net/mlx5: E-Switch, Vport ingress/egress ACLs rules for spoofchk
Configure ingress and egress vport ACL rules according to spoofchk admin parameters. Ingress ACL flow table rules: if (!spoofchk && !vst) allow all traffic. else : 1) one of the following rules : * if (spoofchk && vst) allow only untagged traffic with smac=original mac sent from the VF. * if (spoofchk && !vst) allow only traffic with smac=original mac sent from the VF. * if (!spoofchk && vst) allow only untagged traffic. 2) drop all traffic that didn't hit #1. Add support for set vf spoofchk ndo. Add non zero mac validation in case of spoofchk to set mac ndo: when setting new mac we need to validate that the new mac is not zero while the spoofchk is on because it is illegal combination. Signed-off-by: Mohamad Haj Yahia <mohamad@mellanox.com> Signed-off-by: Saeed Mahameed <saeedm@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Showing
Please register or sign in to comment