projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 761e205) | patch
net/mlx5: E-Switch, Introduce VST vport ingress/egress ACLs
authorMohamad Haj Yahia <mohamad@mellanox.com>
Tue, 3 May 2016 14:13:57 +0000 (17:13 +0300)
committerDavid S. Miller <davem@davemloft.net>
Wed, 4 May 2016 18:04:47 +0000 (14:04 -0400)
commit5742df0f7dbe54728145bf1136540c09c7fcb0d1
treee84e59b2021231a73122c58c5f0a4728799d0dcftree | snapshot (tar.gz zip)
parent761e205b559be52852d85e0db4a034c9f57965f9commit | diff
net/mlx5: E-Switch, Introduce VST vport ingress/egress ACLs

Create egress/ingress ACLs per VF vport at vport enable.

Ingress ACL:
- one flow group to drop all tagged traffic in VST mode.

Egress ACL:
- one flow group that allows only untagged traffic with
          smac that is equals to the original mac (anti-spoofing).
        - one flow group that allows only untagged traffic.
        - one flow group that allows only  smac that is equals
          to the original mac (anti-spoofing).
        (note: only one of the above group has active rule)
- star rule will be used to drop all other traffic.

By default no rules are generated, unless VST is explicitly requested.

Signed-off-by: Mohamad Haj Yahia <mohamad@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/ethernet/mellanox/mlx5/core/eswitch.c diff | blob | blame | history
drivers/net/ethernet/mellanox/mlx5/core/eswitch.h diff | blob | blame | history