Gitiles
Code Review Sign In
gerrit.nordix.org / codeaurora / qca-nss-sfe / 24fb1dbb1c9175efc7a7115ee6fdbcdce7847c1a / . / sfe_ipv4.h
blob: 8e5fc16f9f06b0741eba148f48585fae3fe06f6d [file] [log] [blame]
Ratheesh Kannoth24fb1db2021-10-20 07:28:06 +0530[diff] [blame^]1/*
2 * sfe_ipv4.h
3 * Shortcut forwarding engine header file for IPv4.
4 *
5 * Copyright (c) 2013-2016, 2019-2020, The Linux Foundation. All rights reserved.
6 * Copyright (c) 2021 Qualcomm Innovation Center, Inc. All rights reserved.
7 *
8 * Permission to use, copy, modify, and/or distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
20
21#define SFE_IPV4_UNALIGNED_IP_HEADER 1
22#if SFE_IPV4_UNALIGNED_IP_HEADER
23#define SFE_IPV4_UNALIGNED_STRUCT __attribute__((packed))
24#else
25#define SFE_IPV4_UNALIGNED_STRUCT
26#endif
27
28/*
29 * An Ethernet header, but with an optional "packed" attribute to
30 * help with performance on some platforms (see the definition of
31 * SFE_IPV4_UNALIGNED_STRUCT)
32 */
33struct sfe_ipv4_eth_hdr {
34 __be16 h_dest[ETH_ALEN / 2];
35 __be16 h_source[ETH_ALEN / 2];
36 __be16 h_proto;
37} SFE_IPV4_UNALIGNED_STRUCT;
38
39#define SFE_IPV4_DSCP_MASK 0x3
40#define SFE_IPV4_DSCP_SHIFT 2
41
42/*
43 * An IPv4 header, but with an optional "packed" attribute to
44 * help with performance on some platforms (see the definition of
45 * SFE_IPV4_UNALIGNED_STRUCT)
46 */
47struct sfe_ipv4_ip_hdr {
48#if defined(__LITTLE_ENDIAN_BITFIELD)
49 __u8 ihl:4,
50 version:4;
51#elif defined (__BIG_ENDIAN_BITFIELD)
52 __u8 version:4,
53 ihl:4;
54#else
55#error "Please fix <asm/byteorder.h>"
56#endif
57 __u8 tos;
58 __be16 tot_len;
59 __be16 id;
60 __be16 frag_off;
61 __u8 ttl;
62 __u8 protocol;
63 __sum16 check;
64 __be32 saddr;
65 __be32 daddr;
66
67 /*
68 * The options start here.
69 */
70} SFE_IPV4_UNALIGNED_STRUCT;
71
72/*
73 * A UDP header, but with an optional "packed" attribute to
74 * help with performance on some platforms (see the definition of
75 * SFE_IPV4_UNALIGNED_STRUCT)
76 */
77struct sfe_ipv4_udp_hdr {
78 __be16 source;
79 __be16 dest;
80 __be16 len;
81 __sum16 check;
82} SFE_IPV4_UNALIGNED_STRUCT;
83
84/*
85 * A TCP header, but with an optional "packed" attribute to
86 * help with performance on some platforms (see the definition of
87 * SFE_IPV4_UNALIGNED_STRUCT)
88 */
89struct sfe_ipv4_tcp_hdr {
90 __be16 source;
91 __be16 dest;
92 __be32 seq;
93 __be32 ack_seq;
94#if defined(__LITTLE_ENDIAN_BITFIELD)
95 __u16 res1:4,
96 doff:4,
97 fin:1,
98 syn:1,
99 rst:1,
100 psh:1,
101 ack:1,
102 urg:1,
103 ece:1,
104 cwr:1;
105#elif defined(__BIG_ENDIAN_BITFIELD)
106 __u16 doff:4,
107 res1:4,
108 cwr:1,
109 ece:1,
110 urg:1,
111 ack:1,
112 psh:1,
113 rst:1,
114 syn:1,
115 fin:1;
116#else
117#error "Adjust your <asm/byteorder.h> defines"
118#endif
119 __be16 window;
120 __sum16 check;
121 __be16 urg_ptr;
122} SFE_IPV4_UNALIGNED_STRUCT;
123
124/*
125 * Specifies the lower bound on ACK numbers carried in the TCP header
126 */
127#define SFE_IPV4_TCP_MAX_ACK_WINDOW 65520
128
129/*
130 * IPv4 TCP connection match additional data.
