Gitiles
Code Review Sign In
gerrit.nordix.org / codeaurora / qca-nss-sfe / 034d6353edb901ff0e8f88df592ad852eeb4b748 / . / sfe_ipv4_tcp.c
blob: a9415b9f0974709ec6f7b208a3e0a687c7c2f5f7 [file] [log] [blame]
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]1/*
2 * sfe_ipv4_tcp.c
3 * Shortcut forwarding engine - IPv4 TCP implementation
4 *
5 * Copyright (c) 2013-2016, 2019-2020, The Linux Foundation. All rights reserved.
Guduri Prathyusha5f27e232022-01-06 14:39:04 +0530[diff] [blame]6 * Copyright (c) 2021-2022 Qualcomm Innovation Center, Inc. All rights reserved.
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]7 *
8 * Permission to use, copy, modify, and/or distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
20
21#include <linux/skbuff.h>
22#include <net/tcp.h>
23#include <linux/etherdevice.h>
24#include <linux/lockdep.h>
25
26#include "sfe_debug.h"
27#include "sfe_api.h"
28#include "sfe.h"
29#include "sfe_flow_cookie.h"
30#include "sfe_ipv4.h"
Guduri Prathyusha79a5fee2021-11-11 17:59:10 +0530[diff] [blame]31#include "sfe_pppoe.h"
Wayne Tanbb7f1782021-12-13 11:16:04 -0800[diff] [blame]32#include "sfe_vlan.h"
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]33
34/*
35 * sfe_ipv4_process_tcp_option_sack()
36 * Parse TCP SACK option and update ack according
37 */
38static bool sfe_ipv4_process_tcp_option_sack(const struct tcphdr *th, const u32 data_offs,
39 u32 *ack)
40{
41 u32 length = sizeof(struct tcphdr);
42 u8 *ptr = (u8 *)th + length;
43
44 /*
45 * Ignore processing if TCP packet has only TIMESTAMP option.
46 */
47 if (likely(data_offs == length + TCPOLEN_TIMESTAMP + 1 + 1)
48 && likely(ptr[0] == TCPOPT_NOP)
49 && likely(ptr[1] == TCPOPT_NOP)
50 && likely(ptr[2] == TCPOPT_TIMESTAMP)
51 && likely(ptr[3] == TCPOLEN_TIMESTAMP)) {
52 return true;
53 }
54
55 /*
56 * TCP options. Parse SACK option.
57 */
58 while (length < data_offs) {
59 u8 size;
60 u8 kind;
61
62 ptr = (u8 *)th + length;
63 kind = *ptr;
64
65 /*
66 * NOP, for padding
67 * Not in the switch because to fast escape and to not calculate size
68 */
69 if (kind == TCPOPT_NOP) {
70 length++;
71 continue;
72 }
73
74 if (kind == TCPOPT_SACK) {
75 u32 sack = 0;
76 u8 re = 1 + 1;
77
78 size = *(ptr + 1);
79 if ((size < (1 + 1 + TCPOLEN_SACK_PERBLOCK))
80 || ((size - (1 + 1)) % (TCPOLEN_SACK_PERBLOCK))
81 || (size > (data_offs - length))) {
82 return false;
83 }
84
85 re += 4;
86 while (re < size) {
87 u32 sack_re;
88 u8 *sptr = ptr + re;
89 sack_re = (sptr[0] << 24) | (sptr[1] << 16) | (sptr[2] << 8) | sptr[3];
90 if (sack_re > sack) {
91 sack = sack_re;
92 }
93 re += TCPOLEN_SACK_PERBLOCK;
94 }
95 if (sack > *ack) {
96 *ack = sack;
97 }
98 length += size;
99 continue;
100 }
101 if (kind == TCPOPT_EOL) {
102 return true;
103 }
104 size = *(ptr + 1);
105 if (size < 2) {
106 return false;
107 }
108 length += size;
109 }
110
111 return true;
112}
113
114/*
115 * sfe_ipv4_recv_tcp()
116 * Handle TCP packet receives and forwarding.
