19d106c6dSDmitry Bogdanov /* SPDX-License-Identifier: GPL-2.0-only */ 29d106c6dSDmitry Bogdanov /* Atlantic Network Driver 39d106c6dSDmitry Bogdanov * Copyright (C) 2020 Marvell International Ltd. 49d106c6dSDmitry Bogdanov */ 59d106c6dSDmitry Bogdanov 69d106c6dSDmitry Bogdanov #ifndef _MACSEC_STRUCT_H_ 79d106c6dSDmitry Bogdanov #define _MACSEC_STRUCT_H_ 89d106c6dSDmitry Bogdanov 99d106c6dSDmitry Bogdanov /*! Represents the bitfields of a single row in the Egress CTL Filter 109d106c6dSDmitry Bogdanov * table. 119d106c6dSDmitry Bogdanov */ 129d106c6dSDmitry Bogdanov struct aq_mss_egress_ctlf_record { 139d106c6dSDmitry Bogdanov /*! This is used to store the 48 bit value used to compare SA, DA or 149d106c6dSDmitry Bogdanov * halfDA+half SA value. 159d106c6dSDmitry Bogdanov */ 169d106c6dSDmitry Bogdanov u32 sa_da[2]; 179d106c6dSDmitry Bogdanov /*! This is used to store the 16 bit ethertype value used for 189d106c6dSDmitry Bogdanov * comparison. 199d106c6dSDmitry Bogdanov */ 209d106c6dSDmitry Bogdanov u32 eth_type; 219d106c6dSDmitry Bogdanov /*! The match mask is per-nibble. 0 means don't care, i.e. every value 229d106c6dSDmitry Bogdanov * will match successfully. The total data is 64 bit, i.e. 16 nibbles 239d106c6dSDmitry Bogdanov * masks. 249d106c6dSDmitry Bogdanov */ 259d106c6dSDmitry Bogdanov u32 match_mask; 269d106c6dSDmitry Bogdanov /*! 0: No compare, i.e. This entry is not used 279d106c6dSDmitry Bogdanov * 1: compare DA only 289d106c6dSDmitry Bogdanov * 2: compare SA only 299d106c6dSDmitry Bogdanov * 3: compare half DA + half SA 309d106c6dSDmitry Bogdanov * 4: compare ether type only 319d106c6dSDmitry Bogdanov * 5: compare DA + ethertype 329d106c6dSDmitry Bogdanov * 6: compare SA + ethertype 339d106c6dSDmitry Bogdanov * 7: compare DA+ range. 349d106c6dSDmitry Bogdanov */ 359d106c6dSDmitry Bogdanov u32 match_type; 369d106c6dSDmitry Bogdanov /*! 0: Bypass the remaining modules if matched. 379d106c6dSDmitry Bogdanov * 1: Forward to next module for more classifications. 389d106c6dSDmitry Bogdanov */ 399d106c6dSDmitry Bogdanov u32 action; 409d106c6dSDmitry Bogdanov }; 419d106c6dSDmitry Bogdanov 429d106c6dSDmitry Bogdanov /*! Represents the bitfields of a single row in the Egress Packet 439d106c6dSDmitry Bogdanov * Classifier table. 449d106c6dSDmitry Bogdanov */ 459d106c6dSDmitry Bogdanov struct aq_mss_egress_class_record { 469d106c6dSDmitry Bogdanov /*! VLAN ID field. */ 479d106c6dSDmitry Bogdanov u32 vlan_id; 489d106c6dSDmitry Bogdanov /*! VLAN UP field. */ 499d106c6dSDmitry Bogdanov u32 vlan_up; 509d106c6dSDmitry Bogdanov /*! VLAN Present in the Packet. */ 519d106c6dSDmitry Bogdanov u32 vlan_valid; 529d106c6dSDmitry Bogdanov /*! The 8 bit value used to compare with extracted value for byte 3. */ 539d106c6dSDmitry Bogdanov u32 byte3; 549d106c6dSDmitry Bogdanov /*! The 8 bit value used to compare with extracted value for byte 2. */ 559d106c6dSDmitry Bogdanov u32 byte2; 569d106c6dSDmitry Bogdanov /*! The 8 bit value used to compare with extracted value for byte 1. */ 579d106c6dSDmitry Bogdanov u32 byte1; 589d106c6dSDmitry Bogdanov /*! The 8 bit value used to compare with extracted value for byte 0. */ 599d106c6dSDmitry Bogdanov u32 byte0; 609d106c6dSDmitry Bogdanov /*! The 8 bit TCI field used to compare with extracted value. */ 619d106c6dSDmitry Bogdanov u32 tci; 629d106c6dSDmitry Bogdanov /*! The 64 bit SCI field in the SecTAG. */ 639d106c6dSDmitry Bogdanov u32 sci[2]; 649d106c6dSDmitry Bogdanov /*! The 16 bit Ethertype (in the clear) field used to compare with 659d106c6dSDmitry Bogdanov * extracted value. 669d106c6dSDmitry Bogdanov */ 679d106c6dSDmitry Bogdanov u32 eth_type; 689d106c6dSDmitry Bogdanov /*! This is to specify the 40bit SNAP header if the SNAP header's mask 699d106c6dSDmitry Bogdanov * is enabled. 709d106c6dSDmitry Bogdanov */ 719d106c6dSDmitry Bogdanov u32 snap[2]; 729d106c6dSDmitry Bogdanov /*! This is to specify the 24bit LLC header if the LLC header's mask is 739d106c6dSDmitry Bogdanov * enabled. 