouter);
5296         /* Look whether the VTEP for specified port is created. */
5297         port = rte_be_to_cpu_16(dev_flow->tcf.vxlan_encap->udp.dst);
5298         LIST_FOREACH(vtep, &vtep_list_vxlan, next) {
5299                 if (vtep->port == port)
5300                         break;
5301         }
5302         if (vtep) {
5303                 /* VTEP already exists, just increment the reference. */
5304                 vtep->refcnt++;
5305         } else {
5306                 /* Not found, we should create the new VTEP. */
5307                 vtep = flow_tcf_vtep_create(tcf, port, error);
5308                 if (!vtep)
5309                         return NULL;
5310                 LIST_INSERT_HEAD(&vtep_list_vxlan, vtep, next);
5311         }
5312         assert(vtep->ifindex);
5313         iface = flow_tcf_encap_irule_acquire(tcf, ifouter, error);
5314         if (!iface) {
5315                 if (--vtep->refcnt == 0)
5316                         flow_tcf_vtep_delete(tcf, vtep);
5317                 return NULL;
5318         }
5319         dev_flow->tcf.vxlan_encap->iface = iface;
5320         /* Create local ipaddr with peer to specify the outer IPs. */
5321         ret = flow_tcf_encap_local(tcf, iface, dev_flow, true, error);
5322         if (!ret) {
5323                 /* Create neigh rule to specify outer destination MAC. */
5324                 ret = flow_tcf_encap_neigh(tcf, iface, dev_flow, true, error);
5325                 if (ret)
5326                         flow_tcf_encap_local(tcf, iface,
5327                                              dev_flow, false, error);
5328         }
5329         if (ret) {
5330                 dev_flow->tcf.vxlan_encap->iface = NULL;
5331                 flow_tcf_encap_irule_release(iface);
5332                 if (--vtep->refcnt == 0)
5333                         flow_tcf_vtep_delete(tcf, vtep);
5334                 return NULL;
5335         }
5336         return vtep;
5337 }
5338
5339 /**
5340  * Acquires target interface index for tunneling of any type.
5341  * Creates the new VTEP if needed.
5342  *
5343  * @param[in] tcf
5344  *   Context object initialized by mlx5_flow_tcf_context_create().
5345  * @param[in] ifouter
5346  *   Network interface index to create VXLAN encap rules on.
5347  * @param[in] dev_flow
5348  *   Flow tcf object with tunnel structure pointer set.
5349  * @param[out] error
5350  *   Perform verbose error reporting if not NULL.
5351  * @return
5352  *   Interface descriptor pointer on success,
5353  *   NULL otherwise and rte_errno is set.
5354  */
5355 static struct tcf_vtep*
5356 flow_tcf_vtep_acquire(struct mlx5_flow_tcf_context *tcf,
5357                       unsigned int ifouter,
5358                       struct mlx5_flow *dev_flow,
5359                       struct rte_flow_error *error)
5360 {
5361         struct tcf_vtep *vtep = NULL;
5362
5363         assert(dev_flow->tcf.tunnel);
5364         pthread_mutex_lock(&vtep_list_mutex);
5365         switch (dev_flow->tcf.tunnel->type) {
5366         case FLOW_TCF_TUNACT_VXLAN_ENCAP:
5367                 vtep = flow_tcf_encap_vtep_acquire(tcf, ifouter,
5368                                                   dev_flow, error);
5369                 break;
5370         case FLOW_TCF_TUNACT_VXLAN_DECAP:
5371                 vtep = flow_tcf_decap_vtep_acquire(tcf, dev_flow, error);
5372                 break;
5373         default:
5374                 rte_flow_error_set(error, ENOTSUP,
5375                                    RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
5376                                    "unsupported tunnel type");
5377                 break;
5378         }
5379         pthread_mutex_unlock(&vtep_list_mutex);
5380         return vtep;
5381 }
5382
5383 /**
5384  * Release tunneling interface by ifindex. Decrements reference
5385  * counter and actually removes the device if counter is zero.
5386  *
5387  * @param[in] tcf
5388  *   Context object initialized by mlx5_flow_tcf_context_create().
5389  * @param[in] vtep
5390  *   VTEP device descriptor structure.
5391  * @param[in] dev_flow
5392  *   Flow tcf object with tunnel structure pointer set.
5393  */
5394 static void
5395 flow_tcf_vtep_release(struct mlx5_flow_tcf_context *tcf,
5396                       struct tcf_vtep *vtep,
5397                       struct mlx5_flow *dev_flow)
5398 {
5399         assert(dev_flow->tcf.tunnel);
5400         pthread_mutex_lock(&vtep_list_mutex);
5401         switch (dev_flow->tcf.tunnel->type) {
5402         case FLOW_TCF_TUNACT_VXLAN_DECAP:
5403                 break;
5404         case FLOW_TCF_TUNACT_VXLAN_ENCAP: {
5405                 struct tcf_irule *iface;
5406
5407                 /* Remove the encap ancillary rules first. */
5408                 iface = dev_flow->tcf.vxlan_encap->iface;
5409                 assert(iface);
5410                 flow_tcf_encap_neigh(tcf, iface, dev_flow, false, NULL);
5411                 flow_tcf_encap_local(tcf, iface, dev_flow, false, NULL);
5412                 flow_tcf_encap_irule_release(iface);
5413                 dev_flow->tcf.vxlan_encap->iface = NULL;
5414                 break;
5415         }
5416         default:
5417                 assert(false);
5418                 DRV_LOG(WARNING, "Unsupported tunnel type");
5419                 break;
5420         }
5421         assert(vtep->refcnt);
5422         if (--vtep->refcnt == 0) {
5423                 LIST_REMOVE(vtep, next);
5424                 flow_tcf_vtep_delete(tcf, vtep);
5425         }
5426         pthread_mutex_unlock(&vtep_list_mutex);
5427 }
5428
5429 struct tcf_nlcb_query {
5430         uint32_t handle;
5431         uint32_t tc_flags;
5432         uint32_t flags_valid:1;
5433 };
5434
5435 /**
5436  * Collect queried rule attributes. This is callback routine called by
5437  * libmnl mnl_cb_run() in loop for every message in received packet.
