ixgbe: add Tx anti spoofing support
This patch enables the ethertype Anti-Spoofing feature for affected devices. It is configured such that LLDP packets sent by a VF will be dropped. Signed-off-by: Don Skidmore <donald.c.skidmore@intel.com> Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
This commit is contained in:
parent
9ac5c5ccdb
commit
5b7f000ff9
@ -76,6 +76,8 @@
|
||||
#define IXGBE_MAX_RXD 4096
|
||||
#define IXGBE_MIN_RXD 64
|
||||
|
||||
#define IXGBE_ETH_P_LLDP 0x88CC
|
||||
|
||||
/* flow control */
|
||||
#define IXGBE_MIN_FCRTL 0x40
|
||||
#define IXGBE_MAX_FCRTL 0x7FF80
|
||||
|
@ -3585,10 +3585,24 @@ static void ixgbe_configure_virtualization(struct ixgbe_adapter *adapter)
|
||||
/* Enable MAC Anti-Spoofing */
|
||||
hw->mac.ops.set_mac_anti_spoofing(hw, (adapter->num_vfs != 0),
|
||||
adapter->num_vfs);
|
||||
|
||||
/* Ensure LLDP is set for Ethertype Antispoofing if we will be
|
||||
* calling set_ethertype_anti_spoofing for each VF in loop below
|
||||
*/
|
||||
if (hw->mac.ops.set_ethertype_anti_spoofing)
|
||||
IXGBE_WRITE_REG(hw, IXGBE_ETQF(IXGBE_ETQF_FILTER_LLDP),
|
||||
(IXGBE_ETQF_FILTER_EN | /* enable filter */
|
||||
IXGBE_ETQF_TX_ANTISPOOF | /* tx antispoof */
|
||||
IXGBE_ETH_P_LLDP)); /* LLDP eth type */
|
||||
|
||||
/* For VFs that have spoof checking turned off */
|
||||
for (i = 0; i < adapter->num_vfs; i++) {
|
||||
if (!adapter->vfinfo[i].spoofchk_enabled)
|
||||
ixgbe_ndo_set_vf_spoofchk(adapter->netdev, i, false);
|
||||
|
||||
/* enable ethertype anti spoofing if hw supports it */
|
||||
if (hw->mac.ops.set_ethertype_anti_spoofing)
|
||||
hw->mac.ops.set_ethertype_anti_spoofing(hw, true, i);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -378,6 +378,8 @@ struct ixgbe_thermal_sensor_data {
|
||||
#define IXGBE_SPOOF_MACAS_MASK 0xFF
|
||||
#define IXGBE_SPOOF_VLANAS_MASK 0xFF00
|
||||
#define IXGBE_SPOOF_VLANAS_SHIFT 8
|
||||
#define IXGBE_SPOOF_ETHERTYPEAS 0xFF000000
|
||||
#define IXGBE_SPOOF_ETHERTYPEAS_SHIFT 16
|
||||
#define IXGBE_PFVFSPOOF_REG_COUNT 8
|
||||
|
||||
#define IXGBE_DCA_TXCTRL(_i) (0x07200 + ((_i) * 4)) /* 16 of these (0-15) */
|
||||
@ -1541,6 +1543,7 @@ enum {
|
||||
#define IXGBE_MAX_ETQF_FILTERS 8
|
||||
#define IXGBE_ETQF_FCOE 0x08000000 /* bit 27 */
|
||||
#define IXGBE_ETQF_BCN 0x10000000 /* bit 28 */
|
||||
#define IXGBE_ETQF_TX_ANTISPOOF 0x20000000 /* bit 29 */
|
||||
#define IXGBE_ETQF_1588 0x40000000 /* bit 30 */
|
||||
#define IXGBE_ETQF_FILTER_EN 0x80000000 /* bit 31 */
