From patchwork Wed May 5 09:50:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bing Zhao X-Patchwork-Id: 92908 X-Patchwork-Delegate: rasland@nvidia.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 88BCBA0524; Wed, 5 May 2021 11:52:06 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 49CFD4115C; Wed, 5 May 2021 11:50:59 +0200 (CEST) Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2074.outbound.protection.outlook.com [40.107.94.74]) by mails.dpdk.org (Postfix) with ESMTP id 37A5541157 for ; Wed, 5 May 2021 11:50:57 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=R9+gGVrbMuoqGGXFpRhMKwjelSQKHEuXE0c+mWRlJNyrI+skTpGAfvzNHXy2o2iA6nZwJJiGucdgFw8oHukETEYIIec/uHvybsldXPb4w1a1Xrb5COZLLOgRbN4BhcR0MMsckIQdiVXlSqNQ8sIozKJYQN+9AJcda9pRCg7KdB+0nq6bN61E5sfFUjbG+hpAlSumKdf5ij6itiI4kt7Q6GlCpEWfnvQKomc50u43qpvAC9fJ809shvcaAD8t7StSmDg6zWbRbM4sNATm6Celulidd/GpmXYpeGHE1b5qiyqRJawHYq0vzUBsj/un3UBBbWMZ9SHR07Mgi+a4ShelmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5QBc2UGin3lhnZ28Nbvy4jzcpr5HOUN0QH1d/JkVt6A=; b=BiN1IHUaTYQFOCZHpQzAvavpIj0+R0Osf62m/NjQcJtmwxWzZVZjUPaeqXd7Z9Nt8vzjhegswG1vZvIG6brnliWG5841bjF4fa3DSl78txVIs04ABO7oaQroAbqX6i8ra57PoqYMp9OalD8VD+rAhWm/KVKZKmhTiBUAkQ8+MYiH2nAGsfrVvZ2RiNX3m/0kpVTQanxnYdjj0aGQ6Ny5ZN/IC93UjUOIc5bJRFaY2bAZQB5UZlevKARxXASCmW2Sm9enwtWXwQE5VYEcxhP35DrU8jJFTcj8zLp4ARVfk3gnO5vK92w0DRyacBGzW2NyCApDeXIYVdx1GF0PAm4ccA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.112.34) smtp.rcpttodomain=dpdk.org smtp.mailfrom=nvidia.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5QBc2UGin3lhnZ28Nbvy4jzcpr5HOUN0QH1d/JkVt6A=; b=biCzyUpZgV0BTzCMQG/7b4ZRGkdRoXDjRZEsAcS7jBMYlp7YkkAdU0rjx8ah/lUz+As2h9YQqYad3b/PxZoznLicRTDirbzFolIRWPQmA2/pAdeD4djmMZYRSi8bHflOzaaGzOhwcHLuOo4gJWuYV5lwRUEpPOZ22/o285qK/cGxWFEaGIwtJgDIicL4k3o3epiD2mhNMA3Y6c8ZCiJgVAclDeCnDbJh+tsMo8jxHxKyMqPtbaaMzeQYlwamUnTUdnw8Z24EFvqFEUqHDeBfPqd4L/F/G2JXTop/rUWZDtYPdpHib0Na8pNCC9l+Cy1SmAROVRGtRZ1qM2JhD8uwCQ== Received: from BN0PR04CA0080.namprd04.prod.outlook.com (2603:10b6:408:ea::25) by DM6PR12MB4315.namprd12.prod.outlook.com (2603:10b6:5:223::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.38; Wed, 5 May 2021 09:50:55 +0000 Received: from BN8NAM11FT050.eop-nam11.prod.protection.outlook.com (2603:10b6:408:ea:cafe::4e) by BN0PR04CA0080.outlook.office365.com (2603:10b6:408:ea::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.25 via Frontend Transport; Wed, 5 May 2021 09:50:55 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.112.34) smtp.mailfrom=nvidia.com; dpdk.org; dkim=none (message not signed) header.d=none;dpdk.org; dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.112.34 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.112.34; helo=mail.nvidia.com; Received: from mail.nvidia.com (216.228.112.34) by BN8NAM11FT050.mail.protection.outlook.com (10.13.177.5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.4108.25 via Frontend Transport; Wed, 5 May 2021 09:50:55 +0000 Received: from nvidia.com (172.20.145.6) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 5 May 2021 09:50:52 +0000 From: Bing Zhao To: , , CC: , , Date: Wed, 5 May 2021 12:50:06 +0300 Message-ID: <20210505095009.40250-15-bingz@nvidia.