1/* 2 * Copyright (c) 2014, The Linux Foundation. All rights reserved. 3 * Permission to use, copy, modify, and/or distribute this software for 4 * any purpose with or without fee is hereby granted, provided that the 5 * above copyright notice and this permission notice appear in all copies. 6 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 7 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 8 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 9 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 10 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 11 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT 12 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 13 */ 14 15 16/** 17 * @defgroup fal_acl FAL_ACL 18 * @{ 19 */ 20#ifndef _FAL_ACL_H_ 21#define _FAL_ACL_H_ 22 23#ifdef __cplusplus 24extern "C" { 25#endif /* __cplusplus */ 26 27#include "common/sw.h" 28#include "fal/fal_type.h" 29 30 31 /** 32 @brief This enum defines the ACL rule type. 33 */ 34 typedef enum { 35 FAL_ACL_RULE_MAC = 0, /**< include MAC, udf fields*/ 36 FAL_ACL_RULE_IP4, /**< include MAC, IP4 and Tcp/Udp udf fields*/ 37 FAL_ACL_RULE_IP6, /**< include MAC, IP6 and Tcp/Udp udf fields*/ 38 FAL_ACL_RULE_UDF, /**< only include user defined fields*/ 39 FAL_ACL_RULE_BUTT, 40 } 41 fal_acl_rule_type_t; 42 43 44 /** 45 @brief This enum defines the ACL field operation type. 46 */ 47 typedef enum 48 { 49 FAL_ACL_FIELD_MASK = 0, /**< match operation is mask*/ 50 FAL_ACL_FIELD_RANGE, /**< match operation is range*/ 51 FAL_ACL_FIELD_LE, /**< match operation is less and equal*/ 52 FAL_ACL_FIELD_GE, /**< match operation is great and equal*/ 53 FAL_ACL_FIELD_NE, /**<- match operation is not equal*/ 54 FAL_ACL_FIELD_OP_BUTT, 55 } fal_acl_field_op_t; 56 57 58 typedef enum 59 { 60 FAL_ACL_POLICY_ROUTE = 0, 61 FAL_ACL_POLICY_SNAT, 62 FAL_ACL_POLICY_DNAT, 63 FAL_ACL_POLICY_RESERVE, 64 } fal_policy_forward_t; 65 66 typedef enum 67 { 68 FAL_ACL_COMBINED_NONE = 0, 69 FAL_ACL_COMBINED_START, 70 FAL_ACL_COMBINED_CONTINUE, 71 FAL_ACL_COMBINED_END, 72 } fal_combined_t; 73 74 /** 75 @brief This enum defines the ACL field operation type. 76 */ 77 typedef enum 78 { 79 FAL_ACL_UDF_TYPE_L2 = 0, /**< */ 80 FAL_ACL_UDF_TYPE_L3, /**< */ 81 FAL_ACL_UDF_TYPE_L4, /**< */ 82 FAL_ACL_UDF_TYPE_L2_SNAP, /**< */ 83 FAL_ACL_UDF_TYPE_L3_PLUS, /**< */ 84 FAL_ACL_UDF_TYPE_BUTT, 85 } fal_acl_udf_type_t; 86 87#define FAL_ACL_FIELD_MAC_DA 0 88#define FAL_ACL_FIELD_MAC_SA 1 89#define FAL_ACL_FIELD_MAC_ETHTYPE 2 90#define FAL_ACL_FIELD_MAC_TAGGED 3 91#define FAL_ACL_FIELD_MAC_UP 4 92#define FAL_ACL_FIELD_MAC_VID 5 93#define FAL_ACL_FIELD_IP4_SIP 6 94#define FAL_ACL_FIELD_IP4_DIP 7 95#define FAL_ACL_FIELD_IP6_LABEL 8 96#define FAL_ACL_FIELD_IP6_SIP 9 97#define FAL_ACL_FIELD_IP6_DIP 