blob: e9c9f9cf84c7c780a0ec99b7e4cdec055c565e64 [file] [log] [blame]
/*
* Copyright (c) 2014, 2016-2018, The Linux Foundation. All rights reserved.
* Permission to use, copy, modify, and/or distribute this software for
* any purpose with or without fee is hereby granted, provided that the
* above copyright notice and this permission notice appear in all copies.
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/**
* @defgroup fal_acl FAL_ACL
* @{
*/
#ifndef _FAL_ACL_H_
#define _FAL_ACL_H_
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
#include "sw.h"
#include "fal/fal_type.h"
/**
@brief This enum defines the ACL rule type.
*/
typedef enum {
FAL_ACL_RULE_MAC = 0, /**< include MAC, udf fields*/
FAL_ACL_RULE_IP4, /**< include MAC, IP4 and Tcp/Udp udf fields*/
FAL_ACL_RULE_IP6, /**< include MAC, IP6 and Tcp/Udp udf fields*/
FAL_ACL_RULE_UDF, /**< only include user defined fields*/
FAL_ACL_RULE_BUTT,
}
fal_acl_rule_type_t;
/**
@brief This enum defines the ACL field operation type.
*/
typedef enum
{
FAL_ACL_FIELD_MASK = 0, /**< match operation is mask*/
FAL_ACL_FIELD_RANGE, /**< match operation is range*/
FAL_ACL_FIELD_LE, /**< match operation is less than equal*/
FAL_ACL_FIELD_GE, /**< match operation is greater than equal*/
FAL_ACL_FIELD_NE, /**<- match operation is not equal*/
FAL_ACL_FIELD_OP_BUTT,
} fal_acl_field_op_t;
typedef enum
{
FAL_ACL_POLICY_ROUTE = 0,
FAL_ACL_POLICY_SNAT,
FAL_ACL_POLICY_DNAT,
FAL_ACL_POLICY_RESERVE,
} fal_policy_forward_t;
typedef enum
{
FAL_ACL_COMBINED_NONE = 0,
FAL_ACL_COMBINED_START,
FAL_ACL_COMBINED_CONTINUE,
FAL_ACL_COMBINED_END,
} fal_combined_t;
/**
@brief This enum defines the ACL field operation type.
*/
typedef enum
{
FAL_ACL_UDF_TYPE_L2 = 0, /*start from L2 */
FAL_ACL_UDF_TYPE_L3, /*start from L3 */
FAL_ACL_UDF_TYPE_L4, /*start from L4 */
FAL_ACL_UDF_TYPE_L2_SNAP, /*start from SNAP L2 */
FAL_ACL_UDF_TYPE_L3_PLUS, /*start from SNAP L3 */
FAL_ACL_UDF_TYPE_BUTT,
} fal_acl_udf_type_t;
/**
@brief This enum defines the ACL rule type.
