Gitiles
Code Review Sign In
gerrit.nordix.org / codeaurora / qca-nss-sfe / a212fc5d1ec1202b1ed4eddbc645b251750185f6 / . / sfe_ipv6.h
blob: d6fbff4340b7d8bd028fa5a37e6eaa8c7204ee0b [file] [log] [blame]
Ratheesh Kannoth24fb1db2021-10-20 07:28:06 +0530[diff] [blame]1/*
2 * sfe_ipv6.h
3 * Shortcut forwarding engine header file for IPv6.
4 *
5 * Copyright (c) 2015-2016, 2019-2020, The Linux Foundation. All rights reserved.
6 * Copyright (c) 2021 Qualcomm Innovation Center, Inc. All rights reserved.
7 *
8 * Permission to use, copy, modify, and/or distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
11 *
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 */
20
Ratheesh Kannoth24fb1db2021-10-20 07:28:06 +0530[diff] [blame]21#define CHAR_DEV_MSG_SIZE 768
22
Ratheesh Kannoth24fb1db2021-10-20 07:28:06 +0530[diff] [blame]23#define SFE_IPV6_DSCP_MASK 0xf03f
24#define SFE_IPV6_DSCP_SHIFT 2
25
Ratheesh Kannoth24fb1db2021-10-20 07:28:06 +0530[diff] [blame]26#define SFE_IPV6_FRAG_OFFSET 0xfff8
27
28/*
29 * generic IPv6 extension header
30 */
31struct sfe_ipv6_ext_hdr {
32 __u8 next_hdr;
33 __u8 hdr_len;
34 __u8 padding[6];
Ratheesh Kannoth741f7992021-10-20 07:39:52 +0530[diff] [blame]35};
Ratheesh Kannoth24fb1db2021-10-20 07:28:06 +0530[diff] [blame]36
37/*
38 * Specifies the lower bound on ACK numbers carried in the TCP header
39 */
40#define SFE_IPV6_TCP_MAX_ACK_WINDOW 65520
41
42/*
43 * IPv6 TCP connection match additional data.
44 */
45struct sfe_ipv6_tcp_connection_match {
46 u8 win_scale; /* Window scale */
47 u32 max_win; /* Maximum window size seen */
48 u32 end; /* Sequence number of the next byte to send (seq + segment length) */
49 u32 max_end; /* Sequence number of the last byte to ack */
50};
51
52/*
53 * Bit flags for IPv6 connection matching entry.
54 */
55#define SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_SRC (1<<0)
56 /* Perform source translation */
57#define SFE_IPV6_CONNECTION_MATCH_FLAG_XLATE_DEST (1<<1)
58 /* Perform destination translation */
59#define SFE_IPV6_CONNECTION_MATCH_FLAG_NO_SEQ_CHECK (1<<2)
60 /* Ignore TCP sequence numbers */
61#define SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_FAST_ETH_HDR (1<<3)
62 /* Fast Ethernet header write */
63#define SFE_IPV6_CONNECTION_MATCH_FLAG_WRITE_L2_HDR (1<<4)
64 /* Fast Ethernet header write */
65#define SFE_IPV6_CONNECTION_MATCH_FLAG_PRIORITY_REMARK (1<<5)
66 /* remark priority of SKB */
67#define SFE_IPV6_CONNECTION_MATCH_FLAG_DSCP_REMARK (1<<6)
68 /* remark DSCP of packet */
69
70/*
71 * IPv6 connection matching structure.
72 */
73struct sfe_ipv6_connection_match {
74 /*
75 * References to other objects.
76 */
Ratheesh Kannotha212fc52021-10-20 07:50:32 +0530[diff] [blame^]77 struct hlist_node hnode;
Ratheesh Kannoth24fb1db2021-10-20 07:28:06 +0530[diff] [blame]78 struct sfe_ipv6_connection *connection;
79 struct sfe_ipv6_connection_match *counter_match;
80 /* Matches the flow in the opposite direction as the one in connection */
81 struct sfe_ipv6_connection_match *active_next;
82 struct sfe_ipv6_connection_match *active_prev;
83 bool active; /* Flag to indicate if we're on the active list */
84
85 /*
86 * Characteristics that identify flows that match this rule.
87 */
88 struct net_device *match_dev; /* Network device */
89 u8 match_protocol; /* Protocol */
90 struct sfe_ipv6_addr match_src_ip[1]; /* Source IP address */
91 struct sfe_ipv6_addr match_dest_ip[1]; /* Destination IP address */
92 __be16 match_src_port; /* Source port/connection ident */
93 __be16 match_dest_port; /* Destination port/connection ident */
94
95 /*
96 * Control the operations of the match.