117 */
118int sfe_ipv4_recv_tcp(struct sfe_ipv4 *si, struct sk_buff *skb, struct net_device *dev,
Ken Zhu88c58152021-12-09 15:12:06 -0800[diff] [blame]119 unsigned int len, struct iphdr *iph, unsigned int ihl, bool sync_on_find, struct sfe_l2_info *l2_info)
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]120{
121 struct tcphdr *tcph;
122 __be32 src_ip;
123 __be32 dest_ip;
124 __be16 src_port;
125 __be16 dest_port;
126 struct sfe_ipv4_connection_match *cm;
127 struct sfe_ipv4_connection_match *counter_cm;
128 u8 ttl;
129 u32 flags;
130 struct net_device *xmit_dev;
131 bool ret;
Ratheesh Kannotha3cf0e02021-12-09 09:44:10 +0530[diff] [blame]132 bool hw_csum;
Ratheesh Kannoth71fc51e2022-01-05 10:02:47 +0530[diff] [blame]133 bool bridge_flow;
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]134
135 /*
Wayne Tanbb7f1782021-12-13 11:16:04 -0800[diff] [blame]136 * Is our packet too short to contain a valid TCP header?
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]137 */
138 if (unlikely(!pskb_may_pull(skb, (sizeof(struct tcphdr) + ihl)))) {
139 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_HEADER_INCOMPLETE);
140 DEBUG_TRACE("packet too short for TCP header\n");
141 return 0;
142 }
143
144 /*
145 * Read the IP address and port information. Read the IP header data first
146 * because we've almost certainly got that in the cache. We may not yet have
147 * the TCP header cached though so allow more time for any prefetching.
148 */
149 src_ip = iph->saddr;
150 dest_ip = iph->daddr;
151
152 tcph = (struct tcphdr *)(skb->data + ihl);
153 src_port = tcph->source;
154 dest_port = tcph->dest;
155 flags = tcp_flag_word(tcph);
156
157 rcu_read_lock();
158
159 /*
160 * Look for a connection match.
161 */
162#ifdef CONFIG_NF_FLOW_COOKIE
163 cm = si->sfe_flow_cookie_table[skb->flow_cookie & SFE_FLOW_COOKIE_MASK].match;
164 if (unlikely(!cm)) {
165 cm = sfe_ipv4_find_connection_match_rcu(si, dev, IPPROTO_TCP, src_ip, src_port, dest_ip, dest_port);
166 }
167#else
168 cm = sfe_ipv4_find_connection_match_rcu(si, dev, IPPROTO_TCP, src_ip, src_port, dest_ip, dest_port);
169#endif
170 if (unlikely(!cm)) {
171 /*
172 * We didn't get a connection but as TCP is connection-oriented that
173 * may be because this is a non-fast connection (not running established).
174 * For diagnostic purposes we differentiate this here.
175 */
176 if (likely((flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK)) == TCP_FLAG_ACK)) {
177
178 rcu_read_unlock();
179 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_NO_CONNECTION_FAST_FLAGS);
180 DEBUG_TRACE("no connection found - fast flags\n");
181 return 0;
182 }
183
184 rcu_read_unlock();
185 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_NO_CONNECTION_SLOW_FLAGS);
186 DEBUG_TRACE("no connection found - slow flags: 0x%x\n",
187 flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK));
188 return 0;
189 }
190
191 /*
Wayne Tanbb7f1782021-12-13 11:16:04 -0800[diff] [blame]192 * If our packet has been marked as "sync on find" we can't actually
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]193 * forward it in the fast path, but now that we've found an associated
Ken Zhu88c58152021-12-09 15:12:06 -0800[diff] [blame]194 * connection we need sync its status before throw it slow path.
