nfp: flower-ct: add pre and post ct checks

	    flower/metadata.o \

	    flower/offload.o \

	    flower/tunnel_conf.o \

	    flower/qos_conf.o

	    flower/qos_conf.o \

	    flower/conntrack.o

endif

ifeq ($(CONFIG_BPF_SYSCALL),y)

// SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)

/* Copyright (C) 2021 Corigine, Inc. */

#include "conntrack.h"

bool is_pre_ct_flow(struct flow_cls_offload *flow)

{

	struct flow_action_entry *act;

	int i;

	flow_action_for_each(i, act, &flow->rule->action) {

		if (act->id == FLOW_ACTION_CT && !act->ct.action)

			return true;

	}

	return false;

}

bool is_post_ct_flow(struct flow_cls_offload *flow)

{

	struct flow_rule *rule = flow_cls_offload_flow_rule(flow);

	struct flow_dissector *dissector = rule->match.dissector;

	struct flow_match_ct ct;

	if (dissector->used_keys & BIT(FLOW_DISSECTOR_KEY_CT)) {

		flow_rule_match_ct(rule, &ct);

		if (ct.key->ct_state & TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED)

			return true;

	}

	return false;

}

int nfp_fl_ct_handle_pre_ct(struct nfp_flower_priv *priv,

			    struct net_device *netdev,

			    struct flow_cls_offload *flow,

			    struct netlink_ext_ack *extack)

{

	NL_SET_ERR_MSG_MOD(extack, "unsupported offload: Conntrack action not supported");

	return -EOPNOTSUPP;

}

int nfp_fl_ct_handle_post_ct(struct nfp_flower_priv *priv,

			     struct net_device *netdev,

			     struct flow_cls_offload *flow,

			     struct netlink_ext_ack *extack)

{

	NL_SET_ERR_MSG_MOD(extack, "unsupported offload: Conntrack match not supported");

	return -EOPNOTSUPP;

}

/* SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) */

/* Copyright (C) 2021 Corigine, Inc. */

#ifndef __NFP_FLOWER_CONNTRACK_H__

#define __NFP_FLOWER_CONNTRACK_H__ 1

#include "main.h"

bool is_pre_ct_flow(struct flow_cls_offload *flow);

bool is_post_ct_flow(struct flow_cls_offload *flow);

/**

 * nfp_fl_ct_handle_pre_ct() - Handles -trk conntrack rules

 * @priv:	Pointer to app priv

 * @netdev:	netdev structure.

 * @flow:	TC flower classifier offload structure.

 * @extack:	Extack pointer for errors

 *

 * Adds a new entry to the relevant zone table and tries to

 * merge with other +trk+est entries and offload if possible.

 *

 * Return: negative value on error, 0 if configured successfully.

 */

int nfp_fl_ct_handle_pre_ct(struct nfp_flower_priv *priv,

			    struct net_device *netdev,

			    struct flow_cls_offload *flow,

			    struct netlink_ext_ack *extack);

/**

 * nfp_fl_ct_handle_post_ct() - Handles +trk+est conntrack rules

 * @priv:	Pointer to app priv

 * @netdev:	netdev structure.

 * @flow:	TC flower classifier offload structure.

 * @extack:	Extack pointer for errors

 *

 * Adds a new entry to the relevant zone table and tries to

 * merge with other -trk entries and offload if possible.

 *

 * Return: negative value on error, 0 if configured successfully.

 */

int nfp_fl_ct_handle_post_ct(struct nfp_flower_priv *priv,

			     struct net_device *netdev,

			     struct flow_cls_offload *flow,

			     struct netlink_ext_ack *extack);

#endif

#include "cmsg.h"

#include "main.h"

#include "conntrack.h"

#include "../nfpcore/nfp_cpp.h"

#include "../nfpcore/nfp_nsp.h"

#include "../nfp_app.h"

	if (nfp_netdev_is_nfp_repr(netdev))

		port = nfp_port_from_netdev(netdev);

	if (is_pre_ct_flow(flow))

		return nfp_fl_ct_handle_pre_ct(priv, netdev, flow, extack);

	if (is_post_ct_flow(flow))

		return nfp_fl_ct_handle_post_ct(priv, netdev, flow, extack);

	if (!offload_pre_check(flow))

		return -EOPNOTSUPP;