5438  * Current implementation collects the flower flags only.
5439  *
5440  * @param[in] nlh
5441  *   Pointer to reply header.
5442  * @param[in, out] arg
5443  *   Context pointer for this callback.
5444  *
5445  * @return
5446  *   A positive, nonzero value on success (required by libmnl
5447  *   to continue messages processing).
5448  */
5449 static int
5450 flow_tcf_collect_query_cb(const struct nlmsghdr *nlh, void *arg)
5451 {
5452         struct tcf_nlcb_query *query = arg;
5453         struct tcmsg *tcm = mnl_nlmsg_get_payload(nlh);
5454         struct nlattr *na, *na_opt;
5455         bool flower = false;
5456
5457         if (nlh->nlmsg_type != RTM_NEWTFILTER ||
5458             tcm->tcm_handle != query->handle)
5459                 return 1;
5460         mnl_attr_for_each(na, nlh, sizeof(*tcm)) {
5461                 switch (mnl_attr_get_type(na)) {
5462                 case TCA_KIND:
5463                         if (strcmp(mnl_attr_get_payload(na), "flower")) {
5464                                 /* Not flower filter, drop entire message. */
5465                                 return 1;
5466                         }
5467                         flower = true;
5468                         break;
5469                 case TCA_OPTIONS:
5470                         if (!flower) {
5471                                 /* Not flower options, drop entire message. */
5472                                 return 1;
5473                         }
5474                         /* Check nested flower options. */
5475                         mnl_attr_for_each_nested(na_opt, na) {
5476                                 switch (mnl_attr_get_type(na_opt)) {
5477                                 case TCA_FLOWER_FLAGS:
5478                                         query->flags_valid = 1;
5479                                         query->tc_flags =
5480                                                 mnl_attr_get_u32(na_opt);
5481                                         break;
5482                                 }
5483                         }
5484                         break;
5485                 }
5486         }
5487         return 1;
5488 }
5489
5490 /**
5491  * Query a TC flower rule flags via netlink.
5492  *
5493  * @param[in] tcf
5494  *   Context object initialized by mlx5_flow_tcf_context_create().
5495  * @param[in] dev_flow
5496  *   Pointer to the flow.
5497  * @param[out] pflags
5498  *   pointer to the data retrieved by the query.
5499  *
5500  * @return
5501  *   0 on success, a negative errno value otherwise.
5502  */
5503 static int
5504 flow_tcf_query_flags(struct mlx5_flow_tcf_context *tcf,
5505                      struct mlx5_flow *dev_flow,
5506                      uint32_t *pflags)
5507 {
5508         struct nlmsghdr *nlh;
5509         struct tcmsg *tcm;
5510         struct tcf_nlcb_query query = {
5511                 .handle = dev_flow->tcf.tcm->tcm_handle,
5512         };
5513
5514         nlh = mnl_nlmsg_put_header(tcf->buf);
5515         nlh->nlmsg_type = RTM_GETTFILTER;
5516         nlh->nlmsg_flags = NLM_F_REQUEST;
5517         tcm = mnl_nlmsg_put_extra_header(nlh, sizeof(*tcm));
5518         memcpy(tcm, dev_flow->tcf.tcm, sizeof(*tcm));
5519         /*
5520          * Ignore Netlink error for filter query operations.
5521          * The reply length is sent by kernel as errno.
5522          * Just check we got the flags option.
5523          */
5524         flow_tcf_nl_ack(tcf, nlh, flow_tcf_collect_query_cb, &query);
5525         if (!query.flags_valid) {
5526                 *pflags = 0;
5527                 return -ENOENT;
5528         }
5529         *pflags = query.tc_flags;
5530         return 0;
5531 }
5532
5533 /**
5534  * Query and check the in_hw set for specified rule.
5535  *
5536  * @param[in] tcf
5537  *   Context object initialized by mlx5_flow_tcf_context_create().
5538  * @param[in] dev_flow
5539  *   Pointer to the flow to check.
5540  *
5541  * @return
5542  *   0 on success, a negative errno value otherwise.
5543  */
5544 static int
5545 flow_tcf_check_inhw(struct mlx5_flow_tcf_context *tcf,
5546                     struct mlx5_flow *dev_flow)
5547 {
5548         uint32_t flags;
5549         int ret;
5550
5551         ret = flow_tcf_query_flags(tcf, dev_flow, &flags);
5552         if (ret)
5553                 return ret;
5554         return  (flags & TCA_CLS_FLAGS_IN_HW) ? 0 : -ENOENT;
5555 }
5556
5557 /**
5558  * Remove flow from E-Switch by sending Netlink message.
5559  *
5560  * @param[in] dev
5561  *   Pointer to Ethernet device.
5562  * @param[in, out] flow
5563  *   Pointer to the sub flow.
