Merge branch 'Support-tunnels-over-VLAN-in-NFP'

	      struct nfp_fl_payload *nfp_flow,

	      bool last, struct net_device *in_dev,

	      enum nfp_flower_tun_type tun_type, int *tun_out_cnt,

	      struct netlink_ext_ack *extack)

	      bool pkt_host, struct netlink_ext_ack *extack)

{

	size_t act_size = sizeof(struct nfp_fl_output);

	struct nfp_flower_priv *priv = app->priv;

			return gid;

		}

		output->port = cpu_to_be32(NFP_FL_LAG_OUT | gid);

	} else if (nfp_flower_internal_port_can_offload(app, out_dev)) {

		if (!(priv->flower_ext_feats & NFP_FL_FEATS_PRE_TUN_RULES)) {

			NL_SET_ERR_MSG_MOD(extack, "unsupported offload: pre-tunnel rules not supported in loaded firmware");

			return -EOPNOTSUPP;

		}

		if (nfp_flow->pre_tun_rule.dev || !pkt_host) {

			NL_SET_ERR_MSG_MOD(extack, "unsupported offload: pre-tunnel rules require single egress dev and ptype HOST action");

			return -EOPNOTSUPP;

		}

		nfp_flow->pre_tun_rule.dev = out_dev;

		return 0;

	} else {

		/* Set action output parameters. */

		output->flags = cpu_to_be16(tmp_flags);

			 struct nfp_fl_payload *nfp_fl, int *a_len,

			 struct net_device *netdev, bool last,

			 enum nfp_flower_tun_type *tun_type, int *tun_out_cnt,

			 int *out_cnt, u32 *csum_updated,

			 int *out_cnt, u32 *csum_updated, bool pkt_host,

			 struct netlink_ext_ack *extack)

{

	struct nfp_flower_priv *priv = app->priv;

	output = (struct nfp_fl_output *)&nfp_fl->action_data[*a_len];

	err = nfp_fl_output(app, output, act, nfp_fl, last, netdev, *tun_type,

			    tun_out_cnt, extack);

			    tun_out_cnt, pkt_host, extack);

	if (err)

		return err;

		       struct net_device *netdev,

		       enum nfp_flower_tun_type *tun_type, int *tun_out_cnt,

		       int *out_cnt, u32 *csum_updated,

		       struct nfp_flower_pedit_acts *set_act,

		       struct nfp_flower_pedit_acts *set_act, bool *pkt_host,

		       struct netlink_ext_ack *extack, int act_idx)

{

	struct nfp_fl_set_ipv4_tun *set_tun;

	case FLOW_ACTION_DROP:

		nfp_fl->meta.shortcut = cpu_to_be32(NFP_FL_SC_ACT_DROP);

		break;

	case FLOW_ACTION_REDIRECT_INGRESS:

	case FLOW_ACTION_REDIRECT:

		err = nfp_flower_output_action(app, act, nfp_fl, a_len, netdev,

					       true, tun_type, tun_out_cnt,

					       out_cnt, csum_updated, extack);

					       out_cnt, csum_updated, *pkt_host,

					       extack);

		if (err)

			return err;

		break;

	case FLOW_ACTION_MIRRED_INGRESS:

	case FLOW_ACTION_MIRRED:

		err = nfp_flower_output_action(app, act, nfp_fl, a_len, netdev,

					       false, tun_type, tun_out_cnt,

					       out_cnt, csum_updated, extack);

					       out_cnt, csum_updated, *pkt_host,

					       extack);

		if (err)

			return err;

		break;

		nfp_fl_set_mpls(set_m, act);

		*a_len += sizeof(struct nfp_fl_set_mpls);

		break;

	case FLOW_ACTION_PTYPE:

		/* TC ptype skbedit sets PACKET_HOST for ingress redirect. */

		if (act->ptype != PACKET_HOST)

			return -EOPNOTSUPP;

		*pkt_host = true;

		break;

	default:

		/* Currently we do not handle any other actions. */

		NL_SET_ERR_MSG_MOD(extack, "unsupported offload: unsupported action in action list");

	struct nfp_flower_pedit_acts set_act;

	enum nfp_flower_tun_type tun_type;

	struct flow_action_entry *act;

	bool pkt_host = false;

	u32 csum_updated = 0;

	memset(nfp_flow->action_data, 0, NFP_FL_MAX_A_SIZ);

		err = nfp_flower_loop_action(app, act, flow, nfp_flow, &act_len,

					     netdev, &tun_type, &tun_out_cnt,

					     &out_cnt, &csum_updated,

					     &set_act, extack, i);

