| blob | 7ba778df63acef989b11b10e7d7d61ff9e4993b7 |
1 // SPDX-License-Identifier: GPL-2.0
2 // Copyright (c) 2023 Pengutronix, Oleksij Rempel <kernel@pengutronix.de>
4 /* Access Control List (ACL) structure:
5 *
6 * There are multiple groups of registers involved in ACL configuration:
7 *
8 * - Matching Rules: These registers define the criteria for matching incoming
9 * packets based on their header information (Layer 2 MAC, Layer 3 IP, or
10 * Layer 4 TCP/UDP). Different register settings are used depending on the
11 * matching rule mode (MD) and the Enable (ENB) settings.
12 *
13 * - Action Rules: These registers define how the ACL should modify the packet's
14 * priority, VLAN tag priority, and forwarding map once a matching rule has
15 * been triggered. The settings vary depending on whether the matching rule is
16 * in Count Mode (MD = 01 and ENB = 00) or not.
17 *
18 * - Processing Rules: These registers control the overall behavior of the ACL,
19 * such as selecting which matching rule to apply first, enabling/disabling
20 * specific rules, or specifying actions for matched packets.
21 *
22 * ACL Structure:
23 * +----------------------+
24 * +----------------------+ | (optional) |
25 * | Matching Rules | | Matching Rules |
26 * | (Layer 2, 3, 4) | | (Layer 2, 3, 4) |
27 * +----------------------+ +----------------------+
28 * | |
29 * \___________________________/
30 * v
31 * +----------------------+
32 * | Processing Rules |
33 * | (action idx, |
34 * | matching rule set) |
35 * +----------------------+
36 * |
37 * v
38 * +----------------------+
39 * | Action Rules |
40 * | (Modify Priority, |
41 * | Forwarding Map, |
42 * | VLAN tag, etc) |
43 * +----------------------+
44 */
46 #include <linux/bitops.h>
52 #define KSZ9477_PORT_ACL_0 0x600
73 };
75 #define KSZ9477_ACL_MD_MASK GENMASK(5, 4)
76 #define KSZ9477_ACL_MD_DISABLE 0
77 #define KSZ9477_ACL_MD_L2_MAC 1
78 #define KSZ9477_ACL_MD_L3_IP 2
79 #define KSZ9477_ACL_MD_L4_TCP_UDP 3
81 #define KSZ9477_ACL_ENB_MASK GENMASK(3, 2)
82 #define KSZ9477_ACL_ENB_L2_COUNTER 0
83 #define KSZ9477_ACL_ENB_L2_TYPE 1
84 #define KSZ9477_ACL_ENB_L2_MAC 2
85 #define KSZ9477_ACL_ENB_L2_MAC_TYPE 3
87 /* only IPv4 src or dst can be used with mask */
88 #define KSZ9477_ACL_ENB_L3_IPV4_ADDR_MASK 1
89 /* only IPv4 src and dst can be used without mask */
90 #define KSZ9477_ACL_ENB_L3_IPV4_ADDR_SRC_DST 2
92 #define KSZ9477_ACL_ENB_L4_IP_PROTO 0
93 #define KSZ9477_ACL_ENB_L4_TCP_SRC_DST_PORT 1
94 #define KSZ9477_ACL_ENB_L4_UDP_SRC_DST_PORT 2
95 #define KSZ9477_ACL_ENB_L4_TCP_SEQ_NUMBER 3
97 #define KSZ9477_ACL_SD_SRC BIT(1)
98 #define KSZ9477_ACL_SD_DST 0
99 #define KSZ9477_ACL_EQ_EQUAL BIT(0)
100 #define KSZ9477_ACL_EQ_NOT_EQUAL 0
102 #define KSZ9477_ACL_PM_M GENMASK(7, 6)
103 #define KSZ9477_ACL_PM_DISABLE 0
104 #define KSZ9477_ACL_PM_HIGHER 1
105 #define KSZ9477_ACL_PM_LOWER 2
106 #define KSZ9477_ACL_PM_REPLACE 3
107 #define KSZ9477_ACL_P_M GENMASK(5, 3)
109 #define KSZ9477_PORT_ACL_CTRL_0 0x0612
111 #define KSZ9477_ACL_WRITE_DONE BIT(6)
112 #define KSZ9477_ACL_READ_DONE BIT(5)
113 #define KSZ9477_ACL_WRITE BIT(4)
114 #define KSZ9477_ACL_INDEX_M GENMASK(3, 0)
116 /**
117 * ksz9477_dump_acl_index - Print the ACL entry at the specified index
118 *
119 * @dev: Pointer to the ksz9477 device structure.