5564  */
5565 static void
5566 flow_tcf_remove(struct rte_eth_dev *dev, struct rte_flow *flow)
5567 {
5568         struct priv *priv = dev->data->dev_private;
5569         struct mlx5_flow_tcf_context *ctx = priv->tcf_context;
5570         struct mlx5_flow *dev_flow;
5571         struct nlmsghdr *nlh;
5572         struct tcmsg *tcm;
5573
5574         if (!flow)
5575                 return;
5576         dev_flow = LIST_FIRST(&flow->dev_flows);
5577         if (!dev_flow)
5578                 return;
5579         /* E-Switch flow can't be expanded. */
5580         assert(!LIST_NEXT(dev_flow, next));
5581         if (dev_flow->tcf.applied) {
5582                 nlh = dev_flow->tcf.nlh;
5583                 nlh->nlmsg_type = RTM_DELTFILTER;
5584                 nlh->nlmsg_flags = NLM_F_REQUEST;
5585                 flow_tcf_nl_ack(ctx, nlh, NULL, NULL);
5586                 if (dev_flow->tcf.tunnel) {
5587                         assert(dev_flow->tcf.tunnel->vtep);
5588                         flow_tcf_vtep_release(ctx,
5589                                 dev_flow->tcf.tunnel->vtep,
5590                                 dev_flow);
5591                         dev_flow->tcf.tunnel->vtep = NULL;
5592                 }
5593                 /* Cleanup the rule handle value. */
5594                 tcm = mnl_nlmsg_get_payload(nlh);
5595                 tcm->tcm_handle = 0;
5596                 dev_flow->tcf.applied = 0;
5597         }
5598 }
5599
5600 /**
5601  * Fetch the applied rule handle. This is callback routine called by
5602  * libmnl mnl_cb_run() in loop for every message in received packet.
5603  * When the NLM_F_ECHO flag i sspecified the kernel sends the created
5604  * rule descriptor back to the application and we can retrieve the
5605  * actual rule handle from updated descriptor.
5606  *
5607  * @param[in] nlh
5608  *   Pointer to reply header.
5609  * @param[in, out] arg
5610  *   Context pointer for this callback.
5611  *
5612  * @return
5613  *   A positive, nonzero value on success (required by libmnl
5614  *   to continue messages processing).
5615  */
5616 static int
5617 flow_tcf_collect_apply_cb(const struct nlmsghdr *nlh, void *arg)
5618 {
5619         struct nlmsghdr *nlhrq = arg;
5620         struct tcmsg *tcmrq = mnl_nlmsg_get_payload(nlhrq);
5621         struct tcmsg *tcm = mnl_nlmsg_get_payload(nlh);
5622         struct nlattr *na;
5623
5624         if (nlh->nlmsg_type != RTM_NEWTFILTER ||
5625             nlh->nlmsg_seq != nlhrq->nlmsg_seq)
5626                 return 1;
5627         mnl_attr_for_each(na, nlh, sizeof(*tcm)) {
5628                 switch (mnl_attr_get_type(na)) {
5629                 case TCA_KIND:
5630                         if (strcmp(mnl_attr_get_payload(na), "flower")) {
5631                                 /* Not flower filter, drop entire message. */
5632                                 return 1;
5633                         }
5634                         tcmrq->tcm_handle = tcm->tcm_handle;
5635                         return 1;
5636                 }
5637         }
5638         return 1;
5639 }
5640 /**
5641  * Apply flow to E-Switch by sending Netlink message.
5642  *
5643  * @param[in] dev
5644  *   Pointer to Ethernet device.
5645  * @param[in, out] flow
5646  *   Pointer to the sub flow.
5647  * @param[out] error
5648  *   Pointer to the error structure.
5649  *
5650  * @return
5651  *   0 on success, a negative errno value otherwise and rte_errno is set.
5652  */
5653 static int
5654 flow_tcf_apply(struct rte_eth_dev *dev, struct rte_flow *flow,
5655                struct rte_flow_error *error)
5656 {
5657         struct priv *priv = dev->data->dev_private;
5658         struct mlx5_flow_tcf_context *ctx = priv->tcf_context;
5659         struct mlx5_flow *dev_flow;
5660         struct nlmsghdr *nlh;
5661         struct tcmsg *tcm;
5662         uint64_t start = 0;
5663         uint64_t twait = 0;
5664         int ret;
5665
5666         dev_flow = LIST_FIRST(&flow->dev_flows);
5667         /* E-Switch flow can't be expanded. */
5668         assert(!LIST_NEXT(dev_flow, next));
5669         if (dev_flow->tcf.applied)
5670                 return 0;
5671         nlh = dev_flow->tcf.nlh;
5672         nlh->nlmsg_type = RTM_NEWTFILTER;
5673         nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE |
5674                            NLM_F_EXCL | NLM_F_ECHO;
5675         tcm = mnl_nlmsg_get_payload(nlh);
5676         /* Allow kernel to assign handle on its own. */
5677         tcm->tcm_handle = 0;
5678         if (dev_flow->tcf.tunnel) {
5679                 /*
5680                  * Replace the interface index, target for
5681                  * encapsulation, source for decapsulation.