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]195 */
Ken Zhu88c58152021-12-09 15:12:06 -0800[diff] [blame]196 if (unlikely(sync_on_find)) {
197 sfe_ipv4_sync_status(si, cm->connection, SFE_SYNC_REASON_STATS);
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]198 rcu_read_unlock();
199
200 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_IP_OPTIONS_OR_INITIAL_FRAGMENT);
Ken Zhu88c58152021-12-09 15:12:06 -0800[diff] [blame]201 DEBUG_TRACE("Sync on find\n");
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]202 return 0;
203 }
204
205#ifdef CONFIG_XFRM
206 /*
207 * We can't accelerate the flow on this direction, just let it go
208 * through the slow path.
209 */
210 if (unlikely(!cm->flow_accel)) {
211 rcu_read_unlock();
212 this_cpu_inc(si->stats_pcpu->packets_not_forwarded64);
213 return 0;
214 }
215#endif
Ratheesh Kannoth71fc51e2022-01-05 10:02:47 +0530[diff] [blame]216
Wayne Tanbb7f1782021-12-13 11:16:04 -0800[diff] [blame]217 /*
218 * Do we expect an ingress VLAN tag for this flow?
219 */
220 if (unlikely(!sfe_vlan_validate_ingress_tag(skb, cm->ingress_vlan_hdr_cnt, cm->ingress_vlan_hdr, l2_info))) {
221 rcu_read_unlock();
222 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_INGRESS_VLAN_TAG_MISMATCH);
223 DEBUG_TRACE("VLAN tag mismatch. skb=%px\n", skb);
224 return 0;
225 }
226
Ratheesh Kannoth71fc51e2022-01-05 10:02:47 +0530[diff] [blame]227 bridge_flow = !!(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_BRIDGE_FLOW);
228
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]229 /*
230 * Does our TTL allow forwarding?
231 */
Ratheesh Kannoth71fc51e2022-01-05 10:02:47 +0530[diff] [blame]232 if (likely(!bridge_flow)) {
233 ttl = iph->ttl;
234 if (unlikely(ttl < 2)) {
Ken Zhu88c58152021-12-09 15:12:06 -0800[diff] [blame]235 sfe_ipv4_sync_status(si, cm->connection, SFE_SYNC_REASON_STATS);
Ratheesh Kannoth71fc51e2022-01-05 10:02:47 +0530[diff] [blame]236 rcu_read_unlock();
Ken Zhu88c58152021-12-09 15:12:06 -0800[diff] [blame]237
Ratheesh Kannoth71fc51e2022-01-05 10:02:47 +0530[diff] [blame]238 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_SMALL_TTL);
Ken Zhu88c58152021-12-09 15:12:06 -0800[diff] [blame]239 DEBUG_TRACE("TTL too low\n");
Ratheesh Kannoth71fc51e2022-01-05 10:02:47 +0530[diff] [blame]240 return 0;
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]241 }
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]242 }
243
244 /*
245 * If our packet is larger than the MTU of the transmit interface then
246 * we can't forward it easily.
247 */
248 if (unlikely((len > cm->xmit_dev_mtu) && !skb_is_gso(skb))) {
Ken Zhu88c58152021-12-09 15:12:06 -0800[diff] [blame]249 sfe_ipv4_sync_status(si, cm->connection, SFE_SYNC_REASON_STATS);
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]250 rcu_read_unlock();
Ken Zhu88c58152021-12-09 15:12:06 -0800[diff] [blame]251
Wayne Tanbb7f1782021-12-13 11:16:04 -0800[diff] [blame]252 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_IP_OPTIONS_OR_INITIAL_FRAGMENT);
Ken Zhu88c58152021-12-09 15:12:06 -0800[diff] [blame]253 DEBUG_TRACE("Larger than MTU\n");
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]254 return 0;
255 }
256
257 /*
258 * Look at our TCP flags. Anything missing an ACK or that has RST, SYN or FIN
259 * set is not a fast path packet.
