net/mlx5e: E-switch, Add steering drop counters

Add flow counters to count packets dropped due to drop rules
configured in eswitch egress and ingress ACLs.
These counters will count VFs violations and incoming traffic drops.
Will be presented on hypervisor via standard 'ip -s link show' command.

Example: "ip -s link show dev enp5s0f0"

6: enp5s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 24:8a:07:a5:28:f0 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast
    0          0        0       0       0       2
    TX: bytes  packets  errors  dropped carrier collsns
    1406       17       0       0       0       0
    vf 0 MAC 00:00:ca:fe:ca:fe, vlan 5, spoof checking off, link-state auto, trust off, query_rss off
    RX: bytes  packets  mcast   bcast   dropped
    1666       29       14         32      0
    TX: bytes  packets   dropped
    2880       44       2412

Signed-off-by: Eugenia Emantayev <eugenia@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c b/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c
index 7649e36653d90f116075bca6e6bd78f89c3026d8..5ecf2cddc16dfef2e53df1d8617e15fced37c377 100644 (file)
--- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c
@@ -37,6 +37,7 @@
 #include <linux/mlx5/fs.h>
 #include "mlx5_core.h"
 #include "eswitch.h"
+#include "fs_core.h"
 
 #define UPLINK_VPORT 0xFFFF
 
@@ -1123,8 +1124,12 @@ static void esw_vport_disable_ingress_acl(struct mlx5_eswitch *esw,
 static int esw_vport_ingress_config(struct mlx5_eswitch *esw,
                                    struct mlx5_vport *vport)
 {
+       struct mlx5_fc *counter = vport->ingress.drop_counter;
+       struct mlx5_flow_destination drop_ctr_dst = {0};
+       struct mlx5_flow_destination *dst = NULL;
        struct mlx5_flow_act flow_act = {0};
        struct mlx5_flow_spec *spec;
+       int dest_num = 0;
        int err = 0;
        u8 *smac_v;
 
@@ -1188,9 +1193,18 @@ static int esw_vport_ingress_config(struct mlx5_eswitch *esw,
 
        memset(spec, 0, sizeof(*spec));
        flow_act.action = MLX5_FLOW_CONTEXT_ACTION_DROP;
+
+       /* Attach drop flow counter */
+       if (counter) {
+               flow_act.action |= MLX5_FLOW_CONTEXT_ACTION_COUNT;
+               drop_ctr_dst.type = MLX5_FLOW_DESTINATION_TYPE_COUNTER;
+               drop_ctr_dst.counter = counter;
+               dst = &drop_ctr_dst;
+               dest_num++;
+       }
        vport->ingress.drop_rule =
                mlx5_add_flow_rules(vport->ingress.acl, spec,
-                                   &flow_act, NULL, 0);
+                                   &flow_act, dst, dest_num);
        if (IS_ERR(vport->ingress.drop_rule)) {
                err = PTR_ERR(vport->ingress.drop_rule);
                esw_warn(esw->dev,
@@ -1210,8 +1224,12 @@ out:
 static int esw_vport_egress_config(struct mlx5_eswitch *esw,
                                   struct mlx5_vport *vport)
 {
+       struct mlx5_fc *counter = vport->egress.drop_counter;
+       struct mlx5_flow_destination drop_ctr_dst = {0};
+       struct mlx5_flow_destination *dst = NULL;
        struct mlx5_flow_act flow_act = {0};
        struct mlx5_flow_spec *spec;
+       int dest_num = 0;
        int err = 0;
 