*/
typedef enum {
FAL_ACL_UDF_NON_IP = 0, /*UDF for non-ip packets*/
FAL_ACL_UDF_IP4, /*UDF for IPv4 packets*/
FAL_ACL_UDF_IP6, /*UDF for IPv6 packets*/
FAL_ACL_UDF_BUTT,
}fal_acl_udf_pkt_type_t;
typedef enum {
FAL_ACL_DEST_PORT_BMP = 0, /*dest info is bitmap*/
FAL_ACL_DEST_NEXTHOP, /*dest info is nexthop*/
FAL_ACL_DEST_PORT_ID, /*dest info is port id*/
}fal_acl_dest_type_t;
#define FAL_ACL_DEST_OFFSET(type,value) (((type)<<24)|(value))
#define FAL_ACL_DEST_TYPE(dest) (((dest)>>24)&0xff)
#define FAL_ACL_DEST_VALUE(dest) ((dest)&0xffffff)
#define FAL_ACL_FIELD_MAC_DA 0
#define FAL_ACL_FIELD_MAC_SA 1
#define FAL_ACL_FIELD_MAC_ETHTYPE 2
#define FAL_ACL_FIELD_MAC_TAGGED 3
#define FAL_ACL_FIELD_MAC_UP 4
#define FAL_ACL_FIELD_MAC_VID 5
#define FAL_ACL_FIELD_IP4_SIP 6
#define FAL_ACL_FIELD_IP4_DIP 7
#define FAL_ACL_FIELD_IP6_LABEL 8
#define FAL_ACL_FIELD_IP6_SIP 9
#define FAL_ACL_FIELD_IP6_DIP 10
#define FAL_ACL_FIELD_IP_PROTO 11
#define FAL_ACL_FIELD_IP_DSCP 12
#define FAL_ACL_FIELD_L4_SPORT 13
#define FAL_ACL_FIELD_L4_DPORT 14
#define FAL_ACL_FIELD_UDF 15
#define FAL_ACL_FIELD_MAC_CFI 16
#define FAL_ACL_FIELD_ICMP_TYPE 17
#define FAL_ACL_FIELD_ICMP_CODE 18
#define FAL_ACL_FIELD_TCP_FLAG 19
#define FAL_ACL_FIELD_RIPV1 20
#define FAL_ACL_FIELD_DHCPV4 21
#define FAL_ACL_FIELD_DHCPV6 22
#define FAL_ACL_FIELD_MAC_STAG_VID 23
#define FAL_ACL_FIELD_MAC_STAG_PRI 24
#define FAL_ACL_FIELD_MAC_STAG_DEI 25
#define FAL_ACL_FIELD_MAC_STAGGED 26
#define FAL_ACL_FIELD_MAC_CTAG_VID 27
#define FAL_ACL_FIELD_MAC_CTAG_PRI 28
#define FAL_ACL_FIELD_MAC_CTAG_CFI 29
#define FAL_ACL_FIELD_MAC_CTAGGED 30
#define FAL_ACL_FIELD_INVERSE_ALL 31
/*new add for hawkeye*/
#define FAL_ACL_FIELD_POST_ROURING_EN 32
#define FAL_ACL_FIELD_RES_CHAIN 33
#define FAL_ACL_FIELD_FAKE_MAC_HEADER 34
#define FAL_ACL_FIELD_SNAP 35
#define FAL_ACL_FIELD_ETHERNET 36
#define FAL_ACL_FIELD_IPV6 37
#define FAL_ACL_FIELD_IP 38
#define FAL_ACL_FIELD_VSI 39
#define FAL_ACL_FIELD_PPPOE_SESSIONID 40
#define FAL_ACL_FIELD_L3_FRAGMENT 41
#define FAL_ACL_FIELD_AH_HEADER 42
#define FAL_ACL_FIELD_ESP_HEADER 43
#define FAL_ACL_FIELD_MOBILITY_HEADER 44
#define FAL_ACL_FIELD_FRAGMENT_HEADER 45
#define FAL_ACL_FIELD_OTHER_EXT_HEADER 46
#define FAL_ACL_FIELD_L3_TTL 47
#define FAL_ACL_FIELD_IPV4_OPTION 48
#define FAL_ACL_FIELD_FIRST_FRAGMENT 49
#define FAL_ACL_FIELD_L3_LENGTH 50
#define FAL_ACL_FIELD_VSI_VALID 51
#define FAL_ACL_FIELD_IP_PKT_TYPE 52
#define FAL_ACL_FIELD_UDF0 53
#define FAL_ACL_FIELD_UDF1 54
