Gitiles
Code Review Sign In
gerrit.nordix.org / codeaurora / qca-nss-sfe / 5f27e23cd751d3c39b849d003a054c7766c832b5 / . / sfe_ipv4_tcp.c
blob: 1f8e3d052fe72139217c2efa9f2090f96eebd518 [file] [log] [blame]
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]1/*
2 * sfe_ipv4_tcp.c
3 * Shortcut forwarding engine - IPv4 TCP implementation
4 *
5 * Copyright (c) 2013-2016, 2019-2020, The Linux Foundation. All rights reserved.
Guduri Prathyusha5f27e232022-01-06 14:39:04 +0530[diff] [blame^]6 * Copyright (c) 2021-2022 Qualcomm Innovation Center, Inc. All rights reserved.
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]7 *
8 * Permission to use, copy, modify, and/or distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
20
21#include <linux/skbuff.h>
22#include <net/tcp.h>
23#include <linux/etherdevice.h>
24#include <linux/lockdep.h>
25
26#include "sfe_debug.h"
27#include "sfe_api.h"
28#include "sfe.h"
29#include "sfe_flow_cookie.h"
30#include "sfe_ipv4.h"
Guduri Prathyusha79a5fee2021-11-11 17:59:10 +0530[diff] [blame]31#include "sfe_pppoe.h"
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]32
33/*
34 * sfe_ipv4_process_tcp_option_sack()
35 * Parse TCP SACK option and update ack according
36 */
37static bool sfe_ipv4_process_tcp_option_sack(const struct tcphdr *th, const u32 data_offs,
38 u32 *ack)
39{
40 u32 length = sizeof(struct tcphdr);
41 u8 *ptr = (u8 *)th + length;
42
43 /*
44 * Ignore processing if TCP packet has only TIMESTAMP option.
45 */
46 if (likely(data_offs == length + TCPOLEN_TIMESTAMP + 1 + 1)
47 && likely(ptr[0] == TCPOPT_NOP)
48 && likely(ptr[1] == TCPOPT_NOP)
49 && likely(ptr[2] == TCPOPT_TIMESTAMP)
50 && likely(ptr[3] == TCPOLEN_TIMESTAMP)) {
51 return true;
52 }
53
54 /*
55 * TCP options. Parse SACK option.
56 */
57 while (length < data_offs) {
58 u8 size;
59 u8 kind;
60
61 ptr = (u8 *)th + length;
62 kind = *ptr;
63
64 /*
65 * NOP, for padding
66 * Not in the switch because to fast escape and to not calculate size
67 */
68 if (kind == TCPOPT_NOP) {
69 length++;
70 continue;
71 }
72
73 if (kind == TCPOPT_SACK) {
74 u32 sack = 0;
75 u8 re = 1 + 1;
76
77 size = *(ptr + 1);
78 if ((size < (1 + 1 + TCPOLEN_SACK_PERBLOCK))
79 || ((size - (1 + 1)) % (TCPOLEN_SACK_PERBLOCK))
80 || (size > (data_offs - length))) {
81 return false;
82 }
83
84 re += 4;
85 while (re < size) {
86 u32 sack_re;
87 u8 *sptr = ptr + re;
88 sack_re = (sptr[0] << 24) | (sptr[1] << 16) | (sptr[2] << 8) | sptr[3];
89 if (sack_re > sack) {
90 sack = sack_re;
91 }
92 re += TCPOLEN_SACK_PERBLOCK;
93 }
94 if (sack > *ack) {
95 *ack = sack;
96 }
97 length += size;
98 continue;
99 }
100 if (kind == TCPOPT_EOL) {
101 return true;
102 }
103 size = *(ptr + 1);
104 if (size < 2) {
105 return false;
106 }
107 length += size;
108 }
109
110 return true;
111}
112
113/*
114 * sfe_ipv4_recv_tcp()
115 * Handle TCP packet receives and forwarding.