120 * @acle: Pointer to the ACL entry array.
121 * @index: The index of the ACL entry to print.
122 *
123 * This function prints the details of an ACL entry, located at a particular
124 * index within the ksz9477 device's ACL table. It omits printing entries that
125 * are empty.
126 *
127 * Return: 1 if the entry is non-empty and printed, 0 otherwise.
128 */
131 {
143 }
145 /* no need to print empty entries */
153 }
155 /**
156 * ksz9477_dump_acl - Print ACL entries
157 *
158 * @dev: Pointer to the device structure.
159 * @acle: Pointer to the ACL entry array.
160 */
163 {
172 }
174 /**
175 * ksz9477_acl_is_valid_matching_rule - Check if an ACL entry contains a valid
176 * matching rule.
177 *
178 * @entry: Pointer to ACL entry buffer
179 *
180 * This function checks if the given ACL entry buffer contains a valid
181 * matching rule by inspecting the Mode (MD) and Enable (ENB) fields.
182 *
183 * Returns: True if it's a valid matching rule, false otherwise.
184 */
186 {
196 /* L2 counter is not support, so it is not valid rule for now */
200 }
203 }
205 /**
206 * ksz9477_acl_get_cont_entr - Get count of contiguous ACL entries and validate
207 * the matching rules.
208 * @dev: Pointer to the KSZ9477 device structure.
209 * @port: Port number.
210 * @index: Index of the starting ACL entry.
211 *
212 * Based on the KSZ9477 switch's Access Control List (ACL) system, the RuleSet
213 * in an ACL entry indicates which entries contain Matching rules linked to it.
214 * This RuleSet is represented by two registers: KSZ9477_ACL_PORT_ACCESS_E and
215 * KSZ9477_ACL_PORT_ACCESS_F. Each bit set in these registers corresponds to
216 * an entry containing a Matching rule for this RuleSet.
217 *
218 * For a single Matching rule linked, only one bit is set. However, when an
219 * entry links multiple Matching rules, forming what's termed a 'complex rule',
220 * multiple bits are set in these registers.
221 *
222 * This function checks that, for complex rules, the entries containing the
223 * linked Matching rules are contiguous in terms of their indices. It calculates
224 * and returns the number of these contiguous entries.
225 *
226 * Returns:
227 * - 0 if the entry is empty and can be safely overwritten
228 * - 1 if the entry represents a simple rule
229 * - The number of contiguous entries if it is the root entry of a complex
230 * rule
231 * - -ENOTEMPTY if the entry is part of a complex rule but not the root
232 * entry
233 * - -EINVAL if the validation fails
234 */
237 {
252 /* If no bits are set, return an appropriate value or error */
255 /* Looks like we are about to corrupt some complex rule.
256 * Do not print an error here, as this is a normal case
257 * when we are trying to find a free or starting entry.
258 */
259 dev_dbg(dev->dev, "ACL: entry %d starting with a valid matching rule, but no bits set in RuleSet\n",
260 index);
262 }
264 /* This entry does not contain a valid matching rule */
266 }
271 /* Calculate the contiguous count */
274 /* Check if the number of bits set in val matches our calculated count */
276 /* Probably we have a fragmented complex rule, which is not
277 * supported by this driver.
278 */
281 }
283 /* loop over the contiguous entries and check for valid matching rules */
288 /* we have something linked without a valid matching
289 * rule. ACL table?
290 */
292 i);
294 }
299 /* Following entry should have empty linkage list */
302 i);
304 }
305 }
306 }
309 }
311 /**
312 * ksz9477_acl_update_linkage - Update the RuleSet linkage for an ACL entry
313 * after a move operation.
314 *
315 * @dev: Pointer to the ksz_device.