#define FAL_ACL_FIELD_UDF2 55
#define FAL_ACL_FIELD_UDF3 56
#define FAL_ACL_FIELD_NUM 57
#define FAL_ACL_ACTION_PERMIT 0
#define FAL_ACL_ACTION_DENY 1
#define FAL_ACL_ACTION_REDPT 2
#define FAL_ACL_ACTION_RDTCPU 3
#define FAL_ACL_ACTION_CPYCPU 4
#define FAL_ACL_ACTION_MIRROR 5
#define FAL_ACL_ACTION_MODIFY_VLAN 6
#define FAL_ACL_ACTION_NEST_VLAN 7
#define FAL_ACL_ACTION_REMARK_UP 8
#define FAL_ACL_ACTION_REMARK_QUEUE 9
#define FAL_ACL_ACTION_REMARK_STAG_VID 10
#define FAL_ACL_ACTION_REMARK_STAG_PRI 11
#define FAL_ACL_ACTION_REMARK_STAG_DEI 12
#define FAL_ACL_ACTION_REMARK_CTAG_VID 13
#define FAL_ACL_ACTION_REMARK_CTAG_PRI 14
#define FAL_ACL_ACTION_REMARK_CTAG_CFI 15
#define FAL_ACL_ACTION_REMARK_LOOKUP_VID 16
#define FAL_ACL_ACTION_REMARK_DSCP 17
#define FAL_ACL_ACTION_POLICER_EN 18
#define FAL_ACL_ACTION_WCMP_EN 19
#define FAL_ACL_ACTION_ARP_EN 20
#define FAL_ACL_ACTION_POLICY_FORWARD_EN 21
#define FAL_ACL_ACTION_BYPASS_EGRESS_TRANS 22
#define FAL_ACL_ACTION_MATCH_TRIGGER_INTR 23
/*new add for hawkeye*/
#define FAL_ACL_ACTION_ENQUEUE_PRI 25
#define FAL_ACL_ACTION_INT_DP 26
#define FAL_ACL_ACTION_SERVICE_CODE 27
#define FAL_ACL_ACTION_CPU_CODE 28
#define FAL_ACL_ACTION_SYN_TOGGLE 29
#define FAL_ACL_ACTION_METADATA_EN 30
enum{
FAL_ACL_BYPASS_IN_VLAN_MISS = 0,
FAL_ACL_BYPASS_SOUCE_GUARD,
FAL_ACL_BYPASS_MRU_MTU_CHECK,
FAL_ACL_BYPASS_EG_VSI_MEMBER_CHECK = 8,
FAL_ACL_BYPASS_EG_VLAN_TRANSLATION,
FAL_ACL_BYPASS_EG_VLAN_TAG_CTRL = 10,
FAL_ACL_BYPASS_FDB_LEARNING,
FAL_ACL_BYPASS_FDB_REFRESH,
FAL_ACL_BYPASS_L2_SECURITY,/*new address, station move, learn limit, hash full*/
FAL_ACL_BYPASS_MANAGEMENT_FWD,
FAL_ACL_BYPASS_L2_FWD = 15,
FAL_ACL_BYPASS_IN_STP_CHECK,
FAL_ACL_BYPASS_EG_STP_CHECK,
FAL_ACL_BYPASS_SOURCE_FILTER,
FAL_ACL_BYPASS_POLICYER,
FAL_ACL_BYPASS_L2_EDIT = 20,/*VLAN tag edit*/
FAL_ACL_BYPASS_L3_EDIT,/*Edit MAC address, PPPoE, IP address, TTL, DSCP, L4 port*/
FAL_ACL_BYPASS_POST_ACL_CHECK_ROUTING,
FAL_ACL_BYPASS_PORT_ISOLATION,
};
/**
* @brief This type defines the action in Acl rule.
* @details Comments:
* It's a bit map type, we can access it through macro FAL_ACTION_FLG_SET,
* FAL_ACTION_FLG_CLR and FAL_ACTION_FLG_TST.
*/
typedef a_uint32_t fal_acl_action_map_t;
#define FAL_ACTION_FLG_SET(flag, action) \
(flag) |= (0x1UL << (action))
#define FAL_ACTION_FLG_CLR(flag, action) \
(flag) &= (~(0x1UL << (action)))
#define FAL_ACTION_FLG_TST(flag, action) \
((flag) & (0x1UL << (action))) ? 1 : 0
/**
* @brief This type defines the field in Acl rule.
