diff options
author | Greg Rose <gregory.v.rose@intel.com> | 2010-11-18 06:02:52 +0300 |
---|---|---|
committer | Jeff Kirsher <jeffrey.t.kirsher@intel.com> | 2010-12-25 08:41:06 +0300 |
commit | a985b6c31ff230a1246d921afbfc0f6a1386be83 (patch) | |
tree | 74ec1479b9f28e055c45a8a636f86b537d959b37 /drivers/net/ixgbe/ixgbe_main.c | |
parent | 3377eba79e15671799876f82d30446e656aac5ad (diff) | |
download | linux-a985b6c31ff230a1246d921afbfc0f6a1386be83.tar.xz |
ixgbe: Add anti-spoofing feature support
Add support for the anti-spoofing feature in the HW. Packets from
VF devices with spoofed MAC addresses or VLAN tags will be blocked
and a counter incremented. During the watchdog timer the spoofed
packet dropped counter is read and if it is non-zero then a warning
message is displayed on the host VMM's console.
Signed-off-by: Greg Rose <gregory.v.rose@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Diffstat (limited to 'drivers/net/ixgbe/ixgbe_main.c')
-rw-r--r-- | drivers/net/ixgbe/ixgbe_main.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/drivers/net/ixgbe/ixgbe_main.c b/drivers/net/ixgbe/ixgbe_main.c index c90562530202..38ab4f3f8197 100644 --- a/drivers/net/ixgbe/ixgbe_main.c +++ b/drivers/net/ixgbe/ixgbe_main.c @@ -3132,6 +3132,9 @@ static void ixgbe_configure_virtualization(struct ixgbe_adapter *adapter) /* enable Tx loopback for VF/PF communication */ IXGBE_WRITE_REG(hw, IXGBE_PFDTXGSWC, IXGBE_PFDTXGSWC_VT_LBEN); + /* Enable MAC Anti-Spoofing */ + hw->mac.ops.set_mac_anti_spoofing(hw, (adapter->num_vfs != 0), + adapter->num_vfs); } static void ixgbe_set_rx_buffer_len(struct ixgbe_adapter *adapter) @@ -5960,6 +5963,26 @@ static void ixgbe_fdir_reinit_task(struct work_struct *work) netif_tx_start_all_queues(adapter->netdev); } +static void ixgbe_spoof_check(struct ixgbe_adapter *adapter) +{ + u32 ssvpc; + + /* Do not perform spoof check for 82598 */ + if (adapter->hw.mac.type == ixgbe_mac_82598EB) + return; + + ssvpc = IXGBE_READ_REG(&adapter->hw, IXGBE_SSVPC); + + /* + * ssvpc register is cleared on read, if zero then no + * spoofed packets in the last interval. + */ + if (!ssvpc) + return; + + e_warn(drv, "%d Spoofed packets detected\n", ssvpc); +} + static DEFINE_MUTEX(ixgbe_watchdog_lock); /** @@ -6080,6 +6103,7 @@ static void ixgbe_watchdog_task(struct work_struct *work) } } + ixgbe_spoof_check(adapter); ixgbe_update_stats(adapter); mutex_unlock(&ixgbe_watchdog_lock); } |