mirror of
https://github.com/AsahiLinux/u-boot
synced 2025-01-10 20:28:59 +00:00
267 lines
7.9 KiB
C
267 lines
7.9 KiB
C
|
/**
|
||
|
* @file IxEthDBFirewall.c
|
||
|
*
|
||
|
* @brief Implementation of the firewall API
|
||
|
*
|
||
|
* @par
|
||
|
* IXP400 SW Release version 2.0
|
||
|
*
|
||
|
* -- Copyright Notice --
|
||
|
*
|
||
|
* @par
|
||
|
* Copyright 2001-2005, Intel Corporation.
|
||
|
* All rights reserved.
|
||
|
*
|
||
|
* @par
|
||
|
* Redistribution and use in source and binary forms, with or without
|
||
|
* modification, are permitted provided that the following conditions
|
||
|
* are met:
|
||
|
* 1. Redistributions of source code must retain the above copyright
|
||
|
* notice, this list of conditions and the following disclaimer.
|
||
|
* 2. Redistributions in binary form must reproduce the above copyright
|
||
|
* notice, this list of conditions and the following disclaimer in the
|
||
|
* documentation and/or other materials provided with the distribution.
|
||
|
* 3. Neither the name of the Intel Corporation nor the names of its contributors
|
||
|
* may be used to endorse or promote products derived from this software
|
||
|
* without specific prior written permission.
|
||
|
*
|
||
|
* @par
|
||
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS''
|
||
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
|
||
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||
|
* SUCH DAMAGE.
|
||
|
*
|
||
|
* @par
|
||
|
* -- End of Copyright Notice --
|
||
|
*/
|
||
|
|
||
|
|
||
|
#include "IxEthDB_p.h"
|
||
|
|
||
|
/**
|
||
|
* @brief updates the NPE firewall operating mode and
|
||
|
* firewall address table
|
||
|
*
|
||
|
* @param portID ID of the port
|
||
|
* @param epDelta initial entry point for binary searches (NPE optimization)
|
||
|
* @param address address of the firewall MAC address table
|
||
|
*
|
||
|
* This function will send a message to the NPE configuring the
|
||
|
* firewall mode (white list or black list), invalid source
|
||
|
* address filtering and downloading a new MAC address database
|
||
|
* to be used for firewall matching.
|
||
|
*
|
||
|
* @return IX_ETH_DB_SUCCESS if the operation completed
|
||
|
* successfully or IX_ETH_DB_FAIL otherwise
|
||
|
*
|
||
|
* @internal
|
||
|
*/
|
||
|
IX_ETH_DB_PUBLIC
|
||
|
IxEthDBStatus ixEthDBFirewallUpdate(IxEthDBPortId portID, void *address, UINT32 epDelta)
|
||
|
{
|
||
|
IxNpeMhMessage message;
|
||
|
IX_STATUS result;
|
||
|
|
||
|
UINT32 mode = 0;
|
||
|
PortInfo *portInfo = &ixEthDBPortInfo[portID];
|
||
|
|
||
|
mode = (portInfo->srcAddressFilterEnabled != FALSE) << 1 | (portInfo->firewallMode == IX_ETH_DB_FIREWALL_WHITE_LIST);
|
||
|
|
||
|
FILL_SETFIREWALLMODE_MSG(message,
|
||
|
IX_ETH_DB_PORT_ID_TO_NPE_LOGICAL_ID(portID),
|
||
|
epDelta,
|
||
|
mode,
|
||
|
IX_OSAL_MMU_VIRT_TO_PHYS(address));
|
||
|
|
||
|
IX_ETHDB_SEND_NPE_MSG(IX_ETH_DB_PORT_ID_TO_NPE(portID), message, result);
|
||
|
|
||
|
return result;
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* @brief configures the firewall white list/black list
|
||
|
* access mode
|
||
|
*
|
||
|
* @param portID ID of the port
|
||
|
* @param mode firewall filtering mode (IX_ETH_DB_FIREWALL_WHITE_LIST
|
||
|
* or IX_ETH_DB_FIREWALL_BLACK_LIST)
|
||
|
*
|
||
|
* Note that this function is documented in the main component
|
||
|
* header file, IxEthDB.h.