* @details Comments:
* It's a bit map type, we can access it through macro FAL_FIELD_FLG_SET,
* FAL_FIELD_FLG_CLR and FAL_FIELD_FLG_TST.
*/
typedef a_uint32_t fal_acl_field_map_t[2];
#define FAL_FIELD_FLG_SET(flag, field) \
((flag[(field) / 32]) |= (0x1UL << ((field) % 32)))
#define FAL_FIELD_FLG_CLR(flag, field) \
((flag[(field) / 32]) &= (~(0x1UL << ((field) % 32))))
#define FAL_FIELD_FLG_TST(flag, field) \
(((flag[(field) / 32]) & (0x1UL << ((field) % 32))) ? 1 : 0)
#define FAL_ACL_UDF_MAX_LENGTH 16
/**
* @brief This structure defines the Acl rule.
* @details Fields description:
*
*
* vid_val - If vid_op equals FAL_ACL_FIELD_MASK it's vlan id field value.
* If vid_op equals FAL_ACL_FIELD_RANGE it's vlan id field low value. If
* vid_op equals other value it's the compared value.
*
* vid_mask - If vid_op equals FAL_ACL_FIELD_MASK it's vlan id field mask.
* If vid_op equals FAL_ACL_FIELD_RANGE it's vlan id field high value. If vid_op
* equals other value it's meaningless.
*
*
* ip_dscp_val - It's eight bits field we can set any value between 0 - 255.
* ip_dscp_mask - It's eight bits field we can set any value between 0 - 255.
*
*
* src_l4port_val - If src_l4port_op equals FAL_ACL_FIELD_MASK it's layer four
* source port field value. If src_l4port_op equals FAL_ACL_FIELD_RANGE it's
* layer four source port field low value. If src_l4port_op equals other value
* it's the compared value.
*
*
* src_l4port_mask - If src_l4port_op equals FAL_ACL_FIELD_MASK it's layer four
* source port field mask. If src_l4port_op equals FAL_ACL_FIELD_RANGE it's
* layer four source port field high value. If src_l4port_op equals other value
* it's meaningless.
*
*
* dest_l4port_val - If dest_l4port_op equals FAL_ACL_FIELD_MASK it's layer four
* destination port field value. If dest_l4port_op equals FAL_ACL_FIELD_RANGE it's
* layer four source port field low value. If dest_l4port_op equals other value
* it's the compared value.
*
*
* dest_l4port_mask - If dest_l4port_op equals FAL_ACL_FIELD_MASK it's layer four
* source port field mask. If dest_l4port_op equals FAL_ACL_FIELD_RANGE it's
* layer four source port field high value. If dest_l4port_op equals other value
* it's meaningless.
*
*
* ports - If FAL_ACL_ACTION_REDPT bit is setted in action_flg it's redirect
* destination ports.
*
*
* dot1p - If FAL_ACL_ACTION_REMARK_DOT1P bit is setted in action_flg it's
* the expected dot1p value.
*
*
* queue - If FAL_ACL_ACTION_REMARK_QUEUE bit is setted in action_flg it's
* the expected queue value.
*
*
* vid - If FAL_ACL_ACTION_MODIFY_VLAN or FAL_ACL_ACTION_NEST_VLAN bit is
* setted in action_flg it's the expected vlan id value.