5682                  */
5683                 assert(!dev_flow->tcf.tunnel->vtep);
5684                 assert(dev_flow->tcf.tunnel->ifindex_ptr);
5685                 /* Acquire actual VTEP device when rule is being applied. */
5686                 dev_flow->tcf.tunnel->vtep =
5687                         flow_tcf_vtep_acquire(ctx,
5688                                         dev_flow->tcf.tunnel->ifindex_org,
5689                                         dev_flow, error);
5690                 if (!dev_flow->tcf.tunnel->vtep)
5691                         return -rte_errno;
5692                 DRV_LOG(INFO, "Replace ifindex: %d->%d",
5693                                 dev_flow->tcf.tunnel->vtep->ifindex,
5694                                 dev_flow->tcf.tunnel->ifindex_org);
5695                 *dev_flow->tcf.tunnel->ifindex_ptr =
5696                         dev_flow->tcf.tunnel->vtep->ifindex;
5697                 if (dev_flow->tcf.tunnel->vtep->waitreg) {
5698                         /* Clear wait flag for VXLAN port registration. */
5699                         dev_flow->tcf.tunnel->vtep->waitreg = 0;
5700                         twait = rte_get_timer_hz();
5701                         assert(twait > MS_PER_S);
5702                         twait = twait * MLX5_VXLAN_WAIT_PORT_REG_MS;
5703                         twait = twait / MS_PER_S;
5704                         start = rte_get_timer_cycles();
5705                 }
5706         }
5707         /*
5708          * Kernel creates the VXLAN devices and registers UDP ports to
5709          * be hardware offloaded within the NIC kernel drivers. The
5710          * registration process is being performed into context of
5711          * working kernel thread and the race conditions might happen.
5712          * The VXLAN device is created and success is returned to
5713          * calling application, but the UDP port registration process
5714          * is not completed yet. The next applied rule may be rejected
5715          * by the driver with ENOSUP code. We are going to wait a bit,
5716          * allowing registration process to be completed. The waiting
5717          * is performed once after device been created.
5718          */
5719         do {
5720                 struct timespec onems;
5721
5722                 ret = flow_tcf_nl_ack(ctx, nlh,
5723                                       flow_tcf_collect_apply_cb, nlh);
5724                 if (!ret || ret != -ENOTSUP || !twait)
5725                         break;
5726                 /* Wait one millisecond and try again till timeout. */
5727                 onems.tv_sec = 0;
5728                 onems.tv_nsec = NS_PER_S / MS_PER_S;
5729                 nanosleep(&onems, 0);
5730                 if ((rte_get_timer_cycles() - start) > twait) {
5731                         /* Timeout elapsed, try once more and exit. */
5732                         twait = 0;
5733                 }
5734         } while (true);
5735         if (!ret) {
5736                 if (!tcm->tcm_handle) {
5737                         flow_tcf_remove(dev, flow);
5738                         return rte_flow_error_set
5739                                 (error, ENOENT,
5740                                  RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
5741                                  "netlink: rule zero handle returned");
5742                 }
5743                 dev_flow->tcf.applied = 1;
5744                 if (*dev_flow->tcf.ptc_flags & TCA_CLS_FLAGS_SKIP_SW)
5745                         return 0;
5746                 /*
5747                  * Rule was applied without skip_sw flag set.
5748                  * We should check whether the rule was acctually
5749                  * accepted by hardware (have look at in_hw flag).
5750                  */
5751                 if (flow_tcf_check_inhw(ctx, dev_flow)) {
5752                         flow_tcf_remove(dev, flow);
5753                         return rte_flow_error_set
5754                                 (error, ENOENT,
5755                                  RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
5756                                  "netlink: rule has no in_hw flag set");
5757                 }
5758                 return 0;
5759         }
5760         if (dev_flow->tcf.tunnel) {
5761                 /* Rollback the VTEP configuration if rule apply failed. */
5762                 assert(dev_flow->tcf.tunnel->vtep);
5763                 flow_tcf_vtep_release(ctx, dev_flow->tcf.tunnel->vtep,
5764                                       dev_flow);
5765                 dev_flow->tcf.tunnel->vtep = NULL;
5766         }
5767         return rte_flow_error_set(error, rte_errno,
5768                                   RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
5769                                   "netlink: failed to create TC flow rule");
5770 }
5771
5772 /**
5773  * Remove flow from E-Switch and release resources of the device flow.
5774  *
5775  * @param[in] dev
5776  *   Pointer to Ethernet device.
5777  * @param[in, out] flow
5778  *   Pointer to the sub flow.
5779  */
5780 static void
5781 flow_tcf_destroy(struct rte_eth_dev *dev, struct rte_flow *flow)
5782 {
5783         struct mlx5_flow *dev_flow;
5784
5785         if (!flow)
5786                 return;
5787         flow_tcf_remove(dev, flow);
5788         if (flow->counter) {
5789                 if (--flow->counter->ref_cnt == 0) {
5790                         rte_free(flow->counter);
5791                         flow->counter = NULL;
5792                 }
5793         }
5794         dev_flow = LIST_FIRST(&flow->dev_flows);
5795         if (!dev_flow)
5796                 return;
5797         /* E-Switch flow can't be expanded. */
5798         assert(!LIST_NEXT(dev_flow, next));
5799         LIST_REMOVE(dev_flow, next);
5800         rte_free(dev_flow);
5801 }
5802
5803 /**
5804  * Helper routine for figuring the space size required for a parse buffer.
5805  *
5806  * @param array
5807  *   array of values to use.
5808  * @param idx
5809  *   Current location in array.
5810  * @param value
5811  *   Value to compare with.
5812  *
5813  * @return
5814  *   The maximum between the given value and the array value on index.
5815  */
5816 static uint16_t
5817 flow_tcf_arr_val_max(uint16_t array[], int idx, uint16_t value)
5818 {
5819         return idx < 0 ? (value) : RTE_MAX((array)[idx], value);
5820 }
5821
5822 /**
5823  * Parse rtnetlink message attributes filling the attribute table with the info
5824  * retrieved.
