diff options
| author | David S. Miller <davem@davemloft.net> | 2020-02-24 11:55:07 -0800 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2020-02-24 11:55:07 -0800 |
| commit | 27cf31dc20062b020453ea80b0dc95c46af766c1 (patch) | |
| tree | c76061eb6b5d736baf606e5bc361cf21045c4d50 /drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c | |
| parent | 3b0b425279373a822e4f03b9735ac2642405b896 (diff) | |
| parent | e3294d2b15afdfe5e16de2b2d2bd9fae2048db55 (diff) | |
Merge branch 'mlxsw-Introduce-ACL-traps'
Jiri Pirko says:
====================
mlxsw: Introduce ACL traps
This patchset allows to track packets that are dropped in HW by ACL.
Unlike the existing mlxsw traps, ACL traps are "source traps".
That means the action is not controlled by HPKT register but directly
in ACL TRAP action. When devlink user changes action from drop to trap
and vice versa, it would be needed to go over all instances of ACL TRAP
action and do change. That does not scale. Instead, resolve this
by introducing "dummy" group with "thin" policer. The purpose of
this policer is to drop as many packets as possible. The ones
that pass through are going to be dropped in devlink code - patch #6
takes care of that.
First four patches are preparation for introduction of ACL traps in mlxsw
so it possible to easily change from drop to trap for source traps
as well - by changing group to "dummy" and back.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c')
| -rw-r--r-- | drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c index b607919..17368ef 100644 --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_flower.c @@ -41,12 +41,29 @@ static int mlxsw_sp_flower_parse_actions(struct mlxsw_sp *mlxsw_sp, return err; } break; - case FLOW_ACTION_DROP: - err = mlxsw_sp_acl_rulei_act_drop(rulei); + case FLOW_ACTION_DROP: { + bool ingress; + + if (mlxsw_sp_acl_block_is_mixed_bound(block)) { + NL_SET_ERR_MSG_MOD(extack, "Drop action is not supported when block is bound to ingress and egress"); + return -EOPNOTSUPP; + } + ingress = mlxsw_sp_acl_block_is_ingress_bound(block); + err = mlxsw_sp_acl_rulei_act_drop(rulei, ingress); if (err) { NL_SET_ERR_MSG_MOD(extack, "Cannot append drop action"); return err; } + + /* Forbid block with this rulei to be bound + * to ingress/egress in future. Ingress rule is + * a blocker for egress and vice versa. + */ + if (ingress) + rulei->egress_bind_blocker = 1; + else + rulei->ingress_bind_blocker = 1; + } break; case FLOW_ACTION_TRAP: err = mlxsw_sp_acl_rulei_act_trap(rulei); |