|
||
|
*
|
||
|
* @return IX_ETH_DB_SUCCESS if the operation completed
|
||
|
* successfully or an appropriate error message otherwise
|
||
|
*/
|
||
|
IX_ETH_DB_PUBLIC
|
||
|
IxEthDBStatus ixEthDBFirewallModeSet(IxEthDBPortId portID, IxEthDBFirewallMode mode)
|
||
|
{
|
||
|
IX_ETH_DB_CHECK_PORT(portID);
|
||
|
|
||
|
IX_ETH_DB_CHECK_SINGLE_NPE(portID);
|
||
|
|
||
|
IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
|
||
|
|
||
|
if (mode != IX_ETH_DB_FIREWALL_WHITE_LIST
|
||
|
&& mode != IX_ETH_DB_FIREWALL_BLACK_LIST)
|
||
|
{
|
||
|
return IX_ETH_DB_INVALID_ARG;
|
||
|
}
|
||
|
|
||
|
ixEthDBPortInfo[portID].firewallMode = mode;
|
||
|
|
||
|
return ixEthDBFirewallTableDownload(portID);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* @brief enables or disables the invalid source MAC address filter
|
||
|
*
|
||
|
* @param portID ID of the port
|
||
|
* @param enable TRUE to enable invalid source MAC address filtering
|
||
|
* or FALSE to disable it
|
||
|
*
|
||
|
* The invalid source MAC address filter will discard, when enabled,
|
||
|
* frames whose source MAC address is a multicast or the broadcast MAC
|
||
|
* address.
|
||
|
*
|
||
|
* Note that this function is documented in the main component
|
||
|
* header file, IxEthDB.h.
|
||
|
*
|
||
|
* @return IX_ETH_DB_SUCCESS if the operation completed
|
||
|
* successfully or an appropriate error message otherwise
|
||
|
*/
|
||
|
IX_ETH_DB_PUBLIC
|
||
|
IxEthDBStatus ixEthDBFirewallInvalidAddressFilterEnable(IxEthDBPortId portID, BOOL enable)
|
||
|
{
|
||
|
IX_ETH_DB_CHECK_PORT(portID);
|
||
|
|
||
|
IX_ETH_DB_CHECK_SINGLE_NPE(portID);
|
||
|
|
||
|
IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
|
||
|
|
||
|
ixEthDBPortInfo[portID].srcAddressFilterEnabled = enable;
|
||
|
|
||
|
return ixEthDBFirewallTableDownload(portID);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* @brief adds a firewall record
|
||
|
*
|
||
|
* @param portID ID of the port
|
||
|
* @param macAddr MAC address of the new record
|
||
|
*
|
||
|
* This function will add a new firewall record
|
||
|
* on the specified port, using the specified
|
||
|
* MAC address. If the record already exists this
|
||
|
* function will silently return IX_ETH_DB_SUCCESS,
|
||
|
* although no duplicate records are added.
|
||
|
*
|
||
|
* Note that this function is documented in the main
|
||
|
* component header file, IxEthDB.h.
