From patchwork Wed May  5 12:23:25 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bing Zhao <bingz@nvidia.com>
X-Patchwork-Id: 92929
X-Patchwork-Delegate: rasland@nvidia.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 5E220A0524;
	Wed,  5 May 2021 14:25:26 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 501DB41175;
	Wed,  5 May 2021 14:24:20 +0200 (CEST)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com
 (mail-mw2nam10on2062.outbound.protection.outlook.com [40.107.94.62])
 by mails.dpdk.org (Postfix) with ESMTP id B232641122
 for <dev@dpdk.org>; Wed,  5 May 2021 14:24:17 +0200 (CEST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=dGcmaa/aCD/0uv1cX9GnYSx7yzG8tmz1PEupOYWRmBImYIMyD7D4QD3xdzLt5Rx2wIm85EujH1LlVc6uMG7YPsTsOizxdTToRfCw0h3XyoR15+ff+ijI9plKcdLgH5Mnj+yet41jFljGwskX8yvQO083vr1ExtoSwpiDsCSbEIxpYtwxRltrnC7BNFQWY6qhhWLizSfxqlh5DWLpdv4Hu1GEFS5r4K0Q8iqfzuKUkn+TAIPG0m2OhW+l6hhUDhZl2soAV3GAnUdNSY45J/xDhqxm9xwBiP7vUCViKpjZan786FKBuuWgcmXAkHRPSq1ybyOgPyji7U3xzA3QuaJDEA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=TQaMF6nLfooe1OW7HvHSFNsR6s5PlAQ5rWh+qMGAOrs=;
 b=BHD3yEEPq2B/nB+0BXBXGkiCjnAM//p4bK3EbX6pLobdAgPJBOLEkeKKTos/GgtdBEZxG4w3Fpu059f5KpQlIUw/5Uvsy0wOOz2AOV42D6tkTqih7R/RKxeINQjnYbRGdXeqbDr0P/K22yXbbwTly9YPAJaYEgIlXeoLImW5rM8s1sqlkwrkGVm+KnCK05Gd1wwpBp/fajbnPUD/5uPvXr41/3hUlBb156vy6t1vQPfqegYu3pi2Gy0rUZSxfKG0Th0076RCaU4uudK64tVETg1OfrZe0jTfyt7yphT3w+MqWl0e/4xMeUCMYP4iAhnsz2NVqRyN2KDhBrc3oB67sw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.112.34) smtp.rcpttodomain=dpdk.org smtp.mailfrom=nvidia.com;
 dmarc=pass (p=none sp=none pct=100) action=none header.from=nvidia.com;
 dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=TQaMF6nLfooe1OW7HvHSFNsR6s5PlAQ5rWh+qMGAOrs=;
 b=fGfl9kFRQEQ5bHYgUBAX49yQq6Md1HeP916O5/+8d0OEo+0SMqLkAADbxzhoH2j1wOB6J2V1JIBeaFrJLjBGuYhhtNwGKSJ1uyUyAMLWpLb9aKaQKgOPq6N9WOJtuM7PjG39dfCUlggiM5MjqQM3mu6Y9hk7kUFENM3Ak77608Z66dCrOoYkf6kMM8x5s7F0tdn7cWr9z/Zee2IHW9dbxTEWqB/mWyW4Yd2M6DlFkNuais12ymNXGvIQHUDG7pB0s2wjnD1+QphHeIrDvcyKapNrmodX7B/vJcoHA5li4aWGwxuciMmT9oo58+d8xNgdJvg6zgW3063FRcuid3Zqnw==
Received: from DM6PR01CA0009.prod.exchangelabs.com (2603:10b6:5:296::14) by
 BN6PR12MB1555.namprd12.prod.outlook.com (2603:10b6:405:5::19) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4087.40; Wed, 5 May 2021 12:24:16 +0000
Received: from DM6NAM11FT064.eop-nam11.prod.protection.outlook.com
 (2603:10b6:5:296:cafe::9e) by DM6PR01CA0009.outlook.office365.com
 (2603:10b6:5:296::14) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4108.24 via Frontend
 Transport; Wed, 5 May 2021 12:24:16 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.112.34)
 smtp.mailfrom=nvidia.com; dpdk.org; dkim=none (message not signed)
 header.d=none;dpdk.org; dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.112.34 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.112.34; helo=mail.nvidia.com;
Received: from mail.nvidia.com (216.228.112.34) by
 DM6NAM11FT064.mail.protection.outlook.com (10.13.172.234) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