					     &set_act, &pkt_host, extack, i);

		if (err)

			return err;

		act_cnt++;

	__be16 tun_flags;

	u8 ttl;

	u8 tos;

	__be32 extra;

	__be16 outer_vlan_tpid;

	__be16 outer_vlan_tci;

	u8 tun_len;

	u8 res2;

	__be16 tun_proto;

	NFP_FLOWER_CMSG_TYPE_QOS_MOD =		18,

	NFP_FLOWER_CMSG_TYPE_QOS_DEL =		19,

	NFP_FLOWER_CMSG_TYPE_QOS_STATS =	20,

	NFP_FLOWER_CMSG_TYPE_PRE_TUN_RULE =	21,

	NFP_FLOWER_CMSG_TYPE_MAX =		32,

};

	INIT_LIST_HEAD(&app_priv->indr_block_cb_priv);

	INIT_LIST_HEAD(&app_priv->non_repr_priv);

	app_priv->pre_tun_rule_cnt = 0;

	return 0;

#define NFP_FL_FEATS_VLAN_PCP		BIT(3)

#define NFP_FL_FEATS_VF_RLIM		BIT(4)

#define NFP_FL_FEATS_FLOW_MOD		BIT(5)

#define NFP_FL_FEATS_PRE_TUN_RULES	BIT(6)

#define NFP_FL_FEATS_FLOW_MERGE		BIT(30)

#define NFP_FL_FEATS_LAG		BIT(31)

 * @qos_stats_work:	Workqueue for qos stats processing

 * @qos_rate_limiters:	Current active qos rate limiters

 * @qos_stats_lock:	Lock on qos stats updates

 * @pre_tun_rule_cnt:	Number of pre-tunnel rules offloaded

 */

struct nfp_flower_priv {

	struct nfp_app *app;

	struct delayed_work qos_stats_work;

	unsigned int qos_rate_limiters;

	spinlock_t qos_stats_lock; /* Protect the qos stats */

	int pre_tun_rule_cnt;

};

/**

 * @block_shared:	Flag indicating if offload applies to shared blocks

 * @mac_list:		List entry of reprs that share the same offloaded MAC

 * @qos_table:		Stored info on filters implementing qos

 * @on_bridge:		Indicates if the repr is attached to a bridge

 */

struct nfp_flower_repr_priv {

	struct nfp_repr *nfp_repr;

	bool block_shared;

	struct list_head mac_list;

	struct nfp_fl_qos qos_table;

	bool on_bridge;

};

/**

	char *action_data;

	struct list_head linked_flows;

	bool in_hw;

	struct {

		struct net_device *dev;

		__be16 vlan_tci;

		__be16 port_idx;

	} pre_tun_rule;

};

struct nfp_fl_payload_link {

	return flow_pay->tc_flower_cookie == (unsigned long)flow_pay;

}

static inline bool nfp_flower_is_supported_bridge(struct net_device *netdev)

{

	return netif_is_ovs_master(netdev);

}

int nfp_flower_metadata_init(struct nfp_app *app, u64 host_ctx_count,

			     unsigned int host_ctx_split);

void nfp_flower_metadata_cleanup(struct nfp_app *app);

nfp_flower_non_repr_priv_put(struct nfp_app *app, struct net_device *netdev);

u32 nfp_flower_get_port_id_from_netdev(struct nfp_app *app,

				       struct net_device *netdev);

int nfp_flower_xmit_pre_tun_flow(struct nfp_app *app,

				 struct nfp_fl_payload *flow);

int nfp_flower_xmit_pre_tun_del_flow(struct nfp_app *app,

				     struct nfp_fl_payload *flow);

#endif

	 NFP_FLOWER_LAYER_IPV4 | \

	 NFP_FLOWER_LAYER_IPV6)

#define NFP_FLOWER_PRE_TUN_RULE_FIELDS \

	(NFP_FLOWER_LAYER_PORT | \

	 NFP_FLOWER_LAYER_MAC | \

	 NFP_FLOWER_LAYER_IPV4)

struct nfp_flower_merge_check {

	union {

		struct {

	flow_pay->meta.flags = 0;

	INIT_LIST_HEAD(&flow_pay->linked_flows);

	flow_pay->in_hw = false;

	flow_pay->pre_tun_rule.dev = NULL;

	return flow_pay;

	return act_off;

