Gitiles
Code Review Sign In
gerrit.nordix.org / codeaurora / qca-nss-sfe / 94fc5b8c4a77c3693c47fc5c0df24f1bd4424894 / . / sfe_ipv4.h
blob: 46f2a5965753ec1bae87ca70de7f51ff79d47a96 [file] [log] [blame]
Ratheesh Kannoth24fb1db2021-10-20 07:28:06 +0530[diff] [blame]1/*
2 * sfe_ipv4.h
3 * Shortcut forwarding engine header file for IPv4.
4 *
5 * Copyright (c) 2013-2016, 2019-2020, The Linux Foundation. All rights reserved.
6 * Copyright (c) 2021 Qualcomm Innovation Center, Inc. All rights reserved.
7 *
8 * Permission to use, copy, modify, and/or distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
20
Ratheesh Kannoth24fb1db2021-10-20 07:28:06 +0530[diff] [blame]21#define SFE_IPV4_DSCP_MASK 0x3
22#define SFE_IPV4_DSCP_SHIFT 2
23
24/*
Ratheesh Kannoth24fb1db2021-10-20 07:28:06 +0530[diff] [blame]25 * Specifies the lower bound on ACK numbers carried in the TCP header
26 */
27#define SFE_IPV4_TCP_MAX_ACK_WINDOW 65520
28
29/*
30 * IPv4 TCP connection match additional data.
31 */
32struct sfe_ipv4_tcp_connection_match {
33 u8 win_scale; /* Window scale */
34 u32 max_win; /* Maximum window size seen */
35 u32 end; /* Sequence number of the next byte to send (seq + segment length) */
36 u32 max_end; /* Sequence number of the last byte to ack */
37};
38
39/*
40 * Bit flags for IPv4 connection matching entry.
41 */
42#define SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_SRC (1<<0)
43 /* Perform source translation */
44#define SFE_IPV4_CONNECTION_MATCH_FLAG_XLATE_DEST (1<<1)
45 /* Perform destination translation */
46#define SFE_IPV4_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK (1<<2)
47 /* Ignore TCP sequence numbers */
48#define SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR (1<<3)
49 /* Fast Ethernet header write */
50#define SFE_IPV4_CONNECTION_MATCH_FLAG_WRITE_L2_HDR (1<<4)
51 /* Fast Ethernet header write */
52#define SFE_IPV4_CONNECTION_MATCH_FLAG_PRIORITY_REMARK (1<<5)
53 /* remark priority of SKB */
54#define SFE_IPV4_CONNECTION_MATCH_FLAG_DSCP_REMARK (1<<6)
55 /* remark DSCP of packet */
56
57/*
58 * IPv4 connection matching structure.
59 */
60struct sfe_ipv4_connection_match {
61 /*
62 * References to other objects.
63 */
Ratheesh Kannoth94fc5b82021-10-20 07:45:06 +0530[diff] [blame^]64 struct hlist_node hnode;
65
Ratheesh Kannoth24fb1db2021-10-20 07:28:06 +0530[diff] [blame]66 struct sfe_ipv4_connection *connection;
67 struct sfe_ipv4_connection_match *counter_match;
68 /* Matches the flow in the opposite direction as the one in *connection */
69 struct sfe_ipv4_connection_match *active_next;
70 struct sfe_ipv4_connection_match *active_prev;
71 bool active; /* Flag to indicate if we're on the active list */
72
73 /*
74 * Characteristics that identify flows that match this rule.
75 */
76 struct net_device *match_dev; /* Network device */
77 u8 match_protocol; /* Protocol */
78 __be32 match_src_ip; /* Source IP address */
79 __be32 match_dest_ip; /* Destination IP address */
80 __be16 match_src_port; /* Source port/connection ident */
81 __be16 match_dest_port; /* Destination port/connection ident */
82
83 /*
84 * Control the operations of the match.
85 */
86 u32 flags; /* Bit flags */
87#ifdef CONFIG_NF_FLOW_COOKIE
88 u32 flow_cookie; /* used flow cookie, for debug */
89#endif
90#ifdef CONFIG_XFRM
91 u32 flow_accel; /* The flow accelerated or not */
92#endif
93
94 /*
95 * Connection state that we track once we match.
96 */
97 union { /* Protocol-specific state */
98 struct sfe_ipv4_tcp_connection_match tcp;
99 } protocol_state;
100 /*
101 * Stats recorded in a sync period. These stats will be added to
102 * rx_packet_count64/rx_byte_count64 after a sync period.
