net/mlx5: support connection tracking between two ports

After creating a connection tracking context, it can be used between
two ports. For each port, the flow for one direction traffic will
be created.

The context can only be shared between the owner port and the peer
port that was specified when being created. Only the owner port
could update the context or query it in current implementation.

Signed-off-by: Bing Zhao <bingz@nvidia.com>
Acked-by: Viacheslav Ovsiienko <viacheslavo@nvidia.com>
This commit is contained in:
Bing Zhao 2021-05-05 15:23:27 +03:00 committed by Raslan Darawsheh
parent aca19061e4
commit 4f74cb68b9
3 changed files with 113 additions and 18 deletions

View File

@ -438,6 +438,8 @@ Limitations
- Cannot co-exist with ASO meter, ASO age action in a single flow rule.
- Flow rules insertion rate and memory consumption need more optimization.
- 256 ports maximum.
- 4M connections maximum.
Statistics
----------

View File

@ -49,6 +49,25 @@ enum {
MLX5_INDIRECT_ACTION_TYPE_CT,
};
/* Now, the maximal ports will be supported is 256, action number is 4M. */
#define MLX5_INDIRECT_ACT_CT_MAX_PORT 0x100
#define MLX5_INDIRECT_ACT_CT_OWNER_SHIFT 22
#define MLX5_INDIRECT_ACT_CT_OWNER_MASK (MLX5_INDIRECT_ACT_CT_MAX_PORT - 1)
/* 30-31: type, 22-29: owner port, 0-21: index. */
#define MLX5_INDIRECT_ACT_CT_GEN_IDX(owner, index) \
((MLX5_INDIRECT_ACTION_TYPE_CT << MLX5_INDIRECT_ACTION_TYPE_OFFSET) | \
(((owner) & MLX5_INDIRECT_ACT_CT_OWNER_MASK) << \
MLX5_INDIRECT_ACT_CT_OWNER_SHIFT) | (index))
#define MLX5_INDIRECT_ACT_CT_GET_OWNER(index) \
(((index) >> MLX5_INDIRECT_ACT_CT_OWNER_SHIFT) & \
MLX5_INDIRECT_ACT_CT_OWNER_MASK)
#define MLX5_INDIRECT_ACT_CT_GET_IDX(index) \
((index) & ((1 << MLX5_INDIRECT_ACT_CT_OWNER_SHIFT) - 1))
/* Matches on selected register. */
struct mlx5_rte_flow_item_tag {
enum modify_reg id;
@ -1332,7 +1351,7 @@ mlx5_validate_integrity_item(const struct rte_flow_item_integrity *item)
}
/*
* Get ASO CT action by index.
* Get ASO CT action by device and index.
*
* @param[in] dev
* Pointer to the Ethernet device structure.
@ -1343,7 +1362,7 @@ mlx5_validate_integrity_item(const struct rte_flow_item_integrity *item)
* The specified ASO CT action pointer.
*/
static inline struct mlx5_aso_ct_action *
flow_aso_ct_get_by_idx(struct rte_eth_dev *dev, uint32_t idx)
flow_aso_ct_get_by_dev_idx(struct rte_eth_dev *dev, uint32_t idx)
{
struct mlx5_priv *priv = dev->data->dev_private;
struct mlx5_aso_ct_pools_mng *mng = priv->sh->ct_mng;
@ -1358,6 +1377,40 @@ flow_aso_ct_get_by_idx(struct rte_eth_dev *dev, uint32_t idx)
return &pool->actions[idx % MLX5_ASO_CT_ACTIONS_PER_POOL];
}
/*
* Get ASO CT action by owner & index.
*
* @param[in] dev
* Pointer to the Ethernet device structure.
* @param[in] idx
* Index to the ASO CT action and owner port combination.
*
* @return
* The specified ASO CT action pointer.
*/
static inline struct mlx5_aso_ct_action *
flow_aso_ct_get_by_idx(struct rte_eth_dev *dev, uint32_t own_idx)
{
struct mlx5_priv *priv = dev->data->dev_private;
struct mlx5_aso_ct_action *ct;
uint16_t owner = (uint16_t)MLX5_INDIRECT_ACT_CT_GET_OWNER(own_idx);
uint32_t idx = MLX5_INDIRECT_ACT_CT_GET_IDX(own_idx);
if (owner == PORT_ID(priv)) {
ct = flow_aso_ct_get_by_dev_idx(dev, idx);
} else {
struct rte_eth_dev *owndev = &rte_eth_devices[owner];
MLX5_ASSERT(owner < RTE_MAX_ETHPORTS);
if (dev->data->dev_started != 1)
return NULL;
ct = flow_aso_ct_get_by_dev_idx(owndev, idx);
if (ct->peer != PORT_ID(priv))
return NULL;
}
return ct;
}
int mlx5_flow_group_to_table(struct rte_eth_dev *dev,
const struct mlx5_flow_tunnel *tunnel,
uint32_t group, uint32_t *table,