131 */
132struct sfe_ipv4_tcp_connection_match {
133 u8 win_scale; /* Window scale */
134 u32 max_win; /* Maximum window size seen */
135 u32 end; /* Sequence number of the next byte to send (seq + segment length) */
136 u32 max_end; /* Sequence number of the last byte to ack */
137};
138
139/*
140 * Bit flags for IPv4 connection matching entry.
141 */
142#define SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_SRC (1<<0)
143 /* Perform source translation */
144#define SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_DEST (1<<1)
145 /* Perform destination translation */
146#define SFE_IPV4_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK (1<<2)
147 /* Ignore TCP sequence numbers */
148#define SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR (1<<3)
149 /* Fast Ethernet header write */
150#define SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_L2_HDR (1<<4)
151 /* Fast Ethernet header write */
152#define SFE_IPV4_CONNECTION_MATCH_FLAG_PRIORITY_REMARK (1<<5)
153 /* remark priority of SKB */
154#define SFE_IPV4_CONNECTION_MATCH_FLAG_DSCP_REMARK (1<<6)
155 /* remark DSCP of packet */
156
157/*
158 * IPv4 connection matching structure.
159 */
160struct sfe_ipv4_connection_match {
161 /*
162 * References to other objects.
163 */
164 struct sfe_ipv4_connection_match *next;
165 struct sfe_ipv4_connection_match *prev;
166 struct sfe_ipv4_connection *connection;
167 struct sfe_ipv4_connection_match *counter_match;
168 /* Matches the flow in the opposite direction as the one in *connection */
169 struct sfe_ipv4_connection_match *active_next;
170 struct sfe_ipv4_connection_match *active_prev;
171 bool active; /* Flag to indicate if we're on the active list */
172
173 /*
174 * Characteristics that identify flows that match this rule.
175 */
176 struct net_device *match_dev; /* Network device */
177 u8 match_protocol; /* Protocol */
178 __be32 match_src_ip; /* Source IP address */
179 __be32 match_dest_ip; /* Destination IP address */
180 __be16 match_src_port; /* Source port/connection ident */
181 __be16 match_dest_port; /* Destination port/connection ident */
182
183 /*
184 * Control the operations of the match.
185 */
186 u32 flags; /* Bit flags */
187#ifdef CONFIG_NF_FLOW_COOKIE
188 u32 flow_cookie; /* used flow cookie, for debug */
189#endif
190#ifdef CONFIG_XFRM
191 u32 flow_accel; /* The flow accelerated or not */
192#endif
193
194 /*
195 * Connection state that we track once we match.
196 */
197 union { /* Protocol-specific state */
198 struct sfe_ipv4_tcp_connection_match tcp;
199 } protocol_state;
200 /*
201 * Stats recorded in a sync period. These stats will be added to
202 * rx_packet_count64/rx_byte_count64 after a sync period.
203 */
204 u32 rx_packet_count;
205 u32 rx_byte_count;
206
207 /*
208 * Packet translation information.
209 */
210 __be32 xlate_src_ip; /* Address after source translation */
211 __be16 xlate_src_port; /* Port/connection ident after source translation */
212 u16 xlate_src_csum_adjustment;
213 /* Transport layer checksum adjustment after source translation */
214 u16 xlate_src_partial_csum_adjustment;
215 /* Transport layer pseudo header checksum adjustment after source translation */
216
217 __be32 xlate_dest_ip; /* Address after destination translation */
218 __be16 xlate_dest_port; /* Port/connection ident after destination translation */
219 u16 xlate_dest_csum_adjustment;
220 /* Transport layer checksum adjustment after destination translation */
221 u16 xlate_dest_partial_csum_adjustment;
222 /* Transport layer pseudo header checksum adjustment after destination translation */
223
224 /*
225 * QoS information
226 */
227 u32 priority;
228 u32 dscp;
229
230 /*
231 * Packet transmit information.