97 */
98 u32 flags; /* Bit flags */
99#ifdef CONFIG_NF_FLOW_COOKIE
100 u32 flow_cookie; /* used flow cookie, for debug */
101#endif
102#ifdef CONFIG_XFRM
103 u32 flow_accel; /* The flow accelerated or not */
104#endif
105
106 /*
107 * Connection state that we track once we match.
108 */
109 union { /* Protocol-specific state */
110 struct sfe_ipv6_tcp_connection_match tcp;
111 } protocol_state;
112 /*
113 * Stats recorded in a sync period. These stats will be added to
114 * rx_packet_count64/rx_byte_count64 after a sync period.
115 */
Ratheesh Kannotha212fc52021-10-20 07:50:32 +0530[diff] [blame^]116 atomic_t rx_packet_count;
117 atomic_t rx_byte_count;
Ratheesh Kannoth24fb1db2021-10-20 07:28:06 +0530[diff] [blame]118
119 /*
120 * Packet translation information.
121 */
122 struct sfe_ipv6_addr xlate_src_ip[1]; /* Address after source translation */
123 __be16 xlate_src_port; /* Port/connection ident after source translation */
124 u16 xlate_src_csum_adjustment;
125 /* Transport layer checksum adjustment after source translation */
126 struct sfe_ipv6_addr xlate_dest_ip[1]; /* Address after destination translation */
127 __be16 xlate_dest_port; /* Port/connection ident after destination translation */
128 u16 xlate_dest_csum_adjustment;
129 /* Transport layer checksum adjustment after destination translation */
130
131 /*
132 * QoS information
133 */
134 u32 priority;
135 u32 dscp;
136
137 /*
138 * Packet transmit information.
139 */
140 struct net_device *xmit_dev; /* Network device on which to transmit */
141 unsigned short int xmit_dev_mtu;
142 /* Interface MTU */
143 u16 xmit_dest_mac[ETH_ALEN / 2];
144 /* Destination MAC address to use when forwarding */
145 u16 xmit_src_mac[ETH_ALEN / 2];
146 /* Source MAC address to use when forwarding */
147
148 /*
149 * Summary stats.
150 */
151 u64 rx_packet_count64;
152 u64 rx_byte_count64;
153};
154
155/*
156 * Per-connection data structure.
157 */
158struct sfe_ipv6_connection {
159 struct sfe_ipv6_connection *next;
160 /* Pointer to the next entry in a hash chain */
161 struct sfe_ipv6_connection *prev;
162 /* Pointer to the previous entry in a hash chain */
163 int protocol; /* IP protocol number */
164 struct sfe_ipv6_addr src_ip[1]; /* Src IP addr pre-translation */
165 struct sfe_ipv6_addr src_ip_xlate[1]; /* Src IP addr post-translation */
166 struct sfe_ipv6_addr dest_ip[1]; /* Dest IP addr pre-translation */
167 struct sfe_ipv6_addr dest_ip_xlate[1]; /* Dest IP addr post-translation */
168 __be16 src_port; /* Src port pre-translation */
169 __be16 src_port_xlate; /* Src port post-translation */
170 __be16 dest_port; /* Dest port pre-translation */
171 __be16 dest_port_xlate; /* Dest port post-translation */
172 struct sfe_ipv6_connection_match *original_match;
173 /* Original direction matching structure */
174 struct net_device *original_dev;
175 /* Original direction source device */
176 struct sfe_ipv6_connection_match *reply_match;
177 /* Reply direction matching structure */
178 struct net_device *reply_dev; /* Reply direction source device */
179 u64 last_sync_jiffies; /* Jiffies count for the last sync */
180 struct sfe_ipv6_connection *all_connections_next;
181 /* Pointer to the next entry in the list of all connections */
182 struct sfe_ipv6_connection *all_connections_prev;
183 /* Pointer to the previous entry in the list of all connections */
Ratheesh Kannotha212fc52021-10-20 07:50:32 +0530[diff] [blame^]184
185 bool removed; /* Indicates the connection is removed */
186 struct rcu_head rcu; /* delay rcu free */
Ratheesh Kannoth24fb1db2021-10-20 07:28:06 +0530[diff] [blame]187 u32 mark; /* mark for outgoing packet */
188 u32 debug_read_seq; /* sequence number for debug dump */
189};
190
191/*
192 * IPv6 connections and hash table size information.