5825  *
5826  * @param tb
5827  *   Attribute table to be filled.
5828  * @param[out] max
5829  *   Maxinum entry in the attribute table.
5830  * @param rte
5831  *   The attributes section in the message to be parsed.
5832  * @param len
5833  *   The length of the attributes section in the message.
5834  */
5835 static void
5836 flow_tcf_nl_parse_rtattr(struct rtattr *tb[], int max,
5837                          struct rtattr *rta, int len)
5838 {
5839         unsigned short type;
5840         memset(tb, 0, sizeof(struct rtattr *) * (max + 1));
5841         while (RTA_OK(rta, len)) {
5842                 type = rta->rta_type;
5843                 if (type <= max && !tb[type])
5844                         tb[type] = rta;
5845                 rta = RTA_NEXT(rta, len);
5846         }
5847 }
5848
5849 /**
5850  * Extract flow counters from flower action.
5851  *
5852  * @param rta
5853  *   flower action stats properties in the Netlink message received.
5854  * @param rta_type
5855  *   The backward sequence of rta_types, as written in the attribute table,
5856  *   we need to traverse in order to get to the requested object.
5857  * @param idx
5858  *   Current location in rta_type table.
5859  * @param[out] data
5860  *   data holding the count statistics of the rte_flow retrieved from
5861  *   the message.
5862  *
5863  * @return
5864  *   0 if data was found and retrieved, -1 otherwise.
5865  */
5866 static int
5867 flow_tcf_nl_action_stats_parse_and_get(struct rtattr *rta,
5868                                        uint16_t rta_type[], int idx,
5869                                        struct gnet_stats_basic *data)
5870 {
5871         int tca_stats_max = flow_tcf_arr_val_max(rta_type, idx,
5872                                                  TCA_STATS_BASIC);
5873         struct rtattr *tbs[tca_stats_max + 1];
5874
5875         if (rta == NULL || idx < 0)
5876                 return -1;
5877         flow_tcf_nl_parse_rtattr(tbs, tca_stats_max,
5878                                  RTA_DATA(rta), RTA_PAYLOAD(rta));
5879         switch (rta_type[idx]) {
5880         case TCA_STATS_BASIC:
5881                 if (tbs[TCA_STATS_BASIC]) {
5882                         memcpy(data, RTA_DATA(tbs[TCA_STATS_BASIC]),
5883                                RTE_MIN(RTA_PAYLOAD(tbs[TCA_STATS_BASIC]),
5884                                sizeof(*data)));
5885                         return 0;
5886                 }
5887                 break;
5888         default:
5889                 break;
5890         }
5891         return -1;
5892 }
5893
5894 /**
5895  * Parse flower single action retrieving the requested action attribute,
5896  * if found.
5897  *
5898  * @param arg
5899  *   flower action properties in the Netlink message received.
5900  * @param rta_type
5901  *   The backward sequence of rta_types, as written in the attribute table,
5902  *   we need to traverse in order to get to the requested object.
5903  * @param idx
5904  *   Current location in rta_type table.
5905  * @param[out] data
5906  *   Count statistics retrieved from the message query.
5907  *
5908  * @return
5909  *   0 if data was found and retrieved, -1 otherwise.
5910  */
5911 static int
5912 flow_tcf_nl_parse_one_action_and_get(struct rtattr *arg,
5913                                      uint16_t rta_type[], int idx, void *data)
5914 {
5915         int tca_act_max = flow_tcf_arr_val_max(rta_type, idx, TCA_ACT_STATS);
5916         struct rtattr *tb[tca_act_max + 1];
5917
5918         if (arg == NULL || idx < 0)
5919                 return -1;
5920         flow_tcf_nl_parse_rtattr(tb, tca_act_max,
5921                                  RTA_DATA(arg), RTA_PAYLOAD(arg));
5922         if (tb[TCA_ACT_KIND] == NULL)
5923                 return -1;
5924         switch (rta_type[idx]) {
5925         case TCA_ACT_STATS:
5926                 if (tb[TCA_ACT_STATS])
5927                         return flow_tcf_nl_action_stats_parse_and_get
5928                                         (tb[TCA_ACT_STATS],
5929                                          rta_type, --idx,
5930                                          (struct gnet_stats_basic *)data);
5931                 break;
5932         default:
5933                 break;
5934         }
5935         return -1;
5936 }
5937
5938 /**
5939  * Parse flower action section in the message retrieving the requested
5940  * attribute from the first action that provides it.
5941  *
5942  * @param opt
5943  *   flower section in the Netlink message received.
5944  * @param rta_type
5945  *   The backward sequence of rta_types, as written in the attribute table,
5946  *   we need to traverse in order to get to the requested object.
5947  * @param idx
5948  *   Current location in rta_type table.
5949  * @param[out] data
5950  *   data retrieved from the message query.
5951  *
5952  * @return
5953  *   0 if data was found and retrieved, -1 otherwise.
5954  */
5955 static int
5956 flow_tcf_nl_action_parse_and_get(struct rtattr *arg,
5957                                  uint16_t rta_type[], int idx, void *data)
5958 {
5959         struct rtattr *tb[TCA_ACT_MAX_PRIO + 1];
5960         int i;
5961
5962         if (arg == NULL || idx < 0)
5963                 return -1;
5964         flow_tcf_nl_parse_rtattr(tb, TCA_ACT_MAX_PRIO,
5965                                  RTA_DATA(arg), RTA_PAYLOAD(arg));
5966         switch (rta_type[idx]) {
5967         /*
5968          * flow counters are stored in the actions defined by the flow
5969          * and not in the flow itself, therefore we need to traverse the
5970          * flower chain of actions in search for them.