116 */
117int sfe_ipv4_recv_tcp(struct sfe_ipv4 *si, struct sk_buff *skb, struct net_device *dev,
Guduri Prathyusha647fe3e2021-11-22 19:17:51 +0530[diff] [blame]118 unsigned int len, struct iphdr *iph, unsigned int ihl, bool flush_on_find, struct sfe_l2_info *l2_info)
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]119{
120 struct tcphdr *tcph;
121 __be32 src_ip;
122 __be32 dest_ip;
123 __be16 src_port;
124 __be16 dest_port;
125 struct sfe_ipv4_connection_match *cm;
126 struct sfe_ipv4_connection_match *counter_cm;
127 u8 ttl;
128 u32 flags;
129 struct net_device *xmit_dev;
130 bool ret;
Ratheesh Kannotha3cf0e02021-12-09 09:44:10 +0530[diff] [blame]131 bool hw_csum;
Ratheesh Kannoth71fc51e2022-01-05 10:02:47 +0530[diff] [blame]132 bool bridge_flow;
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]133
134 /*
135 * Is our packet too short to contain a valid UDP header?
136 */
137 if (unlikely(!pskb_may_pull(skb, (sizeof(struct tcphdr) + ihl)))) {
138 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_HEADER_INCOMPLETE);
139 DEBUG_TRACE("packet too short for TCP header\n");
140 return 0;
141 }
142
143 /*
144 * Read the IP address and port information. Read the IP header data first
145 * because we've almost certainly got that in the cache. We may not yet have
146 * the TCP header cached though so allow more time for any prefetching.
147 */
148 src_ip = iph->saddr;
149 dest_ip = iph->daddr;
150
151 tcph = (struct tcphdr *)(skb->data + ihl);
152 src_port = tcph->source;
153 dest_port = tcph->dest;
154 flags = tcp_flag_word(tcph);
155
156 rcu_read_lock();
157
158 /*
159 * Look for a connection match.
160 */
161#ifdef CONFIG_NF_FLOW_COOKIE
162 cm = si->sfe_flow_cookie_table[skb->flow_cookie & SFE_FLOW_COOKIE_MASK].match;
163 if (unlikely(!cm)) {
164 cm = sfe_ipv4_find_connection_match_rcu(si, dev, IPPROTO_TCP, src_ip, src_port, dest_ip, dest_port);
165 }
166#else
167 cm = sfe_ipv4_find_connection_match_rcu(si, dev, IPPROTO_TCP, src_ip, src_port, dest_ip, dest_port);
168#endif
169 if (unlikely(!cm)) {
170 /*
171 * We didn't get a connection but as TCP is connection-oriented that
172 * may be because this is a non-fast connection (not running established).
173 * For diagnostic purposes we differentiate this here.
174 */
175 if (likely((flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK)) == TCP_FLAG_ACK)) {
176
177 rcu_read_unlock();
178 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_NO_CONNECTION_FAST_FLAGS);
179 DEBUG_TRACE("no connection found - fast flags\n");
180 return 0;
181 }
182
183 rcu_read_unlock();
184 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_NO_CONNECTION_SLOW_FLAGS);
185 DEBUG_TRACE("no connection found - slow flags: 0x%x\n",
186 flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK));
187 return 0;
188 }
189
190 /*
191 * If our packet has beern marked as "flush on find" we can't actually
192 * forward it in the fast path, but now that we've found an associated
193 * connection we can flush that out before we process the packet.
194 */
195 if (unlikely(flush_on_find)) {
196 struct sfe_ipv4_connection *c = cm->connection;
197
198 spin_lock_bh(&si->lock);
199 ret = sfe_ipv4_remove_connection(si, c);
200 spin_unlock_bh(&si->lock);
201
202 DEBUG_TRACE("flush on find\n");
203 if (ret) {
204 sfe_ipv4_flush_connection(si, c, SFE_SYNC_REASON_FLUSH);
205 }
206
207 rcu_read_unlock();
208
209 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_IP_OPTIONS_OR_INITIAL_FRAGMENT);
210 return 0;
211 }
212
213#ifdef CONFIG_XFRM
214 /*
215 * We can't accelerate the flow on this direction, just let it go
216 * through the slow path.