316 * @entry: Pointer to the ACL entry array.
317 * @old_idx: The original index of the ACL entry before moving.
318 * @new_idx: The new index of the ACL entry after moving.
319 *
320 * This function updates the RuleSet linkage bits for an ACL entry when
321 * it's moved from one position to another in the ACL table. The RuleSet
322 * linkage is represented by two 8-bit registers, which are combined
323 * into a 16-bit value for easier manipulation. The linkage bits are shifted
324 * based on the difference between the old and new index. If any bits are lost
325 * during the shift operation, an error is returned.
326 *
327 * Note: Fragmentation within a RuleSet is not supported. Hence, entries must
328 * be moved as complete blocks, maintaining the integrity of the RuleSet.
329 *
330 * Returns: 0 on success, or -EINVAL if any RuleSet linkage bits are lost
331 * during the move.
332 */
335 {
345 /* Combine the two u8 values into one u16 for easier manipulation */
349 /* Even if HW is able to handle fragmented RuleSet, we don't support it.
350 * RuleSet is filled only for the first entry of the set.
351 */
359 }
363 /* Calculate the number of positions to shift */
366 /* Shift the RuleSet */
369 else
372 /* Check that no bits were lost in the process */
376 }
380 /* Update the RuleSet bitfields in the entry */
385 }
387 /**
388 * ksz9477_validate_and_get_src_count - Validate source and destination indices
389 * and determine the source entry count.
390 * @dev: Pointer to the KSZ device structure.
391 * @port: Port number on the KSZ device where the ACL entries reside.
392 * @src_idx: Index of the starting ACL entry that needs to be validated.
393 * @dst_idx: Index of the destination where the source entries are intended to
394 * be moved.
395 * @src_count: Pointer to the variable that will hold the number of contiguous
396 * source entries if the validation passes.
397 * @dst_count: Pointer to the variable that will hold the number of contiguous
398 * destination entries if the validation passes.
399 *
400 * This function performs validation on the source and destination indices
401 * provided for ACL entries. It checks if the indices are within the valid
402 * range, and if the source entries are contiguous. Additionally, the function
403 * ensures that there's adequate space at the destination for the source entries
404 * and that the destination index isn't in the middle of a RuleSet. If all
405 * validations pass, the function returns the number of contiguous source and
406 * destination entries.
407 *
408 * Return: 0 on success, otherwise returns a negative error code if any
409 * validation check fails.
410 */
414 {
421 }
423 /* Validate if the source entries are contiguous */
432 }
437 }
439 /* Validate if the destination entry is empty or not in the middle of
440 * a RuleSet.
441 */
448 }
450 /**
451 * ksz9477_move_entries_downwards - Move a range of ACL entries downwards in
452 * the list.
453 * @dev: Pointer to the KSZ device structure.
454 * @acles: Pointer to the structure encapsulating all the ACL entries.
455 * @start_idx: Starting index of the entries to be relocated.
456 * @num_entries_to_move: Number of consecutive entries to be relocated.
457 * @end_idx: Destination index where the first entry should be situated post
458 * relocation.
459 *
460 * This function is responsible for rearranging a specific block of ACL entries
461 * by shifting them downwards in the list based on the supplied source and
462 * destination indices. It ensures that the linkage between the ACL entries is
463 * maintained accurately after the relocation.
464 *
465 * Return: 0 on successful relocation of entries, otherwise returns a negative
466 * error code.
467 */
470 u16 start_idx,
471 u16 num_entries_to_move,
472 u16 end_idx)
473 {
485 }
488 }
490 /**
491 * ksz9477_move_entries_upwards - Move a range of ACL entries upwards in the
492 * list.
493 * @dev: Pointer to the KSZ device structure.
494 * @acles: Pointer to the structure holding all the ACL entries.
495 * @start_idx: The starting index of the entries to be moved.
496 * @num_entries_to_move: Number of contiguous entries to be moved.
497 * @target_idx: The destination index where the first entry should be placed
498 * after moving.
499 *
500 * This function rearranges a chunk of ACL entries by moving them upwards
501 * in the list based on the given source and destination indices. The reordering
502 * process preserves the linkage between entries by updating it accordingly.