*/
typedef struct
{
fal_acl_rule_type_t rule_type;/*mac, IP4, IP6 and UDF*/
fal_acl_field_map_t field_flg;/*Indicate which fields are selected*/
/* fields of mac rule */
fal_mac_addr_t src_mac_val;/*source mac*/
fal_mac_addr_t src_mac_mask;/*source mac mask*/
fal_mac_addr_t dest_mac_val;/*destination mac*/
fal_mac_addr_t dest_mac_mask;/*destionation mac mask*/
a_uint16_t ethtype_val;/*ethernet type*/
a_uint16_t ethtype_mask;/*ethernet type mask*/
a_uint16_t vid_val;/*vlan id, IPQ807x not support*/
a_uint16_t vid_mask;/*vlan id mask*/
fal_acl_field_op_t vid_op;/*vlan id operation, larger than or smaller than or range or mask*/
a_uint8_t tagged_val;/*tagged or not, IPQ807x not support*/
a_uint8_t tagged_mask;/*tagged or not mask*/
a_uint8_t up_val;/*cos priority, IPQ807x not support*/
a_uint8_t up_mask;/*cos priority mask*/
a_uint8_t cfi_val;/*CFI value, IPQ807x not support*/
a_uint8_t cfi_mask;/*CFI value mask*/
a_uint16_t resv0;/*reserved*/
/* fields of enhanced mac rule*/
a_uint8_t stagged_val; /*for s17c : 0-untag, 1-tag, for hawkeye: 2-pritag, 3-utag+pritag, 4- untag+tag, 5-tag+pritag, 6-all*/
a_uint8_t stagged_mask;
a_uint8_t ctagged_val;/*same as stagged define*/
a_uint8_t ctagged_mask;
a_uint16_t stag_vid_val;/*stag vlan id*/
a_uint16_t stag_vid_mask;/*stag vlan id mask*/
fal_acl_field_op_t stag_vid_op;/*vlan id operation, larger than or smaller than or range or mask*/
a_uint16_t ctag_vid_val;
a_uint16_t ctag_vid_mask;
fal_acl_field_op_t ctag_vid_op;
a_uint8_t stag_pri_val;/*stag priority*/
a_uint8_t stag_pri_mask;/*stag priority mask*/
a_uint8_t ctag_pri_val;
a_uint8_t ctag_pri_mask;
a_uint8_t stag_dei_val;/*stag dei*/
a_uint8_t stag_dei_mask;/*stag dei mask*/
a_uint8_t ctag_cfi_val;/*ctag cfi*/
a_uint8_t ctag_cfi_mask;/*ctag cfi mask*/
/* fields of ip4 rule */
fal_ip4_addr_t src_ip4_val;/*source ipv4 address*/
fal_ip4_addr_t src_ip4_mask;/*source ipv4 address mask*/
fal_ip4_addr_t dest_ip4_val;/*destination ipv4 address*/
fal_ip4_addr_t dest_ip4_mask;/*destination ipv4 address mask*/
/* fields of ip6 rule */
a_uint32_t ip6_lable_val;/*ipv6 flow lable, IPQ807x not support*/
a_uint32_t ip6_lable_mask;/*ipv6 flow lable mask*/
fal_ip6_addr_t src_ip6_val;/*source ipv6 address*/
fal_ip6_addr_t src_ip6_mask;/*source ipv6 address mask*/
fal_ip6_addr_t dest_ip6_val;/*destination ipv6 address*/
fal_ip6_addr_t dest_ip6_mask;/*destination ipv6 address mask*/
/* fields of ip rule */
a_uint8_t ip_proto_val;/*IP protocal*/
a_uint8_t ip_proto_mask;/*IP protocal mask*/
a_uint8_t ip_dscp_val;/*IP DSCP*/
a_uint8_t ip_dscp_mask;/*IP DSCP mask*/
/* fields of layer four */
a_uint16_t src_l4port_val;/*source L4 port*/
