cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

conntrack.h (8094B)

      1/* SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) */
      2/* Copyright (C) 2021 Corigine, Inc. */
      3
      4#ifndef __NFP_FLOWER_CONNTRACK_H__
      5#define __NFP_FLOWER_CONNTRACK_H__ 1
      6
      7#include <net/netfilter/nf_flow_table.h>
      8#include "main.h"
      9
     10#define NFP_FL_CT_NO_TUN	0xff
     11
     12#define COMPARE_UNMASKED_FIELDS(__match1, __match2, __out)	\
     13	do {							\
     14		typeof(__match1) _match1 = (__match1);		\
     15		typeof(__match2) _match2 = (__match2);		\
     16		bool *_out = (__out);		\
     17		int i, size = sizeof(*(_match1).key);		\
     18		char *k1, *m1, *k2, *m2;			\
     19		*_out = false;					\
     20		k1 = (char *)_match1.key;			\
     21		m1 = (char *)_match1.mask;			\
     22		k2 = (char *)_match2.key;			\
     23		m2 = (char *)_match2.mask;			\
     24		for (i = 0; i < size; i++)			\
     25			if ((k1[i] & m1[i] & m2[i]) ^		\
     26			    (k2[i] & m1[i] & m2[i])) {		\
     27				*_out = true;			\
     28				break;				\
     29			}					\
     30	} while (0)						\
     31
     32extern const struct rhashtable_params nfp_zone_table_params;
     33extern const struct rhashtable_params nfp_ct_map_params;
     34extern const struct rhashtable_params nfp_tc_ct_merge_params;
     35extern const struct rhashtable_params nfp_nft_ct_merge_params;
     36
     37/**
     38 * struct nfp_fl_ct_zone_entry - Zone entry containing conntrack flow information
     39 * @zone:	The zone number, used as lookup key in hashtable
     40 * @hash_node:	Used by the hashtable
     41 * @priv:	Pointer to nfp_flower_priv data
     42 * @nft:	Pointer to nf_flowtable for this zone
     43 *
     44 * @pre_ct_list:	The pre_ct_list of nfp_fl_ct_flow_entry entries
     45 * @pre_ct_count:	Keep count of the number of pre_ct entries
     46 *
     47 * @post_ct_list:	The post_ct_list of nfp_fl_ct_flow_entry entries
     48 * @post_ct_count:	Keep count of the number of post_ct entries
     49 *
     50 * @tc_merge_tb:	The table of merged tc flows
     51 * @tc_merge_count:	Keep count of the number of merged tc entries
     52 *
     53 * @nft_flows_list:	The list of nft relatednfp_fl_ct_flow_entry entries
     54 * @nft_flows_count:	Keep count of the number of nft_flow entries
     55 *
     56 * @nft_merge_tb:	The table of merged tc+nft flows
     57 * @nft_merge_count:	Keep count of the number of merged tc+nft entries
     58 */
     59struct nfp_fl_ct_zone_entry {
     60	u16 zone;
     61	struct rhash_head hash_node;
     62
     63	struct nfp_flower_priv *priv;
     64	struct nf_flowtable *nft;
     65
     66	struct list_head pre_ct_list;
     67	unsigned int pre_ct_count;
     68
     69	struct list_head post_ct_list;
     70	unsigned int post_ct_count;
     71
     72	struct rhashtable tc_merge_tb;
     73	unsigned int tc_merge_count;
     74
     75	struct list_head nft_flows_list;
     76	unsigned int nft_flows_count;
     77
     78	struct rhashtable nft_merge_tb;
     79	unsigned int nft_merge_count;
     80};
     81
     82enum ct_entry_type {
     83	CT_TYPE_PRE_CT,
     84	CT_TYPE_NFT,
     85	CT_TYPE_POST_CT,
     86	_CT_TYPE_MAX,
     87};
     88
     89enum nfp_nfp_layer_name {
     90	FLOW_PAY_META_TCI =    0,
     91	FLOW_PAY_INPORT,
     92	FLOW_PAY_EXT_META,
     93	FLOW_PAY_MAC_MPLS,
     94	FLOW_PAY_L4,
     95	FLOW_PAY_IPV4,
     96	FLOW_PAY_IPV6,
     97	FLOW_PAY_CT,
     98	FLOW_PAY_GRE,
     99	FLOW_PAY_QINQ,
    100	FLOW_PAY_UDP_TUN,
    101	FLOW_PAY_GENEVE_OPT,
    102
    103	_FLOW_PAY_LAYERS_MAX
    104};
    105
    106/**
    107 * struct nfp_fl_ct_flow_entry - Flow entry containing conntrack flow information
    108 * @cookie:	Flow cookie, same as original TC flow, used as key
    109 * @list_node:	Used by the list
    110 * @chain_index:	Chain index of the original flow
    111 * @netdev:	netdev structure.