260 */
261 if (unlikely((flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK)) != TCP_FLAG_ACK)) {
262 struct sfe_ipv4_connection *c = cm->connection;
263 spin_lock_bh(&si->lock);
264 ret = sfe_ipv4_remove_connection(si, c);
265 spin_unlock_bh(&si->lock);
266
267 DEBUG_TRACE("TCP flags: 0x%x are not fast\n",
268 flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK));
269 if (ret) {
270 sfe_ipv4_flush_connection(si, c, SFE_SYNC_REASON_FLUSH);
271 }
272 rcu_read_unlock();
273 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_FLAGS);
274 return 0;
275 }
276
277 counter_cm = cm->counter_match;
278
279 /*
280 * Are we doing sequence number checking?
281 */
282 if (likely(!(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK))) {
283 u32 seq;
284 u32 ack;
285 u32 sack;
286 u32 data_offs;
287 u32 end;
288 u32 left_edge;
289 u32 scaled_win;
290 u32 max_end;
291
292 /*
293 * Is our sequence fully past the right hand edge of the window?
294 */
295 seq = ntohl(tcph->seq);
296 if (unlikely((s32)(seq - (cm->protocol_state.tcp.max_end + 1)) > 0)) {
297 struct sfe_ipv4_connection *c = cm->connection;
298 spin_lock_bh(&si->lock);
299 ret = sfe_ipv4_remove_connection(si, c);
300 spin_unlock_bh(&si->lock);
301
302 DEBUG_TRACE("seq: %u exceeds right edge: %u\n",
303 seq, cm->protocol_state.tcp.max_end + 1);
304 if (ret) {
305 sfe_ipv4_flush_connection(si, c, SFE_SYNC_REASON_FLUSH);
306 }
307 rcu_read_unlock();
308 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_SEQ_EXCEEDS_RIGHT_EDGE);
309 return 0;
310 }
311
312 /*
313 * Check that our TCP data offset isn't too short.
314 */
315 data_offs = tcph->doff << 2;
316 if (unlikely(data_offs < sizeof(struct tcphdr))) {
317 struct sfe_ipv4_connection *c = cm->connection;
318 spin_lock_bh(&si->lock);
319 ret = sfe_ipv4_remove_connection(si, c);
320 spin_unlock_bh(&si->lock);
321
322 DEBUG_TRACE("TCP data offset: %u, too small\n", data_offs);
323 if (ret) {
324 sfe_ipv4_flush_connection(si, c, SFE_SYNC_REASON_FLUSH);
325 }
326 rcu_read_unlock();
327 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_SMALL_DATA_OFFS);
328 return 0;
329 }
330
331 /*
332 * Update ACK according to any SACK option.
333 */
334 ack = ntohl(tcph->ack_seq);
335 sack = ack;
336 if (unlikely(!sfe_ipv4_process_tcp_option_sack(tcph, data_offs, &sack))) {
337 struct sfe_ipv4_connection *c = cm->connection;
338 spin_lock_bh(&si->lock);
339 ret = sfe_ipv4_remove_connection(si, c);
340 spin_unlock_bh(&si->lock);
341
342 DEBUG_TRACE("TCP option SACK size is wrong\n");
343 if (ret) {
344 sfe_ipv4_flush_connection(si, c, SFE_SYNC_REASON_FLUSH);
345 }
346 rcu_read_unlock();
347 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_BAD_SACK);
348 return 0;
349 }
350
351 /*
352 * Check that our TCP data offset isn't past the end of the packet.
