summaryrefslogtreecommitdiff
path: root/cpu/ixp/npe/IxEthDBFirewall.c
diff options
context:
space:
mode:
Diffstat (limited to 'cpu/ixp/npe/IxEthDBFirewall.c')
-rw-r--r--cpu/ixp/npe/IxEthDBFirewall.c266
1 files changed, 266 insertions, 0 deletions
diff --git a/cpu/ixp/npe/IxEthDBFirewall.c b/cpu/ixp/npe/IxEthDBFirewall.c
new file mode 100644
index 0000000000..eb46174b6c
--- /dev/null
+++ b/cpu/ixp/npe/IxEthDBFirewall.c
@@ -0,0 +1,266 @@
+/**
+ * @file IxEthDBFirewall.c
+ *
+ * @brief Implementation of the firewall API
+ *
+ * @par
+ * IXP400 SW Release version 2.0
+ *
+ * -- Copyright Notice --
+ *
+ * @par
+ * Copyright 2001-2005, Intel Corporation.
+ * All rights reserved.
+ *
+ * @par
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the Intel Corporation nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * @par
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * @par
+ * -- End of Copyright Notice --
+ */
+
+
+#include "IxEthDB_p.h"
+
+/**
+ * @brief updates the NPE firewall operating mode and
+ * firewall address table
+ *
+ * @param portID ID of the port
+ * @param epDelta initial entry point for binary searches (NPE optimization)
+ * @param address address of the firewall MAC address table
+ *
+ * This function will send a message to the NPE configuring the
+ * firewall mode (white list or black list), invalid source
+ * address filtering and downloading a new MAC address database
+ * to be used for firewall matching.
+ *
+ * @return IX_ETH_DB_SUCCESS if the operation completed
+ * successfully or IX_ETH_DB_FAIL otherwise
+ *
+ * @internal
+ */
+IX_ETH_DB_PUBLIC
+IxEthDBStatus ixEthDBFirewallUpdate(IxEthDBPortId portID, void *address, UINT32 epDelta)
+{
+ IxNpeMhMessage message;
+ IX_STATUS result;
+
+ UINT32 mode = 0;
+ PortInfo *portInfo = &ixEthDBPortInfo[portID];
+
+ mode = (portInfo->srcAddressFilterEnabled != FALSE) << 1 | (portInfo->firewallMode == IX_ETH_DB_FIREWALL_WHITE_LIST);
+
+ FILL_SETFIREWALLMODE_MSG(message,
+ IX_ETH_DB_PORT_ID_TO_NPE_LOGICAL_ID(portID),
+ epDelta,
+ mode,
+ IX_OSAL_MMU_VIRT_TO_PHYS(address));
+
+ IX_ETHDB_SEND_NPE_MSG(IX_ETH_DB_PORT_ID_TO_NPE(portID), message, result);
+
+ return result;
+}
+
+/**
+ * @brief configures the firewall white list/black list
+ * access mode
+ *
+ * @param portID ID of the port
+ * @param mode firewall filtering mode (IX_ETH_DB_FIREWALL_WHITE_LIST
+ * or IX_ETH_DB_FIREWALL_BLACK_LIST)
+ *
+ * Note that this function is documented in the main component
+ * header file, IxEthDB.h.
+ *
+ * @return IX_ETH_DB_SUCCESS if the operation completed
+ * successfully or an appropriate error message otherwise
+ */
+IX_ETH_DB_PUBLIC
+IxEthDBStatus ixEthDBFirewallModeSet(IxEthDBPortId portID, IxEthDBFirewallMode mode)
+{
+ IX_ETH_DB_CHECK_PORT(portID);
+
+ IX_ETH_DB_CHECK_SINGLE_NPE(portID);
+
+ IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
+
+ if (mode != IX_ETH_DB_FIREWALL_WHITE_LIST
+ && mode != IX_ETH_DB_FIREWALL_BLACK_LIST)
+ {
+ return IX_ETH_DB_INVALID_ARG;
+ }
+
+ ixEthDBPortInfo[portID].firewallMode = mode;
+
+ return ixEthDBFirewallTableDownload(portID);
+}
+
+/**
+ * @brief enables or disables the invalid source MAC address filter
+ *
+ * @param portID ID of the port
+ * @param enable TRUE to enable invalid source MAC address filtering
+ * or FALSE to disable it
+ *
+ * The invalid source MAC address filter will discard, when enabled,
+ * frames whose source MAC address is a multicast or the broadcast MAC
+ * address.
+ *
+ * Note that this function is documented in the main component
+ * header file, IxEthDB.h.