217 */
218 if (unlikely(!cm->flow_accel)) {
219 rcu_read_unlock();
220 this_cpu_inc(si->stats_pcpu->packets_not_forwarded64);
221 return 0;
222 }
223#endif
Ratheesh Kannoth71fc51e2022-01-05 10:02:47 +0530[diff] [blame]224
225 bridge_flow = !!(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_BRIDGE_FLOW);
226
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]227 /*
228 * Does our TTL allow forwarding?
229 */
Ratheesh Kannoth71fc51e2022-01-05 10:02:47 +0530[diff] [blame]230 if (likely(!bridge_flow)) {
231 ttl = iph->ttl;
232 if (unlikely(ttl < 2)) {
233 struct sfe_ipv4_connection *c = cm->connection;
234 spin_lock_bh(&si->lock);
235 ret = sfe_ipv4_remove_connection(si, c);
236 spin_unlock_bh(&si->lock);
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]237
Ratheesh Kannoth71fc51e2022-01-05 10:02:47 +0530[diff] [blame]238 DEBUG_TRACE("TTL too low\n");
239 if (ret) {
240 sfe_ipv4_flush_connection(si, c, SFE_SYNC_REASON_FLUSH);
241 }
242
243 rcu_read_unlock();
244 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_SMALL_TTL);
245 return 0;
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]246 }
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]247 }
248
249 /*
250 * If our packet is larger than the MTU of the transmit interface then
251 * we can't forward it easily.
252 */
253 if (unlikely((len > cm->xmit_dev_mtu) && !skb_is_gso(skb))) {
254 struct sfe_ipv4_connection *c = cm->connection;
255 spin_lock_bh(&si->lock);
256 ret = sfe_ipv4_remove_connection(si, c);
257 spin_unlock_bh(&si->lock);
258
259 DEBUG_TRACE("larger than mtu\n");
260 if (ret) {
261 sfe_ipv4_flush_connection(si, c, SFE_SYNC_REASON_FLUSH);
262 }
263
264 rcu_read_unlock();
265 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_UDP_IP_OPTIONS_OR_INITIAL_FRAGMENT);
266 return 0;
267 }
268
269 /*
270 * Look at our TCP flags. Anything missing an ACK or that has RST, SYN or FIN
271 * set is not a fast path packet.
272 */
273 if (unlikely((flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK)) != TCP_FLAG_ACK)) {
274 struct sfe_ipv4_connection *c = cm->connection;
275 spin_lock_bh(&si->lock);
276 ret = sfe_ipv4_remove_connection(si, c);
277 spin_unlock_bh(&si->lock);
278
279 DEBUG_TRACE("TCP flags: 0x%x are not fast\n",
280 flags & (TCP_FLAG_SYN | TCP_FLAG_RST | TCP_FLAG_FIN | TCP_FLAG_ACK));
281 if (ret) {
282 sfe_ipv4_flush_connection(si, c, SFE_SYNC_REASON_FLUSH);
283 }
284 rcu_read_unlock();
285 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_FLAGS);
286 return 0;
287 }
288
289 counter_cm = cm->counter_match;
290
291 /*
292 * Are we doing sequence number checking?
293 */
294 if (likely(!(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK))) {
295 u32 seq;
296 u32 ack;
297 u32 sack;
298 u32 data_offs;
299 u32 end;
300 u32 left_edge;
301 u32 scaled_win;
302 u32 max_end;
303
304 /*
305 * Is our sequence fully past the right hand edge of the window?
306 */
307 seq = ntohl(tcph->seq);
308 if (unlikely((s32)(seq - (cm->protocol_state.tcp.max_end + 1)) > 0)) {
309 struct sfe_ipv4_connection *c = cm->connection;
310 spin_lock_bh(&si->lock);
311 ret = sfe_ipv4_remove_connection(si, c);
312 spin_unlock_bh(&si->lock);
313
314 DEBUG_TRACE("seq: %u exceeds right edge: %u\n",
315 seq, cm->protocol_state.tcp.max_end + 1);
316 if (ret) {
317 sfe_ipv4_flush_connection(si, c, SFE_SYNC_REASON_FLUSH);
318 }
319 rcu_read_unlock();
320 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_SEQ_EXCEEDS_RIGHT_EDGE);
321 return 0;
322 }
323
324 /*
325 * Check that our TCP data offset isn't too short.
