Gitiles
Code Review Sign In
gerrit.devboardsforandroid.linaro.org / platform / external / u-boot / 57d33d4b4063ef731c35ba5b7b03e2e510c4ee65 / . / drivers / net / npe / IxEthDBFirewall.c
blob: c0ae5624ff58a0805c745091e9e16d79cf709b6d [file] [log] [blame]
Wolfgang Denkba94a1b2006-05-30 15:56:48 +0200[diff] [blame]1/**
2 * @file IxEthDBFirewall.c
3 *
4 * @brief Implementation of the firewall API
5 *
6 * @par
7 * IXP400 SW Release version 2.0
8 *
9 * -- Copyright Notice --
10 *
11 * @par
12 * Copyright 2001-2005, Intel Corporation.
13 * All rights reserved.
14 *
15 * @par
Wolfgang Denkcb3761e2013-07-28 22:12:47 +0200[diff] [blame]16 * SPDX-License-Identifier: BSD-3-Clause
Wolfgang Denkba94a1b2006-05-30 15:56:48 +0200[diff] [blame]17 * @par
18 * -- End of Copyright Notice --
19 */
20
21
22#include "IxEthDB_p.h"
23
24/**
25 * @brief updates the NPE firewall operating mode and
26 * firewall address table
27 *
28 * @param portID ID of the port
29 * @param epDelta initial entry point for binary searches (NPE optimization)
30 * @param address address of the firewall MAC address table
31 *
32 * This function will send a message to the NPE configuring the
33 * firewall mode (white list or black list), invalid source
34 * address filtering and downloading a new MAC address database
35 * to be used for firewall matching.
36 *
37 * @return IX_ETH_DB_SUCCESS if the operation completed
38 * successfully or IX_ETH_DB_FAIL otherwise
39 *
40 * @internal
41 */
42IX_ETH_DB_PUBLIC
43IxEthDBStatus ixEthDBFirewallUpdate(IxEthDBPortId portID, void *address, UINT32 epDelta)
44{
45 IxNpeMhMessage message;
46 IX_STATUS result;
47
48 UINT32 mode = 0;
49 PortInfo *portInfo = &ixEthDBPortInfo[portID];
50
York Sun472d5462013-04-01 11:29:11 -0700[diff] [blame]51 mode = (portInfo->srcAddressFilterEnabled != false) << 1 | (portInfo->firewallMode == IX_ETH_DB_FIREWALL_WHITE_LIST);
Wolfgang Denkba94a1b2006-05-30 15:56:48 +0200[diff] [blame]52
53 FILL_SETFIREWALLMODE_MSG(message,
54 IX_ETH_DB_PORT_ID_TO_NPE_LOGICAL_ID(portID),
55 epDelta,
56 mode,
57 IX_OSAL_MMU_VIRT_TO_PHYS(address));
58
59 IX_ETHDB_SEND_NPE_MSG(IX_ETH_DB_PORT_ID_TO_NPE(portID), message, result);
60
61 return result;
62}
63
64/**
65 * @brief configures the firewall white list/black list
66 * access mode
67 *
68 * @param portID ID of the port
69 * @param mode firewall filtering mode (IX_ETH_DB_FIREWALL_WHITE_LIST
70 * or IX_ETH_DB_FIREWALL_BLACK_LIST)
71 *
72 * Note that this function is documented in the main component
73 * header file, IxEthDB.h.
74 *
75 * @return IX_ETH_DB_SUCCESS if the operation completed
76 * successfully or an appropriate error message otherwise
77 */
78IX_ETH_DB_PUBLIC
79IxEthDBStatus ixEthDBFirewallModeSet(IxEthDBPortId portID, IxEthDBFirewallMode mode)
80{
81 IX_ETH_DB_CHECK_PORT(portID);
82
83 IX_ETH_DB_CHECK_SINGLE_NPE(portID);
84
85 IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
86
87 if (mode != IX_ETH_DB_FIREWALL_WHITE_LIST
88 && mode != IX_ETH_DB_FIREWALL_BLACK_LIST)
89 {
90 return IX_ETH_DB_INVALID_ARG;
91 }
92
93 ixEthDBPortInfo[portID].firewallMode = mode;
94
95 return ixEthDBFirewallTableDownload(portID);
96}
97
98/**
99 * @brief enables or disables the invalid source MAC address filter
100 *
101 * @param portID ID of the port
York Sun472d5462013-04-01 11:29:11 -0700[diff] [blame]102 * @param enable true to enable invalid source MAC address filtering
103 * or false to disable it
Wolfgang Denkba94a1b2006-05-30 15:56:48 +0200[diff] [blame]104 *
105 * The invalid source MAC address filter will discard, when enabled,
106 * frames whose source MAC address is a multicast or the broadcast MAC
107 * address.
108 *
109 * Note that this function is documented in the main component
110 * header file, IxEthDB.h.
111 *
112 * @return IX_ETH_DB_SUCCESS if the operation completed
113 * successfully or an appropriate error message otherwise
114 */
115IX_ETH_DB_PUBLIC
116IxEthDBStatus ixEthDBFirewallInvalidAddressFilterEnable(IxEthDBPortId portID, BOOL enable)
117{
118 IX_ETH_DB_CHECK_PORT(portID);
119
120 IX_ETH_DB_CHECK_SINGLE_NPE(portID);
121
122 IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
123
124 ixEthDBPortInfo[portID].srcAddressFilterEnabled = enable;
125
126 return ixEthDBFirewallTableDownload(portID);
127}
128
129/**
130 * @brief adds a firewall record
131 *
132 * @param portID ID of the port
133 * @param macAddr MAC address of the new record
134 *
135 * This function will add a new firewall record
136 * on the specified port, using the specified
137 * MAC address. If the record already exists this
138 * function will silently return IX_ETH_DB_SUCCESS,
139 * although no duplicate records are added.
140 *
141 * Note that this function is documented in the main
142 * component header file, IxEthDB.h.
143 *
144 * @return IX_ETH_DB_SUCCESS if the operation completed
145 * successfully or an appropriate error message otherwise
146 */
147IX_ETH_DB_PUBLIC
148IxEthDBStatus ixEthDBFirewallEntryAdd(IxEthDBPortId portID, IxEthDBMacAddr *macAddr)
149{
150 MacDescriptor recordTemplate;
151
152 IX_ETH_DB_CHECK_PORT(portID);
153
154 IX_ETH_DB_CHECK_SINGLE_NPE(portID);
155
156 IX_ETH_DB_CHECK_REFERENCE(macAddr);
157
158 IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
159
160 memcpy(recordTemplate.macAddress, macAddr, sizeof (IxEthDBMacAddr));
161
162 recordTemplate.type = IX_ETH_DB_FIREWALL_RECORD;
163 recordTemplate.portID = portID;
164
165 return ixEthDBAdd(&recordTemplate, NULL);
166}
167
168/**
169 * @brief removes a firewall record
170 *
171 * @param portID ID of the port
172 * @param macAddr MAC address of the record to remove
173 *
174 * This function will attempt to remove a firewall
175 * record from the given port, using the specified
176 * MAC address.
177 *
178 * Note that this function is documented in the main
179 * component header file, IxEthDB.h.
180 *
181 * @return IX_ETH_DB_SUCCESS if the operation completed
182 * successfully of an appropriate error message otherwise
183 */
184IX_ETH_DB_PUBLIC
185IxEthDBStatus ixEthDBFirewallEntryRemove(IxEthDBPortId portID, IxEthDBMacAddr *macAddr)
186{
187 MacDescriptor recordTemplate;
188
189 IX_ETH_DB_CHECK_PORT(portID);
190
191 IX_ETH_DB_CHECK_SINGLE_NPE(portID);
192
193 IX_ETH_DB_CHECK_REFERENCE(macAddr);
194
195 IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
196
197 memcpy(recordTemplate.macAddress, macAddr, sizeof (IxEthDBMacAddr));
198
199 recordTemplate.type = IX_ETH_DB_FIREWALL_RECORD;
200 recordTemplate.portID = portID;
201
202 return ixEthDBRemove(&recordTemplate, NULL);
203}
204
205/**
206 * @brief downloads the firewall address table to an NPE
207 *
208 * @param portID ID of the port
209 *
210 * This function will download the firewall address table to
211 * an NPE port.
212 *
213 * Note that this function is documented in the main
214 * component header file, IxEthDB.h.
215 *
216 * @return IX_ETH_DB_SUCCESS if the operation completed
217 * successfully or IX_ETH_DB_FAIL otherwise
218 */
219IX_ETH_DB_PUBLIC
220IxEthDBStatus ixEthDBFirewallTableDownload(IxEthDBPortId portID)
221{
222 IxEthDBPortMap query;
223 IxEthDBStatus result;
224
225 IX_ETH_DB_CHECK_PORT(portID);
226
227 IX_ETH_DB_CHECK_SINGLE_NPE(portID);
228
229 IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
230
231 SET_DEPENDENCY_MAP(query, portID);
232
233 ixEthDBUpdateLock();
234
235 ixEthDBPortInfo[portID].updateMethod.searchTree = ixEthDBQuery(NULL, query, IX_ETH_DB_FIREWALL_RECORD, MAX_FW_SIZE);
236
237 result = ixEthDBNPEUpdateHandler(portID, IX_ETH_DB_FIREWALL_RECORD);
238
239 ixEthDBUpdateUnlock();
240
241 return result;
242}