103 */
Ratheesh Kannoth94fc5b82021-10-20 07:45:06 +0530[diff] [blame^]104 atomic_t rx_packet_count;
105 atomic_t rx_byte_count;
Ratheesh Kannoth24fb1db2021-10-20 07:28:06 +0530[diff] [blame]106
107 /*
108 * Packet translation information.
109 */
110 __be32 xlate_src_ip; /* Address after source translation */
111 __be16 xlate_src_port; /* Port/connection ident after source translation */
112 u16 xlate_src_csum_adjustment;
113 /* Transport layer checksum adjustment after source translation */
114 u16 xlate_src_partial_csum_adjustment;
115 /* Transport layer pseudo header checksum adjustment after source translation */
116
117 __be32 xlate_dest_ip; /* Address after destination translation */
118 __be16 xlate_dest_port; /* Port/connection ident after destination translation */
119 u16 xlate_dest_csum_adjustment;
120 /* Transport layer checksum adjustment after destination translation */
121 u16 xlate_dest_partial_csum_adjustment;
122 /* Transport layer pseudo header checksum adjustment after destination translation */
123
124 /*
125 * QoS information
126 */
127 u32 priority;
128 u32 dscp;
129
130 /*
131 * Packet transmit information.
132 */
133 struct net_device *xmit_dev; /* Network device on which to transmit */
134 unsigned short int xmit_dev_mtu;
135 /* Interface MTU */
136 u16 xmit_dest_mac[ETH_ALEN / 2];
137 /* Destination MAC address to use when forwarding */
138 u16 xmit_src_mac[ETH_ALEN / 2];
139 /* Source MAC address to use when forwarding */
140
141 /*
142 * Summary stats.
143 */
144 u64 rx_packet_count64;
145 u64 rx_byte_count64;
146};
147
148/*
149 * Per-connection data structure.
150 */
151struct sfe_ipv4_connection {
152 struct sfe_ipv4_connection *next;
153 /* Pointer to the next entry in a hash chain */
154 struct sfe_ipv4_connection *prev;
155 /* Pointer to the previous entry in a hash chain */
156 int protocol; /* IP protocol number */
157 __be32 src_ip; /* Src IP addr pre-translation */
158 __be32 src_ip_xlate; /* Src IP addr post-translation */
159 __be32 dest_ip; /* Dest IP addr pre-translation */
160 __be32 dest_ip_xlate; /* Dest IP addr post-translation */
161 __be16 src_port; /* Src port pre-translation */
162 __be16 src_port_xlate; /* Src port post-translation */
163 __be16 dest_port; /* Dest port pre-translation */
164 __be16 dest_port_xlate; /* Dest port post-translation */
165 struct sfe_ipv4_connection_match *original_match;
166 /* Original direction matching structure */
167 struct net_device *original_dev;
168 /* Original direction source device */
169 struct sfe_ipv4_connection_match *reply_match;
170 /* Reply direction matching structure */
171 struct net_device *reply_dev; /* Reply direction source device */
172 u64 last_sync_jiffies; /* Jiffies count for the last sync */
173 struct sfe_ipv4_connection *all_connections_next;
174 /* Pointer to the next entry in the list of all connections */
175 struct sfe_ipv4_connection *all_connections_prev;
176 /* Pointer to the previous entry in the list of all connections */
177 u32 mark; /* mark for outgoing packet */
178 u32 debug_read_seq; /* sequence number for debug dump */
Ratheesh Kannoth94fc5b82021-10-20 07:45:06 +0530[diff] [blame^]179 bool removed; /* Indicates the connection is removed */
180 struct rcu_head rcu; /* delay rcu free */
Ratheesh Kannoth24fb1db2021-10-20 07:28:06 +0530[diff] [blame]181};
182
183/*
184 * IPv4 connections and hash table size information.