10 98#define FAL_ACL_FIELD_IP_PROTO 11 99#define FAL_ACL_FIELD_IP_DSCP 12 100#define FAL_ACL_FIELD_L4_SPORT 13 101#define FAL_ACL_FIELD_L4_DPORT 14 102#define FAL_ACL_FIELD_UDF 15 103#define FAL_ACL_FIELD_MAC_CFI 16 104#define FAL_ACL_FIELD_ICMP_TYPE 17 105#define FAL_ACL_FIELD_ICMP_CODE 18 106#define FAL_ACL_FIELD_TCP_FLAG 19 107#define FAL_ACL_FIELD_RIPV1 20 108#define FAL_ACL_FIELD_DHCPV4 21 109#define FAL_ACL_FIELD_DHCPV6 22 110#define FAL_ACL_FIELD_MAC_STAG_VID 23 111#define FAL_ACL_FIELD_MAC_STAG_PRI 24 112#define FAL_ACL_FIELD_MAC_STAG_DEI 25 113#define FAL_ACL_FIELD_MAC_STAGGED 26 114#define FAL_ACL_FIELD_MAC_CTAG_VID 27 115#define FAL_ACL_FIELD_MAC_CTAG_PRI 28 116#define FAL_ACL_FIELD_MAC_CTAG_CFI 29 117#define FAL_ACL_FIELD_MAC_CTAGGED 30 118#define FAL_ACL_FIELD_INVERSE_ALL 31 119 120 121#define FAL_ACL_ACTION_PERMIT 0 122#define FAL_ACL_ACTION_DENY 1 123#define FAL_ACL_ACTION_REDPT 2 124#define FAL_ACL_ACTION_RDTCPU 3 125#define FAL_ACL_ACTION_CPYCPU 4 126#define FAL_ACL_ACTION_MIRROR 5 127#define FAL_ACL_ACTION_MODIFY_VLAN 6 128#define FAL_ACL_ACTION_NEST_VLAN 7 129#define FAL_ACL_ACTION_REMARK_UP 8 130#define FAL_ACL_ACTION_REMARK_QUEUE 9 131#define FAL_ACL_ACTION_REMARK_STAG_VID 10 132#define FAL_ACL_ACTION_REMARK_STAG_PRI 11 133#define FAL_ACL_ACTION_REMARK_STAG_DEI 12 134#define FAL_ACL_ACTION_REMARK_CTAG_VID 13 135#define FAL_ACL_ACTION_REMARK_CTAG_PRI 14 136#define FAL_ACL_ACTION_REMARK_CTAG_CFI 15 137#define FAL_ACL_ACTION_REMARK_LOOKUP_VID 16 138#define FAL_ACL_ACTION_REMARK_DSCP 17 139#define FAL_ACL_ACTION_POLICER_EN 18 140#define FAL_ACL_ACTION_WCMP_EN 19 141#define FAL_ACL_ACTION_ARP_EN 20 142#define FAL_ACL_ACTION_POLICY_FORWARD_EN 21 143#define FAL_ACL_ACTION_BYPASS_EGRESS_TRANS 22 144#define FAL_ACL_ACTION_MATCH_TRIGGER_INTR 23 145 146 147 148 /** 149 * @brief This type defines the action in Acl rule. 150 * @details Comments: 151 * It's a bit map type, we can access it through macro FAL_ACTION_FLG_SET, 152 * FAL_ACTION_FLG_CLR and FAL_ACTION_FLG_TST. 153 */ 154 typedef a_uint32_t fal_acl_action_map_t; 155 156#define FAL_ACTION_FLG_SET(flag, action) \ 157 (flag) |= (0x1UL << (action)) 158 159#define FAL_ACTION_FLG_CLR(flag, action) \ 160 (flag) &= (~(0x1UL << (action))) 161 162#define FAL_ACTION_FLG_TST(flag, action) \ 163 ((flag) & (0x1UL << (action))) ? 1 : 0 164 165 166 /** 167 * @brief This type defines the field in Acl rule. 168 * @details Comments: 169 * It's a bit map type, we can access it through macro FAL_FIELD_FLG_SET, 170 * FAL_FIELD_FLG_CLR and FAL_FIELD_FLG_TST. 171 */ 172 typedef a_uint32_t fal_acl_field_map_t[2]; 173 174#define FAL_FIELD_FLG_SET(flag, field) \ 175 (flag[(field) / 32]) |= (0x1UL << ((field) % 32)) 176 177#define FAL_FIELD_FLG_CLR(flag, field) \ 178 (flag[(field) / 32]) &= (~(0x1UL << ((field) % 32))) 179 180#define FAL_FIELD_FLG_TST(flag, field) \ 181 ((flag[(field) / 32]) & (0x1UL << ((field) % 32))) ? 