503 *
504 * Return: 0 if the entries were successfully moved, otherwise a negative error
505 * code.
506 */
510 u16 target_idx)
511 {
524 }
527 }
529 /**
530 * ksz9477_acl_move_entries - Move a block of contiguous ACL entries from a
531 * source to a destination index.
532 * @dev: Pointer to the KSZ9477 device structure.
533 * @port: Port number.
534 * @src_idx: Index of the starting source ACL entry.
535 * @dst_idx: Index of the starting destination ACL entry.
536 *
537 * This function aims to move a block of contiguous ACL entries from the source
538 * index to the destination index while ensuring the integrity and validity of
539 * the ACL table.
540 *
541 * In case of any errors during the adjustments or copying, the function will
542 * restore the ACL entries to their original state from the backup.
543 *
544 * Return: 0 if the move operation is successful. Returns -EINVAL for validation
545 * errors or other error codes based on specific failure conditions.
546 */
549 {
555 /* Nothing to do */
564 /* In case dst_index is greater than src_index, we need to adjust the
565 * destination index to account for the entries that will be moved
566 * downwards and the size of the entry located at dst_idx.
567 */
571 /* Copy source block to buffer and update its linkage */
578 }
580 /* Adjust other entries and their linkage based on destination */
587 }
591 /* Copy buffer to destination block */
596 }
598 /**
599 * ksz9477_get_next_block_start - Identify the starting index of the next ACL
600 * block.
601 * @dev: Pointer to the device structure.
602 * @port: The port number on which the ACL entries are being checked.
603 * @start: The starting index from which the search begins.
604 *
605 * This function looks for the next valid ACL block starting from the provided
606 * 'start' index and returns the beginning index of that block. If the block is
607 * invalid or if it reaches the end of the ACL entries without finding another
608 * block, it returns the maximum ACL entries count.
609 *
610 * Returns:
611 * - The starting index of the next valid ACL block.
612 * - KSZ9477_ACL_MAX_ENTRIES if no other valid blocks are found after 'start'.
613 * - A negative error code if an error occurs while checking.
614 */
617 {
628 i++;
629 }
631 }
633 /**
634 * ksz9477_swap_acl_blocks - Swap two ACL blocks
635 * @dev: Pointer to the device structure.
636 * @port: The port number on which the ACL blocks are to be swapped.
637 * @i: The starting index of the first ACL block.
638 * @j: The starting index of the second ACL block.
639 *
640 * This function is used to swap two ACL blocks present at given indices. The
641 * main purpose is to aid in the sorting and reordering of ACL blocks based on
642 * certain criteria, e.g., priority. It checks the validity of the block at
643 * index 'i', ensuring it's not an empty block, and then proceeds to swap it
644 * with the block at index 'j'.
645 *
646 * Returns:
647 * - 0 on successful swapping of blocks.
648 * - -EINVAL if the block at index 'i' is empty.
649 * - A negative error code if any other error occurs during the swap.
650 */
653 {
663 }
674 }
676 /**
677 * ksz9477_sort_acl_entr_no_back - Sort ACL entries for a given port based on
678 * priority without backing up entries.
679 * @dev: Pointer to the device structure.
680 * @port: The port number whose ACL entries need to be sorted.
681 *
682 * This function sorts ACL entries of the specified port using a variant of the
683 * bubble sort algorithm. It operates on blocks of ACL entries rather than
684 * individual entries. Each block's starting point is identified and then
685 * compared with subsequent blocks based on their priority. If the current
686 * block has a lower priority than the subsequent block, the two blocks are
687 * swapped.
688 *
689 * This is done in order to maintain an organized order of ACL entries based on
690 * priority, ensuring efficient and predictable ACL rule application.
691 *
692 * Returns:
693 * - 0 on successful sorting of entries.
694 * - A negative error code if any issue arises during sorting, e.g.,
695 * if the function is unable to get the next block start.
696 */
698 {
704 /* Bubble sort */
719 }
724 }
729 }
732 }
734 /**
735 * ksz9477_sort_acl_entries - Sort the ACL entries for a given port.
736 * @dev: Pointer to the KSZ device.
737 * @port: Port number.
