git.cascardo.eti.br Git - cascardo/linux.git/commit

author	Mohamad Haj Yahia <mohamad@mellanox.com>
	Tue, 3 May 2016 14:13:59 +0000 (17:13 +0300)
committer	David S. Miller <davem@davemloft.net>
	Wed, 4 May 2016 18:04:47 +0000 (14:04 -0400)
commit	f942380c12394002efe0ca0be023e0f6fafbf29b
tree	6613163bb3fa30d353045d760422fdd1ce30cbd7	tree \| snapshot
parent	dfcb1ed3c3315902e33da0fc5b0ae4c6d5086a23	commit \| diff

net/mlx5: E-Switch, Vport ingress/egress ACLs rules for spoofchk

Configure ingress and egress vport ACL rules according to spoofchk
admin parameters.

Ingress ACL flow table rules:
if (!spoofchk && !vst) allow all traffic.
else :
1) one of the following rules :
* if (spoofchk && vst) allow only untagged traffic with smac=original
mac sent from the VF.
* if (spoofchk && !vst) allow only traffic with smac=original mac sent
from the VF.
* if (!spoofchk && vst) allow only untagged traffic.
2) drop all traffic that didn't hit #1.

Add support for set vf spoofchk ndo.

Add non zero mac validation in case of spoofchk to set mac ndo:
when setting new mac we need to validate that the new mac is
not zero while the spoofchk is on because it is illegal
combination.

Signed-off-by: Mohamad Haj Yahia <mohamad@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

drivers/net/ethernet/mellanox/mlx5/core/en_main.c		diff \| blob \| history
drivers/net/ethernet/mellanox/mlx5/core/eswitch.c		diff \| blob \| history
drivers/net/ethernet/mellanox/mlx5/core/eswitch.h		diff \| blob \| history