a_uint16_t src_l4port_mask;/*source L4 port mask*/
fal_acl_field_op_t src_l4port_op;/*source L4 port operation*/
a_uint16_t dest_l4port_val;/*destination L4 port*/
a_uint16_t dest_l4port_mask;/*destination L4 mask*/
fal_acl_field_op_t dest_l4port_op;/*destination L4 operation*/
a_uint8_t icmp_type_val;/*ICMP type*/
a_uint8_t icmp_type_mask;/*ICMP type mask*/
a_uint8_t icmp_code_val;/*ICMP code*/
a_uint8_t icmp_code_mask;/*ICMP code mask*/
a_uint8_t tcp_flag_val;/*tcp flags value*/
a_uint8_t tcp_flag_mask;/*tcp flags mask*/
a_uint8_t ripv1_val;/*Is RIPv1 or not, IPQ807x not support*/
a_uint8_t ripv1_mask;/*RIPv1 mask*/
a_uint8_t dhcpv4_val;/*Is DHCPv4 or not, IPQ807x not support*/
a_uint8_t dhcpv4_mask;
a_uint8_t dhcpv6_val;/*Is DHCPv6 or not, IPQ807x not support*/
a_uint8_t dhcpv6_mask;
/* user defined fields */
fal_acl_udf_type_t udf_type;/*UDF type, IPQ807x not support*/
a_uint8_t udf_offset;/*UDF offset, IPQ807x not support*/
a_uint8_t udf_len;/*UDF length, IPQ807x not support*/
a_uint8_t udf_val[FAL_ACL_UDF_MAX_LENGTH];/*UDF field value*/
a_uint8_t udf_mask[FAL_ACL_UDF_MAX_LENGTH];/*UDF field mask*/
/* fields of action */
fal_acl_action_map_t action_flg;/*Indicate which action apply*/
fal_pbmp_t ports; /*high 8bits, 00-port bitmap, 01-nexthop, 10-vp*/
a_uint32_t match_cnt;/*rule match frame counter*/
a_uint16_t vid;/*modify vlan id, IPQ807x not support*/
a_uint8_t up;/*modify COS priority, IPQ807x not support*/
a_uint8_t queue;/*modify queue*/
a_uint16_t stag_vid;/*modify stag vlan id*/
a_uint8_t stag_pri;/*modify stag priority*/
a_uint8_t stag_dei;/*modify stag dei*/
a_uint16_t ctag_vid;/*modify ctag vlan id*/
a_uint8_t ctag_pri;/*modify ctag priority*/
a_uint8_t ctag_cfi;/*modify ctag dei*/
a_uint16_t policer_ptr;/*specify policer index*/
a_uint16_t arp_ptr;/*specify arp table index, IPQ807x not support*/
a_uint16_t wcmp_ptr;/*specify wcmp table index, IPQ807x not support*/
a_uint8_t dscp;/*modify dscp*/
a_uint8_t rsv;
fal_policy_forward_t policy_fwd;/*SNAT or DNAT or ROUTE, IPQ807x not support*/
fal_combined_t combined;
/*Only IPQ807x support start*/
a_uint8_t pri; /*rule priority 0-7*/
a_bool_t post_routing;/*post routing or not*/
a_uint8_t acl_pool;/*acl pool*/
a_bool_t is_ip_val;/*is ip or not*/
a_uint8_t is_ip_mask;
a_bool_t is_ipv6_val;/*is ipv6 or ipv4*/
a_uint8_t is_ipv6_mask;
a_bool_t is_fake_mac_header_val;/*is fake mac header or not*/
a_uint8_t is_fake_mac_header_mask;
a_bool_t is_snap_val;/*is snap or not*/
a_uint8_t is_snap_mask;
a_bool_t is_ethernet_val;/*is ethernet or not*/
a_uint8_t is_ethernet_mask;
a_bool_t is_fragement_val;/*is fragment or not*/
