Commit 2339ef1c authored by David S. Miller's avatar David S. Miller

Merge branch 'flow_offload-add-indr-block-in-nf_table_offload'

wenxu says:

====================
flow_offload: add indr-block in nf_table_offload

This series patch make nftables offload support the vlan and
tunnel device offload through indr-block architecture.

The first four patches mv tc indr block to flow offload and
rename to flow-indr-block.
Because the new flow-indr-block can't get the tcf_block
directly. The fifth patch provide a callback list to get
flow_block of each subsystem immediately when the device
register and contain a block.
The last patch make nf_tables_offload support flow-indr-block.

This version add a mutex lock for add/del flow_indr_block_ing_cb
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 61552d2c 9a32669f
...@@ -781,9 +781,9 @@ static int mlx5e_rep_indr_register_block(struct mlx5e_rep_priv *rpriv, ...@@ -781,9 +781,9 @@ static int mlx5e_rep_indr_register_block(struct mlx5e_rep_priv *rpriv,
{ {
int err; int err;
err = __tc_indr_block_cb_register(netdev, rpriv, err = __flow_indr_block_cb_register(netdev, rpriv,
mlx5e_rep_indr_setup_tc_cb, mlx5e_rep_indr_setup_tc_cb,
rpriv); rpriv);
if (err) { if (err) {
struct mlx5e_priv *priv = netdev_priv(rpriv->netdev); struct mlx5e_priv *priv = netdev_priv(rpriv->netdev);
...@@ -796,8 +796,8 @@ static int mlx5e_rep_indr_register_block(struct mlx5e_rep_priv *rpriv, ...@@ -796,8 +796,8 @@ static int mlx5e_rep_indr_register_block(struct mlx5e_rep_priv *rpriv,
static void mlx5e_rep_indr_unregister_block(struct mlx5e_rep_priv *rpriv, static void mlx5e_rep_indr_unregister_block(struct mlx5e_rep_priv *rpriv,
struct net_device *netdev) struct net_device *netdev)
{ {
__tc_indr_block_cb_unregister(netdev, mlx5e_rep_indr_setup_tc_cb, __flow_indr_block_cb_unregister(netdev, mlx5e_rep_indr_setup_tc_cb,
rpriv); rpriv);
} }
static int mlx5e_nic_rep_netdevice_event(struct notifier_block *nb, static int mlx5e_nic_rep_netdevice_event(struct notifier_block *nb,
......
...@@ -1649,16 +1649,17 @@ int nfp_flower_reg_indir_block_handler(struct nfp_app *app, ...@@ -1649,16 +1649,17 @@ int nfp_flower_reg_indir_block_handler(struct nfp_app *app,
return NOTIFY_OK; return NOTIFY_OK;
if (event == NETDEV_REGISTER) { if (event == NETDEV_REGISTER) {
err = __tc_indr_block_cb_register(netdev, app, err = __flow_indr_block_cb_register(netdev, app,
nfp_flower_indr_setup_tc_cb, nfp_flower_indr_setup_tc_cb,
app); app);
if (err) if (err)
nfp_flower_cmsg_warn(app, nfp_flower_cmsg_warn(app,
"Indirect block reg failed - %s\n", "Indirect block reg failed - %s\n",
netdev->name); netdev->name);
} else if (event == NETDEV_UNREGISTER) { } else if (event == NETDEV_UNREGISTER) {
__tc_indr_block_cb_unregister(netdev, __flow_indr_block_cb_unregister(netdev,
nfp_flower_indr_setup_tc_cb, app); nfp_flower_indr_setup_tc_cb,
app);
} }
return NOTIFY_OK; return NOTIFY_OK;
......