}

static int nfp_fl_verify_post_tun_acts(char *acts, int len)

static int

nfp_fl_verify_post_tun_acts(char *acts, int len, struct nfp_fl_push_vlan **vlan)

{

	struct nfp_fl_act_head *a;

	unsigned int act_off = 0;

	while (act_off < len) {

		a = (struct nfp_fl_act_head *)&acts[act_off];

		if (a->jump_id != NFP_FL_ACTION_OPCODE_OUTPUT)

		if (a->jump_id == NFP_FL_ACTION_OPCODE_PUSH_VLAN && !act_off)

			*vlan = (struct nfp_fl_push_vlan *)a;

		else if (a->jump_id != NFP_FL_ACTION_OPCODE_OUTPUT)

			return -EOPNOTSUPP;

		act_off += a->len_lw << NFP_FL_LW_SIZ;

	}

	/* Ensure any VLAN push also has an egress action. */

	if (*vlan && act_off <= sizeof(struct nfp_fl_push_vlan))

		return -EOPNOTSUPP;

	return 0;

}

static int

nfp_fl_push_vlan_after_tun(char *acts, int len, struct nfp_fl_push_vlan *vlan)

{

	struct nfp_fl_set_ipv4_tun *tun;

	struct nfp_fl_act_head *a;

	unsigned int act_off = 0;

	while (act_off < len) {

		a = (struct nfp_fl_act_head *)&acts[act_off];

		if (a->jump_id == NFP_FL_ACTION_OPCODE_SET_IPV4_TUNNEL) {

			tun = (struct nfp_fl_set_ipv4_tun *)a;

			tun->outer_vlan_tpid = vlan->vlan_tpid;

			tun->outer_vlan_tci = vlan->vlan_tci;

			return 0;

		}

		act_off += a->len_lw << NFP_FL_LW_SIZ;

	}

	/* Return error if no tunnel action is found. */

	return -EOPNOTSUPP;

}

static int

nfp_flower_merge_action(struct nfp_fl_payload *sub_flow1,

			struct nfp_fl_payload *sub_flow2,

			struct nfp_fl_payload *merge_flow)

{

	unsigned int sub1_act_len, sub2_act_len, pre_off1, pre_off2;

	struct nfp_fl_push_vlan *post_tun_push_vlan = NULL;

	bool tunnel_act = false;

	char *merge_act;

	int err;

	sub2_act_len -= pre_off2;

	/* FW does a tunnel push when egressing, therefore, if sub_flow 1 pushes

	 * a tunnel, sub_flow 2 can only have output actions for a valid merge.

	 * a tunnel, there are restrictions on what sub_flow 2 actions lead to a

	 * valid merge.

	 */

	if (tunnel_act) {

		char *post_tun_acts = &sub_flow2->action_data[pre_off2];

		err = nfp_fl_verify_post_tun_acts(post_tun_acts, sub2_act_len);

		err = nfp_fl_verify_post_tun_acts(post_tun_acts, sub2_act_len,

						  &post_tun_push_vlan);

		if (err)

			return err;

		if (post_tun_push_vlan) {

			pre_off2 += sizeof(*post_tun_push_vlan);

			sub2_act_len -= sizeof(*post_tun_push_vlan);

		}

	}

	/* Copy remaining actions from sub_flows 1 and 2. */

	memcpy(merge_act, sub_flow1->action_data + pre_off1, sub1_act_len);

	if (post_tun_push_vlan) {

		/* Update tunnel action in merge to include VLAN push. */

		err = nfp_fl_push_vlan_after_tun(merge_act, sub1_act_len,

						 post_tun_push_vlan);

		if (err)

			return err;

		merge_flow->meta.act_len -= sizeof(*post_tun_push_vlan);

	}

	merge_act += sub1_act_len;

	memcpy(merge_act, sub_flow2->action_data + pre_off2, sub2_act_len);

	return err;

}

/**

 * nfp_flower_validate_pre_tun_rule()

 * @app:	Pointer to the APP handle

 * @flow:	Pointer to NFP flow representation of rule

 * @extack:	Netlink extended ACK report

 *

 * Verifies the flow as a pre-tunnel rule.

 *

 * Return: negative value on error, 0 if verified.