738 *
739 * This function sorts the Access Control List (ACL) entries for a specified
740 * port. Before sorting, a backup of the original entries is created. If the
741 * sorting process fails, the function will log error messages displaying both
742 * the original and attempted sorted entries, and then restore the original
743 * entries from the backup.
744 *
745 * Return: 0 if the sorting succeeds, otherwise a negative error code.
746 */
748 {
754 /* create a backup of the ACL entries, if something goes wrong
755 * we can restore the ACL entries.
756 */
762 port);
767 /* Restore the original entries */
769 }
772 }
774 /**
775 * ksz9477_acl_wait_ready - Waits for the ACL operation to complete on a given
776 * port.
777 * @dev: The ksz_device instance.
778 * @port: The port number to wait for.
779 *
780 * This function checks if the ACL write or read operation is completed by
781 * polling the specified register.
782 *
783 * Returns: 0 if the operation is successful, or a negative error code if an
784 * error occurs.
785 */
787 {
800 }
802 /**
803 * ksz9477_acl_entry_write - Writes an ACL entry to a given port at the
804 * specified index.
805 * @dev: The ksz_device instance.
806 * @port: The port number to write the ACL entry to.
807 * @entry: A pointer to the ACL entry data.
808 * @idx: The index at which to write the ACL entry.
809 *
810 * This function writes the provided ACL entry to the specified port at the
811 * given index.
812 *
813 * Returns: 0 if the operation is successful, or a negative error code if an
814 * error occurs.
815 */
818 {
820 u8 val;
827 }
828 }
830 /* write everything down */
836 /* wait until everything is written */
838 }
840 /**
841 * ksz9477_acl_port_enable - Enables ACL functionality on a given port.
842 * @dev: The ksz_device instance.
843 * @port: The port number on which to enable ACL functionality.
844 *
845 * This function enables ACL functionality on the specified port by configuring
846 * the appropriate control registers. It returns 0 if the operation is
847 * successful, or a negative error code if an error occurs.
848 *
849 * 0xn801 - KSZ9477S 5.2.8.2 Port Priority Control Register
850 * Bit 7 - Highest Priority
851 * Bit 6 - OR'ed Priority
852 * Bit 4 - MAC Address Priority Classification
853 * Bit 3 - VLAN Priority Classification
854 * Bit 2 - 802.1p Priority Classification
855 * Bit 1 - Diffserv Priority Classification
856 * Bit 0 - ACL Priority Classification
857 *
858 * Current driver implementation sets 802.1p priority classification by default.
859 * In this function we add ACL priority classification with OR'ed priority.
860 * According to testing, priority set by ACL will supersede the 802.1p priority.
861 *
862 * 0xn803 - KSZ9477S 5.2.8.4 Port Authentication Control Register
863 * Bit 2 - Access Control List (ACL) Enable
864 * Bits 1:0 - Authentication Mode
865 * 00 = Reserved
866 * 01 = Block Mode. Authentication is enabled. When ACL is
867 * enabled, all traffic that misses the ACL rules is
868 * blocked; otherwise ACL actions apply.
869 * 10 = Pass Mode. Authentication is disabled. When ACL is
870 * enabled, all traffic that misses the ACL rules is
871 * forwarded; otherwise ACL actions apply.
872 * 11 = Trap Mode. Authentication is enabled. All traffic is
873 * forwarded to the host port. When ACL is enabled, all
874 * traffic that misses the ACL rules is blocked; otherwise
875 * ACL actions apply.
876 *
877 * We are using Pass Mode int this function.
878 *
879 * Returns: 0 if the operation is successful, or a negative error code if an
880 * error occurs.
881 */
883 {
887 PORT_OR_PRIO);
892 PORT_ACL_ENABLE |
894 }
896 /**
897 * ksz9477_acl_port_disable - Disables ACL functionality on a given port.
898 * @dev: The ksz_device instance.
899 * @port: The port number on which to disable ACL functionality.
900 *
901 * This function disables ACL functionality on the specified port by writing a
902 * value of 0 to the REG_PORT_MRI_AUTHEN_CTRL control register and remove
903 * PORT_ACL_PRIO_ENABLE bit from P_PRIO_CTRL register.