...@@ -4,6 +4,7 @@ ...@@ -4,6 +4,7 @@
#include <linux/kernel.h> #include <linux/kernel.h>
#include <linux/list.h> #include <linux/list.h>
#include <net/flow_dissector.h> #include <net/flow_dissector.h>
#include <linux/rhashtable.h>
struct flow_match { struct flow_match {
struct flow_dissector *dissector; struct flow_dissector *dissector;
...@@ -370,4 +371,40 @@ static inline void flow_block_init(struct flow_block *flow_block) ...@@ -370,4 +371,40 @@ static inline void flow_block_init(struct flow_block *flow_block)
INIT_LIST_HEAD(&flow_block->cb_list); INIT_LIST_HEAD(&flow_block->cb_list);
} }
typedef int flow_indr_block_bind_cb_t(struct net_device *dev, void *cb_priv,
enum tc_setup_type type, void *type_data);
typedef void flow_indr_block_ing_cmd_t(struct net_device *dev,
flow_indr_block_bind_cb_t *cb,
void *cb_priv,
enum flow_block_command command);
struct flow_indr_block_ing_entry {
flow_indr_block_ing_cmd_t *cb;
struct list_head list;
};
void flow_indr_add_block_ing_cb(struct flow_indr_block_ing_entry *entry);
void flow_indr_del_block_ing_cb(struct flow_indr_block_ing_entry *entry);
int __flow_indr_block_cb_register(struct net_device *dev, void *cb_priv,
flow_indr_block_bind_cb_t *cb,
void *cb_ident);
void __flow_indr_block_cb_unregister(struct net_device *dev,
flow_indr_block_bind_cb_t *cb,
void *cb_ident);
int flow_indr_block_cb_register(struct net_device *dev, void *cb_priv,
flow_indr_block_bind_cb_t *cb, void *cb_ident);
void flow_indr_block_cb_unregister(struct net_device *dev,
flow_indr_block_bind_cb_t *cb,
void *cb_ident);
void flow_indr_block_call(struct net_device *dev,
struct flow_block_offload *bo,
enum flow_block_command command);
#endif /* _NET_FLOW_OFFLOAD_H */ #endif /* _NET_FLOW_OFFLOAD_H */
...@@ -63,6 +63,10 @@ struct nft_rule; ...@@ -63,6 +63,10 @@ struct nft_rule;
struct nft_flow_rule *nft_flow_rule_create(const struct nft_rule *rule); struct nft_flow_rule *nft_flow_rule_create(const struct nft_rule *rule);
void nft_flow_rule_destroy(struct nft_flow_rule *flow); void nft_flow_rule_destroy(struct nft_flow_rule *flow);
int nft_flow_rule_offload_commit(struct net *net); int nft_flow_rule_offload_commit(struct net *net);
void nft_indr_block_get_and_ing_cmd(struct net_device *dev,
flow_indr_block_bind_cb_t *cb,
void *cb_priv,
enum flow_block_command command);
#define NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg) \ #define NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg) \
(__reg)->base_offset = \ (__reg)->base_offset = \
......
...@@ -70,15 +70,6 @@ static inline struct Qdisc *tcf_block_q(struct tcf_block *block) ...@@ -70,15 +70,6 @@ static inline struct Qdisc *tcf_block_q(struct tcf_block *block)
return block->q; return block->q;
} }
int __tc_indr_block_cb_register(struct net_device *dev, void *cb_priv,
tc_indr_block_bind_cb_t *cb, void *cb_ident);
int tc_indr_block_cb_register(struct net_device *dev, void *cb_priv,
tc_indr_block_bind_cb_t *cb, void *cb_ident);
void __tc_indr_block_cb_unregister(struct net_device *dev,
tc_indr_block_bind_cb_t *cb, void *cb_ident);
void tc_indr_block_cb_unregister(struct net_device *dev,
tc_indr_block_bind_cb_t *cb, void *cb_ident);
int tcf_classify(struct sk_buff *skb, const struct tcf_proto *tp, int tcf_classify(struct sk_buff *skb, const struct tcf_proto *tp,
struct tcf_result *res, bool compat_mode); struct tcf_result *res, bool compat_mode);
...@@ -137,32 +128,6 @@ void tc_setup_cb_block_unregister(struct tcf_block *block, flow_setup_cb_t *cb, ...@@ -137,32 +128,6 @@ void tc_setup_cb_block_unregister(struct tcf_block *block, flow_setup_cb_t *cb,
{ {
} }
static inline
int __tc_indr_block_cb_register(struct net_device *dev, void *cb_priv,
tc_indr_block_bind_cb_t *cb, void *cb_ident)
{
return 0;
}
static inline
int tc_indr_block_cb_register(struct net_device *dev, void *cb_priv,
tc_indr_block_bind_cb_t *cb, void *cb_ident)
{
return 0;
}
static inline
void __tc_indr_block_cb_unregister(struct net_device *dev,
tc_indr_block_bind_cb_t *cb, void *cb_ident)
{
}
static inline
void tc_indr_block_cb_unregister(struct net_device *dev,
tc_indr_block_bind_cb_t *cb, void *cb_ident)
{
}
static inline int tcf_classify(struct sk_buff *skb, const struct tcf_proto *tp, static inline int tcf_classify(struct sk_buff *skb, const struct tcf_proto *tp,
struct tcf_result *res, bool compat_mode) struct tcf_result *res, bool compat_mode)
{ {
......
...@@ -23,9 +23,6 @@ struct tcf_walker; ...@@ -23,9 +23,6 @@ struct tcf_walker;
struct module; struct module;
struct bpf_flow_keys; struct bpf_flow_keys;
typedef int tc_indr_block_bind_cb_t(struct net_device *dev, void *cb_priv,
enum tc_setup_type type, void *type_data);
struct qdisc_rate_table { struct qdisc_rate_table {
struct tc_ratespec rate; struct tc_ratespec rate;
u32 data[256]; u32 data[256];
......