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210505095009.40250-1-bingz@nvidia.com> References: <20210427153811.11554-1-bingz@nvidia.com> <20210505095009.40250-1-bingz@nvidia.com> MIME-Version: 1.0 X-Originating-IP: [172.20.145.6] X-ClientProxiedBy: HQMAIL111.nvidia.com (172.20.187.18) To HQMAIL107.nvidia.com (172.20.187.13) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 9355df5b-fbf0-4f70-eb89-08d90fab4738 X-MS-TrafficTypeDiagnostic: DM6PR12MB4315: X-LD-Processed: 43083d15-7273-40c1-b7db-39efd9ccc17a,ExtAddr X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8273; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: P2NUB5jRbDx+O8GMUKcJIrETRxKVJ0ZHeQyDpjWy25Y/rFTlunbAkIASSPCdPI9wSpINLHj+ZiVNB7zonU5YU04WQ+/5Kjz1novfBtYjPkQxybjpsMtUXqsSNRby5fz521ev8vvxt58hMGGbEW7YIqBqrr03TJ5EcIGKj/KW0u/ZtsOTJxZ5R8ZVjRqbB9bzjUQf+NGIZmR52NFtiBZZQB6KjqQ+y4hu6eFn/w0AtJctuF8YGI4Hw0ts6B1Vq9//FKq6xhOrzwM/iW1hFNSXOorDWGzYrgoKOM/60h0H8gRxrc7aBEKnpyVf5ivmWnP4zONdpybRIJkgMb+KSDO9VcOAyxwrKOPnBY6vJTvlZ4Ob8VDefbmgaJoAfqxeFN5hoFEsuYdUrTx5ac5Qe1nV2EFWYHLwKKxPWCQH6Zj31XmHGsgAPDSy77OF8//FqSHuIT0JzrqZKuOgmJhtQhzYU5JKwhgvw97c1yVVV4eG2CZxx4qby67G4jgbBX2qpG/h6yPie6SOvsPQbECVAhiUMw1ywhD+BpAp1f0yHuULwre0LJUiiatmwvsxVhCFokomFoU4s9M9Rf5fMDDsoCEyss4GTnfoq0GAD4u/iIB8PmTGB+IjAW8lGsS7X38XOdSACHC3hc6zE83cvLR3M2nJtzcmeZw4ZQq5h+WKE1KsAWG8LzTEedhMdZRsi+BR2d/n X-Forefront-Antispam-Report: CIP:216.228.112.34; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:schybrid03.nvidia.com; CAT:NONE; SFS:(4636009)(39860400002)(396003)(136003)(346002)(376002)(36840700001)(46966006)(82740400003)(83380400001)(107886003)(4326008)(478600001)(2906002)(1076003)(36756003)(6286002)(55016002)(7636003)(356005)(36860700001)(336012)(54906003)(186003)(8676002)(16526019)(8936002)(47076005)(70206006)(6666004)(70586007)(82310400003)(5660300002)(7696005)(86362001)(36906005)(2616005)(316002)(110136005)(26005)(426003)(309714004); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 May 2021 09:50:55.6713 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9355df5b-fbf0-4f70-eb89-08d90fab4738 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.112.34]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT050.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4315 Subject: [dpdk-dev] [PATCH v6 14/17] net/mlx5: validation of CT action X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" The validation of a CT action contains two parts. The first is the CT action configurations parameter. When creating a CT action context, some members need to be verified. The second is that when creating a flow, the DR action of CT should be validated with other actions and items as well. Currently, only the TCP protocol support connection tracking. Signed-off-by: Bing Zhao --- drivers/net/mlx5/mlx5.h | 4 ++ drivers/net/mlx5/mlx5_flow.c | 31 +++++++++++++++ drivers/net/mlx5/mlx5_flow_dv.c | 69 +++++++++++++++++++++++++++++++++ 3 files changed, 104 insertions(+) diff --git a/drivers/net/mlx5/mlx5.h b/drivers/net/mlx5/mlx5.h index a1bb779306..7eca6a6fa6 100644 --- a/drivers/net/mlx5/mlx5.h +++ b/drivers/net/mlx5/mlx5.h @@ -1616,6 +1616,10 @@ int mlx5_flow_dev_dump(struct rte_eth_dev *dev, struct rte_flow *flow, void mlx5_flow_rxq_dynf_metadata_set(struct rte_eth_dev *dev); int mlx5_flow_get_aged_flows(struct rte_eth_dev *dev, void **contexts, uint32_t nb_contexts, struct rte_flow_error *error); +int mlx5_validate_action_ct(struct rte_eth_dev *dev, + const struct rte_flow_action_conntrack *conntrack, + struct rte_flow_error *error); + /* mlx5_mp_os.c */ diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c index d5957d1ce4..f464271d42 100644 --- a/drivers/net/mlx5/mlx5_flow.c +++ b/drivers/net/mlx5/mlx5_flow.c @@ -1688,6 +1688,37 @@ mlx5_flow_validate_action_count(struct rte_eth_dev *dev __rte_unused, return 0; } +/* + * Validate the ASO CT action. + * + * @param[in] dev + * Pointer to the Ethernet device structure. + * @param[in] conntrack + * Pointer to the CT action profile. + * @param[out] error + * Pointer to error structure. + * + * @return + * 0 on success, a negative errno value otherwise and rte_errno is set. + */ +int +mlx5_validate_action_ct(struct rte_eth_dev *dev, + const struct rte_flow_action_conntrack *conntrack, + struct rte_flow_error *error) +{ + RTE_SET_USED(dev); + + if (conntrack->state > RTE_FLOW_CONNTRACK_STATE_TIME_WAIT) + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ACTION, NULL, + "Invalid CT state"); + if (conntrack->last_index > RTE_FLOW_CONNTRACK_FLAG_RST) + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ACTION, NULL, + "Invalid last TCP packet flag"); + return 0; +} + /** * Verify the @p attributes will be correctly understood by the NIC and store * them in the @p flow if everything is correct. diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c index 5233aa972f..f329ea4b49 100644 --- a/drivers/net/mlx5/mlx5_flow_dv.c +++ b/drivers/net/mlx5/mlx5_flow_dv.c @@ -3442,6 +3442,57 @@ flow_dv_validate_action_raw_encap_decap return 0; } +/* + * Validate the ASO CT action. + * + * @param[in] dev + * Pointer to the rte_eth_dev structure. + * @param[in] action_flags + * Holds the actions detected until now. + * @param[in] item_flags + * The items found in this flow rule. + * @param[in] attr + * Pointer to flow attributes. + * @param[out] error + * Pointer to error structure. + * + * @return + * 0 on success, a negative errno value otherwise and rte_errno is set. + */ +static int +flow_dv_validate_action_aso_ct(struct rte_eth_dev *dev, + uint64_t action_flags, + uint64_t item_flags, + const struct rte_flow_attr *attr, + struct rte_flow_error *error) +{ + RTE_SET_USED(dev); + + if (attr->group == 0 && !attr->transfer) + return rte_flow_error_set(error, ENOTSUP, + RTE_FLOW_ERROR_TYPE_UNSPECIFIED, + NULL, + "Only support non-root table"); + if (action_flags & MLX5_FLOW_FATE_ACTIONS) + return rte_flow_error_set(error, ENOTSUP, + RTE_FLOW_ERROR_TYPE_ACTION, NULL, + "CT cannot follow a fate action"); + if ((action_flags & MLX5_FLOW_ACTION_METER) || + (action_flags & MLX5_FLOW_ACTION_AGE)) + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ACTION, NULL, + "Only one ASO action is supported"); + if (action_flags & MLX5_FLOW_ACTION_ENCAP) + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_ACTION, NULL, + "Encap cannot exist before CT"); + if (!(item_flags & MLX5_FLOW_LAYER_OUTER_L4_TCP)) + return rte_flow_error_set(error, EINVAL, + RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL, + "Not a outer TCP packet"); + return 0; +} + /** * Match encap_decap resource. * @@ -7442,6 +7493,14 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr, action_flags |= MLX5_FLOW_ACTION_MODIFY_FIELD; rw_act_num += ret; break; + case RTE_FLOW_ACTION_TYPE_CONNTRACK: + ret = flow_dv_validate_action_aso_ct(dev, action_flags, + item_flags, attr, + error); + if (ret < 0) + return ret; + action_flags |= MLX5_FLOW_ACTION_CT; + break; default: return rte_flow_error_set(error, ENOTSUP, RTE_FLOW_ERROR_TYPE_ACTION, @@ -14292,6 +14351,10 @@ __flow_dv_action_ct_update(struct rte_eth_dev *dev, uint32_t idx, if (update->direction) ct->is_original = !!new_prf->is_original_dir; if (update->state) { + /* Only validate the profile when it needs to be updated. */ + ret = mlx5_validate_action_ct(dev, new_prf, error); + if (ret) + return ret; ret = mlx5_aso_ct_update_by_wqe(priv->sh, ct, new_prf); if (ret) return rte_flow_error_set(error, EIO, @@ -16176,6 +16239,12 @@ flow_dv_action_validate(struct rte_eth_dev *dev, NULL, "Mix shared and indirect counter is not supported"); return flow_dv_validate_action_count(dev, true, 0, err); + case RTE_FLOW_ACTION_TYPE_CONNTRACK: + if (!priv->sh->ct_aso_en) + return rte_flow_error_set(err, ENOTSUP, + RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL, + "ASO CT is not supported"); + return mlx5_validate_action_ct(dev, action->conf, err); default: return rte_flow_error_set(err, ENOTSUP, RTE_FLOW_ERROR_TYPE_ACTION,