|
||
|
*
|
||
|
* @return IX_ETH_DB_SUCCESS if the operation completed
|
||
|
* successfully or an appropriate error message otherwise
|
||
|
*/
|
||
|
IX_ETH_DB_PUBLIC
|
||
|
IxEthDBStatus ixEthDBFirewallEntryAdd(IxEthDBPortId portID, IxEthDBMacAddr *macAddr)
|
||
|
{
|
||
|
MacDescriptor recordTemplate;
|
||
|
|
||
|
IX_ETH_DB_CHECK_PORT(portID);
|
||
|
|
||
|
IX_ETH_DB_CHECK_SINGLE_NPE(portID);
|
||
|
|
||
|
IX_ETH_DB_CHECK_REFERENCE(macAddr);
|
||
|
|
||
|
IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
|
||
|
|
||
|
memcpy(recordTemplate.macAddress, macAddr, sizeof (IxEthDBMacAddr));
|
||
|
|
||
|
recordTemplate.type = IX_ETH_DB_FIREWALL_RECORD;
|
||
|
recordTemplate.portID = portID;
|
||
|
|
||
|
return ixEthDBAdd(&recordTemplate, NULL);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* @brief removes a firewall record
|
||
|
*
|
||
|
* @param portID ID of the port
|
||
|
* @param macAddr MAC address of the record to remove
|
||
|
*
|
||
|
* This function will attempt to remove a firewall
|
||
|
* record from the given port, using the specified
|
||
|
* MAC address.
|
||
|
*
|
||
|
* Note that this function is documented in the main
|
||
|
* component header file, IxEthDB.h.
|
||
|
*
|
||
|
* @return IX_ETH_DB_SUCCESS if the operation completed
|
||
|
* successfully of an appropriate error message otherwise
|
||
|
*/
|
||
|
IX_ETH_DB_PUBLIC
|
||
|
IxEthDBStatus ixEthDBFirewallEntryRemove(IxEthDBPortId portID, IxEthDBMacAddr *macAddr)
|
||
|
{
|
||
|
MacDescriptor recordTemplate;
|
||
|
|
||
|
IX_ETH_DB_CHECK_PORT(portID);
|
||
|
|
||
|
IX_ETH_DB_CHECK_SINGLE_NPE(portID);
|
||
|
|
||
|
IX_ETH_DB_CHECK_REFERENCE(macAddr);
|
||
|
|
||
|
IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
|
||
|
|
||
|
memcpy(recordTemplate.macAddress, macAddr, sizeof (IxEthDBMacAddr));
|
||
|
|
||
|
recordTemplate.type = IX_ETH_DB_FIREWALL_RECORD;
|
||
|
recordTemplate.portID = portID;
|
||
|
|
||
|
return ixEthDBRemove(&recordTemplate, NULL);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* @brief downloads the firewall address table to an NPE
|
||
|
*
|
||
|
* @param portID ID of the port
|
||
|
*
|
||
|
* This function will download the firewall address table to
|
||
|
* an NPE port.
|
||
|
*
|
||
|
* Note that this function is documented in the main
|
||
|
* component header file, IxEthDB.h.
|
||
|
*
|
||
|
* @return IX_ETH_DB_SUCCESS if the operation completed
|
||
|
* successfully or IX_ETH_DB_FAIL otherwise
|
||
|
*/
|
||
|
IX_ETH_DB_PUBLIC
|
||
|
IxEthDBStatus ixEthDBFirewallTableDownload(IxEthDBPortId portID)
|
||
|
{
|
||
|
IxEthDBPortMap query;
|
||
|
IxEthDBStatus result;
|
||
|
|
||
|
IX_ETH_DB_CHECK_PORT(portID);
|
||
|
|
||
|
IX_ETH_DB_CHECK_SINGLE_NPE(portID);
|
||
|
|
||
|
IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
|
||
|
|
||
|
SET_DEPENDENCY_MAP(query, portID);
|
||
|
|
||
|
ixEthDBUpdateLock();
|
||
|
|
||
|
ixEthDBPortInfo[portID].updateMethod.searchTree = ixEthDBQuery(NULL, query, IX_ETH_DB_FIREWALL_RECORD, MAX_FW_SIZE);
|
||
|
|
||
|
result = ixEthDBNPEUpdateHandler(portID, IX_ETH_DB_FIREWALL_RECORD);
|
||
|
|
||
|
ixEthDBUpdateUnlock();
|
||
|
|
||
|
return result;
|
||
|
}
|