326 */
327 data_offs = tcph->doff << 2;
328 if (unlikely(data_offs < sizeof(struct tcphdr))) {
329 struct sfe_ipv4_connection *c = cm->connection;
330 spin_lock_bh(&si->lock);
331 ret = sfe_ipv4_remove_connection(si, c);
332 spin_unlock_bh(&si->lock);
333
334 DEBUG_TRACE("TCP data offset: %u, too small\n", data_offs);
335 if (ret) {
336 sfe_ipv4_flush_connection(si, c, SFE_SYNC_REASON_FLUSH);
337 }
338 rcu_read_unlock();
339 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_SMALL_DATA_OFFS);
340 return 0;
341 }
342
343 /*
344 * Update ACK according to any SACK option.
345 */
346 ack = ntohl(tcph->ack_seq);
347 sack = ack;
348 if (unlikely(!sfe_ipv4_process_tcp_option_sack(tcph, data_offs, &sack))) {
349 struct sfe_ipv4_connection *c = cm->connection;
350 spin_lock_bh(&si->lock);
351 ret = sfe_ipv4_remove_connection(si, c);
352 spin_unlock_bh(&si->lock);
353
354 DEBUG_TRACE("TCP option SACK size is wrong\n");
355 if (ret) {
356 sfe_ipv4_flush_connection(si, c, SFE_SYNC_REASON_FLUSH);
357 }
358 rcu_read_unlock();
359 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_BAD_SACK);
360 return 0;
361 }
362
363 /*
364 * Check that our TCP data offset isn't past the end of the packet.
365 */
366 data_offs += sizeof(struct iphdr);
367 if (unlikely(len < data_offs)) {
368 struct sfe_ipv4_connection *c = cm->connection;
369 spin_lock_bh(&si->lock);
370 ret = sfe_ipv4_remove_connection(si, c);
371 spin_unlock_bh(&si->lock);
372
373 DEBUG_TRACE("TCP data offset: %u, past end of packet: %u\n",
374 data_offs, len);
375 if (ret) {
376 sfe_ipv4_flush_connection(si, c, SFE_SYNC_REASON_FLUSH);
377 }
378 rcu_read_unlock();
379 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_BIG_DATA_OFFS);
380 return 0;
381 }
382
383 end = seq + len - data_offs;
384
385 /*
386 * Is our sequence fully before the left hand edge of the window?
387 */
388 if (unlikely((s32)(end - (cm->protocol_state.tcp.end
389 - counter_cm->protocol_state.tcp.max_win - 1)) < 0)) {
390 struct sfe_ipv4_connection *c = cm->connection;
391 spin_lock_bh(&si->lock);
392 ret = sfe_ipv4_remove_connection(si, c);
393 spin_unlock_bh(&si->lock);
394
395 DEBUG_TRACE("seq: %u before left edge: %u\n",
396 end, cm->protocol_state.tcp.end - counter_cm->protocol_state.tcp.max_win - 1);
397 if (ret) {
398 sfe_ipv4_flush_connection(si, c, SFE_SYNC_REASON_FLUSH);
399 }
400 rcu_read_unlock();
401 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_SEQ_BEFORE_LEFT_EDGE);
402 return 0;
403 }
404
405 /*
406 * Are we acking data that is to the right of what has been sent?
407 */
408 if (unlikely((s32)(sack - (counter_cm->protocol_state.tcp.end + 1)) > 0)) {
409 struct sfe_ipv4_connection *c = cm->connection;
410 spin_lock_bh(&si->lock);
411 ret = sfe_ipv4_remove_connection(si, c);
412 spin_unlock_bh(&si->lock);
413
414 DEBUG_TRACE("ack: %u exceeds right edge: %u\n",
415 sack, counter_cm->protocol_state.tcp.end + 1);
416 if (ret) {
417 sfe_ipv4_flush_connection(si, c, SFE_SYNC_REASON_FLUSH);
418 }
419 rcu_read_unlock();
420 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_ACK_EXCEEDS_RIGHT_EDGE);
421 return 0;
422 }
423
424 /*
425 * Is our ack too far before the left hand edge of the window?
