source: SVN/rincon/u-boot/cpu/ixp/npe/IxEthDBFirewall.c @ 55

Last change on this file since 55 was 55, checked in by Tim Harvey, 2 years ago

rincon: added latest u-boot source

restored form server backup

Signed-off-by: Tim Harvey <tharvey@…>

File size: 7.9 KB
Line 
1/**
2 * @file IxEthDBFirewall.c
3 *
4 * @brief Implementation of the firewall API
5 *
6 * @par
7 * IXP400 SW Release version 2.0
8 *
9 * -- Copyright Notice --
10 *
11 * @par
12 * Copyright 2001-2005, Intel Corporation.
13 * All rights reserved.
14 *
15 * @par
16 * Redistribution and use in source and binary forms, with or without
17 * modification, are permitted provided that the following conditions
18 * are met:
19 * 1. Redistributions of source code must retain the above copyright
20 *    notice, this list of conditions and the following disclaimer.
21 * 2. Redistributions in binary form must reproduce the above copyright
22 *    notice, this list of conditions and the following disclaimer in the
23 *    documentation and/or other materials provided with the distribution.
24 * 3. Neither the name of the Intel Corporation nor the names of its contributors
25 *    may be used to endorse or promote products derived from this software
26 *    without specific prior written permission.
27 *
28 * @par
29 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS''
30 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
31 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
32 * ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
33 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
34 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
35 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
36 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
37 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
38 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 * SUCH DAMAGE.
40 *
41 * @par
42 * -- End of Copyright Notice --
43 */
44
45
46#include "IxEthDB_p.h"
47
48/**
49 * @brief updates the NPE firewall operating mode and
50 * firewall address table
51 *
52 * @param portID ID of the port
53 * @param epDelta initial entry point for binary searches (NPE optimization)
54 * @param address address of the firewall MAC address table
55 *
56 * This function will send a message to the NPE configuring the
57 * firewall mode (white list or black list), invalid source
58 * address filtering and downloading a new MAC address database
59 * to be used for firewall matching.
60 *
61 * @return IX_ETH_DB_SUCCESS if the operation completed
62 * successfully or IX_ETH_DB_FAIL otherwise
63 *
64 * @internal
65 */
66IX_ETH_DB_PUBLIC
67IxEthDBStatus ixEthDBFirewallUpdate(IxEthDBPortId portID, void *address, UINT32 epDelta)
68{
69    IxNpeMhMessage message;
70    IX_STATUS result;
71   
72    UINT32 mode        = 0;   
73    PortInfo *portInfo = &ixEthDBPortInfo[portID];
74
75    mode = (portInfo->srcAddressFilterEnabled != FALSE) << 1 | (portInfo->firewallMode == IX_ETH_DB_FIREWALL_WHITE_LIST);
76
77    FILL_SETFIREWALLMODE_MSG(message, 
78        IX_ETH_DB_PORT_ID_TO_NPE_LOGICAL_ID(portID), 
79        epDelta, 
80        mode, 
81        IX_OSAL_MMU_VIRT_TO_PHYS(address));
82
83    IX_ETHDB_SEND_NPE_MSG(IX_ETH_DB_PORT_ID_TO_NPE(portID), message, result);
84   
85    return result;
86}
87
88/**
89 * @brief configures the firewall white list/black list
90 * access mode
91 *
92 * @param portID ID of the port
93 * @param mode firewall filtering mode (IX_ETH_DB_FIREWALL_WHITE_LIST
94 * or IX_ETH_DB_FIREWALL_BLACK_LIST)
95 *
96 * Note that this function is documented in the main component
97 * header file, IxEthDB.h.
98 *
99 * @return IX_ETH_DB_SUCCESS if the operation completed
100 * successfully or an appropriate error message otherwise
101 */
102IX_ETH_DB_PUBLIC
103IxEthDBStatus ixEthDBFirewallModeSet(IxEthDBPortId portID, IxEthDBFirewallMode mode)
104{
105    IX_ETH_DB_CHECK_PORT(portID);
106   
107    IX_ETH_DB_CHECK_SINGLE_NPE(portID);
108     
109    IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
110   
111    if (mode != IX_ETH_DB_FIREWALL_WHITE_LIST
112        && mode != IX_ETH_DB_FIREWALL_BLACK_LIST)
113    {
114        return IX_ETH_DB_INVALID_ARG;
115    }   
116   
117    ixEthDBPortInfo[portID].firewallMode = mode;
118   
119    return ixEthDBFirewallTableDownload(portID);
120}
121
122/**
123 * @brief enables or disables the invalid source MAC address filter
124 *
125 * @param portID ID of the port