View File

@ -11683,7 +11683,7 @@ flow_dv_prepare_counter(struct rte_eth_dev *dev,
}
/*
* Release an ASO CT action.
* Release an ASO CT action by its own device.
*
* @param[in] dev
* Pointer to the Ethernet device structure.
@ -11694,12 +11694,12 @@ flow_dv_prepare_counter(struct rte_eth_dev *dev,
* 0 when CT action was removed, otherwise the number of references.
*/
static inline int
flow_dv_aso_ct_release(struct rte_eth_dev *dev, uint32_t idx)
flow_dv_aso_ct_dev_release(struct rte_eth_dev *dev, uint32_t idx)
{
struct mlx5_priv *priv = dev->data->dev_private;
struct mlx5_aso_ct_pools_mng *mng = priv->sh->ct_mng;
uint32_t ret;
struct mlx5_aso_ct_action *ct = flow_aso_ct_get_by_idx(dev, idx);
struct mlx5_aso_ct_action *ct = flow_aso_ct_get_by_dev_idx(dev, idx);
enum mlx5_aso_ct_state state =
__atomic_load_n(&ct->state, __ATOMIC_RELAXED);
@ -11728,7 +11728,21 @@ flow_dv_aso_ct_release(struct rte_eth_dev *dev, uint32_t idx)
LIST_INSERT_HEAD(&mng->free_cts, ct, next);
rte_spinlock_unlock(&mng->ct_sl);
}
return ret;
return (int)ret;
}
static inline int
flow_dv_aso_ct_release(struct rte_eth_dev *dev, uint32_t own_idx)
{
uint16_t owner = (uint16_t)MLX5_INDIRECT_ACT_CT_GET_OWNER(own_idx);
uint32_t idx = MLX5_INDIRECT_ACT_CT_GET_IDX(own_idx);
struct rte_eth_dev *owndev = &rte_eth_devices[owner];
RTE_SET_USED(dev);
MLX5_ASSERT(owner < RTE_MAX_ETHPORTS);
if (dev->data->dev_started != 1)
return -1;
return flow_dv_aso_ct_dev_release(owndev, idx);
}
/*
@ -11880,7 +11894,7 @@ flow_dv_aso_ct_alloc(struct rte_eth_dev *dev, struct rte_flow_error *error)
RTE_SET_USED(reg_c);
#endif
if (!ct->dr_action_orig) {
flow_dv_aso_ct_release(dev, ct_idx);
flow_dv_aso_ct_dev_release(dev, ct_idx);
rte_flow_error_set(error, rte_errno,
RTE_FLOW_ERROR_TYPE_ACTION, NULL,
"failed to create ASO CT action");
@ -11896,7 +11910,7 @@ flow_dv_aso_ct_alloc(struct rte_eth_dev *dev, struct rte_flow_error *error)
reg_c - REG_C_0);
#endif
if (!ct->dr_action_rply) {
flow_dv_aso_ct_release(dev, ct_idx);
flow_dv_aso_ct_dev_release(dev, ct_idx);
rte_flow_error_set(error, rte_errno,
RTE_FLOW_ERROR_TYPE_ACTION, NULL,
"failed to create ASO CT action");
@ -11938,12 +11952,13 @@ flow_dv_translate_create_conntrack(struct rte_eth_dev *dev,
return rte_flow_error_set(error, rte_errno,
RTE_FLOW_ERROR_TYPE_ACTION, NULL,
"Failed to allocate CT object");
ct = flow_aso_ct_get_by_idx(dev, idx);
ct = flow_aso_ct_get_by_dev_idx(dev, idx);
if (mlx5_aso_ct_update_by_wqe(sh, ct, pro))
return rte_flow_error_set(error, EBUSY,
RTE_FLOW_ERROR_TYPE_ACTION, NULL,
"Failed to update CT");
ct->is_original = !!pro->is_original_dir;
ct->peer = pro->peer_port;
return idx;
}
@ -12102,7 +12117,7 @@ flow_dv_translate(struct rte_eth_dev *dev,
int action_type = actions->type;
const struct rte_flow_action *found_action = NULL;
uint32_t jump_group = 0;
uint32_t ct_idx;
uint32_t owner_idx;
struct mlx5_aso_ct_action *ct;
if (!mlx5_flow_os_action_supported(action_type))
@ -12558,8 +12573,13 @@ flow_dv_translate(struct rte_eth_dev *dev,
action_flags |= MLX5_FLOW_ACTION_MODIFY_FIELD;
break;
case RTE_FLOW_ACTION_TYPE_CONNTRACK:
ct_idx = (uint32_t)(uintptr_t)action->conf;
ct = flow_aso_ct_get_by_idx(dev, ct_idx);