    112 * @type:	Type of pre-entry from enum ct_entry_type
    113 * @zt:		Reference to the zone table this belongs to
    114 * @children:	List of tc_merge flows this flow forms part of
    115 * @rule:	Reference to the original TC flow rule
    116 * @stats:	Used to cache stats for updating
    117 * @tun_offset: Used to indicate tunnel action offset in action list
    118 */
    119struct nfp_fl_ct_flow_entry {
    120	unsigned long cookie;
    121	struct list_head list_node;
    122	u32 chain_index;
    123	enum ct_entry_type type;
    124	struct net_device *netdev;
    125	struct nfp_fl_ct_zone_entry *zt;
    126	struct list_head children;
    127	struct flow_rule *rule;
    128	struct flow_stats stats;
    129	u8 tun_offset;		// Set to NFP_FL_CT_NO_TUN if no tun
    130};
    131
    132/**
    133 * struct nfp_fl_ct_tc_merge - Merge of two flows from tc
    134 * @cookie:		Flow cookie, combination of pre and post ct cookies
    135 * @hash_node:		Used by the hashtable
    136 * @pre_ct_list:	This entry is part of a pre_ct_list
    137 * @post_ct_list:	This entry is part of a post_ct_list
    138 * @zt:			Reference to the zone table this belongs to
    139 * @pre_ct_parent:	The pre_ct_parent
    140 * @post_ct_parent:	The post_ct_parent
    141 * @children:		List of nft merged entries
    142 */
    143struct nfp_fl_ct_tc_merge {
    144	unsigned long cookie[2];
    145	struct rhash_head hash_node;
    146	struct list_head pre_ct_list;
    147	struct list_head post_ct_list;
    148	struct nfp_fl_ct_zone_entry *zt;
    149	struct nfp_fl_ct_flow_entry *pre_ct_parent;
    150	struct nfp_fl_ct_flow_entry *post_ct_parent;
    151	struct list_head children;
    152};
    153
    154/**
    155 * struct nfp_fl_nft_tc_merge - Merge of tc_merge flows with nft flow
    156 * @netdev:		Ingress netdev name
    157 * @cookie:		Flow cookie, combination of tc_merge and nft cookies
    158 * @hash_node:		Used by the hashtable
    159 * @zt:	Reference to the zone table this belongs to
    160 * @nft_flow_list:	This entry is part of a nft_flows_list
    161 * @tc_merge_list:	This entry is part of a ct_merge_list
    162 * @tc_m_parent:	The tc_merge parent
    163 * @nft_parent:	The nft_entry parent
    164 * @tc_flower_cookie:	The cookie of the flow offloaded to the nfp
    165 * @flow_pay:	Reference to the offloaded flow struct
    166 */
    167struct nfp_fl_nft_tc_merge {
    168	struct net_device *netdev;
    169	unsigned long cookie[3];
    170	struct rhash_head hash_node;
    171	struct nfp_fl_ct_zone_entry *zt;
    172	struct list_head nft_flow_list;
    173	struct list_head tc_merge_list;
    174	struct nfp_fl_ct_tc_merge *tc_m_parent;
    175	struct nfp_fl_ct_flow_entry *nft_parent;
    176	unsigned long tc_flower_cookie;
    177	struct nfp_fl_payload *flow_pay;
    178};
    179
    180/**
    181 * struct nfp_fl_ct_map_entry - Map between flow cookie and specific ct_flow
    182 * @cookie:	Flow cookie, same as original TC flow, used as key
    183 * @hash_node:	Used by the hashtable
    184 * @ct_entry:	Pointer to corresponding ct_entry
    185 */
    186struct nfp_fl_ct_map_entry {
    187	unsigned long cookie;
    188	struct rhash_head hash_node;
    189	struct nfp_fl_ct_flow_entry *ct_entry;
    190};
    191
    192bool is_pre_ct_flow(struct flow_cls_offload *flow);
    193bool is_post_ct_flow(struct flow_cls_offload *flow);
    194
    195/**
    196 * nfp_fl_ct_handle_pre_ct() - Handles -trk conntrack rules
    197 * @priv:	Pointer to app priv
    198 * @netdev:	netdev structure.
