- 27 Sep, 2017 34 commits
-
-
Yotam Gigi authored
Allow drivers, registered to the fib notification chain indicate whether a multicast MFC route is offloaded or not, similarly to unicast routes. The indication of whether a route is offloaded is done using the mfc_flags field on an mfc_cache struct, and the information is sent to the userspace via the RTNetlink interface only. Currently, MFC routes are either offloaded or not, thus there is no need to add per-VIF offload indication. Signed-off-by:
Yotam Gigi <yotamg@mellanox.com> Reviewed-by:
Ido Schimmel <idosch@mellanox.com> Signed-off-by:
Jiri Pirko <jiri@mellanox.com> Reviewed-by:
Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Yotam Gigi authored
Use the newly introduced notification chain to send events upon VIF and MFC addition and deletion. The MFC notifications are sent only on resolved MFC entries, as unresolved cannot be offloaded. Signed-off-by:
-
Yotam Gigi authored
Make the ipmr module register as a FIB notifier. To do that, implement both the ipmr_seq_read and ipmr_dump ops. The ipmr_seq_read op returns a sequence counter that is incremented on every notification related operation done by the ipmr. To implement that, add a sequence counter in the netns_ipv4 struct and increment it whenever a new MFC route or VIF are added or deleted. The sequence operations are protected by the RTNL lock. The ipmr_dump iterates the list of MFC routes and the list of VIF entries and sends notifications about them. The entries dump is done under RCU where the VIF dump uses the mrt_lock too, as the vif->dev field can change under RCU. Signed-off-by:
-
Yotam Gigi authored
Next commits will introduce MFC notifications through the atomic fib_notification chain, thus allowing modules to be aware of MFC entries. Due to the fact that modules may need to hold a reference to an MFC entry, add reference count to MFC entries to prevent them from being freed while these modules use them. The reference counting is done only on resolved MFC entries currently. Signed-off-by:
-
Yotam Gigi authored
In order for an interface to forward packets according to the kernel multicast routing table, it must be configured with a VIF index according to the mroute user API. The VIF index is then used to refer to that interface in the mroute user API, for example, to set the iif and oifs of an MFC entry. In order to allow drivers to be aware and offload multicast routes, they have to be aware of the VIF add and delete notifications. Due to the fact that a specific VIF can be deleted and re-added pointing to another netdevice, and the MFC routes that point to it will forward the matching packets to the new netdevice, a driver willing to offload MFC cache entries must be aware of the VIF add and delete events in addition to MFC routes notifications. Signed-off-by:
-
David S. Miller authored
Simon Horman says: ==================== nfp: flower vxlan tunnel offload John says: This patch set allows offloading of TC flower match and set tunnel fields to the NFP. The initial focus is on VXLAN traffic. Due to the current state of the NFP firmware, only VXLAN traffic on well known port 4789 is handled. The match and action fields must explicity set this value to be supported. Tunnel end point information is also offloaded to the NFP for both encapsulation and decapsulation. The NFP expects 3 separate data sets to be supplied. For decapsulation, 2 separate lists exist; a list of MAC addresses referenced by an index comprised of the port number, and a list of IP addresses. These IP addresses are not connected to a MAC or port. The MAC addresses can be written as a block or one at a time (because they have an index, previous values can be overwritten) while the IP addresses are always written as a list of all the available IPs. Because the MAC address used as a tunnel end point may be associated with a physical port or may be a virtual netdev like an OVS bridge, we do not know which addresses should be offloaded. For this reason, all MAC addresses of active netdevs are offloaded to the NFP. A notifier checks for changes to any currently offloaded MACs or any new netdevs that may occur. For IP addresses, the tunnel end point used in the rules is known as the destination IP address must be specified in the flower classifier rule. When a new IP address