185 */
186#define SFE_IPV4_CONNECTION_HASH_SHIFT 12
187#define SFE_IPV4_CONNECTION_HASH_SIZE (1 << SFE_IPV4_CONNECTION_HASH_SHIFT)
188#define SFE_IPV4_CONNECTION_HASH_MASK (SFE_IPV4_CONNECTION_HASH_SIZE - 1)
189
190enum sfe_ipv4_exception_events {
191 SFE_IPV4_EXCEPTION_EVENT_UDP_HEADER_INCOMPLETE,
192 SFE_IPV4_EXCEPTION_EVENT_UDP_NO_CONNECTION,
193 SFE_IPV4_EXCEPTION_EVENT_UDP_IP_OPTIONS_OR_INITIAL_FRAGMENT,
194 SFE_IPV4_EXCEPTION_EVENT_UDP_SMALL_TTL,
195 SFE_IPV4_EXCEPTION_EVENT_UDP_NEEDS_FRAGMENTATION,
196 SFE_IPV4_EXCEPTION_EVENT_TCP_HEADER_INCOMPLETE,
197 SFE_IPV4_EXCEPTION_EVENT_TCP_NO_CONNECTION_SLOW_FLAGS,
198 SFE_IPV4_EXCEPTION_EVENT_TCP_NO_CONNECTION_FAST_FLAGS,
199 SFE_IPV4_EXCEPTION_EVENT_TCP_IP_OPTIONS_OR_INITIAL_FRAGMENT,
200 SFE_IPV4_EXCEPTION_EVENT_TCP_SMALL_TTL,
201 SFE_IPV4_EXCEPTION_EVENT_TCP_NEEDS_FRAGMENTATION,
202 SFE_IPV4_EXCEPTION_EVENT_TCP_FLAGS,
203 SFE_IPV4_EXCEPTION_EVENT_TCP_SEQ_EXCEEDS_RIGHT_EDGE,
204 SFE_IPV4_EXCEPTION_EVENT_TCP_SMALL_DATA_OFFS,
205 SFE_IPV4_EXCEPTION_EVENT_TCP_BAD_SACK,
206 SFE_IPV4_EXCEPTION_EVENT_TCP_BIG_DATA_OFFS,
207 SFE_IPV4_EXCEPTION_EVENT_TCP_SEQ_BEFORE_LEFT_EDGE,
208 SFE_IPV4_EXCEPTION_EVENT_TCP_ACK_EXCEEDS_RIGHT_EDGE,
209 SFE_IPV4_EXCEPTION_EVENT_TCP_ACK_BEFORE_LEFT_EDGE,
210 SFE_IPV4_EXCEPTION_EVENT_ICMP_HEADER_INCOMPLETE,
211 SFE_IPV4_EXCEPTION_EVENT_ICMP_UNHANDLED_TYPE,
212 SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_HEADER_INCOMPLETE,
213 SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_NON_V4,
214 SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_IP_OPTIONS_INCOMPLETE,
215 SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_UDP_HEADER_INCOMPLETE,
216 SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_TCP_HEADER_INCOMPLETE,
217 SFE_IPV4_EXCEPTION_EVENT_ICMP_IPV4_UNHANDLED_PROTOCOL,
218 SFE_IPV4_EXCEPTION_EVENT_ICMP_NO_CONNECTION,
219 SFE_IPV4_EXCEPTION_EVENT_ICMP_FLUSHED_CONNECTION,
220 SFE_IPV4_EXCEPTION_EVENT_HEADER_INCOMPLETE,
221 SFE_IPV4_EXCEPTION_EVENT_BAD_TOTAL_LENGTH,
222 SFE_IPV4_EXCEPTION_EVENT_NON_V4,
223 SFE_IPV4_EXCEPTION_EVENT_NON_INITIAL_FRAGMENT,
224 SFE_IPV4_EXCEPTION_EVENT_DATAGRAM_INCOMPLETE,
225 SFE_IPV4_EXCEPTION_EVENT_IP_OPTIONS_INCOMPLETE,
226 SFE_IPV4_EXCEPTION_EVENT_UNHANDLED_PROTOCOL,
227 SFE_IPV4_EXCEPTION_EVENT_LAST
228};
229
230/*
231 * Per-module structure.
232 */
233struct sfe_ipv4 {
234 spinlock_t lock; /* Lock for SMP correctness */
235 struct sfe_ipv4_connection_match *active_head;
236 /* Head of the list of recently active connections */
237 struct sfe_ipv4_connection_match *active_tail;
238 /* Tail of the list of recently active connections */
239 struct sfe_ipv4_connection *all_connections_head;
240 /* Head of the list of all connections */
241 struct sfe_ipv4_connection *all_connections_tail;
242 /* Tail of the list of all connections */
243 unsigned int num_connections; /* Number of connections */
244 struct timer_list timer; /* Timer used for periodic sync ops */
245 sfe_sync_rule_callback_t __rcu sync_rule_callback;
246 /* Callback function registered by a connection manager for stats syncing */
247 struct sfe_ipv4_connection *conn_hash[SFE_IPV4_CONNECTION_HASH_SIZE];
248 /* Connection hash table */
Ratheesh Kannoth94fc5b82021-10-20 07:45:06 +0530[diff] [blame^]249
250 struct hlist_head hlist_conn_match_hash_head[SFE_IPV4_CONNECTION_HASH_SIZE];
Ratheesh Kannoth24fb1db2021-10-20 07:28:06 +0530[diff] [blame]251 /* Connection match hash table */
Ratheesh Kannoth94fc5b82021-10-20 07:45:06 +0530[diff] [blame^]252
Ratheesh Kannoth24fb1db2021-10-20 07:28:06 +0530[diff] [blame]253#ifdef CONFIG_NF_FLOW_COOKIE
254 struct sfe_flow_cookie_entry sfe_flow_cookie_table[SFE_FLOW_COOKIE_SIZE];
255 /* flow cookie table*/
256 flow_cookie_set_func_t flow_cookie_set_func;
257 /* function used to configure flow cookie in hardware*/
258 int flow_cookie_enable;
259 /* Enable/disable flow cookie at runtime */
260#endif
261
262 /*
263 * Stats recorded in a sync period. These stats will be added to
264 * connection_xxx64 after a sync period.