...@@ -2,6 +2,8 @@ ...@@ -2,6 +2,8 @@
#include <linux/kernel.h> #include <linux/kernel.h>
#include <linux/slab.h> #include <linux/slab.h>
#include <net/flow_offload.h> #include <net/flow_offload.h>
#include <linux/rtnetlink.h>
#include <linux/mutex.h>
struct flow_rule *flow_rule_alloc(unsigned int num_actions) struct flow_rule *flow_rule_alloc(unsigned int num_actions)
{ {
...@@ -280,3 +282,241 @@ int flow_block_cb_setup_simple(struct flow_block_offload *f, ...@@ -280,3 +282,241 @@ int flow_block_cb_setup_simple(struct flow_block_offload *f,
} }
} }
EXPORT_SYMBOL(flow_block_cb_setup_simple); EXPORT_SYMBOL(flow_block_cb_setup_simple);
static LIST_HEAD(block_ing_cb_list);
static struct rhashtable indr_setup_block_ht;
struct flow_indr_block_cb {
struct list_head list;
void *cb_priv;
flow_indr_block_bind_cb_t *cb;
void *cb_ident;
};
struct flow_indr_block_dev {
struct rhash_head ht_node;
struct net_device *dev;
unsigned int refcnt;
struct list_head cb_list;
};
static const struct rhashtable_params flow_indr_setup_block_ht_params = {
.key_offset = offsetof(struct flow_indr_block_dev, dev),
.head_offset = offsetof(struct flow_indr_block_dev, ht_node),
.key_len = sizeof(struct net_device *),
};
static struct flow_indr_block_dev *
flow_indr_block_dev_lookup(struct net_device *dev)
{
return rhashtable_lookup_fast(&indr_setup_block_ht, &dev,
flow_indr_setup_block_ht_params);
}
static struct flow_indr_block_dev *
flow_indr_block_dev_get(struct net_device *dev)
{
struct flow_indr_block_dev *indr_dev;
indr_dev = flow_indr_block_dev_lookup(dev);
if (indr_dev)
goto inc_ref;
indr_dev = kzalloc(sizeof(*indr_dev), GFP_KERNEL);
if (!indr_dev)
return NULL;
INIT_LIST_HEAD(&indr_dev->cb_list);
indr_dev->dev = dev;
if (rhashtable_insert_fast(&indr_setup_block_ht, &indr_dev->ht_node,
flow_indr_setup_block_ht_params)) {
kfree(indr_dev);
return NULL;
}
inc_ref:
indr_dev->refcnt++;
return indr_dev;
}
static void flow_indr_block_dev_put(struct flow_indr_block_dev *indr_dev)
{
if (--indr_dev->refcnt)
return;
rhashtable_remove_fast(&indr_setup_block_ht, &indr_dev->ht_node,
flow_indr_setup_block_ht_params);
kfree(indr_dev);
}
static struct flow_indr_block_cb *
flow_indr_block_cb_lookup(struct flow_indr_block_dev *indr_dev,
flow_indr_block_bind_cb_t *cb, void *cb_ident)
{
struct flow_indr_block_cb *indr_block_cb;
list_for_each_entry(indr_block_cb, &indr_dev->cb_list, list)
if (indr_block_cb->cb == cb &&
indr_block_cb->cb_ident == cb_ident)
return indr_block_cb;
return NULL;
}
static struct flow_indr_block_cb *
flow_indr_block_cb_add(struct flow_indr_block_dev *indr_dev, void *cb_priv,
flow_indr_block_bind_cb_t *cb, void *cb_ident)
{
struct flow_indr_block_cb *indr_block_cb;
indr_block_cb = flow_indr_block_cb_lookup(indr_dev, cb, cb_ident);
if (indr_block_cb)
return ERR_PTR(-EEXIST);
indr_block_cb = kzalloc(sizeof(*indr_block_cb), GFP_KERNEL);
if (!indr_block_cb)
return ERR_PTR(-ENOMEM);
indr_block_cb->cb_priv = cb_priv;
indr_block_cb->cb = cb;
indr_block_cb->cb_ident = cb_ident;
list_add(&indr_block_cb->list, &indr_dev->cb_list);
return indr_block_cb;
}
static void flow_indr_block_cb_del(struct flow_indr_block_cb *indr_block_cb)
{
list_del(&indr_block_cb->list);
kfree(indr_block_cb);
}
static void flow_block_ing_cmd(struct net_device *dev,
flow_indr_block_bind_cb_t *cb,
void *cb_priv,
enum flow_block_command command)
{
struct flow_indr_block_ing_entry *entry;
rcu_read_lock();
list_for_each_entry_rcu(entry, &block_ing_cb_list, list) {
entry->cb(dev, cb, cb_priv, command);
}
rcu_read_unlock();
}
int __flow_indr_block_cb_register(struct net_device *dev, void *cb_priv,
flow_indr_block_bind_cb_t *cb,
void *cb_ident)
{
struct flow_indr_block_cb *indr_block_cb;
struct flow_indr_block_dev *indr_dev;
int err;
indr_dev = flow_indr_block_dev_get(dev);
if (!indr_dev)
return -ENOMEM;
indr_block_cb = flow_indr_block_cb_add(indr_dev, cb_priv, cb, cb_ident);
err = PTR_ERR_OR_ZERO(indr_block_cb);