appears in a rule, the IP address is offloaded. The IP is removed from the offloaded list when all rules matching on that IP are deleted. For encapsulation, a next hop table is updated on the NFP that contains the source/dest IPs, MACs and egress port. These are written individually when requested. If the NFP tries to encapsulate a packet but does not know the next hop, then is sends a request to the host. The host carries out a route lookup and populates the given entry on the NFP table. A notifier also exists to check for any links changing or going down in the kernel next hop table. If an offloaded next hop entry is removed from the kernel then it is also removed on the NFP. The NFP periodically sends a message to the host telling it which tunnel ports have packets egressing the system. The host uses this information to update the used value in the neighbour entry. This means that, rather than expire when it times out, the kernel will send an ARP to check if the link is still live. From an NFP perspective, this means that valid entries will not be removed from its next hop table. ==================== Acked-by:
Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by:
-
John Hurley authored
Periodically receive messages containing the destination IPs of tunnels that have recently forwarded traffic. Update the neighbour entries 'used' value for these IPs next hop. This prevents the neighbour entry from expiring on timeout but rather signals an ARP to verify the connection. From an NFP perspective, packets will not fall back mid-flow unless the link is verified to be down. Signed-off-by:
John Hurley <john.hurley@netronome.com> Reviewed-by:
Simon Horman <simon.horman@netronome.com> Signed-off-by:
-
John Hurley authored
Receive a request when the NFP does not know the next hop for a packet that is to be encapsulated in a VXLAN tunnel. Do a route lookup, determine the next hop entry and update neighbour table on NFP. Monitor the kernel neighbour table for link changes and update NFP with relevant information. Overwrite routes with zero values on the NFP when they expire. Signed-off-by:
-
John Hurley authored
Maintain a list of IPv4 addresses used as the tunnel destination IP match fields in currently active flower rules. Offload the entire list of NFP_FL_IPV4_ADDRS_MAX (even if some are unused) when new IPs are added or removed. The NFP should only be aware of tunnel end points that are currently used by rules on the device Signed-off-by:
-
John Hurley authored
Generate a list of MAC addresses of netdevs that could be used as VXLAN tunnel end points. Give offloaded MACs an index for storage on the NFP in the ranges: 0x100-0x1ff physical port representors 0x200-0x2ff VF port representors 0x300-0x3ff other offloads (e.g. vxlan netdevs, ovs bridges) Assign phys and vf indexes based on unique 8 bit values in the port num. Maintain list of other netdevs to ensure same netdev is not offloaded twice and each gets a unique ID without exhausting the entries. Because the IDs are unique but constant for a netdev, any changes are implemented by overwriting the index on NFP. Signed-off-by:
-
John Hurley authored
Compile set tunnel actions for tc flower. Only support VXLAN and ensure a tunnel destination port of 4789 is used. Signed-off-by:
-
John Hurley authored
Compile ovs-tc flower vxlan metadata match fields for offloading. Only support offload of tunnel data when the VXLAN port specifically matches well known port 4789. Signed-off-by:
-
John Hurley authored
Add a helper function that returns the length of the cmsg data when given the cmsg skb Signed-off-by:
-
David S. Miller authored
Jiri Pirko says: ==================== mlxsw: Introduce support for "pass" gact action offloading Very simple patchset adds ability for user to insert filters with "pass" gact action and offload it. That allows scenarios like this: $ tc filter add dev enp3s0np19 ingress protocol ip pref 10 flower skip_sw dst_ip 192.168.101.0/24 action drop $ tc filter add dev enp3s0np19 ingress protocol ip pref 9 flower skip_sw dst_ip 192.168.101.1 action pass ==================== Signed-off-by: -
Jiri Pirko authored
If action is "gact_ok", offload it to HW. Signed-off-by:
-
Jiri Pirko authored
Introduce a helper called is_tcf_gact_pass which could be used to tell if the action is gact pass or not. Signed-off-by:
-
Jiri Pirko authored
Propagate error instead of doing WARN_ON right away. Signed-off-by:
-
David S. Miller authored
Vivien Didelot says: ==================== net: dsa: use generic slave phydev DSA currently stores a phy_device pointer in each slave private structure. This requires to implement our own ethtool ksettings accessors and such. This patchset removes the private phy_device in favor of the one provided in the net_device structure, and thus allows us to use the generic phy_ethtool_* functions. ==================== Tested-by:
Florian Fainelli <f.fainelli@gmail.com> Signed-off-by:
-
Vivien Didelot authored
Use phy_ethtool_nway_reset now that dsa_slave_nway_reset does exactly the same. Signed-off-by:
Vivien Didelot <vivien.didelot@savoirfairelinux.com> Reviewed-by:
Andrew Lunn <andrew@lunn.ch> Reviewed-by:
-
Vivien Didelot authored
Use phy_ethtool_set_link_ksettings now that dsa_slave_set_link_ksettings does exactly the same. Signed-off-by:
-
Vivien Didelot authored
Use phy_ethtool_get_link_ksettings now that dsa_slave_get_link_ksettings does exactly the same. Signed-off-by:
-
Vivien Didelot authored
There is no need to store a phy_device in dsa_slave_priv since net_device already provides one. Simply s/p->phy/dev->phydev/. Signed-off-by:
-
Vivien Didelot authored
Instead of returning -EOPNOTSUPP when a slave device has no PHY, directly return -ENODEV as ethtool and phylib do. Signed-off-by:
-
David S. Miller authored
Jiri Pirko says: ==================== mlxsw: Add router adjacency dpipe table Arkadi says: This patchset adds router adjacency dpipe table support. This will provide the ability to observe the hardware offloaded IPv4/6 nexthops. ==================== Signed-off-by: -
Arkadi Sharshevsky authored
Add support for controlling nexthop counters via dpipe. Signed-off-by:
Arkadi Sharshevsky <arkadis@mellanox.com> Signed-off-by:
-
Arkadi Sharshevsky authored
Add support for adjacency table dump. Signed-off-by:
-
Arkadi Sharshevsky authored
Add support for setting counters on nexthops based on dpipe's adjacency table counter status. This patch also adds the ability for getting the counter value, which will be used by the dpipe adjacency table dump implementation in the next patches. Signed-off-by:
-
Arkadi Sharshevsky authored
In order to add the ability for setting counters on nexthops the RATR register should be extended. Signed-off-by:
-
Arkadi Sharshevsky authored
Add initial support for router adjacency table. The table does lookup based on the nexthop-group index and the local nexthop offset. After locating the nexthop entry it sets the destination MAC address and the egress RIF. Signed-off-by:
-
Arkadi Sharshevsky authored
This is done as a preparation before introducing the ability to dump the adjacency table via dpipe, and to count the table size. The current table implementation avoids tunnel entries, thus a helper for checking if the nexthop group contains tunnel entries is also provided. The mlxsw's nexthop representative struct stays private to the router module. Signed-off-by:
-
Arkadi Sharshevsky authored
Use list_is_last helper to check for last neighbor. Signed-off-by:
-
Arkadi Sharshevsky authored
Keep nexthops in a linked list for easy access. Signed-off-by:
-
Arkadi Sharshevsky authored
This patch adds field for mlxsw's meta header which will be used to describe the match/action behavior of the adjacency table. The fields are: 1. Adj_index - The global index of the nexthop group in the adjacency table. 2. Adj_hash_index - Local index offset which is based on packets hash mod the nexthop group size. Signed-off-by:
-
Arkadi Sharshevsky authored
Fix indentation in mlxsw_meta header's description. Signed-off-by:
-
- 26 Sep, 2017 6 commits
-
-
David S. Miller authored
Daniel Borkmann says: ==================== BPF metadata for direct access This work enables generic transfer of metadata from XDP into skb, meaning the packet has a flexible and programmable room for meta data, which can later be used by BPF to set various skb members when passing up the stack. For details, please see second patch. Support has been implemented and tested with two drivers, and should be straight forward to add to other drivers as well which properly support head adjustment already. ==================== Signed-off-by: -
Daniel Borkmann authored
