Add support for hardware filters to cxgb(4). The T3 chip can inspect

L2/3/4 headers and can drop or steer packets as instructed.  Filtering
based on src ip, dst ip, src port, dst port, 802.1q, udp/tcp, and mac
addr is possible.  Add support in cxgbtool to program these filters.
Some simple examples:

Drop all tcp/80 traffic coming from the subnet specified.
# cxgbtool cxgb2 filter 0 sip 192.168.1.0/24 dport 80 type tcp action drop

Steer all incoming UDP traffic to qset 0.
# cxgbtool cxgb2 filter 1 type udp queue 0 action pass

Steer all tcp traffic from 192.168.1.1 to qset 1.
# cxgbtool cxgb2 filter 2 sip 192.168.1.1 type tcp queue 1 action pass

Drop fragments.
# cxgbtool cxgb2 filter 3 type frag action drop

List all filters.
# cxgbtool cxgb2 filter list
index         SIP                DIP     sport dport VLAN PRI P/MAC type Q
    0     192.168.1.0/24         0.0.0.0     *    80    0 0/1 */*    tcp -
    1         0.0.0.0/0          0.0.0.0     *     *    0 0/1 */*    udp 0
    2     192.168.1.1/32         0.0.0.0     *     *    0 0/1 */*    tcp 1
    3         0.0.0.0/0          0.0.0.0     *     *    0 0/1 */*   frag -
16367         0.0.0.0/0          0.0.0.0     *     *    0 0/1 */*      * *

MFC after:	2 weeks

1 files changed, 29 insertions, 0 deletions

diff --git a/sys/dev/cxgb/cxgb_ioctl.h b/sys/dev/cxgb/cxgb_ioctl.h
index e4b4875..3f3ac5a 100644
--- a/sys/dev/cxgb/cxgb_ioctl.h
+++ b/sys/dev/cxgb/cxgb_ioctl.h
@@ -59,6 +59,9 @@ enum {
 	CH_CLEAR_STATS,
 	CH_GET_UP_LA,
 	CH_GET_UP_IOQS,
+	CH_SET_FILTER,
+	CH_DEL_FILTER,
+	CH_GET_FILTER,
 };
 
 /* statistics categories */
@@ -215,6 +218,29 @@ struct ch_up_ioqs {
 	struct t3_ioq_entry *data;
 };
 
+struct ch_filter_tuple {
+	uint32_t sip;
+	uint32_t dip;
+	uint16_t sport;
+	uint16_t dport;
+	uint16_t vlan:12;
+	uint16_t vlan_prio:3;
+};
+
+struct ch_filter {
+	uint32_t filter_id;
+	struct ch_filter_tuple val;
+	struct ch_filter_tuple mask;
+	uint16_t mac_addr_idx;
+	uint8_t mac_hit:1;
+	uint8_t proto:2;
+
+	uint8_t want_filter_id:1;
+	uint8_t pass:1;
+	uint8_t rss:1;
+	uint8_t qset;
+};
+
 #define CHELSIO_SETREG		_IOW('f', CH_SETREG, struct ch_reg)
 #define CHELSIO_GETREG		_IOWR('f', CH_GETREG, struct ch_reg)
 #define CHELSIO_GETMTUTAB	_IOR('f', CH_GETMTUTAB, struct ch_mtus)
@@ -239,4 +265,7 @@ struct ch_up_ioqs {
 #define CHELSIO_GET_EEPROM	_IOWR('f', CH_GET_EEPROM, struct ch_eeprom)
 #define CHELSIO_GET_UP_LA	_IOWR('f', CH_GET_UP_LA, struct ch_up_la)
 #define CHELSIO_GET_UP_IOQS	_IOWR('f', CH_GET_UP_IOQS, struct ch_up_ioqs)
+#define CHELSIO_SET_FILTER	_IOW('f', CH_SET_FILTER, struct ch_filter)
+#define CHELSIO_DEL_FILTER	_IOW('f', CH_DEL_FILTER, struct ch_filter)
+#define CHELSIO_GET_FILTER	_IOWR('f', CH_GET_FILTER, struct ch_filter)
 #endif