5971          *
5972          * Note that the index is not decremented here.
5973          */
5974         case TCA_ACT_STATS:
5975                 for (i = 0; i <= TCA_ACT_MAX_PRIO; i++) {
5976                         if (tb[i] &&
5977                         !flow_tcf_nl_parse_one_action_and_get(tb[i],
5978                                                               rta_type,
5979                                                               idx, data))
5980                                 return 0;
5981                 }
5982                 break;
5983         default:
5984                 break;
5985         }
5986         return -1;
5987 }
5988
5989 /**
5990  * Parse flower classifier options in the message, retrieving the requested
5991  * attribute if found.
5992  *
5993  * @param opt
5994  *   flower section in the Netlink message received.
5995  * @param rta_type
5996  *   The backward sequence of rta_types, as written in the attribute table,
5997  *   we need to traverse in order to get to the requested object.
5998  * @param idx
5999  *   Current location in rta_type table.
6000  * @param[out] data
6001  *   data retrieved from the message query.
6002  *
6003  * @return
6004  *   0 if data was found and retrieved, -1 otherwise.
6005  */
6006 static int
6007 flow_tcf_nl_opts_parse_and_get(struct rtattr *opt,
6008                                uint16_t rta_type[], int idx, void *data)
6009 {
6010         int tca_flower_max = flow_tcf_arr_val_max(rta_type, idx,
6011                                                   TCA_FLOWER_ACT);
6012         struct rtattr *tb[tca_flower_max + 1];
6013
6014         if (!opt || idx < 0)
6015                 return -1;
6016         flow_tcf_nl_parse_rtattr(tb, tca_flower_max,
6017                                  RTA_DATA(opt), RTA_PAYLOAD(opt));
6018         switch (rta_type[idx]) {
6019         case TCA_FLOWER_ACT:
6020                 if (tb[TCA_FLOWER_ACT])
6021                         return flow_tcf_nl_action_parse_and_get
6022                                                         (tb[TCA_FLOWER_ACT],
6023                                                          rta_type, --idx, data);
6024                 break;
6025         default:
6026                 break;
6027         }
6028         return -1;
6029 }
6030
6031 /**
6032  * Parse Netlink reply on filter query, retrieving the flow counters.
6033  *
6034  * @param nlh
6035  *   Message received from Netlink.
6036  * @param rta_type
6037  *   The backward sequence of rta_types, as written in the attribute table,
6038  *   we need to traverse in order to get to the requested object.
6039  * @param idx
6040  *   Current location in rta_type table.
6041  * @param[out] data
6042  *   data retrieved from the message query.
6043  *
6044  * @return
6045  *   0 if data was found and retrieved, -1 otherwise.
6046  */
6047 static int
6048 flow_tcf_nl_filter_parse_and_get(struct nlmsghdr *cnlh,
6049                                  uint16_t rta_type[], int idx, void *data)
6050 {
6051         struct nlmsghdr *nlh = cnlh;
6052         struct tcmsg *t = NLMSG_DATA(nlh);
6053         int len = nlh->nlmsg_len;
6054         int tca_max = flow_tcf_arr_val_max(rta_type, idx, TCA_OPTIONS);
6055         struct rtattr *tb[tca_max + 1];
6056
6057         if (idx < 0)
6058                 return -1;
6059         if (nlh->nlmsg_type != RTM_NEWTFILTER &&
6060             nlh->nlmsg_type != RTM_GETTFILTER &&
6061             nlh->nlmsg_type != RTM_DELTFILTER)
6062                 return -1;
6063         len -= NLMSG_LENGTH(sizeof(*t));
6064         if (len < 0)
6065                 return -1;
6066         flow_tcf_nl_parse_rtattr(tb, tca_max, TCA_RTA(t), len);
6067         /* Not a TC flower flow - bail out */
6068         if (!tb[TCA_KIND] ||
6069             strcmp(RTA_DATA(tb[TCA_KIND]), "flower"))
6070                 return -1;
6071         switch (rta_type[idx]) {
6072         case TCA_OPTIONS:
6073                 if (tb[TCA_OPTIONS])
6074                         return flow_tcf_nl_opts_parse_and_get(tb[TCA_OPTIONS],
6075                                                               rta_type,
6076                                                               --idx, data);
6077                 break;
6078         default:
6079                 break;
6080         }
6081         return -1;
6082 }
6083
6084 /**
6085  * A callback to parse Netlink reply on TC flower query.
6086  *
6087  * @param nlh
6088  *   Message received from Netlink.
6089  * @param[out] data
6090  *   Pointer to data area to be filled by the parsing routine.
6091  *   assumed to be a pointer to struct flow_tcf_stats_basic.
6092  *
6093  * @return
6094  *   MNL_CB_OK value.
6095  */
6096 static int
6097 flow_tcf_nl_message_get_stats_basic(const struct nlmsghdr *nlh, void *data)
6098 {
6099         /*
6100          * The backward sequence of rta_types to pass in order to get
6101          *  to the counters.
6102          */
6103         uint16_t rta_type[] = { TCA_STATS_BASIC, TCA_ACT_STATS,
6104                                 TCA_FLOWER_ACT, TCA_OPTIONS };
6105         struct flow_tcf_stats_basic *sb_data = data;
6106         union {
6107                 const struct nlmsghdr *c;
6108                 struct nlmsghdr *nc;
6109         } tnlh = { .c = nlh };
6110
6111         if (!flow_tcf_nl_filter_parse_and_get(tnlh.nc, rta_type,
6112                                               RTE_DIM(rta_type) - 1,
6113                                               (void *)&sb_data->counters))
6114                 sb_data->valid = true;
6115         return MNL_CB_OK;
6116 }
6117
6118 /**
6119  * Query a TC flower rule for its statistics via netlink.