749d106c6dSDmitry Bogdanov */ 759d106c6dSDmitry Bogdanov u32 llc; 769d106c6dSDmitry Bogdanov /*! The 48 bit MAC_SA field used to compare with extracted value. */ 779d106c6dSDmitry Bogdanov u32 mac_sa[2]; 789d106c6dSDmitry Bogdanov /*! The 48 bit MAC_DA field used to compare with extracted value. */ 799d106c6dSDmitry Bogdanov u32 mac_da[2]; 809d106c6dSDmitry Bogdanov /*! The 32 bit Packet number used to compare with extracted value. */ 819d106c6dSDmitry Bogdanov u32 pn; 829d106c6dSDmitry Bogdanov /*! 0~63: byte location used extracted by packets comparator, which 839d106c6dSDmitry Bogdanov * can be anything from the first 64 bytes of the MAC packets. 849d106c6dSDmitry Bogdanov * This byte location counted from MAC' DA address. i.e. set to 0 859d106c6dSDmitry Bogdanov * will point to byte 0 of DA address. 869d106c6dSDmitry Bogdanov */ 879d106c6dSDmitry Bogdanov u32 byte3_location; 889d106c6dSDmitry Bogdanov /*! 0: don't care 899d106c6dSDmitry Bogdanov * 1: enable comparison of extracted byte pointed by byte 3 location. 909d106c6dSDmitry Bogdanov */ 919d106c6dSDmitry Bogdanov u32 byte3_mask; 929d106c6dSDmitry Bogdanov /*! 0~63: byte location used extracted by packets comparator, which 939d106c6dSDmitry Bogdanov * can be anything from the first 64 bytes of the MAC packets. 949d106c6dSDmitry Bogdanov * This byte location counted from MAC' DA address. i.e. set to 0 959d106c6dSDmitry Bogdanov * will point to byte 0 of DA address. 969d106c6dSDmitry Bogdanov */ 979d106c6dSDmitry Bogdanov u32 byte2_location; 989d106c6dSDmitry Bogdanov /*! 0: don't care 999d106c6dSDmitry Bogdanov * 1: enable comparison of extracted byte pointed by byte 2 location. 1009d106c6dSDmitry Bogdanov */ 1019d106c6dSDmitry Bogdanov u32 byte2_mask; 1029d106c6dSDmitry Bogdanov /*! 0~63: byte location used extracted by packets comparator, which 1039d106c6dSDmitry Bogdanov * can be anything from the first 64 bytes of the MAC packets. 1049d106c6dSDmitry Bogdanov * This byte location counted from MAC' DA address. i.e. set to 0 1059d106c6dSDmitry Bogdanov * will point to byte 0 of DA address. 1069d106c6dSDmitry Bogdanov */ 1079d106c6dSDmitry Bogdanov u32 byte1_location; 1089d106c6dSDmitry Bogdanov /*! 0: don't care 1099d106c6dSDmitry Bogdanov * 1: enable comparison of extracted byte pointed by byte 1 location. 1109d106c6dSDmitry Bogdanov */ 1119d106c6dSDmitry Bogdanov u32 byte1_mask; 1129d106c6dSDmitry Bogdanov /*! 0~63: byte location used extracted by packets comparator, which 1139d106c6dSDmitry Bogdanov * can be anything from the first 64 bytes of the MAC packets. 1149d106c6dSDmitry Bogdanov * This byte location counted from MAC' DA address. i.e. set to 0 1159d106c6dSDmitry Bogdanov * will point to byte 0 of DA address. 1169d106c6dSDmitry Bogdanov */ 1179d106c6dSDmitry Bogdanov u32 byte0_location; 1189d106c6dSDmitry Bogdanov /*! 0: don't care 1199d106c6dSDmitry Bogdanov * 1: enable comparison of extracted byte pointed by byte 0 location. 1209d106c6dSDmitry Bogdanov */ 1219d106c6dSDmitry Bogdanov u32 byte0_mask; 1229d106c6dSDmitry Bogdanov /*! Mask is per-byte. 1239d106c6dSDmitry Bogdanov * 0: don't care 1249d106c6dSDmitry Bogdanov * 1: enable comparison of extracted VLAN ID field. 1259d106c6dSDmitry Bogdanov */ 1269d106c6dSDmitry Bogdanov u32 vlan_id_mask; 1279d106c6dSDmitry Bogdanov /*! 0: don't care 1289d106c6dSDmitry Bogdanov * 1: enable comparison of extracted VLAN UP field. 1299d106c6dSDmitry Bogdanov */ 1309d106c6dSDmitry Bogdanov u32 vlan_up_mask; 1319d106c6dSDmitry Bogdanov /*! 0: don't care 1329d106c6dSDmitry Bogdanov * 1: enable comparison of extracted VLAN Valid field. 1339d106c6dSDmitry Bogdanov */ 1349d106c6dSDmitry Bogdanov u32 vlan_valid_mask; 1359d106c6dSDmitry Bogdanov /*! This is bit mask to enable comparison the 8 bit TCI field, 1369d106c6dSDmitry Bogdanov * including the AN field. 1379d106c6dSDmitry Bogdanov * For explicit SECTAG, AN is hardware controlled. For sending 1389d106c6dSDmitry Bogdanov * packet w/ explicit SECTAG, rest of the TCI fields are directly 1399d106c6dSDmitry Bogdanov * from the SECTAG. 1409d106c6dSDmitry Bogdanov */ 1419d106c6dSDmitry Bogdanov u32 tci_mask; 1429d106c6dSDmitry Bogdanov /*! