1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
/* SPDX-License-Identifier: BSD-3-Clause OR GPL-2.0 */
/* Copyright (c) 2020 Marvell International Ltd. All rights reserved. */
#ifndef _PRESTERA_ACL_H_
#define _PRESTERA_ACL_H_
enum prestera_acl_rule_match_entry_type {
PRESTERA_ACL_RULE_MATCH_ENTRY_TYPE_ETH_TYPE = 1,
PRESTERA_ACL_RULE_MATCH_ENTRY_TYPE_ETH_DMAC,
PRESTERA_ACL_RULE_MATCH_ENTRY_TYPE_ETH_SMAC,
PRESTERA_ACL_RULE_MATCH_ENTRY_TYPE_IP_PROTO,
PRESTERA_ACL_RULE_MATCH_ENTRY_TYPE_PORT,
PRESTERA_ACL_RULE_MATCH_ENTRY_TYPE_IP_SRC,
PRESTERA_ACL_RULE_MATCH_ENTRY_TYPE_IP_DST,
PRESTERA_ACL_RULE_MATCH_ENTRY_TYPE_L4_PORT_SRC,
PRESTERA_ACL_RULE_MATCH_ENTRY_TYPE_L4_PORT_DST,
PRESTERA_ACL_RULE_MATCH_ENTRY_TYPE_L4_PORT_RANGE_SRC,
PRESTERA_ACL_RULE_MATCH_ENTRY_TYPE_L4_PORT_RANGE_DST,
PRESTERA_ACL_RULE_MATCH_ENTRY_TYPE_VLAN_ID,
PRESTERA_ACL_RULE_MATCH_ENTRY_TYPE_VLAN_TPID,
PRESTERA_ACL_RULE_MATCH_ENTRY_TYPE_ICMP_TYPE,
PRESTERA_ACL_RULE_MATCH_ENTRY_TYPE_ICMP_CODE
};
enum prestera_acl_rule_action {
PRESTERA_ACL_RULE_ACTION_ACCEPT,
PRESTERA_ACL_RULE_ACTION_DROP,
PRESTERA_ACL_RULE_ACTION_TRAP
};
struct prestera_switch;
struct prestera_port;
struct prestera_acl_rule;
struct prestera_acl_ruleset;
struct prestera_flow_block_binding {
struct list_head list;
struct prestera_port *port;
int span_id;
};
struct prestera_flow_block {
struct list_head binding_list;
struct prestera_switch *sw;
struct net *net;
struct prestera_acl_ruleset *ruleset;
struct flow_block_cb *block_cb;
};
struct prestera_acl_rule_action_entry {
struct list_head list;
enum prestera_acl_rule_action id;
};
struct prestera_acl_rule_match_entry {
struct list_head list;
enum prestera_acl_rule_match_entry_type type;
union {
struct {
u8 key;
u8 mask;
} u8;
struct {
u16 key;
u16 mask;
} u16;
struct {
u32 key;
u32 mask;
} u32;
struct {
u64 key;
u64 mask;
} u64;
struct {
u8 key[ETH_ALEN];
u8 mask[ETH_ALEN];
} mac;
} keymask;
};
int prestera_acl_init(struct prestera_switch *sw);
void prestera_acl_fini(struct prestera_switch *sw);
struct prestera_flow_block *
prestera_acl_block_create(struct prestera_switch *sw, struct net *net);
void prestera_acl_block_destroy(struct prestera_flow_block *block);
struct net *prestera_acl_block_net(struct prestera_flow_block *block);
struct prestera_switch *prestera_acl_block_sw(struct prestera_flow_block *block);
int prestera_acl_block_bind(struct prestera_flow_block *block,
struct prestera_port *port);
int prestera_acl_block_unbind(struct prestera_flow_block *block,
struct prestera_port *port);
struct prestera_acl_ruleset *
prestera_acl_block_ruleset_get(struct prestera_flow_block *block);
struct prestera_acl_rule *
prestera_acl_rule_create(struct prestera_flow_block *block,
unsigned long cookie);
u32 prestera_acl_rule_priority_get(struct prestera_acl_rule *rule);
void prestera_acl_rule_priority_set(struct prestera_acl_rule *rule,
u32 priority);
u16 prestera_acl_rule_ruleset_id_get(const struct prestera_acl_rule *rule);
struct list_head *
prestera_acl_rule_action_list_get(struct prestera_acl_rule *rule);
u8 prestera_acl_rule_action_len(struct prestera_acl_rule *rule);
u8 prestera_acl_rule_match_len(struct prestera_acl_rule *rule);
int prestera_acl_rule_action_add(struct prestera_acl_rule *rule,
struct prestera_acl_rule_action_entry *entry);
struct list_head *
prestera_acl_rule_match_list_get(struct prestera_acl_rule *rule);
int prestera_acl_rule_match_add(struct prestera_acl_rule *rule,
struct prestera_acl_rule_match_entry *entry);
void prestera_acl_rule_destroy(struct prestera_acl_rule *rule);
struct prestera_acl_rule *
prestera_acl_rule_lookup(struct prestera_acl_ruleset *ruleset,
unsigned long cookie);
int prestera_acl_rule_add(struct prestera_switch *sw,
struct prestera_acl_rule *rule);
void prestera_acl_rule_del(struct prestera_switch *sw,
struct prestera_acl_rule *rule);
int prestera_acl_rule_get_stats(struct prestera_switch *sw,
struct prestera_acl_rule *rule,
u64 *packets, u64 *bytes, u64 *last_use);
#endif /* _PRESTERA_ACL_H_ */
|