2 * @file IxEthDBFirewall.c
4 * @brief Implementation of the firewall API
7 * IXP400 SW Release version 2.0
9 * -- Copyright Notice --
12 * Copyright 2001-2005, Intel Corporation.
13 * All rights reserved.
16 * SPDX-License-Identifier: BSD-3-Clause
18 * -- End of Copyright Notice --
22 #include "IxEthDB_p.h"
25 * @brief updates the NPE firewall operating mode and
26 * firewall address table
28 * @param portID ID of the port
29 * @param epDelta initial entry point for binary searches (NPE optimization)
30 * @param address address of the firewall MAC address table
32 * This function will send a message to the NPE configuring the
33 * firewall mode (white list or black list), invalid source
34 * address filtering and downloading a new MAC address database
35 * to be used for firewall matching.
37 * @return IX_ETH_DB_SUCCESS if the operation completed
38 * successfully or IX_ETH_DB_FAIL otherwise
43 IxEthDBStatus ixEthDBFirewallUpdate(IxEthDBPortId portID, void *address, UINT32 epDelta)
45 IxNpeMhMessage message;
49 PortInfo *portInfo = &ixEthDBPortInfo[portID];
51 mode = (portInfo->srcAddressFilterEnabled != false) << 1 | (portInfo->firewallMode == IX_ETH_DB_FIREWALL_WHITE_LIST);
53 FILL_SETFIREWALLMODE_MSG(message,
54 IX_ETH_DB_PORT_ID_TO_NPE_LOGICAL_ID(portID),
57 IX_OSAL_MMU_VIRT_TO_PHYS(address));
59 IX_ETHDB_SEND_NPE_MSG(IX_ETH_DB_PORT_ID_TO_NPE(portID), message, result);
65 * @brief configures the firewall white list/black list
68 * @param portID ID of the port
69 * @param mode firewall filtering mode (IX_ETH_DB_FIREWALL_WHITE_LIST
70 * or IX_ETH_DB_FIREWALL_BLACK_LIST)
72 * Note that this function is documented in the main component
73 * header file, IxEthDB.h.
75 * @return IX_ETH_DB_SUCCESS if the operation completed
76 * successfully or an appropriate error message otherwise
79 IxEthDBStatus ixEthDBFirewallModeSet(IxEthDBPortId portID, IxEthDBFirewallMode mode)
81 IX_ETH_DB_CHECK_PORT(portID);
83 IX_ETH_DB_CHECK_SINGLE_NPE(portID);
85 IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
87 if (mode != IX_ETH_DB_FIREWALL_WHITE_LIST
88 && mode != IX_ETH_DB_FIREWALL_BLACK_LIST)
90 return IX_ETH_DB_INVALID_ARG;
93 ixEthDBPortInfo[portID].firewallMode = mode;
95 return ixEthDBFirewallTableDownload(portID);
99 * @brief enables or disables the invalid source MAC address filter
101 * @param portID ID of the port
102 * @param enable true to enable invalid source MAC address filtering
103 * or false to disable it
105 * The invalid source MAC address filter will discard, when enabled,
106 * frames whose source MAC address is a multicast or the broadcast MAC
109 * Note that this function is documented in the main component
110 * header file, IxEthDB.h.
112 * @return IX_ETH_DB_SUCCESS if the operation completed
113 * successfully or an appropriate error message otherwise
116 IxEthDBStatus ixEthDBFirewallInvalidAddressFilterEnable(IxEthDBPortId portID, BOOL enable)
118 IX_ETH_DB_CHECK_PORT(portID);
120 IX_ETH_DB_CHECK_SINGLE_NPE(portID);
122 IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
124 ixEthDBPortInfo[portID].srcAddressFilterEnabled = enable;
126 return ixEthDBFirewallTableDownload(portID);
130 * @brief adds a firewall record
132 * @param portID ID of the port
133 * @param macAddr MAC address of the new record
135 * This function will add a new firewall record
136 * on the specified port, using the specified
137 * MAC address. If the record already exists this
138 * function will silently return IX_ETH_DB_SUCCESS,
139 * although no duplicate records are added.
141 * Note that this function is documented in the main
142 * component header file, IxEthDB.h.
144 * @return IX_ETH_DB_SUCCESS if the operation completed
145 * successfully or an appropriate error message otherwise
148 IxEthDBStatus ixEthDBFirewallEntryAdd(IxEthDBPortId portID, IxEthDBMacAddr *macAddr)
150 MacDescriptor recordTemplate;
152 IX_ETH_DB_CHECK_PORT(portID);
154 IX_ETH_DB_CHECK_SINGLE_NPE(portID);
156 IX_ETH_DB_CHECK_REFERENCE(macAddr);
158 IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
160 memcpy(recordTemplate.macAddress, macAddr, sizeof (IxEthDBMacAddr));
162 recordTemplate.type = IX_ETH_DB_FIREWALL_RECORD;
163 recordTemplate.portID = portID;
165 return ixEthDBAdd(&recordTemplate, NULL);
169 * @brief removes a firewall record
171 * @param portID ID of the port
172 * @param macAddr MAC address of the record to remove
174 * This function will attempt to remove a firewall
175 * record from the given port, using the specified
178 * Note that this function is documented in the main
179 * component header file, IxEthDB.h.
181 * @return IX_ETH_DB_SUCCESS if the operation completed
182 * successfully of an appropriate error message otherwise
185 IxEthDBStatus ixEthDBFirewallEntryRemove(IxEthDBPortId portID, IxEthDBMacAddr *macAddr)
187 MacDescriptor recordTemplate;
189 IX_ETH_DB_CHECK_PORT(portID);
191 IX_ETH_DB_CHECK_SINGLE_NPE(portID);
193 IX_ETH_DB_CHECK_REFERENCE(macAddr);
195 IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
197 memcpy(recordTemplate.macAddress, macAddr, sizeof (IxEthDBMacAddr));
199 recordTemplate.type = IX_ETH_DB_FIREWALL_RECORD;
200 recordTemplate.portID = portID;
202 return ixEthDBRemove(&recordTemplate, NULL);
206 * @brief downloads the firewall address table to an NPE
208 * @param portID ID of the port
210 * This function will download the firewall address table to
213 * Note that this function is documented in the main
214 * component header file, IxEthDB.h.
216 * @return IX_ETH_DB_SUCCESS if the operation completed
217 * successfully or IX_ETH_DB_FAIL otherwise
220 IxEthDBStatus ixEthDBFirewallTableDownload(IxEthDBPortId portID)
222 IxEthDBPortMap query;
223 IxEthDBStatus result;
225 IX_ETH_DB_CHECK_PORT(portID);
227 IX_ETH_DB_CHECK_SINGLE_NPE(portID);
229 IX_ETH_DB_CHECK_FEATURE(portID, IX_ETH_DB_FIREWALL);
231 SET_DEPENDENCY_MAP(query, portID);
235 ixEthDBPortInfo[portID].updateMethod.searchTree = ixEthDBQuery(NULL, query, IX_ETH_DB_FIREWALL_RECORD, MAX_FW_SIZE);
237 result = ixEthDBNPEUpdateHandler(portID, IX_ETH_DB_FIREWALL_RECORD);
239 ixEthDBUpdateUnlock();