if (err)
goto err_dev_put;
flow_block_ing_cmd(dev, indr_block_cb->cb, indr_block_cb->cb_priv,
FLOW_BLOCK_BIND);
return 0;
err_dev_put:
flow_indr_block_dev_put(indr_dev);
return err;
}
EXPORT_SYMBOL_GPL(__flow_indr_block_cb_register);
int flow_indr_block_cb_register(struct net_device *dev, void *cb_priv,
flow_indr_block_bind_cb_t *cb,
void *cb_ident)
{
int err;
rtnl_lock();
err = __flow_indr_block_cb_register(dev, cb_priv, cb, cb_ident);
rtnl_unlock();
return err;
}
EXPORT_SYMBOL_GPL(flow_indr_block_cb_register);
void __flow_indr_block_cb_unregister(struct net_device *dev,
flow_indr_block_bind_cb_t *cb,
void *cb_ident)
{
struct flow_indr_block_cb *indr_block_cb;
struct flow_indr_block_dev *indr_dev;
indr_dev = flow_indr_block_dev_lookup(dev);
if (!indr_dev)
return;
indr_block_cb = flow_indr_block_cb_lookup(indr_dev, cb, cb_ident);
if (!indr_block_cb)
return;
flow_block_ing_cmd(dev, indr_block_cb->cb, indr_block_cb->cb_priv,
FLOW_BLOCK_UNBIND);
flow_indr_block_cb_del(indr_block_cb);
flow_indr_block_dev_put(indr_dev);
}
EXPORT_SYMBOL_GPL(__flow_indr_block_cb_unregister);
void flow_indr_block_cb_unregister(struct net_device *dev,
flow_indr_block_bind_cb_t *cb,
void *cb_ident)
{
rtnl_lock();
__flow_indr_block_cb_unregister(dev, cb, cb_ident);
rtnl_unlock();
}
EXPORT_SYMBOL_GPL(flow_indr_block_cb_unregister);
void flow_indr_block_call(struct net_device *dev,
struct flow_block_offload *bo,
enum flow_block_command command)
{
struct flow_indr_block_cb *indr_block_cb;
struct flow_indr_block_dev *indr_dev;
indr_dev = flow_indr_block_dev_lookup(dev);
if (!indr_dev)
return;
list_for_each_entry(indr_block_cb, &indr_dev->cb_list, list)
indr_block_cb->cb(dev, indr_block_cb->cb_priv, TC_SETUP_BLOCK,
bo);
}
EXPORT_SYMBOL_GPL(flow_indr_block_call);
static DEFINE_MUTEX(flow_indr_block_ing_cb_lock);
void flow_indr_add_block_ing_cb(struct flow_indr_block_ing_entry *entry)
{
mutex_lock(&flow_indr_block_ing_cb_lock);
list_add_tail_rcu(&entry->list, &block_ing_cb_list);
mutex_unlock(&flow_indr_block_ing_cb_lock);
}
EXPORT_SYMBOL_GPL(flow_indr_add_block_ing_cb);
void flow_indr_del_block_ing_cb(struct flow_indr_block_ing_entry *entry)
{
mutex_lock(&flow_indr_block_ing_cb_lock);
list_del_rcu(&entry->list);
mutex_unlock(&flow_indr_block_ing_cb_lock);
}
EXPORT_SYMBOL_GPL(flow_indr_del_block_ing_cb);
static int __init init_flow_indr_rhashtable(void)
{
return rhashtable_init(&indr_setup_block_ht,
&flow_indr_setup_block_ht_params);
}
subsys_initcall(init_flow_indr_rhashtable);
...@@ -7593,6 +7593,11 @@ static struct pernet_operations nf_tables_net_ops = { ...@@ -7593,6 +7593,11 @@ static struct pernet_operations nf_tables_net_ops = {
.exit = nf_tables_exit_net, .exit = nf_tables_exit_net,
}; };
static struct flow_indr_block_ing_entry block_ing_entry = {
.cb = nft_indr_block_get_and_ing_cmd,
.list = LIST_HEAD_INIT(block_ing_entry.list),
};
static int __init nf_tables_module_init(void) static int __init nf_tables_module_init(void)
{ {
int err; int err;
...@@ -7624,6 +7629,7 @@ static int __init nf_tables_module_init(void) ...@@ -7624,6 +7629,7 @@ static int __init nf_tables_module_init(void)
goto err5; goto err5;
nft_chain_route_init(); nft_chain_route_init();
flow_indr_add_block_ing_cb(&block_ing_entry);
return err; return err;
err5: err5:
rhltable_destroy(&nft_objname_ht); rhltable_destroy(&nft_objname_ht);
...@@ -7640,6 +7646,7 @@ static int __init nf_tables_module_init(void) ...@@ -7640,6 +7646,7 @@ static int __init nf_tables_module_init(void)
static void __exit nf_tables_module_exit(void) static void __exit nf_tables_module_exit(void)
{ {
flow_indr_del_block_ing_cb(&block_ing_entry);
nfnetlink_subsys_unregister(&nf_tables_subsys); nfnetlink_subsys_unregister(&nf_tables_subsys);
unregister_netdevice_notifier(&nf_tables_flowtable_notifier); unregister_netdevice_notifier(&nf_tables_flowtable_notifier);
nft_chain_filter_fini(); nft_chain_filter_fini();
......