904 *
905 * Returns: 0 if the operation is successful, or a negative error code if an
906 * error occurs.
907 */
909 {
917 }
919 /**
920 * ksz9477_acl_write_list - Write a list of ACL entries to a given port.
921 * @dev: The ksz_device instance.
922 * @port: The port number on which to write ACL entries.
923 *
924 * This function enables ACL functionality on the specified port, writes a list
925 * of ACL entries to the port, and disables ACL functionality if there are no
926 * entries.
927 *
928 * Returns: 0 if the operation is successful, or a negative error code if an
929 * error occurs.
930 */
932 {
937 /* ACL should be enabled before writing entries */
942 /* write all entries */
946 /* Check if entry was removed and should be zeroed.
947 * If last fields of the entry are not zero, it means
948 * it is removed locally but currently not synced with the HW.
949 * So, we will write it down to the HW to remove it.
950 */
960 /* now removed entry is clean on HW side, so it can
961 * in the cache too
962 */
968 }
969 }
975 }
977 /**
978 * ksz9477_acl_remove_entries - Remove ACL entries with a given cookie from a
979 * specified ksz9477_acl_entries structure.
980 * @dev: The ksz_device instance.
981 * @port: The port number on which to remove ACL entries.
982 * @acles: The ksz9477_acl_entries instance.
983 * @cookie: The cookie value to match for entry removal.
984 *
985 * This function iterates through the entries array, removing any entries with
986 * a matching cookie value. The remaining entries are then shifted down to fill
987 * the gap.
988 */
992 {
1000 /* Search for the first position with the cookie */
1005 }
1006 }
1008 /* No entries with the matching cookie found */
1012 /* Get the size of the cookie entry. We may have complex entries. */
1017 /* Move all entries down to overwrite removed entry with the cookie */
1019 src_count,
1024 }
1026 /* Overwrite new empty places at the end of the list with zeros to make
1027 * sure not unexpected things will happen or no unexplored quirks will
1028 * come out.
1029 */
1035 /* Set all access bits to be able to write zeroed entry to HW */
1038 }
1040 /* Adjust the total entries count */
1042 }
1044 /**
1045 * ksz9477_port_acl_init - Initialize the ACL for a specified port on a ksz
1046 * device.
1047 * @dev: The ksz_device instance.
1048 * @port: The port number to initialize the ACL for.
1049 *
1050 * This function allocates memory for an acl structure, associates it with the
1051 * specified port, and initializes the ACL entries to a default state. The
1052 * entries are then written using the ksz9477_acl_write_list function, ensuring
1053 * the ACL has a predictable initial hardware state.
1054 *
1055 * Returns: 0 on success, or an error code on failure.
1056 */
1058 {
1070 /* write all entries */
1074 /* Set all access bits to be able to write zeroed
1075 * entry
1076 */
1079 }
1087 free_acl:
1092 }
1094 /**
1095 * ksz9477_port_acl_free - Free the ACL resources for a specified port on a ksz
1096 * device.
1097 * @dev: The ksz_device instance.
1098 * @port: The port number to initialize the ACL for.
1099 *
1100 * This disables the ACL for the specified port and frees the associated memory,
1101 */
1103 {
1111 }
1113 /**
1114 * ksz9477_acl_set_reg - Set entry[16] and entry[17] depending on the updated
1115 * entry[]
1116 * @entry: An array containing the entries
1117 * @reg: The register of the entry that needs to be updated
1118 * @value: The value to be assigned to the updated entry
1119 *
1120 * This function updates the entry[] array based on the provided register and
1121 * value. It also sets entry[0x10] and entry[0x11] according to the ACL byte
1122 * enable rules.
1123 *
1124 * 0x10 - Byte Enable [15:8]
1125 *
1126 * Each bit enables accessing one of the ACL bytes when a read or write is
1127 * initiated by writing to the Port ACL Byte Enable LSB Register.
1128 * Bit 0 applies to the Port ACL Access 7 Register
1129 * Bit 1 applies to the Port ACL Access 6 Register, etc.