193 */
194#define SFE_IPV6_CONNECTION_HASH_SHIFT 12
195#define SFE_IPV6_CONNECTION_HASH_SIZE (1 << SFE_IPV6_CONNECTION_HASH_SHIFT)
196#define SFE_IPV6_CONNECTION_HASH_MASK (SFE_IPV6_CONNECTION_HASH_SIZE - 1)
197
198enum sfe_ipv6_exception_events {
199 SFE_IPV6_EXCEPTION_EVENT_UDP_HEADER_INCOMPLETE,
200 SFE_IPV6_EXCEPTION_EVENT_UDP_NO_CONNECTION,
201 SFE_IPV6_EXCEPTION_EVENT_UDP_IP_OPTIONS_OR_INITIAL_FRAGMENT,
202 SFE_IPV6_EXCEPTION_EVENT_UDP_SMALL_TTL,
203 SFE_IPV6_EXCEPTION_EVENT_UDP_NEEDS_FRAGMENTATION,
204 SFE_IPV6_EXCEPTION_EVENT_TCP_HEADER_INCOMPLETE,
205 SFE_IPV6_EXCEPTION_EVENT_TCP_NO_CONNECTION_SLOW_FLAGS,
206 SFE_IPV6_EXCEPTION_EVENT_TCP_NO_CONNECTION_FAST_FLAGS,
207 SFE_IPV6_EXCEPTION_EVENT_TCP_IP_OPTIONS_OR_INITIAL_FRAGMENT,
208 SFE_IPV6_EXCEPTION_EVENT_TCP_SMALL_TTL,
209 SFE_IPV6_EXCEPTION_EVENT_TCP_NEEDS_FRAGMENTATION,
210 SFE_IPV6_EXCEPTION_EVENT_TCP_FLAGS,
211 SFE_IPV6_EXCEPTION_EVENT_TCP_SEQ_EXCEEDS_RIGHT_EDGE,
212 SFE_IPV6_EXCEPTION_EVENT_TCP_SMALL_DATA_OFFS,
213 SFE_IPV6_EXCEPTION_EVENT_TCP_BAD_SACK,
214 SFE_IPV6_EXCEPTION_EVENT_TCP_BIG_DATA_OFFS,
215 SFE_IPV6_EXCEPTION_EVENT_TCP_SEQ_BEFORE_LEFT_EDGE,
216 SFE_IPV6_EXCEPTION_EVENT_TCP_ACK_EXCEEDS_RIGHT_EDGE,
217 SFE_IPV6_EXCEPTION_EVENT_TCP_ACK_BEFORE_LEFT_EDGE,
218 SFE_IPV6_EXCEPTION_EVENT_ICMP_HEADER_INCOMPLETE,
219 SFE_IPV6_EXCEPTION_EVENT_ICMP_UNHANDLED_TYPE,
220 SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_HEADER_INCOMPLETE,
221 SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_NON_V6,
222 SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_IP_OPTIONS_INCOMPLETE,
223 SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_UDP_HEADER_INCOMPLETE,
224 SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_TCP_HEADER_INCOMPLETE,
225 SFE_IPV6_EXCEPTION_EVENT_ICMP_IPV6_UNHANDLED_PROTOCOL,
226 SFE_IPV6_EXCEPTION_EVENT_ICMP_NO_CONNECTION,
227 SFE_IPV6_EXCEPTION_EVENT_ICMP_FLUSHED_CONNECTION,
228 SFE_IPV6_EXCEPTION_EVENT_HEADER_INCOMPLETE,
229 SFE_IPV6_EXCEPTION_EVENT_BAD_TOTAL_LENGTH,
230 SFE_IPV6_EXCEPTION_EVENT_NON_V6,
231 SFE_IPV6_EXCEPTION_EVENT_NON_INITIAL_FRAGMENT,
232 SFE_IPV6_EXCEPTION_EVENT_DATAGRAM_INCOMPLETE,
233 SFE_IPV6_EXCEPTION_EVENT_IP_OPTIONS_INCOMPLETE,
234 SFE_IPV6_EXCEPTION_EVENT_UNHANDLED_PROTOCOL,
235 SFE_IPV6_EXCEPTION_EVENT_FLOW_COOKIE_ADD_FAIL,
236 SFE_IPV6_EXCEPTION_EVENT_LAST
237};
238
239/*
240 * Per-module structure.