...@@ -171,24 +171,110 @@ static int nft_flow_offload_unbind(struct flow_block_offload *bo, ...@@ -171,24 +171,110 @@ static int nft_flow_offload_unbind(struct flow_block_offload *bo,
return 0; return 0;
} }
static int nft_block_setup(struct nft_base_chain *basechain,
struct flow_block_offload *bo,
enum flow_block_command cmd)
{
int err;
switch (cmd) {
case FLOW_BLOCK_BIND:
err = nft_flow_offload_bind(bo, basechain);
break;
case FLOW_BLOCK_UNBIND:
err = nft_flow_offload_unbind(bo, basechain);
break;
default:
WARN_ON_ONCE(1);
err = -EOPNOTSUPP;
}
return err;
}
static int nft_block_offload_cmd(struct nft_base_chain *chain,
struct net_device *dev,
enum flow_block_command cmd)
{
struct netlink_ext_ack extack = {};
struct flow_block_offload bo = {};
int err;
bo.net = dev_net(dev);
bo.block = &chain->flow_block;
bo.command = cmd;
bo.binder_type = FLOW_BLOCK_BINDER_TYPE_CLSACT_INGRESS;
bo.extack = &extack;
INIT_LIST_HEAD(&bo.cb_list);
err = dev->netdev_ops->ndo_setup_tc(dev, TC_SETUP_BLOCK, &bo);
if (err < 0)
return err;
return nft_block_setup(chain, &bo, cmd);
}
static void nft_indr_block_ing_cmd(struct net_device *dev,
struct nft_base_chain *chain,
flow_indr_block_bind_cb_t *cb,
void *cb_priv,
enum flow_block_command cmd)
{
struct netlink_ext_ack extack = {};
struct flow_block_offload bo = {};
if (!chain)
return;
bo.net = dev_net(dev);
bo.block = &chain->flow_block;
bo.command = cmd;
bo.binder_type = FLOW_BLOCK_BINDER_TYPE_CLSACT_INGRESS;
bo.extack = &extack;
INIT_LIST_HEAD(&bo.cb_list);
cb(dev, cb_priv, TC_SETUP_BLOCK, &bo);
nft_block_setup(chain, &bo, cmd);
}
static int nft_indr_block_offload_cmd(struct nft_base_chain *chain,
struct net_device *dev,
enum flow_block_command cmd)
{
struct flow_block_offload bo = {};
struct netlink_ext_ack extack = {};
bo.net = dev_net(dev);
bo.block = &chain->flow_block;
bo.command = cmd;
bo.binder_type = FLOW_BLOCK_BINDER_TYPE_CLSACT_INGRESS;
bo.extack = &extack;
INIT_LIST_HEAD(&bo.cb_list);
flow_indr_block_call(dev, &bo, cmd);
if (list_empty(&bo.cb_list))
return -EOPNOTSUPP;
return nft_block_setup(chain, &bo, cmd);
}
#define FLOW_SETUP_BLOCK TC_SETUP_BLOCK #define FLOW_SETUP_BLOCK TC_SETUP_BLOCK
static int nft_flow_offload_chain(struct nft_trans *trans, static int nft_flow_offload_chain(struct nft_trans *trans,
enum flow_block_command cmd) enum flow_block_command cmd)
{ {
struct nft_chain *chain = trans->ctx.chain; struct nft_chain *chain = trans->ctx.chain;
struct netlink_ext_ack extack = {};
struct flow_block_offload bo = {};
struct nft_base_chain *basechain; struct nft_base_chain *basechain;
struct net_device *dev; struct net_device *dev;
int err;
if (!nft_is_base_chain(chain)) if (!nft_is_base_chain(chain))
return -EOPNOTSUPP; return -EOPNOTSUPP;
basechain = nft_base_chain(chain); basechain = nft_base_chain(chain);
dev = basechain->ops.dev; dev = basechain->ops.dev;
if (!dev || !dev->netdev_ops->ndo_setup_tc) if (!dev)
return -EOPNOTSUPP; return -EOPNOTSUPP;
/* Only default policy to accept is supported for now. */ /* Only default policy to accept is supported for now. */
...@@ -197,26 +283,10 @@ static int nft_flow_offload_chain(struct nft_trans *trans, ...@@ -197,26 +283,10 @@ static int nft_flow_offload_chain(struct nft_trans *trans,
nft_trans_chain_policy(trans) != NF_ACCEPT) nft_trans_chain_policy(trans) != NF_ACCEPT)
return -EOPNOTSUPP; return -EOPNOTSUPP;
bo.command = cmd; if (dev->netdev_ops->ndo_setup_tc)
bo.block = &basechain->flow_block; return nft_block_offload_cmd(basechain, dev, cmd);
bo.binder_type = FLOW_BLOCK_BINDER_TYPE_CLSACT_INGRESS; else
bo.extack = &extack; return nft_indr_block_offload_cmd(basechain, dev, cmd);