owner_idx = (uint32_t)(uintptr_t)action->conf;
ct = flow_aso_ct_get_by_idx(dev, owner_idx);
if (!ct)
return rte_flow_error_set(error, EINVAL,
RTE_FLOW_ERROR_TYPE_ACTION,
NULL,
"Failed to get CT object.");
if (mlx5_aso_ct_available(priv->sh, ct))
return rte_flow_error_set(error, rte_errno,
RTE_FLOW_ERROR_TYPE_ACTION,
@ -12572,7 +12592,7 @@ flow_dv_translate(struct rte_eth_dev *dev,
dev_flow->dv.actions[actions_n] =
ct->dr_action_rply;
flow->indirect_type = MLX5_INDIRECT_ACTION_TYPE_CT;
flow->ct = ct_idx;
flow->ct = owner_idx;
__atomic_fetch_add(&ct->refcnt, 1, __ATOMIC_RELAXED);
actions_n++;
action_flags |= MLX5_FLOW_ACTION_CT;
@ -14183,6 +14203,7 @@ flow_dv_action_create(struct rte_eth_dev *dev,
{
uint32_t idx = 0;
uint32_t ret = 0;
struct mlx5_priv *priv = dev->data->dev_private;
switch (action->type) {
case RTE_FLOW_ACTION_TYPE_RSS:
@ -14211,8 +14232,7 @@ flow_dv_action_create(struct rte_eth_dev *dev,
case RTE_FLOW_ACTION_TYPE_CONNTRACK:
ret = flow_dv_translate_create_conntrack(dev, action->conf,
err);
idx = (MLX5_INDIRECT_ACTION_TYPE_CT <<
MLX5_INDIRECT_ACTION_TYPE_OFFSET) | ret;
idx = MLX5_INDIRECT_ACT_CT_GEN_IDX(PORT_ID(priv), ret);
break;
default:
rte_flow_error_set(err, ENOTSUP, RTE_FLOW_ERROR_TYPE_ACTION,
@ -14278,7 +14298,9 @@ flow_dv_action_destroy(struct rte_eth_dev *dev,
return 0;
case MLX5_INDIRECT_ACTION_TYPE_CT:
ret = flow_dv_aso_ct_release(dev, idx);
if (ret)
if (ret < 0)
return ret;
if (ret > 0)
DRV_LOG(DEBUG, "Connection tracking object %u still "
"has references %d.", idx, ret);
return 0;
@ -14382,8 +14404,16 @@ __flow_dv_action_ct_update(struct rte_eth_dev *dev, uint32_t idx,
struct mlx5_aso_ct_action *ct;
const struct rte_flow_action_conntrack *new_prf;
int ret = 0;
uint16_t owner = (uint16_t)MLX5_INDIRECT_ACT_CT_GET_OWNER(idx);
uint32_t dev_idx;
ct = flow_aso_ct_get_by_idx(dev, idx);
if (PORT_ID(priv) != owner)
return rte_flow_error_set(error, EACCES,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"CT object owned by another port");
dev_idx = MLX5_INDIRECT_ACT_CT_GET_IDX(idx);
ct = flow_aso_ct_get_by_dev_idx(dev, dev_idx);
if (!ct->refcnt)
return rte_flow_error_set(error, ENOMEM,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
@ -15074,6 +15104,8 @@ flow_dv_action_query(struct rte_eth_dev *dev,
uint32_t idx = act_idx & ((1u << MLX5_INDIRECT_ACTION_TYPE_OFFSET) - 1);
struct mlx5_priv *priv = dev->data->dev_private;
struct mlx5_aso_ct_action *ct;
uint16_t owner;
uint32_t dev_idx;
switch (type) {
case MLX5_INDIRECT_ACTION_TYPE_AGE:
@ -15090,7 +15122,15 @@ flow_dv_action_query(struct rte_eth_dev *dev,
case MLX5_INDIRECT_ACTION_TYPE_COUNT:
return flow_dv_query_count(dev, idx, data, error);
case MLX5_INDIRECT_ACTION_TYPE_CT:
ct = flow_aso_ct_get_by_idx(dev, idx);
owner = (uint16_t)MLX5_INDIRECT_ACT_CT_GET_OWNER(idx);
if (owner != PORT_ID(priv))
return rte_flow_error_set(error, EACCES,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,
NULL,
"CT object owned by another port");
dev_idx = MLX5_INDIRECT_ACT_CT_GET_IDX(idx);
ct = flow_aso_ct_get_by_dev_idx(dev, dev_idx);
MLX5_ASSERT(ct);
if (!ct->refcnt)
return rte_flow_error_set(error, EFAULT,
RTE_FLOW_ERROR_TYPE_UNSPECIFIED,