        esw_vport_cleanup_egress_rules(esw, vport);
@@ -1262,9 +1280,18 @@ static int esw_vport_egress_config(struct mlx5_eswitch *esw,
        /* Drop others rule (star rule) */
        memset(spec, 0, sizeof(*spec));
        flow_act.action = MLX5_FLOW_CONTEXT_ACTION_DROP;
+
+       /* Attach egress drop flow counter */
+       if (counter) {
+               flow_act.action |= MLX5_FLOW_CONTEXT_ACTION_COUNT;
+               drop_ctr_dst.type = MLX5_FLOW_DESTINATION_TYPE_COUNTER;
+               drop_ctr_dst.counter = counter;
+               dst = &drop_ctr_dst;
+               dest_num++;
+       }
        vport->egress.drop_rule =
                mlx5_add_flow_rules(vport->egress.acl, spec,
-                                   &flow_act, NULL, 0);
+                                   &flow_act, dst, dest_num);
        if (IS_ERR(vport->egress.drop_rule)) {
                err = PTR_ERR(vport->egress.drop_rule);
                esw_warn(esw->dev,
@@ -1457,6 +1484,41 @@ static void esw_apply_vport_conf(struct mlx5_eswitch *esw,
        }
 }
 
+static void esw_vport_create_drop_counters(struct mlx5_vport *vport)
+{
+       struct mlx5_core_dev *dev = vport->dev;
+
+       if (MLX5_CAP_ESW_INGRESS_ACL(dev, flow_counter)) {
+               vport->ingress.drop_counter = mlx5_fc_create(dev, false);
+               if (IS_ERR(vport->ingress.drop_counter)) {
+                       esw_warn(dev,
+                                "vport[%d] configure ingress drop rule counter failed\n",
+                                vport->vport);
+                       vport->ingress.drop_counter = NULL;
+               }
+       }
+
+       if (MLX5_CAP_ESW_EGRESS_ACL(dev, flow_counter)) {
+               vport->egress.drop_counter = mlx5_fc_create(dev, false);
+               if (IS_ERR(vport->egress.drop_counter)) {
+                       esw_warn(dev,
+                                "vport[%d] configure egress drop rule counter failed\n",
+                                vport->vport);
+                       vport->egress.drop_counter = NULL;
+               }
+       }
+}
+
+static void esw_vport_destroy_drop_counters(struct mlx5_vport *vport)
+{
+       struct mlx5_core_dev *dev = vport->dev;
+
+       if (vport->ingress.drop_counter)
+               mlx5_fc_destroy(dev, vport->ingress.drop_counter);
+       if (vport->egress.drop_counter)
+               mlx5_fc_destroy(dev, vport->egress.drop_counter);
+}
+
 static void esw_enable_vport(struct mlx5_eswitch *esw, int vport_num,
                             int enable_events)
 {
@@ -1483,6 +1545,10 @@ static void esw_enable_vport(struct mlx5_eswitch *esw, int vport_num,
        if (!vport_num)
                vport->info.trusted = true;
 
+       /* create steering drop counters for ingress and egress ACLs */
+       if (vport_num && esw->mode == SRIOV_LEGACY)
+               esw_vport_create_drop_counters(vport);
+
        esw_vport_change_handle_locked(vport);
 
        esw->enabled_vports++;
@@ -1521,6 +1587,7 @@ static void esw_disable_vport(struct mlx5_eswitch *esw, int vport_num)
                                              MLX5_ESW_VPORT_ADMIN_STATE_DOWN);
                esw_vport_disable_egress_acl(esw, vport);
                esw_vport_disable_ingress_acl(esw, vport);
+               esw_vport_destroy_drop_counters(vport);
        }
        esw->enabled_vports--;
        mutex_unlock(&esw->state_lock);
@@ -2016,12 +2083,36 @@ unlock:
        return err;
 }
 