241 */
242struct sfe_ipv6 {
243 spinlock_t lock; /* Lock for SMP correctness */
244 struct sfe_ipv6_connection_match *active_head;
245 /* Head of the list of recently active connections */
246 struct sfe_ipv6_connection_match *active_tail;
247 /* Tail of the list of recently active connections */
248 struct sfe_ipv6_connection *all_connections_head;
249 /* Head of the list of all connections */
250 struct sfe_ipv6_connection *all_connections_tail;
251 /* Tail of the list of all connections */
252 unsigned int num_connections; /* Number of connections */
253 struct timer_list timer; /* Timer used for periodic sync ops */
254 sfe_sync_rule_callback_t __rcu sync_rule_callback;
255 /* Callback function registered by a connection manager for stats syncing */
256 struct sfe_ipv6_connection *conn_hash[SFE_IPV6_CONNECTION_HASH_SIZE];
257 /* Connection hash table */
Ratheesh Kannotha212fc52021-10-20 07:50:32 +0530[diff] [blame^]258 struct hlist_head hlist_conn_match_hash_head[SFE_IPV6_CONNECTION_HASH_SIZE];
Ratheesh Kannoth24fb1db2021-10-20 07:28:06 +0530[diff] [blame]259#ifdef CONFIG_NF_FLOW_COOKIE
260 struct sfe_ipv6_flow_cookie_entry sfe_flow_cookie_table[SFE_FLOW_COOKIE_SIZE];
261 /* flow cookie table*/
262 sfe_ipv6_flow_cookie_set_func_t flow_cookie_set_func;
263 /* function used to configure flow cookie in hardware*/
264 int flow_cookie_enable;
265 /* Enable/disable flow cookie at runtime */
266#endif
267
268 /*
269 * Stats recorded in a sync period. These stats will be added to
270 * connection_xxx64 after a sync period.
271 */
272 u32 connection_create_requests;
273 /* Number of IPv6 connection create requests */
274 u32 connection_create_collisions;
275 /* Number of IPv6 connection create requests that collided with existing hash table entries */
276 u32 connection_destroy_requests;
277 /* Number of IPv6 connection destroy requests */
278 u32 connection_destroy_misses;
279 /* Number of IPv6 connection destroy requests that missed our hash table */
280 u32 connection_match_hash_hits;
281 /* Number of IPv6 connection match hash hits */
282 u32 connection_match_hash_reorders;
283 /* Number of IPv6 connection match hash reorders */
284 u32 connection_flushes; /* Number of IPv6 connection flushes */
285 u32 packets_forwarded; /* Number of IPv6 packets forwarded */
286 u32 packets_not_forwarded; /* Number of IPv6 packets not forwarded */
287 u32 exception_events[SFE_IPV6_EXCEPTION_EVENT_LAST];
288
289 /*
290 * Summary statistics.
291 */
292 u64 connection_create_requests64;
293 /* Number of IPv6 connection create requests */
294 u64 connection_create_collisions64;
295 /* Number of IPv6 connection create requests that collided with existing hash table entries */
296 u64 connection_destroy_requests64;
297 /* Number of IPv6 connection destroy requests */
298 u64 connection_destroy_misses64;
299 /* Number of IPv6 connection destroy requests that missed our hash table */
300 u64 connection_match_hash_hits64;
301 /* Number of IPv6 connection match hash hits */
302 u64 connection_match_hash_reorders64;
303 /* Number of IPv6 connection match hash reorders */
304 u64 connection_flushes64; /* Number of IPv6 connection flushes */
305 u64 packets_forwarded64; /* Number of IPv6 packets forwarded */
306 u64 packets_not_forwarded64;
307 /* Number of IPv6 packets not forwarded */
308 u64 exception_events64[SFE_IPV6_EXCEPTION_EVENT_LAST];
309
310 /*
311 * Control state.
312 */
313 struct kobject *sys_sfe_ipv6; /* sysfs linkage */
314 int debug_dev; /* Major number of the debug char device */
315 u32 debug_read_seq; /* sequence number for debug dump */
316};
317
318/*
319 * Enumeration of the XML output.
320 */
321enum sfe_ipv6_debug_xml_states {
322 SFE_IPV6_DEBUG_XML_STATE_START,
323 SFE_IPV6_DEBUG_XML_STATE_CONNECTIONS_START,
324 SFE_IPV6_DEBUG_XML_STATE_CONNECTIONS_CONNECTION,
325 SFE_IPV6_DEBUG_XML_STATE_CONNECTIONS_END,
326 SFE_IPV6_DEBUG_XML_STATE_EXCEPTIONS_START,
327 SFE_IPV6_DEBUG_XML_STATE_EXCEPTIONS_EXCEPTION,
328 SFE_IPV6_DEBUG_XML_STATE_EXCEPTIONS_END,
329 SFE_IPV6_DEBUG_XML_STATE_STATS,
330 SFE_IPV6_DEBUG_XML_STATE_END,
331 SFE_IPV6_DEBUG_XML_STATE_DONE
332};
333
334/*
335 * XML write state.
336 */
337struct sfe_ipv6_debug_xml_write_state {
338 enum sfe_ipv6_debug_xml_states state;
339 /* XML output file state machine state */
340 int iter_exception; /* Next exception iterator */
341};
342
343typedef bool (*sfe_ipv6_debug_xml_write_method_t)(struct sfe_ipv6 *si, char *buffer, char *msg, size_t *length,
344 int *total_read, struct sfe_ipv6_debug_xml_write_state *ws);
345
346void sfe_ipv6_exit(void);
347int sfe_ipv6_init(void);