353 */
354 data_offs += sizeof(struct iphdr);
355 if (unlikely(len < data_offs)) {
356 struct sfe_ipv4_connection *c = cm->connection;
357 spin_lock_bh(&si->lock);
358 ret = sfe_ipv4_remove_connection(si, c);
359 spin_unlock_bh(&si->lock);
360
361 DEBUG_TRACE("TCP data offset: %u, past end of packet: %u\n",
362 data_offs, len);
363 if (ret) {
364 sfe_ipv4_flush_connection(si, c, SFE_SYNC_REASON_FLUSH);
365 }
366 rcu_read_unlock();
367 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_BIG_DATA_OFFS);
368 return 0;
369 }
370
371 end = seq + len - data_offs;
372
373 /*
374 * Is our sequence fully before the left hand edge of the window?
375 */
376 if (unlikely((s32)(end - (cm->protocol_state.tcp.end
377 - counter_cm->protocol_state.tcp.max_win - 1)) < 0)) {
378 struct sfe_ipv4_connection *c = cm->connection;
379 spin_lock_bh(&si->lock);
380 ret = sfe_ipv4_remove_connection(si, c);
381 spin_unlock_bh(&si->lock);
382
383 DEBUG_TRACE("seq: %u before left edge: %u\n",
384 end, cm->protocol_state.tcp.end - counter_cm->protocol_state.tcp.max_win - 1);
385 if (ret) {
386 sfe_ipv4_flush_connection(si, c, SFE_SYNC_REASON_FLUSH);
387 }
388 rcu_read_unlock();
389 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_SEQ_BEFORE_LEFT_EDGE);
390 return 0;
391 }
392
393 /*
394 * Are we acking data that is to the right of what has been sent?
395 */
396 if (unlikely((s32)(sack - (counter_cm->protocol_state.tcp.end + 1)) > 0)) {
397 struct sfe_ipv4_connection *c = cm->connection;
398 spin_lock_bh(&si->lock);
399 ret = sfe_ipv4_remove_connection(si, c);
400 spin_unlock_bh(&si->lock);
401
402 DEBUG_TRACE("ack: %u exceeds right edge: %u\n",
403 sack, counter_cm->protocol_state.tcp.end + 1);
404 if (ret) {
405 sfe_ipv4_flush_connection(si, c, SFE_SYNC_REASON_FLUSH);
406 }
407 rcu_read_unlock();
408 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_ACK_EXCEEDS_RIGHT_EDGE);
409 return 0;
410 }
411
412 /*
413 * Is our ack too far before the left hand edge of the window?
414 */
415 left_edge = counter_cm->protocol_state.tcp.end
416 - cm->protocol_state.tcp.max_win
417 - SFE_IPV4_TCP_MAX_ACK_WINDOW
418 - 1;
419 if (unlikely((s32)(sack - left_edge) < 0)) {
420 struct sfe_ipv4_connection *c = cm->connection;
421 spin_lock_bh(&si->lock);
422 ret = sfe_ipv4_remove_connection(si, c);
423 spin_unlock_bh(&si->lock);
424
425 DEBUG_TRACE("ack: %u before left edge: %u\n", sack, left_edge);
426 if (ret) {
427 sfe_ipv4_flush_connection(si, c, SFE_SYNC_REASON_FLUSH);
428 }
429 rcu_read_unlock();
430 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_ACK_BEFORE_LEFT_EDGE);
431 return 0;
432 }
433
434 /*
435 * Have we just seen the largest window size yet for this connection? If yes
436 * then we need to record the new value.
437 */
438 scaled_win = ntohs(tcph->window) << cm->protocol_state.tcp.win_scale;
439 scaled_win += (sack - ack);
440 if (unlikely(cm->protocol_state.tcp.max_win < scaled_win)) {
441 cm->protocol_state.tcp.max_win = scaled_win;
442 }
443
444 /*
445 * If our sequence and/or ack numbers have advanced then record the new state.
446 */
447 if (likely((s32)(end - cm->protocol_state.tcp.end) >= 0)) {
448 cm->protocol_state.tcp.end = end;
449 }
450
451 max_end = sack + scaled_win;
452 if (likely((s32)(max_end - counter_cm->protocol_state.tcp.max_end) >= 0)) {
453 counter_cm->protocol_state.tcp.max_end = max_end;
454 }
455 }
456
457 /*
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]458 * Check if skb was cloned. If it was, unshare it. Because
459 * the data area is going to be written in this path and we don't want to
460 * change the cloned skb's data section.