INIT_LIST_HEAD(&bo.cb_list);
err = dev->netdev_ops->ndo_setup_tc(dev, FLOW_SETUP_BLOCK, &bo);
if (err < 0)
return err;
switch (cmd) {
case FLOW_BLOCK_BIND:
err = nft_flow_offload_bind(&bo, basechain);
break;
case FLOW_BLOCK_UNBIND:
err = nft_flow_offload_unbind(&bo, basechain);
break;
}
return err;
} }
int nft_flow_rule_offload_commit(struct net *net) int nft_flow_rule_offload_commit(struct net *net)
...@@ -266,3 +336,33 @@ int nft_flow_rule_offload_commit(struct net *net) ...@@ -266,3 +336,33 @@ int nft_flow_rule_offload_commit(struct net *net)
return err; return err;
} }
void nft_indr_block_get_and_ing_cmd(struct net_device *dev,
flow_indr_block_bind_cb_t *cb,
void *cb_priv,
enum flow_block_command command)
{
struct net *net = dev_net(dev);
const struct nft_table *table;
const struct nft_chain *chain;
list_for_each_entry_rcu(table, &net->nft.tables, list) {
if (table->family != NFPROTO_NETDEV)
continue;
list_for_each_entry_rcu(chain, &table->chains, list) {
if (nft_is_base_chain(chain)) {
struct nft_base_chain *basechain;
basechain = nft_base_chain(chain);
if (!strncmp(basechain->dev_name, dev->name,
IFNAMSIZ)) {
nft_indr_block_ing_cmd(dev, basechain,
cb, cb_priv,
command);
return;
}
}
}
}
}
...@@ -37,6 +37,7 @@ ...@@ -37,6 +37,7 @@
#include <net/tc_act/tc_skbedit.h> #include <net/tc_act/tc_skbedit.h>
#include <net/tc_act/tc_ct.h> #include <net/tc_act/tc_ct.h>
#include <net/tc_act/tc_mpls.h> #include <net/tc_act/tc_mpls.h>
#include <net/flow_offload.h>
extern const struct nla_policy rtm_tca_policy[TCA_MAX + 1]; extern const struct nla_policy rtm_tca_policy[TCA_MAX + 1];
...@@ -545,235 +546,71 @@ static void tcf_chain_flush(struct tcf_chain *chain, bool rtnl_held) ...@@ -545,235 +546,71 @@ static void tcf_chain_flush(struct tcf_chain *chain, bool rtnl_held)
} }
} }
static struct tcf_block *tc_dev_ingress_block(struct net_device *dev)
{
const struct Qdisc_class_ops *cops;
struct Qdisc *qdisc;
if (!dev_ingress_queue(dev))
return NULL;
qdisc = dev_ingress_queue(dev)->qdisc_sleeping;
if (!qdisc)
return NULL;
cops = qdisc->ops->cl_ops;
if (!cops)
return NULL;
if (!cops->tcf_block)
return NULL;
return cops->tcf_block(qdisc, TC_H_MIN_INGRESS, NULL);
}
static struct rhashtable indr_setup_block_ht;
struct tc_indr_block_dev {
struct rhash_head ht_node;
struct net_device *dev;
unsigned int refcnt;
struct list_head cb_list;
struct tcf_block *block;
};
struct tc_indr_block_cb {
struct list_head list;
void *cb_priv;
tc_indr_block_bind_cb_t *cb;
void *cb_ident;
};
static const struct rhashtable_params tc_indr_setup_block_ht_params = {
.key_offset = offsetof(struct tc_indr_block_dev, dev),
.head_offset = offsetof(struct tc_indr_block_dev, ht_node),
.key_len = sizeof(struct net_device *),
};
static struct tc_indr_block_dev *
tc_indr_block_dev_lookup(struct net_device *dev)
{
return rhashtable_lookup_fast(&indr_setup_block_ht, &dev,
tc_indr_setup_block_ht_params);
}
static struct tc_indr_block_dev *tc_indr_block_dev_get(struct net_device *dev)
{
struct tc_indr_block_dev *indr_dev;
indr_dev = tc_indr_block_dev_lookup(dev);
if (indr_dev)
goto inc_ref;
indr_dev = kzalloc(sizeof(*indr_dev), GFP_KERNEL);
if (!indr_dev)
return NULL;
INIT_LIST_HEAD(&indr_dev->cb_list);
indr_dev->dev = dev;
indr_dev->block = tc_dev_ingress_block(dev);
if (rhashtable_insert_fast(&indr_setup_block_ht, &indr_dev->ht_node,
tc_indr_setup_block_ht_params)) {
kfree(indr_dev);
return NULL;
}
inc_ref:
indr_dev->refcnt++;
return indr_dev;
}
static void tc_indr_block_dev_put(struct tc_indr_block_dev *indr_dev)
{
if (--indr_dev->refcnt)
return;
rhashtable_remove_fast(&indr_setup_block_ht, &indr_dev->ht_node,
tc_indr_setup_block_ht_params);