126 * @param enable TRUE to enable invalid source MAC address filtering
127 * or FALSE to disable it
128 *
129 * The invalid source MAC address filter will discard, when enabled,
130 * frames whose source MAC address is a multicast or the broadcast MAC
131 * address.
132 *
133 * Note that this function is documented in the main component
134 * header file, IxEthDB.h.
135 *
136 * @return IX_ETH_DB_SUCCESS if the operation completed
137 * successfully or an appropriate error message otherwise
138 */
139IX_ETH_DB_PUBLIC
140IxEthDBStatus ixEthDBFirewallInvalidAddressFilterEnable(IxEthDBPortId portID, BOOL enable)
141{
142    IX_ETH_DB_CHECK_PORT(portID);
143   
144    IX_ETH_DB_CHECK_SINGLE_NPE(portID);
145   
146    IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
147
148    ixEthDBPortInfo[portID].srcAddressFilterEnabled = enable;
149   
150    return ixEthDBFirewallTableDownload(portID);
151}
152
153/**
154 * @brief adds a firewall record
155 *
156 * @param portID ID of the port
157 * @param macAddr MAC address of the new record
158 *
159 * This function will add a new firewall record
160 * on the specified port, using the specified
161 * MAC address. If the record already exists this
162 * function will silently return IX_ETH_DB_SUCCESS,
163 * although no duplicate records are added.
164 *
165 * Note that this function is documented in the main
166 * component header file, IxEthDB.h.
167 *
168 * @return IX_ETH_DB_SUCCESS if the operation completed
169 * successfully or an appropriate error message otherwise
170 */
171IX_ETH_DB_PUBLIC
172IxEthDBStatus ixEthDBFirewallEntryAdd(IxEthDBPortId portID, IxEthDBMacAddr *macAddr)
173{
174    MacDescriptor recordTemplate;
175
176    IX_ETH_DB_CHECK_PORT(portID);
177
178    IX_ETH_DB_CHECK_SINGLE_NPE(portID);
179
180    IX_ETH_DB_CHECK_REFERENCE(macAddr);
181
182    IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
183   
184    memcpy(recordTemplate.macAddress, macAddr, sizeof (IxEthDBMacAddr));
185   
186    recordTemplate.type   = IX_ETH_DB_FIREWALL_RECORD;
187    recordTemplate.portID = portID;
188   
189    return ixEthDBAdd(&recordTemplate, NULL);
190}
191
192/**
193 * @brief removes a firewall record
194 *
195 * @param portID ID of the port
196 * @param macAddr MAC address of the record to remove
197 *
198 * This function will attempt to remove a firewall
199 * record from the given port, using the specified
200 * MAC address.
201 *
202 * Note that this function is documented in the main
203 * component header file, IxEthDB.h.
204 *
205 * @return IX_ETH_DB_SUCCESS if the operation completed
206 * successfully of an appropriate error message otherwise
207 */
208IX_ETH_DB_PUBLIC
209IxEthDBStatus ixEthDBFirewallEntryRemove(IxEthDBPortId portID, IxEthDBMacAddr *macAddr)
210{
211    MacDescriptor recordTemplate;
212   
213    IX_ETH_DB_CHECK_PORT(portID);
214
215    IX_ETH_DB_CHECK_SINGLE_NPE(portID);
216
217    IX_ETH_DB_CHECK_REFERENCE(macAddr);
218
219    IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
220   
221    memcpy(recordTemplate.macAddress, macAddr, sizeof (IxEthDBMacAddr));
222   
223    recordTemplate.type   = IX_ETH_DB_FIREWALL_RECORD;
224    recordTemplate.portID = portID;
225   
226    return ixEthDBRemove(&recordTemplate, NULL);
227}
228
229/**
230 * @brief downloads the firewall address table to an NPE
231 *
232 * @param portID ID of the port
233 *
234 * This function will download the firewall address table to
235 * an NPE port.
236 *
237 * Note that this function is documented in the main
238 * component header file, IxEthDB.h.
239 *
240 * @return IX_ETH_DB_SUCCESS if the operation completed
241 * successfully or IX_ETH_DB_FAIL otherwise
242 */
243IX_ETH_DB_PUBLIC
244IxEthDBStatus ixEthDBFirewallTableDownload(IxEthDBPortId portID)
245{
246    IxEthDBPortMap query;
247    IxEthDBStatus result;
248   
249    IX_ETH_DB_CHECK_PORT(portID);
250
251    IX_ETH_DB_CHECK_SINGLE_NPE(portID);
252
253    IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
254   
255    SET_DEPENDENCY_MAP(query, portID);
256
257    ixEthDBUpdateLock();
258   
259    ixEthDBPortInfo[portID].updateMethod.searchTree = ixEthDBQuery(NULL, query, IX_ETH_DB_FIREWALL_RECORD, MAX_FW_SIZE);
260   
261    result = ixEthDBNPEUpdateHandler(portID, IX_ETH_DB_FIREWALL_RECORD);
262
263    ixEthDBUpdateUnlock();
264
265    return result;
266}
Note: See TracBrowser for help on using the repository browser.