265 */
266 u32 connection_create_requests;
267 /* Number of IPv4 connection create requests */
268 u32 connection_create_collisions;
269 /* Number of IPv4 connection create requests that collided with existing hash table entries */
270 u32 connection_destroy_requests;
271 /* Number of IPv4 connection destroy requests */
272 u32 connection_destroy_misses;
273 /* Number of IPv4 connection destroy requests that missed our hash table */
274 u32 connection_match_hash_hits;
275 /* Number of IPv4 connection match hash hits */
276 u32 connection_match_hash_reorders;
277 /* Number of IPv4 connection match hash reorders */
278 u32 connection_flushes; /* Number of IPv4 connection flushes */
279 u32 packets_forwarded; /* Number of IPv4 packets forwarded */
280 u32 packets_not_forwarded; /* Number of IPv4 packets not forwarded */
281 u32 exception_events[SFE_IPV4_EXCEPTION_EVENT_LAST];
282
283 /*
284 * Summary statistics.
285 */
286 u64 connection_create_requests64;
287 /* Number of IPv4 connection create requests */
288 u64 connection_create_collisions64;
289 /* Number of IPv4 connection create requests that collided with existing hash table entries */
290 u64 connection_destroy_requests64;
291 /* Number of IPv4 connection destroy requests */
292 u64 connection_destroy_misses64;
293 /* Number of IPv4 connection destroy requests that missed our hash table */
294 u64 connection_match_hash_hits64;
295 /* Number of IPv4 connection match hash hits */
296 u64 connection_match_hash_reorders64;
297 /* Number of IPv4 connection match hash reorders */
298 u64 connection_flushes64; /* Number of IPv4 connection flushes */
299 u64 packets_forwarded64; /* Number of IPv4 packets forwarded */
300 u64 packets_not_forwarded64;
301 /* Number of IPv4 packets not forwarded */
302 u64 exception_events64[SFE_IPV4_EXCEPTION_EVENT_LAST];
303
304 /*
305 * Control state.
306 */
307 struct kobject *sys_sfe_ipv4; /* sysfs linkage */
308 int debug_dev; /* Major number of the debug char device */
309 u32 debug_read_seq; /* sequence number for debug dump */
310};
311
312/*
313 * Enumeration of the XML output.
314 */
315enum sfe_ipv4_debug_xml_states {
316 SFE_IPV4_DEBUG_XML_STATE_START,
317 SFE_IPV4_DEBUG_XML_STATE_CONNECTIONS_START,
318 SFE_IPV4_DEBUG_XML_STATE_CONNECTIONS_CONNECTION,
319 SFE_IPV4_DEBUG_XML_STATE_CONNECTIONS_END,
320 SFE_IPV4_DEBUG_XML_STATE_EXCEPTIONS_START,
321 SFE_IPV4_DEBUG_XML_STATE_EXCEPTIONS_EXCEPTION,
322 SFE_IPV4_DEBUG_XML_STATE_EXCEPTIONS_END,
323 SFE_IPV4_DEBUG_XML_STATE_STATS,
324 SFE_IPV4_DEBUG_XML_STATE_END,
325 SFE_IPV4_DEBUG_XML_STATE_DONE
326};
327
328/*
329 * XML write state.
330 */
331struct sfe_ipv4_debug_xml_write_state {
332 enum sfe_ipv4_debug_xml_states state;
333 /* XML output file state machine state */
334 int iter_exception; /* Next exception iterator */
335};
336
337typedef bool (*sfe_ipv4_debug_xml_write_method_t)(struct sfe_ipv4 *si, char *buffer, char *msg, size_t *length,
338 int *total_read, struct sfe_ipv4_debug_xml_write_state *ws);
339
340void sfe_ipv4_exit(void);
341int sfe_ipv4_init(void);