1130 * Bit 7 applies to the Port ACL Access 0 Register
1131 * 1 = Byte is selected for read/write
1132 * 0 = Byte is not selected
1133 *
1134 * 0x11 - Byte Enable [7:0]
1135 *
1136 * Each bit enables accessing one of the ACL bytes when a read or write is
1137 * initiated by writing to the Port ACL Byte Enable LSB Register.
1138 * Bit 0 applies to the Port ACL Access F Register
1139 * Bit 1 applies to the Port ACL Access E Register, etc.
1140 * Bit 7 applies to the Port ACL Access 8 Register
1141 * 1 = Byte is selected for read/write
1142 * 0 = Byte is not selected
1143 */
1145 u8 value)
1146 {
1158 }
1161 }
1163 /**
1164 * ksz9477_acl_matching_rule_cfg_l2 - Configure an ACL filtering entry to match
1165 * L2 types of Ethernet frames
1166 * @entry: Pointer to ACL entry buffer
1167 * @ethertype: Ethertype value
1168 * @eth_addr: Pointer to Ethernet address
1169 * @is_src: If true, match the source MAC address; if false, match the
1170 * destination MAC address
1171 *
1172 * This function configures an Access Control List (ACL) filtering
1173 * entry to match Layer 2 types of Ethernet frames based on the provided
1174 * ethertype and Ethernet address. Additionally, it can match either the source
1175 * or destination MAC address depending on the value of the is_src parameter.
1176 *
1177 * Register Descriptions for MD = 01 and ENB != 00 (Layer 2 MAC header
1178 * filtering)
1179 *
1180 * 0x01 - Mode and Enable
1181 * Bits 5:4 - MD (Mode)
1182 * 01 = Layer 2 MAC header or counter filtering
1183 * Bits 3:2 - ENB (Enable)
1184 * 01 = Comparison is performed only on the TYPE value
1185 * 10 = Comparison is performed only on the MAC Address value
1186 * 11 = Both the MAC Address and TYPE are tested
1187 * Bit 1 - S/D (Source / Destination)
1188 * 0 = Destination address
1189 * 1 = Source address
1190 * Bit 0 - EQ (Equal / Not Equal)
1191 * 0 = Not Equal produces true result
1192 * 1 = Equal produces true result
1193 *
1194 * 0x02-0x07 - MAC Address
1195 * 0x02 - MAC Address [47:40]
1196 * 0x03 - MAC Address [39:32]
1197 * 0x04 - MAC Address [31:24]
1198 * 0x05 - MAC Address [23:16]
1199 * 0x06 - MAC Address [15:8]
1200 * 0x07 - MAC Address [7:0]
1201 *
1202 * 0x08-0x09 - EtherType
1203 * 0x08 - EtherType [15:8]
1204 * 0x09 - EtherType [7:0]
1205 */
1208 {
1210 u8 val;
1229 }
1230 }
1234 }
1236 /**
1237 * ksz9477_acl_action_rule_cfg - Set action for an ACL entry
1238 * @entry: Pointer to the ACL entry
1239 * @force_prio: If true, force the priority value
1240 * @prio_val: Priority value
1241 *
1242 * This function sets the action for the specified ACL entry. It prepares
1243 * the priority mode and traffic class values and updates the entry's
1244 * action registers accordingly. Currently, there is no port or VLAN PCP
1245 * remapping.
1246 *
1247 * ACL Action Rule Parameters for Non-Count Modes (MD ≠ 01 or ENB ≠ 00)
1248 *
1249 * 0x0A - PM, P, RPE, RP[2:1]
1250 * Bits 7:6 - PM[1:0] - Priority Mode
1251 * 00 = ACL does not specify the packet priority. Priority is
1252 * determined by standard QoS functions.
1253 * 01 = Change packet priority to P[2:0] if it is greater than QoS
1254 * result.
1255 * 10 = Change packet priority to P[2:0] if it is smaller than the
1256 * QoS result.
1257 * 11 = Always change packet priority to P[2:0].
1258 * Bits 5:3 - P[2:0] - Priority value
1259 * Bit 2 - RPE - Remark Priority Enable
1260 * Bits 1:0 - RP[2:1] - Remarked Priority value (bits 2:1)
1261 * 0 = Disable priority remarking
1262 * 1 = Enable priority remarking. VLAN tag priority (PCP) bits are
1263 * replaced by RP[2:0].