1 : 0 182 183#define FAL_ACL_UDF_MAX_LENGTH 16 184 185 /** 186 * @brief This structure defines the Acl rule. 187 * @details Fields description: 188 * 189 * 190 * vid_val - If vid_op equals FAL_ACL_FIELD_MASK it's vlan id field value. 191 * If vid_op equals FAL_ACL_FIELD_RANGE it's vlan id field low value. If 192 * vid_op equals other value it's the compared value. 193 * 194 * vid_mask - If vid_op equals FAL_ACL_FIELD_MASK it's vlan id field mask. 195 * If vid_op equals FAL_ACL_FIELD_RANGE it's vlan id field high value. If vid_op 196 * equals other value it's meaningless. 197 * 198 * 199 * ip_dscp_val - It's eight bits field we can set any value between 0 - 255. 200 * ip_dscp_mask - It's eight bits field we can set any value between 0 - 255. 201 * 202 * 203 * src_l4port_val - If src_l4port_op equals FAL_ACL_FIELD_MASK it's layer four 204 * source port field value. If src_l4port_op equals FAL_ACL_FIELD_RANGE it's 205 * layer four source port field low value. If src_l4port_op equals other value 206 * it's the compared value. 207 * 208 * 209 * src_l4port_mask - If src_l4port_op equals FAL_ACL_FIELD_MASK it's layer four 210 * source port field mask. If src_l4port_op equals FAL_ACL_FIELD_RANGE it's 211 * layer four source port field high value. If src_l4port_op equals other value 212 * it's meaningless. 213 * 214 * 215 * dest_l4port_val - If dest_l4port_op equals FAL_ACL_FIELD_MASK it's layer four 216 * destination port field value. If dest_l4port_op equals FAL_ACL_FIELD_RANGE it's 217 * layer four source port field low value. If dest_l4port_op equals other value 218 * it's the compared value. 219 * 220 * 221 * dest_l4port_mask - If dest_l4port_op equals FAL_ACL_FIELD_MASK it's layer four 222 * source port field mask. If dest_l4port_op equals FAL_ACL_FIELD_RANGE it's 223 * layer four source port field high value. If dest_l4port_op equals other value 224 * it's meaningless. 225 * 226 * 227 * ports - If FAL_ACL_ACTION_REDPT bit is setted in action_flg it's redirect 228 * destination ports. 229 * 230 * 231 * dot1p - If FAL_ACL_ACTION_REMARK_DOT1P bit is setted in action_flg it's 232 * the expected dot1p value. 233 * 234 * 235 * queue - If FAL_ACL_ACTION_REMARK_QUEUE bit is setted in action_flg it's 236 * the expected queue value. 237 * 238 * 239 * vid - If FAL_ACL_ACTION_MODIFY_VLAN or FAL_ACL_ACTION_NEST_VLAN bit is 240 * setted in action_flg it's the expected vlan id value. 