+static void mlx5_eswitch_query_vport_drop_stats(struct mlx5_core_dev *dev,
+                                               int vport_idx,
+                                               struct mlx5_vport_drop_stats *stats)
+{
+       struct mlx5_eswitch *esw = dev->priv.eswitch;
+       struct mlx5_vport *vport = &esw->vports[vport_idx];
+       u64 bytes = 0;
+       u16 idx = 0;
+
+       if (!vport->enabled || esw->mode != SRIOV_LEGACY)
+               return;
+
+       if (vport->egress.drop_counter) {
+               idx = vport->egress.drop_counter->id;
+               mlx5_fc_query(dev, idx, &stats->rx_dropped, &bytes);
+       }
+
+       if (vport->ingress.drop_counter) {
+               idx = vport->ingress.drop_counter->id;
+               mlx5_fc_query(dev, idx, &stats->tx_dropped, &bytes);
+       }
+}
+
 int mlx5_eswitch_get_vport_stats(struct mlx5_eswitch *esw,
                                 int vport,
                                 struct ifla_vf_stats *vf_stats)
 {
        int outlen = MLX5_ST_SZ_BYTES(query_vport_counter_out);
        u32 in[MLX5_ST_SZ_DW(query_vport_counter_in)] = {0};
+       struct mlx5_vport_drop_stats stats = {0};
        int err = 0;
        u32 *out;
 
@@ -2076,6 +2167,10 @@ int mlx5_eswitch_get_vport_stats(struct mlx5_eswitch *esw,
        vf_stats->broadcast =
                MLX5_GET_CTR(out, received_eth_broadcast.packets);
 
+       mlx5_eswitch_query_vport_drop_stats(esw->dev, vport, &stats);
+       vf_stats->rx_dropped = stats.rx_dropped;
+       vf_stats->tx_dropped = stats.tx_dropped;
+
 free_out:
        kvfree(out);
        return err;

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/eswitch.h b/drivers/net/ethernet/mellanox/mlx5/core/eswitch.h
index 3b481182f13a5bb9f5e9a4d909ff2d6334333652..2fa037066b2f7bacb74cbcb9676a6096cf369eab 100644 (file)
--- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch.h
@@ -73,6 +73,7 @@ struct vport_ingress {
        struct mlx5_flow_group *drop_grp;
        struct mlx5_flow_handle  *allow_rule;
        struct mlx5_flow_handle  *drop_rule;
+       struct mlx5_fc           *drop_counter;
 };
 
 struct vport_egress {
@@ -81,6 +82,12 @@ struct vport_egress {
        struct mlx5_flow_group *drop_grp;
        struct mlx5_flow_handle  *allowed_vlan;
        struct mlx5_flow_handle  *drop_rule;
+       struct mlx5_fc           *drop_counter;
+};
+
+struct mlx5_vport_drop_stats {
+       u64 rx_dropped;
+       u64 tx_dropped;
 };
 
 struct mlx5_vport_info {

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.h b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.h
index 3e571045626f542e7dff06152fdbbaf40f07c7e4..05262708f14b1863293cb6c6d561cdef935ca227 100644 (file)
--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.h
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.h
@@ -233,6 +233,8 @@ void mlx5_fc_queue_stats_work(struct mlx5_core_dev *dev,
                              unsigned long delay);
 void mlx5_fc_update_sampling_interval(struct mlx5_core_dev *dev,
                                      unsigned long interval);
+int mlx5_fc_query(struct mlx5_core_dev *dev, u16 id,
+                 u64 *packets, u64 *bytes);
 
 int mlx5_init_fs(struct mlx5_core_dev *dev);
 void mlx5_cleanup_fs(struct mlx5_core_dev *dev);

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_counters.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_counters.c
index 89d1f865003358fe24c4dc2ed10ddb2f22557b45..b7ab929d5f8e1e7b94809b06af70d4ca1d042d9c 100644 (file)
--- a/drivers/net/ethernet/mellanox/mlx5/core/fs_counters.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_counters.c
@@ -312,6 +312,12 @@ void mlx5_cleanup_fc_stats(struct mlx5_core_dev *dev)
        }
 }
 
+int mlx5_fc_query(struct mlx5_core_dev *dev, u16 id,
+                 u64 *packets, u64 *bytes)
+{
+       return mlx5_cmd_fc_query(dev, id, packets, bytes);
+}
+
 void mlx5_fc_query_cached(struct mlx5_fc *counter,
                          u64 *bytes, u64 *packets, u64 *lastuse)
 {