461 */
462 if (unlikely(skb_cloned(skb))) {
463 DEBUG_TRACE("%px: skb is a cloned skb\n", skb);
464 skb = skb_unshare(skb, GFP_ATOMIC);
465 if (!skb) {
466 DEBUG_WARN("Failed to unshare the cloned skb\n");
467 rcu_read_unlock();
468 return 0;
469 }
470
471 /*
472 * Update the iph and tcph pointers with the unshared skb's data area.
473 */
474 iph = (struct iphdr *)skb->data;
475 tcph = (struct tcphdr *)(skb->data + ihl);
476 }
477
478 /*
Guduri Prathyusha5f27e232022-01-06 14:39:04 +0530[diff] [blame]479 * For PPPoE packets, match server MAC and session id
480 */
481 if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_PPPOE_DECAP)) {
482 struct pppoe_hdr *ph;
483 struct ethhdr *eth;
484
485 if (unlikely(!sfe_l2_parse_flag_check(l2_info, SFE_L2_PARSE_FLAGS_PPPOE_INGRESS))) {
486 rcu_read_unlock();
487 DEBUG_TRACE("%px: PPPoE header not present in packet for PPPoE rule\n", skb);
488 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_INCORRECT_PPPOE_PARSING);
489 return 0;
490 }
491
492 ph = (struct pppoe_hdr *)(skb->head + sfe_l2_pppoe_hdr_offset_get(l2_info));
493 eth = (struct ethhdr *)(skb->head + sfe_l2_hdr_offset_get(l2_info));
494 if (unlikely(cm->pppoe_session_id != ntohs(ph->sid)) || unlikely(!(ether_addr_equal((u8*)cm->pppoe_remote_mac, (u8 *)eth->h_source)))) {
495 DEBUG_TRACE("%px: PPPoE sessions with session IDs %d and %d or server MACs %pM and %pM did not match\n",
496 skb, cm->pppoe_session_id, htons(ph->sid), cm->pppoe_remote_mac, eth->h_source);
497 rcu_read_unlock();
498 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_INVALID_PPPOE_SESSION);
499 return 0;
500 }
501 skb->protocol = htons(l2_info->protocol);
502 this_cpu_inc(si->stats_pcpu->pppoe_decap_packets_forwarded64);
503
504 } else if (unlikely(sfe_l2_parse_flag_check(l2_info, SFE_L2_PARSE_FLAGS_PPPOE_INGRESS))) {
505
506 /*
Guduri Prathyusha034d6352022-01-12 16:49:04 +0530[diff] [blame^]507 * If packet contains PPPoE header but CME doesn't contain PPPoE flag yet we are exceptioning the packet to linux
Guduri Prathyusha5f27e232022-01-06 14:39:04 +0530[diff] [blame]508 */
Guduri Prathyusha034d6352022-01-12 16:49:04 +0530[diff] [blame^]509 if (unlikely(!(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_BRIDGE_FLOW))) {
510 rcu_read_unlock();
511 DEBUG_TRACE("%px: CME doesn't contain PPPoE flag but packet has PPPoE header\n", skb);
512 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_PPPOE_NOT_SET_IN_CME);
513 return 0;
514 }
515
516 /*
517 * For bridged flows when packet contains PPPoE header, restore the header back and forward to xmit interface
518 */
519 __skb_push(skb, (sizeof(struct pppoe_hdr) + sizeof(struct sfe_ppp_hdr)));
520 l2_info->l2_hdr_size -= (sizeof(struct pppoe_hdr) + sizeof(struct sfe_ppp_hdr));
521 this_cpu_inc(si->stats_pcpu->pppoe_bridge_packets_forwarded64);
Guduri Prathyusha5f27e232022-01-06 14:39:04 +0530[diff] [blame]522 }
523
524 /*
Wayne Tanbb7f1782021-12-13 11:16:04 -0800[diff] [blame]525 * Check if skb has enough headroom to write L2 headers
526 */
527 if (unlikely(skb_headroom(skb) < cm->l2_hdr_size)) {
528 rcu_read_unlock();
529 DEBUG_WARN("%px: Not enough headroom: %u\n", skb, skb_headroom(skb));
530 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_NO_HEADROOM);
531 return 0;
532 }
533
534 /*
Guduri Prathyusha5f27e232022-01-06 14:39:04 +0530[diff] [blame]535 * From this point on we're good to modify the packet.