a_uint8_t is_fragement_mask;
a_bool_t is_ah_header_val;/*is ah header or not*/
a_uint8_t is_ah_header_mask;
a_bool_t is_esp_header_val;/*is esp header or not*/
a_uint8_t is_esp_header_mask;
a_bool_t is_mobility_header_val;/*is mobility header or not*/
a_uint8_t is_mobility_header_mask;
a_bool_t is_fragment_header_val;/*is fragment header or not*/
a_uint8_t is_fragment_header_mask;
a_bool_t is_other_header_val;/*is other header or not*/
a_uint8_t is_other_header_mask;
a_bool_t is_ipv4_option_val;/*is ipv4 option or not*/
a_uint8_t is_ipv4_option_mask;
a_bool_t is_first_frag_val;/*is first fragment or not*/
a_uint8_t is_first_frag_mask;
/*fields of VLAN rule*/
a_bool_t vsi_valid;/*vsi valid or not*/
a_uint8_t vsi_valid_mask;
a_uint8_t vsi; /*vsi value 0-31*/
a_uint8_t vsi_mask; /*vsi mask 0-31*/
/*fields of L2 MISC rule*/
a_uint16_t pppoe_sessionid;/*pppoe session id*/
a_uint16_t pppoe_sessionid_mask;/*pppoe session mask*/
fal_acl_field_op_t icmp_type_code_op;/*icmp type operation*/
/*fields of IP MISC rule*/
a_uint8_t l3_ttl;/*L3 TTL,0-ttl 0, 1-ttl 1, 2-ttl 255, 3- ttl other*/
a_uint8_t l3_ttl_mask;/*L3 TTL mask*/
fal_acl_field_op_t l3_length_op;/*L3 TTL operation*/
a_uint16_t l3_length;/*L3 length*/
a_uint16_t l3_length_mask;/*L3 length mask*/
a_uint16_t l3_pkt_type;/*l3 packet type, 0-tcp, 1-udp, 3-udp_lite, 5-arp, 7-icmp*/
a_uint16_t l3_pkt_type_mask;
/*field of udf*/
fal_acl_field_op_t udf0_op;/*udf operation*/
a_uint16_t udf0_val;/*udf value, 2bytes*/
a_uint16_t udf0_mask;/*udf mask, 2bytes*/
fal_acl_field_op_t udf1_op;
a_uint16_t udf1_val;
a_uint16_t udf1_mask;
a_uint16_t udf2_val;
a_uint16_t udf2_mask;
a_uint16_t udf3_val;
a_uint16_t udf3_mask;
/*new add acl action for hawkeye*/
a_uint32_t bypass_bitmap;/*bypass bitmap*/
a_uint8_t enqueue_pri;/*enqueue priority*/
a_uint8_t stag_fmt;/*stag format*/
a_uint8_t ctag_fmt;/*ctag format*/
a_uint8_t int_dp;/*internal dp*/
a_uint8_t service_code;/*service code*/
a_uint8_t cpu_code;/*cpu code*/
a_uint64_t match_bytes;/*rule match bytes counter*/
/*Only IPQ807x support End*/
/*new add acl action for IPQ60xx*/
a_uint8_t dscp_mask;/*modify dscp mask,IPQ60xx support*/
a_uint8_t qos_res_prec;/*qos res prec,IPQ60xx support*/
} fal_acl_rule_t;
/**
@brief This enum defines the ACL will work on which derection traffic.
*/
typedef enum
{
FAL_ACL_DIREC_IN = 0, /**< Acl will work on ingressive traffic */
FAL_ACL_DIREC_EG, /**< Acl will work on egressive traffic */
FAL_ACL_DIREC_BOTH, /**< Acl will work on both ingressive and egressive traffic*/
} fal_acl_direc_t;
/**
@brief This enum defines the ACL will work on which partiualr object.