426 */
427 left_edge = counter_cm->protocol_state.tcp.end
428 - cm->protocol_state.tcp.max_win
429 - SFE_IPV4_TCP_MAX_ACK_WINDOW
430 - 1;
431 if (unlikely((s32)(sack - left_edge) < 0)) {
432 struct sfe_ipv4_connection *c = cm->connection;
433 spin_lock_bh(&si->lock);
434 ret = sfe_ipv4_remove_connection(si, c);
435 spin_unlock_bh(&si->lock);
436
437 DEBUG_TRACE("ack: %u before left edge: %u\n", sack, left_edge);
438 if (ret) {
439 sfe_ipv4_flush_connection(si, c, SFE_SYNC_REASON_FLUSH);
440 }
441 rcu_read_unlock();
442 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_TCP_ACK_BEFORE_LEFT_EDGE);
443 return 0;
444 }
445
446 /*
447 * Have we just seen the largest window size yet for this connection? If yes
448 * then we need to record the new value.
449 */
450 scaled_win = ntohs(tcph->window) << cm->protocol_state.tcp.win_scale;
451 scaled_win += (sack - ack);
452 if (unlikely(cm->protocol_state.tcp.max_win < scaled_win)) {
453 cm->protocol_state.tcp.max_win = scaled_win;
454 }
455
456 /*
457 * If our sequence and/or ack numbers have advanced then record the new state.
458 */
459 if (likely((s32)(end - cm->protocol_state.tcp.end) >= 0)) {
460 cm->protocol_state.tcp.end = end;
461 }
462
463 max_end = sack + scaled_win;
464 if (likely((s32)(max_end - counter_cm->protocol_state.tcp.max_end) >= 0)) {
465 counter_cm->protocol_state.tcp.max_end = max_end;
466 }
467 }
468
469 /*
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]470 * Check if skb was cloned. If it was, unshare it. Because
471 * the data area is going to be written in this path and we don't want to
472 * change the cloned skb's data section.
473 */
474 if (unlikely(skb_cloned(skb))) {
475 DEBUG_TRACE("%px: skb is a cloned skb\n", skb);
476 skb = skb_unshare(skb, GFP_ATOMIC);
477 if (!skb) {
478 DEBUG_WARN("Failed to unshare the cloned skb\n");
479 rcu_read_unlock();
480 return 0;
481 }
482
483 /*
484 * Update the iph and tcph pointers with the unshared skb's data area.
485 */
486 iph = (struct iphdr *)skb->data;
487 tcph = (struct tcphdr *)(skb->data + ihl);
488 }
489
490 /*
Guduri Prathyusha5f27e232022-01-06 14:39:04 +0530[diff] [blame^]491 * For PPPoE packets, match server MAC and session id
492 */
493 if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_PPPOE_DECAP)) {
494 struct pppoe_hdr *ph;
495 struct ethhdr *eth;
496
497 if (unlikely(!sfe_l2_parse_flag_check(l2_info, SFE_L2_PARSE_FLAGS_PPPOE_INGRESS))) {
498 rcu_read_unlock();
499 DEBUG_TRACE("%px: PPPoE header not present in packet for PPPoE rule\n", skb);
500 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_INCORRECT_PPPOE_PARSING);
501 return 0;
502 }
503
504 ph = (struct pppoe_hdr *)(skb->head + sfe_l2_pppoe_hdr_offset_get(l2_info));
505 eth = (struct ethhdr *)(skb->head + sfe_l2_hdr_offset_get(l2_info));
506 if (unlikely(cm->pppoe_session_id != ntohs(ph->sid)) || unlikely(!(ether_addr_equal((u8*)cm->pppoe_remote_mac, (u8 *)eth->h_source)))) {
507 DEBUG_TRACE("%px: PPPoE sessions with session IDs %d and %d or server MACs %pM and %pM did not match\n",
508 skb, cm->pppoe_session_id, htons(ph->sid), cm->pppoe_remote_mac, eth->h_source);
509 rcu_read_unlock();
510 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_INVALID_PPPOE_SESSION);
511 return 0;
512 }
513 skb->protocol = htons(l2_info->protocol);
514 this_cpu_inc(si->stats_pcpu->pppoe_decap_packets_forwarded64);
515
516 } else if (unlikely(sfe_l2_parse_flag_check(l2_info, SFE_L2_PARSE_FLAGS_PPPOE_INGRESS))) {
517
518 /*
519 * If packet contains PPPOE header but CME doesn't contain PPPoE flag yet we are exceptioning the packet to linux
520 */
521 rcu_read_unlock();
522 DEBUG_TRACE("%px: CME doesn't contain PPPOE flag but packet has PPPoE header\n", skb);
523 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_PPPOE_NOT_SET_IN_CME);
524 return 0;
525 }
526
527 /*
528 * From this point on we're good to modify the packet.