+ *
+ * @return IX_ETH_DB_SUCCESS if the operation completed
+ * successfully or an appropriate error message otherwise
+ */
+IX_ETH_DB_PUBLIC
+IxEthDBStatus ixEthDBFirewallInvalidAddressFilterEnable(IxEthDBPortId portID, BOOL enable)
+{
+ IX_ETH_DB_CHECK_PORT(portID);
+
+ IX_ETH_DB_CHECK_SINGLE_NPE(portID);
+
+ IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
+
+ ixEthDBPortInfo[portID].srcAddressFilterEnabled = enable;
+
+ return ixEthDBFirewallTableDownload(portID);
+}
+
+/**
+ * @brief adds a firewall record
+ *
+ * @param portID ID of the port
+ * @param macAddr MAC address of the new record
+ *
+ * This function will add a new firewall record
+ * on the specified port, using the specified
+ * MAC address. If the record already exists this
+ * function will silently return IX_ETH_DB_SUCCESS,
+ * although no duplicate records are added.
+ *
+ * Note that this function is documented in the main
+ * component header file, IxEthDB.h.
+ *
+ * @return IX_ETH_DB_SUCCESS if the operation completed
+ * successfully or an appropriate error message otherwise
+ */
+IX_ETH_DB_PUBLIC
+IxEthDBStatus ixEthDBFirewallEntryAdd(IxEthDBPortId portID, IxEthDBMacAddr *macAddr)
+{
+ MacDescriptor recordTemplate;
+
+ IX_ETH_DB_CHECK_PORT(portID);
+
+ IX_ETH_DB_CHECK_SINGLE_NPE(portID);
+
+ IX_ETH_DB_CHECK_REFERENCE(macAddr);
+
+ IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
+
+ memcpy(recordTemplate.macAddress, macAddr, sizeof (IxEthDBMacAddr));
+
+ recordTemplate.type = IX_ETH_DB_FIREWALL_RECORD;
+ recordTemplate.portID = portID;
+
+ return ixEthDBAdd(&recordTemplate, NULL);
+}
+
+/**
+ * @brief removes a firewall record
+ *
+ * @param portID ID of the port
+ * @param macAddr MAC address of the record to remove
+ *
+ * This function will attempt to remove a firewall
+ * record from the given port, using the specified
+ * MAC address.
+ *
+ * Note that this function is documented in the main
+ * component header file, IxEthDB.h.
+ *
+ * @return IX_ETH_DB_SUCCESS if the operation completed
+ * successfully of an appropriate error message otherwise
+ */
+IX_ETH_DB_PUBLIC
+IxEthDBStatus ixEthDBFirewallEntryRemove(IxEthDBPortId portID, IxEthDBMacAddr *macAddr)
+{
+ MacDescriptor recordTemplate;
+
+ IX_ETH_DB_CHECK_PORT(portID);
+
+ IX_ETH_DB_CHECK_SINGLE_NPE(portID);
+
+ IX_ETH_DB_CHECK_REFERENCE(macAddr);
+
+ IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
+
+ memcpy(recordTemplate.macAddress, macAddr, sizeof (IxEthDBMacAddr));
+
+ recordTemplate.type = IX_ETH_DB_FIREWALL_RECORD;
+ recordTemplate.portID = portID;
+
+ return ixEthDBRemove(&recordTemplate, NULL);
+}
+
+/**
+ * @brief downloads the firewall address table to an NPE
+ *
+ * @param portID ID of the port
+ *
+ * This function will download the firewall address table to
+ * an NPE port.
+ *
+ * Note that this function is documented in the main
+ * component header file, IxEthDB.h.
+ *
+ * @return IX_ETH_DB_SUCCESS if the operation completed
+ * successfully or IX_ETH_DB_FAIL otherwise
+ */
+IX_ETH_DB_PUBLIC
+IxEthDBStatus ixEthDBFirewallTableDownload(IxEthDBPortId portID)
+{
+ IxEthDBPortMap query;
+ IxEthDBStatus result;
+
+ IX_ETH_DB_CHECK_PORT(portID);
+
+ IX_ETH_DB_CHECK_SINGLE_NPE(portID);
+
+ IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
+
+ SET_DEPENDENCY_MAP(query, portID);
+
+ ixEthDBUpdateLock();
+
+ ixEthDBPortInfo[portID].updateMethod.searchTree = ixEthDBQuery(NULL, query, IX_ETH_DB_FIREWALL_RECORD, MAX_FW_SIZE);
+
+ result = ixEthDBNPEUpdateHandler(portID, IX_ETH_DB_FIREWALL_RECORD);
+
+ ixEthDBUpdateUnlock();
+
+ return result;
+}