1264 *
1265 * 0x0B - RP[0], MM
1266 * Bit 7 - RP[0] - Remarked Priority value (bit 0)
1267 * Bits 6:5 - MM[1:0] - Map Mode
1268 * 00 = No forwarding remapping
1269 * 01 = The forwarding map in FORWARD is OR'ed with the forwarding
1270 * map from the Address Lookup Table.
1271 * 10 = The forwarding map in FORWARD is AND'ed with the forwarding
1272 * map from the Address Lookup Table.
1273 * 11 = The forwarding map in FORWARD replaces the forwarding map
1274 * from the Address Lookup Table.
1275 * 0x0D - FORWARD[n:0]
1276 * Bits 7:0 - FORWARD[n:0] - Forwarding map. Bit 0 = port 1,
1277 * bit 1 = port 2, etc.
1278 * 1 = enable forwarding to this port
1279 * 0 = do not forward to this port
1280 */
1282 {
1287 else
1294 /* no port or VLAN PCP remapping for now */
1297 }
1299 /**
1300 * ksz9477_acl_processing_rule_set_action - Set the action for the processing
1301 * rule set.
1302 * @entry: Pointer to the ACL entry
1303 * @action_idx: Index of the action to be applied
1304 *
1305 * This function sets the action for the processing rule set by updating the
1306 * appropriate register in the entry. There can be only one action per
1307 * processing rule.
1308 *
1309 * Access Control List (ACL) Processing Rule Registers:
1310 *
1311 * 0x00 - First Rule Number (FRN)
1312 * Bits 3:0 - First Rule Number. Pointer to an Action rule entry.
1313 */
1315 {
1317 }
1319 /**
1320 * ksz9477_acl_processing_rule_add_match - Add a matching rule to the rule set
1321 * @entry: Pointer to the ACL entry
1322 * @match_idx: Index of the matching rule to be added
1323 *
1324 * This function adds a matching rule to the rule set by updating the
1325 * appropriate bits in the entry's rule set registers.
1326 *
1327 * Access Control List (ACL) Processing Rule Registers:
1328 *
1329 * 0x0E - RuleSet [15:8]
1330 * Bits 7:0 - RuleSet [15:8] Specifies a set of one or more Matching rule
1331 * entries. RuleSet has one bit for each of the 16 Matching rule entries.
1332 * If multiple Matching rules are selected, then all conditions will be
1333 * AND'ed to produce a final match result.
1334 * 0 = Matching rule not selected
1335 * 1 = Matching rule selected
1336 *
1337 * 0x0F - RuleSet [7:0]
1338 * Bits 7:0 - RuleSet [7:0]
1339 */
1341 {
1347 else
1352 }
1354 /**
1355 * ksz9477_acl_get_init_entry - Get a new uninitialized entry for a specified
1356 * port on a ksz_device.
1357 * @dev: The ksz_device instance.
1358 * @port: The port number to get the uninitialized entry for.
1359 * @cookie: The cookie to associate with the entry.
1360 * @prio: The priority to associate with the entry.
1361 *
1362 * This function retrieves the next available ACL entry for the specified port,
1363 * clears all access flags, and associates it with the current cookie.
1364 *
1365 * Returns: A pointer to the new uninitialized ACL entry.
1366 */
1370 {
1379 /* clear all access flags */
1384 }
1386 /**
1387 * ksz9477_acl_match_process_l2 - Configure Layer 2 ACL matching rules and
1388 * processing rules.
1389 * @dev: Pointer to the ksz_device.
1390 * @port: Port number.
1391 * @ethtype: Ethernet type.
1392 * @src_mac: Source MAC address.
1393 * @dst_mac: Destination MAC address.
1394 * @cookie: The cookie to associate with the entry.
1395 * @prio: The priority of the entry.
1396 *
1397 * This function sets up matching and processing rules for Layer 2 ACLs.
1398 * It takes into account that only one MAC per entry is supported.
1399 */
1403 {
1410 /* ACL supports only one MAC per entry */
1415 /* Add both match entries to first processing rule */
1431 is_src);
1435 }
1436 }