529 */
530
531 /*
Guduri Prathyusha79a5fee2021-11-11 17:59:10 +0530[diff] [blame]532 * For PPPoE flows, add PPPoE header before L2 header is added.
533 */
534 if (cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_PPPOE_ENCAP) {
535 if (unlikely(!sfe_pppoe_add_header(skb, cm->pppoe_session_id, PPP_IP))) {
536 rcu_read_unlock();
537 DEBUG_WARN("%px: PPPoE header addition failed\n", skb);
Guduri Prathyusha5f27e232022-01-06 14:39:04 +0530[diff] [blame^]538 sfe_ipv4_exception_stats_inc(si, SFE_IPV4_EXCEPTION_EVENT_NO_HEADROOM);
Guduri Prathyusha79a5fee2021-11-11 17:59:10 +0530[diff] [blame]539 return 0;
540 }
541 this_cpu_inc(si->stats_pcpu->pppoe_encap_packets_forwarded64);
542 }
543
544 /*
545 * TODO : VLAN headers if any should be added here when supported.
546 */
547
548 /*
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]549 * Update DSCP
550 */
551 if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_DSCP_REMARK)) {
552 iph->tos = (iph->tos & SFE_IPV4_DSCP_MASK) | cm->dscp;
553 }
554
555 /*
556 * Decrement our TTL.
557 */
Ratheesh Kannoth71fc51e2022-01-05 10:02:47 +0530[diff] [blame]558 if (likely(!bridge_flow)) {
559 iph->ttl = ttl - 1;
560 }
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]561
562 /*
Ratheesh Kannotha3cf0e02021-12-09 09:44:10 +0530[diff] [blame]563 * Enable HW csum if rx checksum is verified and xmit interface is CSUM offload capable.
564 * Note: If L4 csum at Rx was found to be incorrect, we (router) should use incremental L4 checksum here
565 * so that HW does not re-calculate/replace the L4 csum
566 */
567 hw_csum = !!(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_CSUM_OFFLOAD) && (skb->ip_summed == CHECKSUM_UNNECESSARY);
568
569 /*
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]570 * Do we have to perform translations of the source address/port?
571 */
572 if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_SRC)) {
573 u16 tcp_csum;
574 u32 sum;
575
576 iph->saddr = cm->xlate_src_ip;
577 tcph->source = cm->xlate_src_port;
578
Ratheesh Kannotha3cf0e02021-12-09 09:44:10 +0530[diff] [blame]579 if (unlikely(!hw_csum)) {
580 tcp_csum = tcph->check;
581 if (unlikely(skb->ip_summed == CHECKSUM_PARTIAL)) {
582 sum = tcp_csum + cm->xlate_src_partial_csum_adjustment;
583 } else {
584 sum = tcp_csum + cm->xlate_src_csum_adjustment;
585 }
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]586
Ratheesh Kannotha3cf0e02021-12-09 09:44:10 +0530[diff] [blame]587 sum = (sum & 0xffff) + (sum >> 16);
588 tcph->check = (u16)sum;
589 }
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]590 }
591
592 /*
593 * Do we have to perform translations of the destination address/port?