536 */
537
538 /*
Guduri Prathyusha79a5fee2021-11-11 17:59:10 +0530[diff] [blame]539 * For PPPoE flows, add PPPoE header before L2 header is added.
540 */
Guduri Prathyusha034d6352022-01-12 16:49:04 +0530[diff] [blame^]541 if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_PPPOE_ENCAP)) {
Wayne Tanbb7f1782021-12-13 11:16:04 -0800[diff] [blame]542 sfe_pppoe_add_header(skb, cm->pppoe_session_id, PPP_IP);
Guduri Prathyusha79a5fee2021-11-11 17:59:10 +0530[diff] [blame]543 this_cpu_inc(si->stats_pcpu->pppoe_encap_packets_forwarded64);
544 }
545
546 /*
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]547 * Update DSCP
548 */
549 if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_DSCP_REMARK)) {
550 iph->tos = (iph->tos & SFE_IPV4_DSCP_MASK) | cm->dscp;
551 }
552
553 /*
554 * Decrement our TTL.
555 */
Ratheesh Kannoth71fc51e2022-01-05 10:02:47 +0530[diff] [blame]556 if (likely(!bridge_flow)) {
557 iph->ttl = ttl - 1;
558 }
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]559
560 /*
Ratheesh Kannotha3cf0e02021-12-09 09:44:10 +0530[diff] [blame]561 * Enable HW csum if rx checksum is verified and xmit interface is CSUM offload capable.
562 * Note: If L4 csum at Rx was found to be incorrect, we (router) should use incremental L4 checksum here
563 * so that HW does not re-calculate/replace the L4 csum
564 */
565 hw_csum = !!(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_CSUM_OFFLOAD) && (skb->ip_summed == CHECKSUM_UNNECESSARY);
566
567 /*
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]568 * Do we have to perform translations of the source address/port?
569 */
570 if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_SRC)) {
571 u16 tcp_csum;
572 u32 sum;
573
574 iph->saddr = cm->xlate_src_ip;
575 tcph->source = cm->xlate_src_port;
576
Ratheesh Kannotha3cf0e02021-12-09 09:44:10 +0530[diff] [blame]577 if (unlikely(!hw_csum)) {
578 tcp_csum = tcph->check;
579 if (unlikely(skb->ip_summed == CHECKSUM_PARTIAL)) {
580 sum = tcp_csum + cm->xlate_src_partial_csum_adjustment;
581 } else {
582 sum = tcp_csum + cm->xlate_src_csum_adjustment;
583 }
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]584
Ratheesh Kannotha3cf0e02021-12-09 09:44:10 +0530[diff] [blame]585 sum = (sum & 0xffff) + (sum >> 16);
586 tcph->check = (u16)sum;
587 }
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]588 }
589
590 /*
591 * Do we have to perform translations of the destination address/port?
