| blob | eb46174b6c5a6188286bbe5c82a29b99cbd034b5 |
1 /**
2 * @file IxEthDBFirewall.c
3 *
4 * @brief Implementation of the firewall API
5 *
6 * @par
7 * IXP400 SW Release version 2.0
8 *
9 * -- Copyright Notice --
10 *
11 * @par
12 * Copyright 2001-2005, Intel Corporation.
13 * All rights reserved.
14 *
15 * @par
16 * Redistribution and use in source and binary forms, with or without
17 * modification, are permitted provided that the following conditions
18 * are met:
19 * 1. Redistributions of source code must retain the above copyright
20 * notice, this list of conditions and the following disclaimer.
21 * 2. Redistributions in binary form must reproduce the above copyright
22 * notice, this list of conditions and the following disclaimer in the
23 * documentation and/or other materials provided with the distribution.
24 * 3. Neither the name of the Intel Corporation nor the names of its contributors
25 * may be used to endorse or promote products derived from this software
26 * without specific prior written permission.
27 *
28 * @par
29 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS''
30 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
31 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
32 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
33 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
34 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
35 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
36 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
37 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
38 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 * SUCH DAMAGE.
40 *
41 * @par
42 * -- End of Copyright Notice --
43 */
48 /**
49 * @brief updates the NPE firewall operating mode and
50 * firewall address table
51 *
52 * @param portID ID of the port
53 * @param epDelta initial entry point for binary searches (NPE optimization)
54 * @param address address of the firewall MAC address table
55 *
56 * This function will send a message to the NPE configuring the
57 * firewall mode (white list or black list), invalid source
58 * address filtering and downloading a new MAC address database
59 * to be used for firewall matching.
60 *
61 * @return IX_ETH_DB_SUCCESS if the operation completed
62 * successfully or IX_ETH_DB_FAIL otherwise
63 *
64 * @internal
65 */
66 IX_ETH_DB_PUBLIC
68 {
69 IxNpeMhMessage message;
70 IX_STATUS result;
75 mode = (portInfo->srcAddressFilterEnabled != FALSE) << 1 | (portInfo->firewallMode == IX_ETH_DB_FIREWALL_WHITE_LIST);
79 epDelta,
80 mode,
86 }
88 /**
89 * @brief configures the firewall white list/black list
90 * access mode
91 *
92 * @param portID ID of the port
93 * @param mode firewall filtering mode (IX_ETH_DB_FIREWALL_WHITE_LIST
94 * or IX_ETH_DB_FIREWALL_BLACK_LIST)
95 *
96 * Note that this function is documented in the main component
97 * header file, IxEthDB.h.
98 *
99 * @return IX_ETH_DB_SUCCESS if the operation completed
100 * successfully or an appropriate error message otherwise
101 */
102 IX_ETH_DB_PUBLIC
104 {
113 {
115 }
120 }
122 /**
123 * @brief enables or disables the invalid source MAC address filter
124 *
125 * @param portID ID of the port
126 * @param enable TRUE to enable invalid source MAC address filtering
127 * or FALSE to disable it
128 *
129 * The invalid source MAC address filter will discard, when enabled,
130 * frames whose source MAC address is a multicast or the broadcast MAC
131 * address.
132 *
133 * Note that this function is documented in the main component
134 * header file, IxEthDB.h.
135 *
136 * @return IX_ETH_DB_SUCCESS if the operation completed
137 * successfully or an appropriate error message otherwise
138 */
139 IX_ETH_DB_PUBLIC
141 {
151 }
153 /**
154 * @brief adds a firewall record
155 *
156 * @param portID ID of the port
157 * @param macAddr MAC address of the new record
158 *
159 * This function will add a new firewall record
160 * on the specified port, using the specified
161 * MAC address. If the record already exists this
162 * function will silently return IX_ETH_DB_SUCCESS,
163 * although no duplicate records are added.
164 *
165 * Note that this function is documented in the main
166 * component header file, IxEthDB.h.
167 *
168 * @return IX_ETH_DB_SUCCESS if the operation completed
169 * successfully or an appropriate error message otherwise
170 */
171 IX_ETH_DB_PUBLIC
173 {
174 MacDescriptor recordTemplate;
190 }
192 /**
193 * @brief removes a firewall record
194 *
195 * @param portID ID of the port
196 * @param macAddr MAC address of the record to remove
197 *
198 * This function will attempt to remove a firewall
199 * record from the given port, using the specified
200 * MAC address.
201 *
202 * Note that this function is documented in the main
203 * component header file, IxEthDB.h.
204 *
205 * @return IX_ETH_DB_SUCCESS if the operation completed
206 * successfully of an appropriate error message otherwise
207 */
208 IX_ETH_DB_PUBLIC
210 {
211 MacDescriptor recordTemplate;
227 }
229 /**
230 * @brief downloads the firewall address table to an NPE
231 *
232 * @param portID ID of the port
233 *
234 * This function will download the firewall address table to
235 * an NPE port.
236 *
237 * Note that this function is documented in the main
238 * component header file, IxEthDB.h.
239 *
240 * @return IX_ETH_DB_SUCCESS if the operation completed
241 * successfully or IX_ETH_DB_FAIL otherwise
242 */
243 IX_ETH_DB_PUBLIC
245 {
246 IxEthDBPortMap query;
247 IxEthDBStatus result;
259 ixEthDBPortInfo[portID].updateMethod.searchTree = ixEthDBQuery(NULL, query, IX_ETH_DB_FIREWALL_RECORD, MAX_FW_SIZE);
266 }