Implement support for transferring XDP meta data into skb for ixgbe driver; before calling into the program, xdp.data_meta points to xdp.data, where on program return with pass verdict, we call into skb_metadata_set(). We implement this for the default ixgbe_build_skb() variant. For the ixgbe_construct_skb() that is used when legacy-rx buffer mananagement mode is turned on via ethtool, I found that XDP gets 0 headroom, so neither xdp_adjust_head() nor xdp_adjust_meta() can be used with this. Just add a comment with explanation for this operating mode. Signed-off-by:
Daniel Borkmann <daniel@iogearbox.net> Acked-by:
Alexei Starovoitov <ast@kernel.org> Acked-by:
John Fastabend <john.fastabend@gmail.com> Signed-off-by:
-
Daniel Borkmann authored
Implement support for transferring XDP meta data into skb for nfp driver; before calling into the program, xdp.data_meta points to xdp.data, where on program return with pass verdict, we call into skb_metadata_set(). Signed-off-by:
-
Daniel Borkmann authored
Add various test_verifier selftests, and a simple xdp/tc functional test that is being attached to veths. Also let new versions of clang use the recently added -mcpu=probe support [1] for the BPF target, so that it can probe the underlying kernel for BPF insn set extensions. We could also just set this options always, where older versions just ignore it and give a note to the user that the -mcpu value is not supported, but given emitting the note cannot be turned off from clang side lets not confuse users running selftests with it, thus fallback to the default generic one when we see that clang doesn't support it. Also allow CPU option to be overridden in the Makefile from command line. [1] https://github.com/llvm-mirror/llvm/commit/d7276a40d87b89aed89978dec6457a5b8b3a0db5Signed-off-by:
-
Daniel Borkmann authored
Looks like a couple of updates missed to get carried into tools/include/uapi/, so copy the bpf.h header as usual to pull in latest updates. Signed-off-by:
-
Daniel Borkmann authored
This work enables generic transfer of metadata from XDP into skb. The basic idea is that we can make use of the fact that the resulting skb must be linear and already comes with a larger headroom for supporting bpf_xdp_adjust_head(), which mangles xdp->data. Here, we base our work on a similar principle and introduce a small helper bpf_xdp_adjust_meta() for adjusting a new pointer called xdp->data_meta. Thus, the packet has a flexible and programmable room for meta data, followed by the actual packet data. struct xdp_buff is therefore laid out that we first point to data_hard_start, then data_meta directly prepended to data followed by data_end marking the end of packet. bpf_xdp_adjust_head() takes into account whether we have meta data already prepended and if so, memmove()s this along with the given offset provided there's enough room. xdp->data_meta is optional and programs are not required to use it. The rationale is that when we process the packet in XDP (e.g. as DoS filter), we can push further meta data along with it for the XDP_PASS case, and give the guarantee that a clsact ingress BPF program on the same device can pick this up for further post-processing. Since we work with skb there, we can also set skb->mark, skb->priority or other skb meta data out of BPF, thus having this scratch space generic and programmable allows for more flexibility than defining a direct 1:1 transfer of potentially new XDP members into skb (it's also more efficient as we don't need to initialize/handle each of such new members). The facility also works together with GRO aggregation. The scratch space at the head of the packet can be multiple of 4 byte up to 32 byte large. Drivers not yet supporting xdp->data_meta can simply be set up with xdp->data_meta as xdp->data + 1 as bpf_xdp_adjust_meta() will detect this and bail out, such that the subsequent match against xdp->data for later access is guaranteed to fail. The verifier treats xdp->data_meta/xdp->data the same way as we treat xdp->data/xdp->data_end pointer comparisons. The requirement for doing the compare against xdp->data is that it hasn't been modified from it's original address we got from ctx access. It may have a range marking already from prior successful xdp->data/xdp->data_end pointer comparisons though. Signed-off-by:
-