592 */
593 if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_DEST)) {
594 u16 tcp_csum;
595 u32 sum;
596
597 iph->daddr = cm->xlate_dest_ip;
598 tcph->dest = cm->xlate_dest_port;
599
Ratheesh Kannotha3cf0e02021-12-09 09:44:10 +0530[diff] [blame]600 if (unlikely(!hw_csum)) {
601 tcp_csum = tcph->check;
602 if (unlikely(skb->ip_summed == CHECKSUM_PARTIAL)) {
603 sum = tcp_csum + cm->xlate_dest_partial_csum_adjustment;
604 } else {
605 sum = tcp_csum + cm->xlate_dest_csum_adjustment;
606 }
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]607
Ratheesh Kannotha3cf0e02021-12-09 09:44:10 +0530[diff] [blame]608 sum = (sum & 0xffff) + (sum >> 16);
609 tcph->check = (u16)sum;
610 }
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]611 }
612
613 /*
Ratheesh Kannotha3cf0e02021-12-09 09:44:10 +0530[diff] [blame]614 * If HW checksum offload is not possible, full L3 checksum and incremental L4 checksum
615 * are used to update the packet. Setting ip_summed to CHECKSUM_UNNECESSARY ensures checksum is
616 * not recalculated further in packet path.
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]617 */
Ratheesh Kannotha3cf0e02021-12-09 09:44:10 +0530[diff] [blame]618 if (likely(hw_csum)) {
619 skb->ip_summed = CHECKSUM_PARTIAL;
620 } else {
621 iph->check = sfe_ipv4_gen_ip_csum(iph);
622 skb->ip_summed = CHECKSUM_UNNECESSARY;
623 }
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]624
625 /*
626 * Update traffic stats.
627 */
628 atomic_inc(&cm->rx_packet_count);
629 atomic_add(len, &cm->rx_byte_count);
630
631 xmit_dev = cm->xmit_dev;
632 skb->dev = xmit_dev;
633
634 /*
Wayne Tanbb7f1782021-12-13 11:16:04 -0800[diff] [blame]635 * Check to see if we need to add VLAN tags
636 */
637 if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_INSERT_EGRESS_VLAN_TAG)) {
638 sfe_vlan_add_tag(skb, cm->egress_vlan_hdr_cnt, cm->egress_vlan_hdr);
639 }
640
641 /*
642 * Check to see if we need to write an Ethernet header.
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]643 */
644 if (likely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_L2_HDR)) {
645 if (unlikely(!(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR))) {
Guduri Prathyusha5f27e232022-01-06 14:39:04 +0530[diff] [blame]646 dev_hard_header(skb, xmit_dev, ntohs(skb->protocol),
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]647 cm->xmit_dest_mac, cm->xmit_src_mac, len);
648 } else {
649 /*
650 * For the simple case we write this really fast.
651 */
652 struct ethhdr *eth = (struct ethhdr *)__skb_push(skb, ETH_HLEN);
653
Guduri Prathyusha5f27e232022-01-06 14:39:04 +0530[diff] [blame]654 eth->h_proto = skb->protocol;
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]655
656 ether_addr_copy((u8 *)eth->h_dest, (u8 *)cm->xmit_dest_mac);
657 ether_addr_copy((u8 *)eth->h_source, (u8 *)cm->xmit_src_mac);
658 }
659 }
660
661 /*
662 * Update priority of skb.
663 */
664 if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_PRIORITY_REMARK)) {
665 skb->priority = cm->priority;
666 }
667
668 /*
669 * Mark outgoing packet
670 */
Ken Zhu37040ea2021-09-09 21:11:15 -0700[diff] [blame]671 if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_MARK)) {
672 skb->mark = cm->connection->mark;
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]673 }
674
675 rcu_read_unlock();
676
677 this_cpu_inc(si->stats_pcpu->packets_forwarded64);
678
679 /*
680 * We're going to check for GSO flags when we transmit the packet so
681 * start fetching the necessary cache line now.
682 */
683 prefetch(skb_shinfo(skb));
684
685 /*
686 * Mark that this packet has been fast forwarded.
687 */
688 skb->fast_forwarded = 1;
689
690 /*
691 * Send the packet on its way.
692 */
693 dev_queue_xmit(skb);
694
695 return 1;
696}