*/
typedef enum
{
FAL_ACL_BIND_PORT = 0, /**< Acl wil work on particular port and virtual port */
FAL_ACL_BIND_PORTBITMAP = 1, /**< Acl wil work on port bitmap */
FAL_ACL_BIND_SERVICE_CODE = 2, /**< Acl wil work on service code */
FAL_ACL_BIND_L3_IF = 3, /**< Acl wil work on l3 interface */
} fal_acl_bind_obj_t;
enum
{
/*acl*/
FUNC_ACL_LIST_CREAT = 0,
FUNC_ACL_LIST_DESTROY,
FUNC_ACL_RULE_ADD,
FUNC_ACL_RULE_DELETE,
FUNC_ACL_RULE_QUERY,
FUNC_ACL_RULE_DUMP,
FUNC_ACL_LIST_BIND,
FUNC_ACL_LIST_UNBIND,
FUNC_ACL_LIST_DUMP,
FUNC_ACL_UDF_PROFILE_SET,
FUNC_ACL_UDF_PROFILE_GET,
};
sw_error_t
fal_acl_list_creat(a_uint32_t dev_id, a_uint32_t list_id, a_uint32_t list_pri);
sw_error_t
fal_acl_list_destroy(a_uint32_t dev_id, a_uint32_t list_id);
sw_error_t
fal_acl_rule_add(a_uint32_t dev_id, a_uint32_t list_id, a_uint32_t rule_id, a_uint32_t rule_nr, fal_acl_rule_t * rule);
sw_error_t
fal_acl_rule_delete(a_uint32_t dev_id, a_uint32_t list_id, a_uint32_t rule_id, a_uint32_t rule_nr);
sw_error_t
fal_acl_rule_query(a_uint32_t dev_id, a_uint32_t list_id, a_uint32_t rule_id, fal_acl_rule_t * rule);
sw_error_t
fal_acl_list_bind(a_uint32_t dev_id, a_uint32_t list_id, fal_acl_direc_t direc, fal_acl_bind_obj_t obj_t, a_uint32_t obj_idx);
sw_error_t
fal_acl_list_unbind(a_uint32_t dev_id, a_uint32_t list_id, fal_acl_direc_t direc, fal_acl_bind_obj_t obj_t, a_uint32_t obj_idx);
sw_error_t
fal_acl_status_set(a_uint32_t dev_id, a_bool_t enable);
sw_error_t
fal_acl_status_get(a_uint32_t dev_id, a_bool_t * enable);
sw_error_t
fal_acl_list_dump(a_uint32_t dev_id);
sw_error_t
fal_acl_rule_dump(a_uint32_t dev_id);
sw_error_t
fal_acl_port_udf_profile_set(a_uint32_t dev_id, fal_port_t port_id, fal_acl_udf_type_t udf_type, a_uint32_t offset, a_uint32_t length);
sw_error_t
fal_acl_port_udf_profile_get(a_uint32_t dev_id, fal_port_t port_id, fal_acl_udf_type_t udf_type, a_uint32_t * offset, a_uint32_t * length);
sw_error_t
fal_acl_udf_profile_set(a_uint32_t dev_id, fal_acl_udf_pkt_type_t pkt_type,a_uint32_t udf_idx, fal_acl_udf_type_t udf_type, a_uint32_t offset);
sw_error_t
fal_acl_udf_profile_get(a_uint32_t dev_id, fal_acl_udf_pkt_type_t pkt_type,a_uint32_t udf_idx, fal_acl_udf_type_t *udf_type, a_uint32_t *offset);
sw_error_t
fal_acl_rule_active(a_uint32_t dev_id, a_uint32_t list_id, a_uint32_t rule_id, a_uint32_t rule_nr);
sw_error_t
fal_acl_rule_deactive(a_uint32_t dev_id, a_uint32_t list_id, a_uint32_t rule_id, a_uint32_t rule_nr);
sw_error_t
fal_acl_rule_src_filter_sts_set(a_uint32_t dev_id, a_uint32_t rule_id, a_bool_t enable);
sw_error_t
fal_acl_rule_src_filter_sts_get(a_uint32_t dev_id, a_uint32_t rule_id, a_bool_t* enable);
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif /* _FAL_ACL_H_ */
/**
* @}
*/