    199 * @flow:	TC flower classifier offload structure.
    200 * @extack:	Extack pointer for errors
    201 *
    202 * Adds a new entry to the relevant zone table and tries to
    203 * merge with other +trk+est entries and offload if possible.
    204 *
    205 * Return: negative value on error, 0 if configured successfully.
    206 */
    207int nfp_fl_ct_handle_pre_ct(struct nfp_flower_priv *priv,
    208			    struct net_device *netdev,
    209			    struct flow_cls_offload *flow,
    210			    struct netlink_ext_ack *extack);
    211/**
    212 * nfp_fl_ct_handle_post_ct() - Handles +trk+est conntrack rules
    213 * @priv:	Pointer to app priv
    214 * @netdev:	netdev structure.
    215 * @flow:	TC flower classifier offload structure.
    216 * @extack:	Extack pointer for errors
    217 *
    218 * Adds a new entry to the relevant zone table and tries to
    219 * merge with other -trk entries and offload if possible.
    220 *
    221 * Return: negative value on error, 0 if configured successfully.
    222 */
    223int nfp_fl_ct_handle_post_ct(struct nfp_flower_priv *priv,
    224			     struct net_device *netdev,
    225			     struct flow_cls_offload *flow,
    226			     struct netlink_ext_ack *extack);
    227
    228/**
    229 * nfp_fl_ct_clean_flow_entry() - Free a nfp_fl_ct_flow_entry
    230 * @entry:	Flow entry to cleanup
    231 */
    232void nfp_fl_ct_clean_flow_entry(struct nfp_fl_ct_flow_entry *entry);
    233
    234/**
    235 * nfp_fl_ct_del_flow() - Handle flow_del callbacks for conntrack
    236 * @ct_map_ent:	ct map entry for the flow that needs deleting
    237 */
    238int nfp_fl_ct_del_flow(struct nfp_fl_ct_map_entry *ct_map_ent);
    239
    240/**
    241 * nfp_fl_ct_handle_nft_flow() - Handle flower flow callbacks for nft table
    242 * @type:	Type provided by callback
    243 * @type_data:	Callback data
    244 * @cb_priv:	Pointer to data provided when registering the callback, in this
    245 *		case it's the zone table.
    246 */
    247int nfp_fl_ct_handle_nft_flow(enum tc_setup_type type, void *type_data,
    248			      void *cb_priv);
    249
    250/**
    251 * nfp_fl_ct_stats() - Handle flower stats callbacks for ct flows
    252 * @flow:	TC flower classifier offload structure.
    253 * @ct_map_ent:	ct map entry for the flow that needs deleting
    254 */
    255int nfp_fl_ct_stats(struct flow_cls_offload *flow,
    256		    struct nfp_fl_ct_map_entry *ct_map_ent);
    257#endif