232 */
233 struct net_device *xmit_dev; /* Network device on which to transmit */
234 unsigned short int xmit_dev_mtu;
235 /* Interface MTU */
236 u16 xmit_dest_mac[ETH_ALEN / 2];
237 /* Destination MAC address to use when forwarding */
238 u16 xmit_src_mac[ETH_ALEN / 2];
239 /* Source MAC address to use when forwarding */
240
241 /*
242 * Summary stats.
243 */
244 u64 rx_packet_count64;
245 u64 rx_byte_count64;
246};
247
248/*
249 * Per-connection data structure.
250 */
251struct sfe_ipv4_connection {
252 struct sfe_ipv4_connection *next;
253 /* Pointer to the next entry in a hash chain */
254 struct sfe_ipv4_connection *prev;
255 /* Pointer to the previous entry in a hash chain */
256 int protocol; /* IP protocol number */
257 __be32 src_ip; /* Src IP addr pre-translation */
258 __be32 src_ip_xlate; /* Src IP addr post-translation */
259 __be32 dest_ip; /* Dest IP addr pre-translation */
260 __be32 dest_ip_xlate; /* Dest IP addr post-translation */
261 __be16 src_port; /* Src port pre-translation */
262 __be16 src_port_xlate; /* Src port post-translation */
263 __be16 dest_port; /* Dest port pre-translation */
264 __be16 dest_port_xlate; /* Dest port post-translation */
265 struct sfe_ipv4_connection_match *original_match;
266 /* Original direction matching structure */
267 struct net_device *original_dev;
268 /* Original direction source device */
269 struct sfe_ipv4_connection_match *reply_match;
270 /* Reply direction matching structure */
271 struct net_device *reply_dev; /* Reply direction source device */
272 u64 last_sync_jiffies; /* Jiffies count for the last sync */
273 struct sfe_ipv4_connection *all_connections_next;
274 /* Pointer to the next entry in the list of all connections */
275 struct sfe_ipv4_connection *all_connections_prev;
276 /* Pointer to the previous entry in the list of all connections */
277 u32 mark; /* mark for outgoing packet */
278 u32 debug_read_seq; /* sequence number for debug dump */
279};
280
281/*
282 * IPv4 connections and hash table size information.
283 */
284#define SFE_IPV4_CONNECTION_HASH_SHIFT 12
285#define SFE_IPV4_CONNECTION_HASH_SIZE (1 << SFE_IPV4_CONNECTION_HASH_SHIFT)
286#define SFE_IPV4_CONNECTION_HASH_MASK (SFE_IPV4_CONNECTION_HASH_SIZE - 1)
287
288enum sfe_ipv4_exception_events {
289 SFE_IPV4_EXCEPTION_EVENT_UDP_HEADER_INCOMPLETE,
290 SFE_IPV4_EXCEPTION_EVENT_UDP_NO_CONNECTION,
291 SFE_IPV4_EXCEPTION_EVENT_UDP_IP_OPTIONS_OR_INITIAL_FRAGMENT,
292 SFE_IPV4_EXCEPTION_EVENT_UDP_SMALL_TTL,
293 SFE_IPV4_EXCEPTION_EVENT_UDP_NEEDS_FRAGMENTATION,
294 SFE_IPV4_EXCEPTION_EVENT_TCP_HEADER_INCOMPLETE,
295 SFE_IPV4_EXCEPTION_EVENT_TCP_NO_CONNECTION_SLOW_FLAGS,
296 SFE_IPV4_EXCEPTION_EVENT_TCP_NO_CONNECTION_FAST_FLAGS,
297 SFE_IPV4_EXCEPTION_EVENT_TCP_IP_OPTIONS_OR_INITIAL_FRAGMENT,
298 SFE_IPV4_EXCEPTION_EVENT_TCP_SMALL_TTL,
299 SFE_IPV4_EXCEPTION_EVENT_TCP_NEEDS_FRAGMENTATION,
300 SFE_IPV4_EXCEPTION_EVENT_TCP_FLAGS,