 15.20.4108.25 via Frontend Transport; Wed, 5 May 2021 12:24:16 +0000
Received: from nvidia.com (172.20.145.6) by HQMAIL107.nvidia.com
 (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 5 May
 2021 12:24:14 +0000
From: Bing Zhao <bingz@nvidia.com>
To: <viacheslavo@nvidia.com>, <matan@nvidia.com>, <thomas@monjalon.net>
CC: <dev@dpdk.org>, <orika@nvidia.com>, <rasland@nvidia.com>
Date: Wed, 5 May 2021 15:23:25 +0300
Message-ID: <20210505122328.51129-15-bingz@nvidia.com>
X-Mailer: git-send-email 2.26.3
In-Reply-To: <20210505122328.51129-1-bingz@nvidia.com>
References: <20210427153811.11554-1-bingz@nvidia.com>
 <20210505122328.51129-1-bingz@nvidia.com>
MIME-Version: 1.0
X-Originating-IP: [172.20.145.6]
X-ClientProxiedBy: HQMAIL101.nvidia.com (172.20.187.10) To
 HQMAIL107.nvidia.com (172.20.187.13)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 1530351d-9240-45c4-cb5e-08d90fc0b30e
X-MS-TrafficTypeDiagnostic: BN6PR12MB1555:
X-LD-Processed: 43083d15-7273-40c1-b7db-39efd9ccc17a,ExtAddr
X-Microsoft-Antispam-PRVS: 
 <BN6PR12MB15551084BD8D8482BF43AD85D0599@BN6PR12MB1555.namprd12.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:8273;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 Qs007XiZXJGCapwA34iwAox6bDlGzC2yMRI+lzeJ7kLqpLWnoxSY1m3OhgewPER0omXT/Uci98hp2/pnd+w97yYFxdb9eZ3flAZyeW+HU6MU3TBdEzrJ4IRGb4RnGtUO9C6qKp3Mq04jA6Uqnluzg4cE7F+FqAwV0DJdnyHnaIfnvReRc+ZzGDATQd8uv+R55MngtF7k0uoO1b9wSGxy94tu81y28bRwgE0fMBvJqXPkYkXpROTZHibSqPrWANgAswzh0zNKu4G7SPcYxarlvaSPpt6wxy/fDuIrNScsuacvVYc1/dtUk38M6U31D2NIHl00/yHQBmN22zwfUAAELZ5Y23yJZFAUxdJDHws2xHD2rc+OVDjac/LIlPnTDax+LgTEOLsFN+FsviZIqj/hw3LjpgvR8Z91qoTJs8LsVMImsic3+kVJ7V13jX7utbaitt662im/XJ/IplST6/dX4or0x6+RIhxmBg7812hBxk+kDwUBTLJpXe5XItrXwEmmq6sBBimR7LAutjpZPbzqf2k0JbevqhmyiaJ+jSbK+0lEBOlC+3sY7ZLk3VKlNS6T+ppruZUxqFoLbjoyh4e9E/ZV58GiuxCudeHkRQiMhY5Zt/0US91ihU0dIfEn9VX0mi2tBUzzpAehidfsn6zv1gqOHPOmA1je6UUyh7JllxFub6zx7axIFohHNwZYag0s
X-Forefront-Antispam-Report: CIP:216.228.112.34; CTRY:US; LANG:en; SCL:1;
 SRV:;
 IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:schybrid03.nvidia.com; CAT:NONE;
 SFS:(4636009)(396003)(376002)(136003)(346002)(39860400002)(46966006)(36840700001)(356005)(70586007)(36756003)(7696005)(6286002)(26005)(55016002)(7636003)(6666004)(70206006)(82740400003)(8936002)(47076005)(8676002)(36860700001)(186003)(336012)(316002)(4326008)(107886003)(110136005)(2616005)(426003)(54906003)(83380400001)(1076003)(86362001)(36906005)(2906002)(478600001)(82310400003)(5660300002)(16526019)(309714004);
 DIR:OUT; SFP:1101;
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 May 2021 12:24:16.0705 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 1530351d-9240-45c4-cb5e-08d90fc0b30e
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.112.34];
 Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 DM6NAM11FT064.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR12MB1555
Subject: [dpdk-dev] [PATCH v7 14/17] net/mlx5: validation of CT action
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