241 */ 242 typedef struct 243 { 244 fal_acl_rule_type_t rule_type; 245 fal_acl_field_map_t field_flg; 246 247 /* fields of mac rule */ 248 fal_mac_addr_t src_mac_val; 249 fal_mac_addr_t src_mac_mask; 250 fal_mac_addr_t dest_mac_val; 251 fal_mac_addr_t dest_mac_mask; 252 a_uint16_t ethtype_val; 253 a_uint16_t ethtype_mask; 254 a_uint16_t vid_val; 255 a_uint16_t vid_mask; 256 fal_acl_field_op_t vid_op; 257 a_uint8_t tagged_val; 258 a_uint8_t tagged_mask; 259 a_uint8_t up_val; 260 a_uint8_t up_mask; 261 a_uint8_t cfi_val; 262 a_uint8_t cfi_mask; 263 a_uint16_t resv0; 264 265 /* fields of enhanced mac rule*/ 266 a_uint8_t stagged_val; 267 a_uint8_t stagged_mask; 268 a_uint8_t ctagged_val; 269 a_uint8_t ctagged_mask; 270 a_uint16_t stag_vid_val; 271 a_uint16_t stag_vid_mask; 272 fal_acl_field_op_t stag_vid_op; 273 a_uint16_t ctag_vid_val; 274 a_uint16_t ctag_vid_mask; 275 fal_acl_field_op_t ctag_vid_op; 276 a_uint8_t stag_pri_val; 277 a_uint8_t stag_pri_mask; 278 a_uint8_t ctag_pri_val; 279 a_uint8_t ctag_pri_mask; 280 a_uint8_t stag_dei_val; 281 a_uint8_t stag_dei_mask; 282 a_uint8_t ctag_cfi_val; 283 a_uint8_t ctag_cfi_mask; 284 285 286 /* fields of ip4 rule */ 287 fal_ip4_addr_t src_ip4_val; 288 fal_ip4_addr_t src_ip4_mask; 289 fal_ip4_addr_t dest_ip4_val; 290 fal_ip4_addr_t dest_ip4_mask; 291 292 /* fields of ip6 rule */ 293 a_uint32_t ip6_lable_val; 294 a_uint32_t ip6_lable_mask; 295 fal_ip6_addr_t src_ip6_val; 296 fal_ip6_addr_t src_ip6_mask; 297 fal_ip6_addr_t dest_ip6_val; 298 fal_ip6_addr_t dest_ip6_mask; 299 300 /* fields of ip rule */ 301 a_uint8_t ip_proto_val; 302 a_uint8_t ip_proto_mask; 303 a_uint8_t ip_dscp_val; 304 a_uint8_t ip_dscp_mask; 305 306 /* fields of layer four */ 307 a_uint16_t src_l4port_val; 308 a_uint16_t src_l4port_mask; 309 fal_acl_field_op_t src_l4port_op; 310 a_uint16_t dest_l4port_val; 311 a_uint16_t dest_l4port_mask; 312 fal_acl_field_op_t dest_l4port_op; 313 a_uint8_t icmp_type_val; 314 a_uint8_t icmp_type_mask; 315 a_uint8_t icmp_code_val; 316 a_uint8_t icmp_code_mask; 317 a_uint8_t tcp_flag_val; 318 a_uint8_t tcp_flag_mask; 319 a_uint8_t ripv1_val; 320 a_uint8_t ripv1_mask; 321 a_uint8_t dhcpv4_val; 322 a_uint8_t dhcpv4_mask; 323 a_uint8_t dhcpv6_val; 324 a_uint8_t dhcpv6_mask; 325 326 /* user defined fields */ 327 fal_acl_udf_type_t udf_type; 328 a_uint8_t udf_offset; 329 a_uint8_t udf_len; 330 a_uint8_t udf_val[FAL_ACL_UDF_MAX_LENGTH]; 331 a_uint8_t udf_mask[FAL_ACL_UDF_MAX_LENGTH]; 332 333 /* fields of action */ 334 fal_acl_action_map_t action_flg; 335 fal_pbmp_t ports; 336 a_uint32_t match_cnt; 337 a_uint16_t vid; 338 a_uint8_t up; 339 a_uint8_t queue; 340 a_uint16_t stag_vid; 341 a_uint8_t stag_pri; 342 a_uint8_t stag_dei; 343 a_uint16_t ctag_vid; 344 a_uint8_t ctag_pri; 345 a_uint8_t ctag_cfi; 346 a_uint16_t policer_ptr; 347 a_uint16_t arp_ptr; 348 a_uint16_t wcmp_ptr; 349 a_uint8_t dscp; 350 a_uint8_t rsv; 351 fal_policy_forward_t policy_fwd; 352 fal_combined_t combined; 353 } fal_acl_rule_t; 354 355 356 /** 357 @brief This enum defines the ACL will work on which derection traffic. 