301 SFE_IPV4_EXCEPTION_EVENT_TCP_SEQ_EXCEEDS_RIGHT_EDGE,
302 SFE_IPV4_EXCEPTION_EVENT_TCP_SMALL_DATA_OFFS,
303 SFE_IPV4_EXCEPTION_EVENT_TCP_BAD_SACK,
304 SFE_IPV4_EXCEPTION_EVENT_TCP_BIG_DATA_OFFS,
305 SFE_IPV4_EXCEPTION_EVENT_TCP_SEQ_BEFORE_LEFT_EDGE,
306 SFE_IPV4_EXCEPTION_EVENT_TCP_ACK_EXCEEDS_RIGHT_EDGE,
307 SFE_IPV4_EXCEPTION_EVENT_TCP_ACK_BEFORE_LEFT_EDGE,
308 SFE_IPV4_EXCEPTION_EVENT_ICMP_HEADER_INCOMPLETE,
309 SFE_IPV4_EXCEPTION_EVENT_ICMP_UNHANDLED_TYPE,
310 SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_HEADER_INCOMPLETE,
311 SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_NON_V4,
312 SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_IP_OPTIONS_INCOMPLETE,
313 SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_UDP_HEADER_INCOMPLETE,
314 SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_TCP_HEADER_INCOMPLETE,
315 SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_UNHANDLED_PROTOCOL,
316 SFE_IPV4_EXCEPTION_EVENT_ICMP_NO_CONNECTION,
317 SFE_IPV4_EXCEPTION_EVENT_ICMP_FLUSHED_CONNECTION,
318 SFE_IPV4_EXCEPTION_EVENT_HEADER_INCOMPLETE,
319 SFE_IPV4_EXCEPTION_EVENT_BAD_TOTAL_LENGTH,
320 SFE_IPV4_EXCEPTION_EVENT_NON_V4,
321 SFE_IPV4_EXCEPTION_EVENT_NON_INITIAL_FRAGMENT,
322 SFE_IPV4_EXCEPTION_EVENT_DATAGRAM_INCOMPLETE,
323 SFE_IPV4_EXCEPTION_EVENT_IP_OPTIONS_INCOMPLETE,
324 SFE_IPV4_EXCEPTION_EVENT_UNHANDLED_PROTOCOL,
325 SFE_IPV4_EXCEPTION_EVENT_LAST
326};
327
328/*
329 * Per-module structure.
330 */
331struct sfe_ipv4 {
332 spinlock_t lock; /* Lock for SMP correctness */
333 struct sfe_ipv4_connection_match *active_head;
334 /* Head of the list of recently active connections */
335 struct sfe_ipv4_connection_match *active_tail;
336 /* Tail of the list of recently active connections */
337 struct sfe_ipv4_connection *all_connections_head;
338 /* Head of the list of all connections */
339 struct sfe_ipv4_connection *all_connections_tail;
340 /* Tail of the list of all connections */
341 unsigned int num_connections; /* Number of connections */
342 struct timer_list timer; /* Timer used for periodic sync ops */
343 sfe_sync_rule_callback_t __rcu sync_rule_callback;
344 /* Callback function registered by a connection manager for stats syncing */
345 struct sfe_ipv4_connection *conn_hash[SFE_IPV4_CONNECTION_HASH_SIZE];
346 /* Connection hash table */
347 struct sfe_ipv4_connection_match *conn_match_hash[SFE_IPV4_CONNECTION_HASH_SIZE];
348 /* Connection match hash table */
349#ifdef CONFIG_NF_FLOW_COOKIE
350 struct sfe_flow_cookie_entry sfe_flow_cookie_table[SFE_FLOW_COOKIE_SIZE];
351 /* flow cookie table*/
352 flow_cookie_set_func_t flow_cookie_set_func;
353 /* function used to configure flow cookie in hardware*/
354 int flow_cookie_enable;
355 /* Enable/disable flow cookie at runtime */
356#endif
357
358 /*
359 * Stats recorded in a sync period. These stats will be added to
360 * connection_xxx64 after a sync period.
