summaryrefslogtreecommitdiffstats
path: root/drivers/scsi
diff options
context:
space:
mode:
authorVasu Dev <vasu.dev@intel.com>2010-07-20 15:19:32 -0700
committerJames Bottomley <James.Bottomley@suse.de>2010-07-28 09:05:47 -0500
commit519e5135e2537c9dbc1cbcc0891b0a936ff5dcd2 (patch)
treef4b139d0e9288d65a33a43b54e74ef2a6e959d82 /drivers/scsi
parent9d4cbc05f32fc0a1024de2a9d5635bc9d180e4ae (diff)
downloadlinux-stable-519e5135e2537c9dbc1cbcc0891b0a936ff5dcd2.tar.gz
linux-stable-519e5135e2537c9dbc1cbcc0891b0a936ff5dcd2.tar.bz2
linux-stable-519e5135e2537c9dbc1cbcc0891b0a936ff5dcd2.zip
[SCSI] fcoe: adds src and dest mac address checking for fcoe frames
This is per FC-BB-5 Annex-D recommendation and per that if address checking fails then drop the frame. FIP code paths are already doing this so only needed for fcoe frames. The src address checking is limited to only fip mode since this might break non-fip mode used in p2p due to used OUI based addressing in some p2p code paths, going forward FIP will be the only mode, therefore limited this to only FIP mode so that it won't break non-fip p2p mode for now. -v2 Removes FCOE packet type checking since fcoe_rcv is registered to receive only FCoE type packets from netdev and it is already checked by netdev. Signed-off-by: Vasu Dev <vasu.dev@intel.com> Signed-off-by: Robert Love <robert.w.love@intel.com> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Diffstat (limited to 'drivers/scsi')
-rw-r--r--drivers/scsi/fcoe/fcoe.c20
1 files changed, 17 insertions, 3 deletions
diff --git a/drivers/scsi/fcoe/fcoe.c b/drivers/scsi/fcoe/fcoe.c
index d340cf2d857a..a120962b25b8 100644
--- a/drivers/scsi/fcoe/fcoe.c
+++ b/drivers/scsi/fcoe/fcoe.c
@@ -1210,6 +1210,8 @@ int fcoe_rcv(struct sk_buff *skb, struct net_device *netdev,
struct fcoe_interface *fcoe;
struct fc_frame_header *fh;
struct fcoe_percpu_s *fps;
+ struct fcoe_port *port;
+ struct ethhdr *eh;
unsigned int cpu;
fcoe = container_of(ptype, struct fcoe_interface, fcoe_packet_type);
@@ -1227,9 +1229,21 @@ int fcoe_rcv(struct sk_buff *skb, struct net_device *netdev,
skb_tail_pointer(skb), skb_end_pointer(skb),
skb->csum, skb->dev ? skb->dev->name : "<NULL>");
- /* check for FCOE packet type */
- if (unlikely(eth_hdr(skb)->h_proto != htons(ETH_P_FCOE))) {
- FCOE_NETDEV_DBG(netdev, "Wrong FC type frame");
+ /* check for mac addresses */
+ eh = eth_hdr(skb);
+ port = lport_priv(lport);
+ if (compare_ether_addr(eh->h_dest, port->data_src_addr) &&
+ compare_ether_addr(eh->h_dest, fcoe->ctlr.ctl_src_addr) &&
+ compare_ether_addr(eh->h_dest, (u8[6])FC_FCOE_FLOGI_MAC)) {
+ FCOE_NETDEV_DBG(netdev, "wrong destination mac address:%pM\n",
+ eh->h_dest);
+ goto err;
+ }
+
+ if (is_fip_mode(&fcoe->ctlr) &&
+ compare_ether_addr(eh->h_source, fcoe->ctlr.dest_addr)) {
+ FCOE_NETDEV_DBG(netdev, "wrong source mac address:%pM\n",
+ eh->h_source);
goto err;
}