6120  *
6121  * @param[in] dev
6122  *   Pointer to Ethernet device.
6123  * @param[in] flow
6124  *   Pointer to the sub flow.
6125  * @param[out] data
6126  *   data retrieved by the query.
6127  * @param[out] error
6128  *   Perform verbose error reporting if not NULL.
6129  *
6130  * @return
6131  *   0 on success, a negative errno value otherwise and rte_errno is set.
6132  */
6133 static int
6134 flow_tcf_query_count(struct rte_eth_dev *dev,
6135                           struct rte_flow *flow,
6136                           void *data,
6137                           struct rte_flow_error *error)
6138 {
6139         struct flow_tcf_stats_basic sb_data;
6140         struct rte_flow_query_count *qc = data;
6141         struct priv *priv = dev->data->dev_private;
6142         struct mlx5_flow_tcf_context *ctx = priv->tcf_context;
6143         struct mnl_socket *nl = ctx->nl;
6144         struct mlx5_flow *dev_flow;
6145         struct nlmsghdr *nlh;
6146         uint32_t seq = priv->tcf_context->seq++;
6147         ssize_t ret;
6148         assert(qc);
6149
6150         memset(&sb_data, 0, sizeof(sb_data));
6151         dev_flow = LIST_FIRST(&flow->dev_flows);
6152         /* E-Switch flow can't be expanded. */
6153         assert(!LIST_NEXT(dev_flow, next));
6154         if (!dev_flow->flow->counter)
6155                 goto notsup_exit;
6156         nlh = dev_flow->tcf.nlh;
6157         nlh->nlmsg_type = RTM_GETTFILTER;
6158         nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ECHO;
6159         nlh->nlmsg_seq = seq;
6160         if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) == -1)
6161                 goto error_exit;
6162         do {
6163                 ret = mnl_socket_recvfrom(nl, ctx->buf, ctx->buf_size);
6164                 if (ret <= 0)
6165                         break;
6166                 ret = mnl_cb_run(ctx->buf, ret, seq,
6167                                  mnl_socket_get_portid(nl),
6168                                  flow_tcf_nl_message_get_stats_basic,
6169                                  (void *)&sb_data);
6170         } while (ret > 0);
6171         /* Return the delta from last reset. */
6172         if (sb_data.valid) {
6173                 /* Return the delta from last reset. */
6174                 qc->hits_set = 1;
6175                 qc->bytes_set = 1;
6176                 qc->hits = sb_data.counters.packets - flow->counter->hits;
6177                 qc->bytes = sb_data.counters.bytes - flow->counter->bytes;
6178                 if (qc->reset) {
6179                         flow->counter->hits = sb_data.counters.packets;
6180                         flow->counter->bytes = sb_data.counters.bytes;
6181                 }
6182                 return 0;
6183         }
6184         return rte_flow_error_set(error, EINVAL,
6185                                   RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
6186                                   NULL,
6187                                   "flow does not have counter");
6188 error_exit:
6189         return rte_flow_error_set
6190                         (error, errno, RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
6191                          NULL, "netlink: failed to read flow rule counters");
6192 notsup_exit:
6193         return rte_flow_error_set
6194                         (error, ENOTSUP, RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
6195                          NULL, "counters are not available.");
6196 }
6197
6198 /**
6199  * Query a flow.
6200  *
6201  * @see rte_flow_query()
6202  * @see rte_flow_ops
6203  */
6204 static int
6205 flow_tcf_query(struct rte_eth_dev *dev,
6206                struct rte_flow *flow,
6207                const struct rte_flow_action *actions,
6208                void *data,
6209                struct rte_flow_error *error)
6210 {
6211         int ret = -EINVAL;
6212
6213         for (; actions->type != RTE_FLOW_ACTION_TYPE_END; actions++) {
6214                 switch (actions->type) {
6215                 case RTE_FLOW_ACTION_TYPE_VOID:
6216                         break;
6217                 case RTE_FLOW_ACTION_TYPE_COUNT:
6218                         ret = flow_tcf_query_count(dev, flow, data, error);
6219                         break;
6220                 default:
6221                         return rte_flow_error_set(error, ENOTSUP,
6222                                                   RTE_FLOW_ERROR_TYPE_ACTION,
6223                                                   actions,
6224                                                   "action not supported");
6225                 }
6226         }
6227         return ret;
6228 }
6229
6230 const struct mlx5_flow_driver_ops mlx5_flow_tcf_drv_ops = {
6231         .validate = flow_tcf_validate,
6232         .prepare = flow_tcf_prepare,
6233         .translate = flow_tcf_translate,
6234         .apply = flow_tcf_apply,
6235         .remove = flow_tcf_remove,
6236         .destroy = flow_tcf_destroy,
6237         .query = flow_tcf_query,
6238 };
6239
6240 /**
6241  * Create and configure a libmnl socket for Netlink flow rules.
6242  *
6243  * @return
6244  *   A valid libmnl socket object pointer on success, NULL otherwise and
6245  *   rte_errno is set.