361 */
362 u32 connection_create_requests;
363 /* Number of IPv4 connection create requests */
364 u32 connection_create_collisions;
365 /* Number of IPv4 connection create requests that collided with existing hash table entries */
366 u32 connection_destroy_requests;
367 /* Number of IPv4 connection destroy requests */
368 u32 connection_destroy_misses;
369 /* Number of IPv4 connection destroy requests that missed our hash table */
370 u32 connection_match_hash_hits;
371 /* Number of IPv4 connection match hash hits */
372 u32 connection_match_hash_reorders;
373 /* Number of IPv4 connection match hash reorders */
374 u32 connection_flushes; /* Number of IPv4 connection flushes */
375 u32 packets_forwarded; /* Number of IPv4 packets forwarded */
376 u32 packets_not_forwarded; /* Number of IPv4 packets not forwarded */
377 u32 exception_events[SFE_IPV4_EXCEPTION_EVENT_LAST];
378
379 /*
380 * Summary statistics.
381 */
382 u64 connection_create_requests64;
383 /* Number of IPv4 connection create requests */
384 u64 connection_create_collisions64;
385 /* Number of IPv4 connection create requests that collided with existing hash table entries */
386 u64 connection_destroy_requests64;
387 /* Number of IPv4 connection destroy requests */
388 u64 connection_destroy_misses64;
389 /* Number of IPv4 connection destroy requests that missed our hash table */
390 u64 connection_match_hash_hits64;
391 /* Number of IPv4 connection match hash hits */
392 u64 connection_match_hash_reorders64;
393 /* Number of IPv4 connection match hash reorders */
394 u64 connection_flushes64; /* Number of IPv4 connection flushes */
395 u64 packets_forwarded64; /* Number of IPv4 packets forwarded */
396 u64 packets_not_forwarded64;
397 /* Number of IPv4 packets not forwarded */
398 u64 exception_events64[SFE_IPV4_EXCEPTION_EVENT_LAST];
399
400 /*
401 * Control state.
402 */
403 struct kobject *sys_sfe_ipv4; /* sysfs linkage */
404 int debug_dev; /* Major number of the debug char device */
405 u32 debug_read_seq; /* sequence number for debug dump */
406};
407
408/*
409 * Enumeration of the XML output.
410 */
411enum sfe_ipv4_debug_xml_states {
412 SFE_IPV4_DEBUG_XML_STATE_START,
413 SFE_IPV4_DEBUG_XML_STATE_CONNECTIONS_START,
414 SFE_IPV4_DEBUG_XML_STATE_CONNECTIONS_CONNECTION,
415 SFE_IPV4_DEBUG_XML_STATE_CONNECTIONS_END,
416 SFE_IPV4_DEBUG_XML_STATE_EXCEPTIONS_START,
417 SFE_IPV4_DEBUG_XML_STATE_EXCEPTIONS_EXCEPTION,
418 SFE_IPV4_DEBUG_XML_STATE_EXCEPTIONS_END,
419 SFE_IPV4_DEBUG_XML_STATE_STATS,
420 SFE_IPV4_DEBUG_XML_STATE_END,
421 SFE_IPV4_DEBUG_XML_STATE_DONE
422};
423
424/*
425 * XML write state.
426 */
427struct sfe_ipv4_debug_xml_write_state {
428 enum sfe_ipv4_debug_xml_states state;
429 /* XML output file state machine state */
430 int iter_exception; /* Next exception iterator */
431};
432
433typedef bool (*sfe_ipv4_debug_xml_write_method_t)(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length,
434 int *total_read, struct sfe_ipv4_debug_xml_write_state *ws);
435
436void sfe_ipv4_exit(void);
437int sfe_ipv4_init(void);