The validation of a CT action contains two parts. The first is the
CT action configurations parameter. When creating a CT action
context, some members need to be verified.

The second is that when creating a flow, the DR action of CT should
be validated with other actions and items as well. Currently, only
the TCP protocol support connection tracking.

Signed-off-by: Bing Zhao <bingz@nvidia.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
---
 drivers/net/mlx5/mlx5.h         |  4 ++
 drivers/net/mlx5/mlx5_flow.c    | 31 +++++++++++++++
 drivers/net/mlx5/mlx5_flow_dv.c | 69 +++++++++++++++++++++++++++++++++
 3 files changed, 104 insertions(+)

diff --git a/drivers/net/mlx5/mlx5.h b/drivers/net/mlx5/mlx5.h
index a1bb779306..7eca6a6fa6 100644
--- a/drivers/net/mlx5/mlx5.h
+++ b/drivers/net/mlx5/mlx5.h
@@ -1616,6 +1616,10 @@ int mlx5_flow_dev_dump(struct rte_eth_dev *dev, struct rte_flow *flow,
 void mlx5_flow_rxq_dynf_metadata_set(struct rte_eth_dev *dev);
 int mlx5_flow_get_aged_flows(struct rte_eth_dev *dev, void **contexts,
 			uint32_t nb_contexts, struct rte_flow_error *error);
+int mlx5_validate_action_ct(struct rte_eth_dev *dev,
+			    const struct rte_flow_action_conntrack *conntrack,
+			    struct rte_flow_error *error);
+
 
 /* mlx5_mp_os.c */
 
diff --git a/drivers/net/mlx5/mlx5_flow.c b/drivers/net/mlx5/mlx5_flow.c
index d5957d1ce4..f464271d42 100644
--- a/drivers/net/mlx5/mlx5_flow.c
+++ b/drivers/net/mlx5/mlx5_flow.c
@@ -1688,6 +1688,37 @@ mlx5_flow_validate_action_count(struct rte_eth_dev *dev __rte_unused,
 	return 0;
 }
 
+/*
+ * Validate the ASO CT action.
+ *
+ * @param[in] dev
+ *   Pointer to the Ethernet device structure.
+ * @param[in] conntrack
+ *   Pointer to the CT action profile.
+ * @param[out] error
+ *   Pointer to error structure.
+ *
+ * @return
+ *   0 on success, a negative errno value otherwise and rte_errno is set.
+ */
+int
+mlx5_validate_action_ct(struct rte_eth_dev *dev,
+			const struct rte_flow_action_conntrack *conntrack,
+			struct rte_flow_error *error)
+{
+	RTE_SET_USED(dev);
+
+	if (conntrack->state > RTE_FLOW_CONNTRACK_STATE_TIME_WAIT)
+		return rte_flow_error_set(error, EINVAL,
+					  RTE_FLOW_ERROR_TYPE_ACTION, NULL,
+					  "Invalid CT state");
+	if (conntrack->last_index > RTE_FLOW_CONNTRACK_FLAG_RST)
+		return rte_flow_error_set(error, EINVAL,
+					  RTE_FLOW_ERROR_TYPE_ACTION, NULL,
+					  "Invalid last TCP packet flag");
+	return 0;
+}
+
 /**
  * Verify the @p attributes will be correctly understood by the NIC and store
  * them in the @p flow if everything is correct.
diff --git a/drivers/net/mlx5/mlx5_flow_dv.c b/drivers/net/mlx5/mlx5_flow_dv.c
index f7eeca20ab..67538d0aa7 100644
--- a/drivers/net/mlx5/mlx5_flow_dv.c
+++ b/drivers/net/mlx5/mlx5_flow_dv.c
@@ -3442,6 +3442,57 @@ flow_dv_validate_action_raw_encap_decap
 	return 0;
 }
 