6246  */
6247 static struct mnl_socket *
6248 flow_tcf_mnl_socket_create(void)
6249 {
6250         struct mnl_socket *nl = mnl_socket_open(NETLINK_ROUTE);
6251
6252         if (nl) {
6253                 mnl_socket_setsockopt(nl, NETLINK_CAP_ACK, &(int){ 1 },
6254                                       sizeof(int));
6255                 if (!mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID))
6256                         return nl;
6257         }
6258         rte_errno = errno;
6259         if (nl)
6260                 mnl_socket_close(nl);
6261         return NULL;
6262 }
6263
6264 /**
6265  * Destroy a libmnl socket.
6266  *
6267  * @param nl
6268  *   Libmnl socket of the @p NETLINK_ROUTE kind.
6269  */
6270 static void
6271 flow_tcf_mnl_socket_destroy(struct mnl_socket *nl)
6272 {
6273         if (nl)
6274                 mnl_socket_close(nl);
6275 }
6276
6277 /**
6278  * Initialize ingress qdisc of a given network interface.
6279  *
6280  * @param ctx
6281  *   Pointer to tc-flower context to use.
6282  * @param ifindex
6283  *   Index of network interface to initialize.
6284  * @param[out] error
6285  *   Perform verbose error reporting if not NULL.
6286  *
6287  * @return
6288  *   0 on success, a negative errno value otherwise and rte_errno is set.
6289  */
6290 int
6291 mlx5_flow_tcf_init(struct mlx5_flow_tcf_context *ctx,
6292                    unsigned int ifindex, struct rte_flow_error *error)
6293 {
6294         struct nlmsghdr *nlh;
6295         struct tcmsg *tcm;
6296         alignas(struct nlmsghdr)
6297         uint8_t buf[mnl_nlmsg_size(sizeof(*tcm)) +
6298                     SZ_NLATTR_STRZ_OF("ingress") +
6299                     MNL_BUF_EXTRA_SPACE];
6300
6301         /* Destroy existing ingress qdisc and everything attached to it. */
6302         nlh = mnl_nlmsg_put_header(buf);
6303         nlh->nlmsg_type = RTM_DELQDISC;
6304         nlh->nlmsg_flags = NLM_F_REQUEST;
6305         tcm = mnl_nlmsg_put_extra_header(nlh, sizeof(*tcm));
6306         tcm->tcm_family = AF_UNSPEC;
6307         tcm->tcm_ifindex = ifindex;
6308         tcm->tcm_handle = TC_H_MAKE(TC_H_INGRESS, 0);
6309         tcm->tcm_parent = TC_H_INGRESS;
6310         assert(sizeof(buf) >= nlh->nlmsg_len);
6311         /* Ignore errors when qdisc is already absent. */
6312         if (flow_tcf_nl_ack(ctx, nlh, NULL, NULL) &&
6313             rte_errno != EINVAL && rte_errno != ENOENT)
6314                 return rte_flow_error_set(error, rte_errno,
6315                                           RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
6316                                           "netlink: failed to remove ingress"
6317                                           " qdisc");
6318         /* Create fresh ingress qdisc. */
6319         nlh = mnl_nlmsg_put_header(buf);
6320         nlh->nlmsg_type = RTM_NEWQDISC;
6321         nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL;
6322         tcm = mnl_nlmsg_put_extra_header(nlh, sizeof(*tcm));
6323         tcm->tcm_family = AF_UNSPEC;
6324         tcm->tcm_ifindex = ifindex;
6325         tcm->tcm_handle = TC_H_MAKE(TC_H_INGRESS, 0);
6326         tcm->tcm_parent = TC_H_INGRESS;
6327         mnl_attr_put_strz_check(nlh, sizeof(buf), TCA_KIND, "ingress");
6328         assert(sizeof(buf) >= nlh->nlmsg_len);
6329         if (flow_tcf_nl_ack(ctx, nlh, NULL, NULL))
6330                 return rte_flow_error_set(error, rte_errno,
6331                                           RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
6332                                           "netlink: failed to create ingress"
6333                                           " qdisc");
6334         return 0;
6335 }
6336
6337 /**
6338  * Create libmnl context for Netlink flow rules.
6339  *
6340  * @return
6341  *   A valid libmnl socket object pointer on success, NULL otherwise and
6342  *   rte_errno is set.
6343  */
6344 struct mlx5_flow_tcf_context *
6345 mlx5_flow_tcf_context_create(void)
6346 {
6347         struct mlx5_flow_tcf_context *ctx = rte_zmalloc(__func__,
6348                                                         sizeof(*ctx),
6349                                                         sizeof(uint32_t));
6350         if (!ctx)
6351                 goto error;
6352         ctx->nl = flow_tcf_mnl_socket_create();
6353         if (!ctx->nl)
6354                 goto error;
6355         ctx->buf_size = MNL_SOCKET_BUFFER_SIZE;
6356         ctx->buf = rte_zmalloc(__func__,
6357                                ctx->buf_size, sizeof(uint32_t));
6358         if (!ctx->buf)
6359                 goto error;
6360         ctx->seq = random();
6361         return ctx;
6362 error:
6363         mlx5_flow_tcf_context_destroy(ctx);
6364         return NULL;
6365 }
6366
6367 /**
6368  * Destroy a libmnl context.
6369  *
6370  * @param ctx
6371  *   Libmnl socket of the @p NETLINK_ROUTE kind.
6372  */
6373 void
6374 mlx5_flow_tcf_context_destroy(struct mlx5_flow_tcf_context *ctx)
6375 {
6376         if (!ctx)
6377                 return;
6378         flow_tcf_mnl_socket_destroy(ctx->nl);
6379         rte_free(ctx->buf);
6380         rte_free(ctx);
6381 }