kfree(indr_dev);
}
static struct tc_indr_block_cb *
tc_indr_block_cb_lookup(struct tc_indr_block_dev *indr_dev,
tc_indr_block_bind_cb_t *cb, void *cb_ident)
{
struct tc_indr_block_cb *indr_block_cb;
list_for_each_entry(indr_block_cb, &indr_dev->cb_list, list)
if (indr_block_cb->cb == cb &&
indr_block_cb->cb_ident == cb_ident)
return indr_block_cb;
return NULL;
}
static struct tc_indr_block_cb *
tc_indr_block_cb_add(struct tc_indr_block_dev *indr_dev, void *cb_priv,
tc_indr_block_bind_cb_t *cb, void *cb_ident)
{
struct tc_indr_block_cb *indr_block_cb;
indr_block_cb = tc_indr_block_cb_lookup(indr_dev, cb, cb_ident);
if (indr_block_cb)
return ERR_PTR(-EEXIST);
indr_block_cb = kzalloc(sizeof(*indr_block_cb), GFP_KERNEL);
if (!indr_block_cb)
return ERR_PTR(-ENOMEM);
indr_block_cb->cb_priv = cb_priv;
indr_block_cb->cb = cb;
indr_block_cb->cb_ident = cb_ident;
list_add(&indr_block_cb->list, &indr_dev->cb_list);
return indr_block_cb;
}
static void tc_indr_block_cb_del(struct tc_indr_block_cb *indr_block_cb)
{
list_del(&indr_block_cb->list);
kfree(indr_block_cb);
}
static int tcf_block_setup(struct tcf_block *block, static int tcf_block_setup(struct tcf_block *block,
struct flow_block_offload *bo); struct flow_block_offload *bo);
static void tc_indr_block_ing_cmd(struct tc_indr_block_dev *indr_dev, static void tc_indr_block_ing_cmd(struct net_device *dev,
struct tc_indr_block_cb *indr_block_cb, struct tcf_block *block,
flow_indr_block_bind_cb_t *cb,
void *cb_priv,
enum flow_block_command command) enum flow_block_command command)
{ {
struct flow_block_offload bo = { struct flow_block_offload bo = {
.command = command, .command = command,
.binder_type = FLOW_BLOCK_BINDER_TYPE_CLSACT_INGRESS, .binder_type = FLOW_BLOCK_BINDER_TYPE_CLSACT_INGRESS,
.net = dev_net(indr_dev->dev), .net = dev_net(dev),
.block_shared = tcf_block_non_null_shared(indr_dev->block), .block_shared = tcf_block_non_null_shared(block),
}; };
INIT_LIST_HEAD(&bo.cb_list); INIT_LIST_HEAD(&bo.cb_list);
if (!indr_dev->block) if (!block)
return; return;
bo.block = &indr_dev->block->flow_block; bo.block = &block->flow_block;
indr_block_cb->cb(indr_dev->dev, indr_block_cb->cb_priv, TC_SETUP_BLOCK,
&bo);
tcf_block_setup(indr_dev->block, &bo);
}
int __tc_indr_block_cb_register(struct net_device *dev, void *cb_priv,
tc_indr_block_bind_cb_t *cb, void *cb_ident)
{
struct tc_indr_block_cb *indr_block_cb;
struct tc_indr_block_dev *indr_dev;
int err;
indr_dev = tc_indr_block_dev_get(dev);
if (!indr_dev)
return -ENOMEM;
indr_block_cb = tc_indr_block_cb_add(indr_dev, cb_priv, cb, cb_ident);
err = PTR_ERR_OR_ZERO(indr_block_cb);
if (err)
goto err_dev_put;
tc_indr_block_ing_cmd(indr_dev, indr_block_cb, FLOW_BLOCK_BIND); cb(dev, cb_priv, TC_SETUP_BLOCK, &bo);
return 0;
err_dev_put: tcf_block_setup(block, &bo);
tc_indr_block_dev_put(indr_dev);
return err;
} }
EXPORT_SYMBOL_GPL(__tc_indr_block_cb_register);
int tc_indr_block_cb_register(struct net_device *dev, void *cb_priv, static struct tcf_block *tc_dev_ingress_block(struct net_device *dev)
tc_indr_block_bind_cb_t *cb, void *cb_ident)
{ {
int err; const struct Qdisc_class_ops *cops;
struct Qdisc *qdisc;
rtnl_lock();
err = __tc_indr_block_cb_register(dev, cb_priv, cb, cb_ident);
rtnl_unlock();
return err; if (!dev_ingress_queue(dev))
} return NULL;
EXPORT_SYMBOL_GPL(tc_indr_block_cb_register);
void __tc_indr_block_cb_unregister(struct net_device *dev, qdisc = dev_ingress_queue(dev)->qdisc_sleeping;
tc_indr_block_bind_cb_t *cb, void *cb_ident) if (!qdisc)
{ return NULL;
struct tc_indr_block_cb *indr_block_cb;
struct tc_indr_block_dev *indr_dev;
indr_dev = tc_indr_block_dev_lookup(dev); cops = qdisc->ops->cl_ops;