358 */ 359 typedef enum 360 { 361 FAL_ACL_DIREC_IN = 0, /**< Acl will work on ingressive traffic */ 362 FAL_ACL_DIREC_EG, /**< Acl will work on egressive traffic */ 363 FAL_ACL_DIREC_BOTH, /**< Acl will work on both ingressive and egressive traffic*/ 364 } fal_acl_direc_t; 365 366 367 /** 368 @brief This enum defines the ACL will work on which partiualr object. 369 */ 370 typedef enum 371 { 372 FAL_ACL_BIND_PORT = 0, /**< Acl wil work on particular port */ 373 } fal_acl_bind_obj_t; 374 375 376 sw_error_t 377 fal_acl_list_creat(a_uint32_t dev_id, a_uint32_t list_id, a_uint32_t list_pri); 378 379 380 sw_error_t 381 fal_acl_list_destroy(a_uint32_t dev_id, a_uint32_t list_id); 382 383 384 385 sw_error_t 386 fal_acl_rule_add(a_uint32_t dev_id, a_uint32_t list_id, a_uint32_t rule_id, 387 a_uint32_t rule_nr, fal_acl_rule_t * rule); 388 389 390 sw_error_t 391 fal_acl_rule_delete(a_uint32_t dev_id, a_uint32_t list_id, a_uint32_t rule_id, 392 a_uint32_t rule_nr); 393 394 395 sw_error_t 396 fal_acl_rule_query(a_uint32_t dev_id, a_uint32_t list_id, a_uint32_t rule_id, 397 fal_acl_rule_t * rule); 398 399 400 401 sw_error_t 402 fal_acl_list_bind(a_uint32_t dev_id, a_uint32_t list_id, 403 fal_acl_direc_t direc, fal_acl_bind_obj_t obj_t, 404 a_uint32_t obj_idx); 405 406 407 sw_error_t 408 fal_acl_list_unbind(a_uint32_t dev_id, a_uint32_t list_id, 409 fal_acl_direc_t direc, fal_acl_bind_obj_t obj_t, 410 a_uint32_t obj_idx); 411 412 413 sw_error_t 414 fal_acl_status_set(a_uint32_t dev_id, a_bool_t enable); 415 416 417 sw_error_t 418 fal_acl_status_get(a_uint32_t dev_id, a_bool_t * enable); 419 420 421 sw_error_t 422 fal_acl_list_dump(a_uint32_t dev_id); 423 424 425 sw_error_t 426 fal_acl_rule_dump(a_uint32_t dev_id); 427 428 429 sw_error_t 430 fal_acl_port_udf_profile_set(a_uint32_t dev_id, fal_port_t port_id, 431 fal_acl_udf_type_t udf_type, 432 a_uint32_t offset, a_uint32_t length); 433 434 sw_error_t 435 fal_acl_port_udf_profile_get(a_uint32_t dev_id, fal_port_t port_id, 436 fal_acl_udf_type_t udf_type, 437 a_uint32_t * offset, a_uint32_t * length); 438 439 sw_error_t 440 fal_acl_rule_active(a_uint32_t dev_id, a_uint32_t list_id, 441 a_uint32_t rule_id, a_uint32_t rule_nr); 442 443 sw_error_t 444 fal_acl_rule_deactive(a_uint32_t dev_id, a_uint32_t list_id, 445 a_uint32_t rule_id, a_uint32_t rule_nr); 446 447 sw_error_t 448 fal_acl_rule_src_filter_sts_set(a_uint32_t dev_id, 449 a_uint32_t rule_id, a_bool_t enable); 450 451 sw_error_t 452 fal_acl_rule_src_filter_sts_get(a_uint32_t dev_id, 453 a_uint32_t rule_id, a_bool_t* enable); 454 455 456#ifdef __cplusplus 457} 458#endif /* __cplusplus */ 459#endif /* _FAL_ACL_H_ */ 460/** 461 * @} 462 */ 463