diff options
author | Mohamad Haj Yahia | 2016-05-03 16:13:59 +0200 |
---|---|---|
committer | David S. Miller | 2016-05-04 20:04:47 +0200 |
commit | f942380c12394002efe0ca0be023e0f6fafbf29b (patch) | |
tree | 6613163bb3fa30d353045d760422fdd1ce30cbd7 /drivers/net/ethernet/mellanox/mlx5/core/eswitch.h | |
parent | net/mlx5: E-Switch, Vport ingress/egress ACLs rules for VST mode (diff) | |
download | kernel-qcow2-linux-f942380c12394002efe0ca0be023e0f6fafbf29b.tar.gz kernel-qcow2-linux-f942380c12394002efe0ca0be023e0f6fafbf29b.tar.xz kernel-qcow2-linux-f942380c12394002efe0ca0be023e0f6fafbf29b.zip |
net/mlx5: E-Switch, Vport ingress/egress ACLs rules for spoofchk
Configure ingress and egress vport ACL rules according to spoofchk
admin parameters.
Ingress ACL flow table rules:
if (!spoofchk && !vst) allow all traffic.
else :
1) one of the following rules :
* if (spoofchk && vst) allow only untagged traffic with smac=original
mac sent from the VF.
* if (spoofchk && !vst) allow only traffic with smac=original mac sent
from the VF.
* if (!spoofchk && vst) allow only untagged traffic.
2) drop all traffic that didn't hit #1.
Add support for set vf spoofchk ndo.
Add non zero mac validation in case of spoofchk to set mac ndo:
when setting new mac we need to validate that the new mac is
not zero while the spoofchk is on because it is illegal
combination.
Signed-off-by: Mohamad Haj Yahia <mohamad@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net/ethernet/mellanox/mlx5/core/eswitch.h')
-rw-r--r-- | drivers/net/ethernet/mellanox/mlx5/core/eswitch.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/eswitch.h b/drivers/net/ethernet/mellanox/mlx5/core/eswitch.h index 30d55ace4786..2f979c9bcb93 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch.h +++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch.h @@ -118,6 +118,7 @@ struct mlx5_vport { u16 vlan; u8 qos; + bool spoofchk; bool enabled; u16 enabled_events; }; @@ -160,6 +161,8 @@ int mlx5_eswitch_set_vport_state(struct mlx5_eswitch *esw, int vport, int link_state); int mlx5_eswitch_set_vport_vlan(struct mlx5_eswitch *esw, int vport, u16 vlan, u8 qos); +int mlx5_eswitch_set_vport_spoofchk(struct mlx5_eswitch *esw, + int vport, bool spoofchk); int mlx5_eswitch_get_vport_config(struct mlx5_eswitch *esw, int vport, struct ifla_vf_info *ivi); int mlx5_eswitch_get_vport_stats(struct mlx5_eswitch *esw, |