594 */
595 if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_DEST)) {
596 u16 tcp_csum;
597 u32 sum;
598
599 iph->daddr = cm->xlate_dest_ip;
600 tcph->dest = cm->xlate_dest_port;
601
Ratheesh Kannotha3cf0e02021-12-09 09:44:10 +0530[diff] [blame]602 if (unlikely(!hw_csum)) {
603 tcp_csum = tcph->check;
604 if (unlikely(skb->ip_summed == CHECKSUM_PARTIAL)) {
605 sum = tcp_csum + cm->xlate_dest_partial_csum_adjustment;
606 } else {
607 sum = tcp_csum + cm->xlate_dest_csum_adjustment;
608 }
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]609
Ratheesh Kannotha3cf0e02021-12-09 09:44:10 +0530[diff] [blame]610 sum = (sum & 0xffff) + (sum >> 16);
611 tcph->check = (u16)sum;
612 }
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]613 }
614
615 /*
Ratheesh Kannotha3cf0e02021-12-09 09:44:10 +0530[diff] [blame]616 * If HW checksum offload is not possible, full L3 checksum and incremental L4 checksum
617 * are used to update the packet. Setting ip_summed to CHECKSUM_UNNECESSARY ensures checksum is
618 * not recalculated further in packet path.
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]619 */
Ratheesh Kannotha3cf0e02021-12-09 09:44:10 +0530[diff] [blame]620 if (likely(hw_csum)) {
621 skb->ip_summed = CHECKSUM_PARTIAL;
622 } else {
623 iph->check = sfe_ipv4_gen_ip_csum(iph);
624 skb->ip_summed = CHECKSUM_UNNECESSARY;
625 }
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]626
627 /*
628 * Update traffic stats.
629 */
630 atomic_inc(&cm->rx_packet_count);
631 atomic_add(len, &cm->rx_byte_count);
632
633 xmit_dev = cm->xmit_dev;
634 skb->dev = xmit_dev;
635
636 /*
637 * Check to see if we need to write a header.
638 */
639 if (likely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_L2_HDR)) {
640 if (unlikely(!(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR))) {
Guduri Prathyusha5f27e232022-01-06 14:39:04 +0530[diff] [blame^]641 dev_hard_header(skb, xmit_dev, ntohs(skb->protocol),
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]642 cm->xmit_dest_mac, cm->xmit_src_mac, len);
643 } else {
644 /*
645 * For the simple case we write this really fast.
646 */
647 struct ethhdr *eth = (struct ethhdr *)__skb_push(skb, ETH_HLEN);
648
Guduri Prathyusha5f27e232022-01-06 14:39:04 +0530[diff] [blame^]649 eth->h_proto = skb->protocol;
Ratheesh Kannoth6307bec2021-11-25 08:26:39 +0530[diff] [blame]650
651 ether_addr_copy((u8 *)eth->h_dest, (u8 *)cm->xmit_dest_mac);
652 ether_addr_copy((u8 *)eth->h_source, (u8 *)cm->xmit_src_mac);
653 }
654 }
655
656 /*
657 * Update priority of skb.
658 */
659 if (unlikely(cm->flags & SFE_IPV4_CONNECTION_MATCH_FLAG_PRIORITY_REMARK)) {
660 skb->priority = cm->priority;
661 }
662
663 /*
664 * Mark outgoing packet
665 */
666 skb->mark = cm->connection->mark;
667 if (skb->mark) {
668 DEBUG_TRACE("SKB MARK is NON ZERO %x\n", skb->mark);
669 }
670
671 rcu_read_unlock();
672
673 this_cpu_inc(si->stats_pcpu->packets_forwarded64);
674
675 /*
676 * We're going to check for GSO flags when we transmit the packet so
677 * start fetching the necessary cache line now.
678 */
679 prefetch(skb_shinfo(skb));
680
681 /*
682 * Mark that this packet has been fast forwarded.
683 */
684 skb->fast_forwarded = 1;
685
686 /*
687 * Send the packet on its way.
688 */
689 dev_queue_xmit(skb);
690
691 return 1;
692}