if (!indr_dev) if (!cops)
return; return NULL;
indr_block_cb = tc_indr_block_cb_lookup(indr_dev, cb, cb_ident); if (!cops->tcf_block)
if (!indr_block_cb) return NULL;
return;
/* Send unbind message if required to free any block cbs. */ return cops->tcf_block(qdisc, TC_H_MIN_INGRESS, NULL);
tc_indr_block_ing_cmd(indr_dev, indr_block_cb, FLOW_BLOCK_UNBIND);
tc_indr_block_cb_del(indr_block_cb);
tc_indr_block_dev_put(indr_dev);
} }
EXPORT_SYMBOL_GPL(__tc_indr_block_cb_unregister);
void tc_indr_block_cb_unregister(struct net_device *dev, static void tc_indr_block_get_and_ing_cmd(struct net_device *dev,
tc_indr_block_bind_cb_t *cb, void *cb_ident) flow_indr_block_bind_cb_t *cb,
void *cb_priv,
enum flow_block_command command)
{ {
rtnl_lock(); struct tcf_block *block = tc_dev_ingress_block(dev);
__tc_indr_block_cb_unregister(dev, cb, cb_ident);
rtnl_unlock(); tc_indr_block_ing_cmd(dev, block, cb, cb_priv, command);
} }
EXPORT_SYMBOL_GPL(tc_indr_block_cb_unregister);
static void tc_indr_block_call(struct tcf_block *block, struct net_device *dev, static void tc_indr_block_call(struct tcf_block *block,
struct net_device *dev,
struct tcf_block_ext_info *ei, struct tcf_block_ext_info *ei,
enum flow_block_command command, enum flow_block_command command,
struct netlink_ext_ack *extack) struct netlink_ext_ack *extack)
{ {
struct tc_indr_block_cb *indr_block_cb;
struct tc_indr_block_dev *indr_dev;
struct flow_block_offload bo = { struct flow_block_offload bo = {
.command = command, .command = command,
.binder_type = ei->binder_type, .binder_type = ei->binder_type,
...@@ -784,16 +621,7 @@ static void tc_indr_block_call(struct tcf_block *block, struct net_device *dev, ...@@ -784,16 +621,7 @@ static void tc_indr_block_call(struct tcf_block *block, struct net_device *dev,
}; };
INIT_LIST_HEAD(&bo.cb_list); INIT_LIST_HEAD(&bo.cb_list);
indr_dev = tc_indr_block_dev_lookup(dev); flow_indr_block_call(dev, &bo, command);
if (!indr_dev)
return;
indr_dev->block = command == FLOW_BLOCK_BIND ? block : NULL;
list_for_each_entry(indr_block_cb, &indr_dev->cb_list, list)
indr_block_cb->cb(dev, indr_block_cb->cb_priv, TC_SETUP_BLOCK,
&bo);
tcf_block_setup(block, &bo); tcf_block_setup(block, &bo);
} }
...@@ -3355,6 +3183,11 @@ static struct pernet_operations tcf_net_ops = { ...@@ -3355,6 +3183,11 @@ static struct pernet_operations tcf_net_ops = {
.size = sizeof(struct tcf_net), .size = sizeof(struct tcf_net),
}; };
static struct flow_indr_block_ing_entry block_ing_entry = {
.cb = tc_indr_block_get_and_ing_cmd,
.list = LIST_HEAD_INIT(block_ing_entry.list),
};
static int __init tc_filter_init(void) static int __init tc_filter_init(void)
{ {
int err; int err;
...@@ -3367,10 +3200,7 @@ static int __init tc_filter_init(void) ...@@ -3367,10 +3200,7 @@ static int __init tc_filter_init(void)
if (err) if (err)
goto err_register_pernet_subsys; goto err_register_pernet_subsys;
err = rhashtable_init(&indr_setup_block_ht, flow_indr_add_block_ing_cb(&block_ing_entry);
&tc_indr_setup_block_ht_params);
if (err)
goto err_rhash_setup_block_ht;
rtnl_register(PF_UNSPEC, RTM_NEWTFILTER, tc_new_tfilter, NULL, rtnl_register(PF_UNSPEC, RTM_NEWTFILTER, tc_new_tfilter, NULL,
RTNL_FLAG_DOIT_UNLOCKED); RTNL_FLAG_DOIT_UNLOCKED);
...@@ -3385,8 +3215,6 @@ static int __init tc_filter_init(void) ...@@ -3385,8 +3215,6 @@ static int __init tc_filter_init(void)
return 0; return 0;
err_rhash_setup_block_ht:
unregister_pernet_subsys(&tcf_net_ops);
err_register_pernet_subsys: err_register_pernet_subsys:
destroy_workqueue(tc_filter_wq); destroy_workqueue(tc_filter_wq);
return err; return err;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment