diff options
author | Mohamad Haj Yahia | 2016-05-03 16:13:59 +0200 |
---|---|---|
committer | David S. Miller | 2016-05-04 20:04:47 +0200 |
commit | f942380c12394002efe0ca0be023e0f6fafbf29b (patch) | |
tree | 6613163bb3fa30d353045d760422fdd1ce30cbd7 /drivers/net/ethernet/mellanox/mlx5/core/en_main.c | |
parent | net/mlx5: E-Switch, Vport ingress/egress ACLs rules for VST mode (diff) | |
download | kernel-qcow2-linux-f942380c12394002efe0ca0be023e0f6fafbf29b.tar.gz kernel-qcow2-linux-f942380c12394002efe0ca0be023e0f6fafbf29b.tar.xz kernel-qcow2-linux-f942380c12394002efe0ca0be023e0f6fafbf29b.zip |
net/mlx5: E-Switch, Vport ingress/egress ACLs rules for spoofchk
Configure ingress and egress vport ACL rules according to spoofchk
admin parameters.
Ingress ACL flow table rules:
if (!spoofchk && !vst) allow all traffic.
else :
1) one of the following rules :
* if (spoofchk && vst) allow only untagged traffic with smac=original
mac sent from the VF.
* if (spoofchk && !vst) allow only traffic with smac=original mac sent
from the VF.
* if (!spoofchk && vst) allow only untagged traffic.
2) drop all traffic that didn't hit #1.
Add support for set vf spoofchk ndo.
Add non zero mac validation in case of spoofchk to set mac ndo:
when setting new mac we need to validate that the new mac is
not zero while the spoofchk is on because it is illegal
combination.
Signed-off-by: Mohamad Haj Yahia <mohamad@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net/ethernet/mellanox/mlx5/core/en_main.c')
-rw-r--r-- | drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c index b435c7b36cfb..5d0911315189 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c @@ -2438,6 +2438,14 @@ static int mlx5e_set_vf_vlan(struct net_device *dev, int vf, u16 vlan, u8 qos) vlan, qos); } +static int mlx5e_set_vf_spoofchk(struct net_device *dev, int vf, bool setting) +{ + struct mlx5e_priv *priv = netdev_priv(dev); + struct mlx5_core_dev *mdev = priv->mdev; + + return mlx5_eswitch_set_vport_spoofchk(mdev->priv.eswitch, vf + 1, setting); +} + static int mlx5_vport_link2ifla(u8 esw_link) { switch (esw_link) { @@ -2607,6 +2615,7 @@ static const struct net_device_ops mlx5e_netdev_ops_sriov = { #endif .ndo_set_vf_mac = mlx5e_set_vf_mac, .ndo_set_vf_vlan = mlx5e_set_vf_vlan, + .ndo_set_vf_spoofchk = mlx5e_set_vf_spoofchk, .ndo_get_vf_config = mlx5e_get_vf_config, .ndo_set_vf_link_state = mlx5e_set_vf_link_state, .ndo_get_vf_stats = mlx5e_get_vf_stats, |