+/*
+ * Validate the ASO CT action.
+ *
+ * @param[in] dev
+ *   Pointer to the rte_eth_dev structure.
+ * @param[in] action_flags
+ *   Holds the actions detected until now.
+ * @param[in] item_flags
+ *   The items found in this flow rule.
+ * @param[in] attr
+ *   Pointer to flow attributes.
+ * @param[out] error
+ *   Pointer to error structure.
+ *
+ * @return
+ *   0 on success, a negative errno value otherwise and rte_errno is set.
+ */
+static int
+flow_dv_validate_action_aso_ct(struct rte_eth_dev *dev,
+			       uint64_t action_flags,
+			       uint64_t item_flags,
+			       const struct rte_flow_attr *attr,
+			       struct rte_flow_error *error)
+{
+	RTE_SET_USED(dev);
+
+	if (attr->group == 0 && !attr->transfer)
+		return rte_flow_error_set(error, ENOTSUP,
+					  RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
+					  NULL,
+					  "Only support non-root table");
+	if (action_flags & MLX5_FLOW_FATE_ACTIONS)
+		return rte_flow_error_set(error, ENOTSUP,
+					  RTE_FLOW_ERROR_TYPE_ACTION, NULL,
+					  "CT cannot follow a fate action");
+	if ((action_flags & MLX5_FLOW_ACTION_METER) ||
+	    (action_flags & MLX5_FLOW_ACTION_AGE))
+		return rte_flow_error_set(error, EINVAL,
+					  RTE_FLOW_ERROR_TYPE_ACTION, NULL,
+					  "Only one ASO action is supported");
+	if (action_flags & MLX5_FLOW_ACTION_ENCAP)
+		return rte_flow_error_set(error, EINVAL,
+					  RTE_FLOW_ERROR_TYPE_ACTION, NULL,
+					  "Encap cannot exist before CT");
+	if (!(item_flags & MLX5_FLOW_LAYER_OUTER_L4_TCP))
+		return rte_flow_error_set(error, EINVAL,
+					  RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
+					  "Not a outer TCP packet");
+	return 0;
+}
+
 /**
  * Match encap_decap resource.
  *
@@ -7442,6 +7493,14 @@ flow_dv_validate(struct rte_eth_dev *dev, const struct rte_flow_attr *attr,
 			action_flags |= MLX5_FLOW_ACTION_MODIFY_FIELD;
 			rw_act_num += ret;
 			break;
+		case RTE_FLOW_ACTION_TYPE_CONNTRACK:
+			ret = flow_dv_validate_action_aso_ct(dev, action_flags,
+							     item_flags, attr,
+							     error);
+			if (ret < 0)
+				return ret;
+			action_flags |= MLX5_FLOW_ACTION_CT;
+			break;
 		default:
 			return rte_flow_error_set(error, ENOTSUP,
 						  RTE_FLOW_ERROR_TYPE_ACTION,
@@ -14291,6 +14350,10 @@ __flow_dv_action_ct_update(struct rte_eth_dev *dev, uint32_t idx,
 	if (update->direction)
 		ct->is_original = !!new_prf->is_original_dir;
 	if (update->state) {
+		/* Only validate the profile when it needs to be updated. */
+		ret = mlx5_validate_action_ct(dev, new_prf, error);
+		if (ret)
+			return ret;
 		ret = mlx5_aso_ct_update_by_wqe(priv->sh, ct, new_prf);
 		if (ret)
 			return rte_flow_error_set(error, EIO,
@@ -16175,6 +16238,12 @@ flow_dv_action_validate(struct rte_eth_dev *dev,
 						  NULL,
 						  "Mix shared and indirect counter is not supported");
 		return flow_dv_validate_action_count(dev, true, 0, err);
+	case RTE_FLOW_ACTION_TYPE_CONNTRACK:
+		if (!priv->sh->ct_aso_en)
+			return rte_flow_error_set(err, ENOTSUP,
+					RTE_FLOW_ERROR_TYPE_UNSPECIFIED, NULL,
+					"ASO CT is not supported");
+		return mlx5_validate_action_ct(dev, action->conf, err);
 	default:
 		return rte_flow_error_set(err, ENOTSUP,
 					  RTE_FLOW_ERROR_TYPE_ACTION,