|
||||
#define IXGBE_ETQF_POOL_ENABLE (1 << 26) /* bit 26 */
|
||||
@ -1566,6 +1569,9 @@ enum {
|
||||
#define IXGBE_ETQF_FILTER_FCOE 2
|
||||
#define IXGBE_ETQF_FILTER_1588 3
|
||||
#define IXGBE_ETQF_FILTER_FIP 4
|
||||
#define IXGBE_ETQF_FILTER_LLDP 5
|
||||
#define IXGBE_ETQF_FILTER_LACP 6
|
||||
|
||||
/* VLAN Control Bit Masks */
|
||||
#define IXGBE_VLNCTRL_VET 0x0000FFFF /* bits 0-15 */
|
||||
#define IXGBE_VLNCTRL_CFI 0x10000000 /* bit 28 */
|
||||
@ -3061,6 +3067,7 @@ struct ixgbe_mac_operations {
|
||||
s32 (*set_fw_drv_ver)(struct ixgbe_hw *, u8, u8, u8, u8);
|
||||
s32 (*get_thermal_sensor_data)(struct ixgbe_hw *);
|
||||
s32 (*init_thermal_sensor_thresh)(struct ixgbe_hw *hw);
|
||||
void (*set_ethertype_anti_spoofing)(struct ixgbe_hw *, bool, int);
|
||||
|
||||
/* DMA Coalescing */
|
||||
s32 (*dmac_config)(struct ixgbe_hw *hw);
|
||||
|
@ -1300,6 +1300,28 @@ mac_reset_top:
|
||||
return status;
|
||||
}
|
||||
|
||||
/** ixgbe_set_ethertype_anti_spoofing_X550 - Enable/Disable Ethertype
|
||||
* anti-spoofing
|
||||
* @hw: pointer to hardware structure
|
||||
* @enable: enable or disable switch for Ethertype anti-spoofing
|
||||
* @vf: Virtual Function pool - VF Pool to set for Ethertype anti-spoofing
|
||||
**/
|
||||
void ixgbe_set_ethertype_anti_spoofing_X550(struct ixgbe_hw *hw, bool enable,
|
||||
int vf)
|
||||
{
|
||||
int vf_target_reg = vf >> 3;
|
||||
int vf_target_shift = vf % 8 + IXGBE_SPOOF_ETHERTYPEAS_SHIFT;
|
||||
u32 pfvfspoof;
|
||||
|
||||
pfvfspoof = IXGBE_READ_REG(hw, IXGBE_PFVFSPOOF(vf_target_reg));
|
||||
if (enable)
|
||||
pfvfspoof |= (1 << vf_target_shift);
|
||||
else
|
||||
pfvfspoof &= ~(1 << vf_target_shift);
|
||||
|
||||
IXGBE_WRITE_REG(hw, IXGBE_PFVFSPOOF(vf_target_reg), pfvfspoof);
|
||||
}
|
||||
|
||||
#define X550_COMMON_MAC \
|
||||
.init_hw = &ixgbe_init_hw_generic, \
|
||||
.start_hw = &ixgbe_start_hw_X540, \
|
||||
@ -1334,6 +1356,8 @@ mac_reset_top:
|
||||
.init_uta_tables = &ixgbe_init_uta_tables_generic, \
|
||||
.set_mac_anti_spoofing = &ixgbe_set_mac_anti_spoofing, \
|
||||
.set_vlan_anti_spoofing = &ixgbe_set_vlan_anti_spoofing, \
|
||||
.set_ethertype_anti_spoofing = \
|
||||
&ixgbe_set_ethertype_anti_spoofing_X550, \
|
||||
.acquire_swfw_sync = &ixgbe_acquire_swfw_sync_X540, \
|
||||
.release_swfw_sync = &ixgbe_release_swfw_sync_X540, \
|
||||
.disable_rx_buff = &ixgbe_disable_rx_buff_generic, \
|
||||
|
Loading…
x
Reference in New Issue
Block a user