 */

static int

nfp_flower_validate_pre_tun_rule(struct nfp_app *app,

				 struct nfp_fl_payload *flow,

				 struct netlink_ext_ack *extack)

{

	struct nfp_flower_meta_tci *meta_tci;

	struct nfp_flower_mac_mpls *mac;

	struct nfp_fl_act_head *act;

	u8 *mask = flow->mask_data;

	bool vlan = false;

	int act_offset;

	u8 key_layer;

	meta_tci = (struct nfp_flower_meta_tci *)flow->unmasked_data;

	if (meta_tci->tci & cpu_to_be16(NFP_FLOWER_MASK_VLAN_PRESENT)) {

		u16 vlan_tci = be16_to_cpu(meta_tci->tci);

		vlan_tci &= ~NFP_FLOWER_MASK_VLAN_PRESENT;

		flow->pre_tun_rule.vlan_tci = cpu_to_be16(vlan_tci);

		vlan = true;

	} else {

		flow->pre_tun_rule.vlan_tci = cpu_to_be16(0xffff);

	}

	key_layer = meta_tci->nfp_flow_key_layer;

	if (key_layer & ~NFP_FLOWER_PRE_TUN_RULE_FIELDS) {

		NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: too many match fields");

		return -EOPNOTSUPP;

	}

	if (!(key_layer & NFP_FLOWER_LAYER_MAC)) {

		NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: MAC fields match required");

		return -EOPNOTSUPP;

	}

	/* Skip fields known to exist. */

	mask += sizeof(struct nfp_flower_meta_tci);

	mask += sizeof(struct nfp_flower_in_port);

	/* Ensure destination MAC address is fully matched. */

	mac = (struct nfp_flower_mac_mpls *)mask;

	if (!is_broadcast_ether_addr(&mac->mac_dst[0])) {

		NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: dest MAC field must not be masked");

		return -EOPNOTSUPP;

	}

	if (key_layer & NFP_FLOWER_LAYER_IPV4) {

		int ip_flags = offsetof(struct nfp_flower_ipv4, ip_ext.flags);

		int ip_proto = offsetof(struct nfp_flower_ipv4, ip_ext.proto);

		int i;

		mask += sizeof(struct nfp_flower_mac_mpls);

		/* Ensure proto and flags are the only IP layer fields. */

		for (i = 0; i < sizeof(struct nfp_flower_ipv4); i++)

			if (mask[i] && i != ip_flags && i != ip_proto) {

				NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: only flags and proto can be matched in ip header");

				return -EOPNOTSUPP;

			}

	}

	/* Action must be a single egress or pop_vlan and egress. */

	act_offset = 0;

	act = (struct nfp_fl_act_head *)&flow->action_data[act_offset];

	if (vlan) {

		if (act->jump_id != NFP_FL_ACTION_OPCODE_POP_VLAN) {

			NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: match on VLAN must have VLAN pop as first action");

			return -EOPNOTSUPP;

		}

		act_offset += act->len_lw << NFP_FL_LW_SIZ;

		act = (struct nfp_fl_act_head *)&flow->action_data[act_offset];

	}

	if (act->jump_id != NFP_FL_ACTION_OPCODE_OUTPUT) {

		NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: non egress action detected where egress was expected");

		return -EOPNOTSUPP;

	}

	act_offset += act->len_lw << NFP_FL_LW_SIZ;

	/* Ensure there are no more actions after egress. */

	if (act_offset != flow->meta.act_len) {

		NL_SET_ERR_MSG_MOD(extack, "unsupported pre-tunnel rule: egress is not the last action");

		return -EOPNOTSUPP;

	}

	return 0;

}

/**

 * nfp_flower_add_offload() - Adds a new flow to hardware.

 * @app:	Pointer to the APP handle

	if (err)

		goto err_destroy_flow;

	if (flow_pay->pre_tun_rule.dev) {

		err = nfp_flower_validate_pre_tun_rule(app, flow_pay, extack);

		if (err)

			goto err_destroy_flow;

	}

	err = nfp_compile_flow_metadata(app, flow, flow_pay, netdev, extack);

	if (err)

		goto err_destroy_flow;

		goto err_release_metadata;

	}

	if (flow_pay->pre_tun_rule.dev)

		err = nfp_flower_xmit_pre_tun_flow(app, flow_pay);

	else

		err = nfp_flower_xmit_flow(app, flow_pay,

					   NFP_FLOWER_CMSG_TYPE_FLOW_ADD);

	if (err)

		goto err_free_merge_flow;

	}

	if (nfp_flow->pre_tun_rule.dev)

		err = nfp_flower_xmit_pre_tun_del_flow(app, nfp_flow);

	else

		err = nfp_flower_xmit_flow(app, nfp_flow,

					   NFP_FLOWER_CMSG_TYPE_FLOW_DEL);

	/* Fall through on error. */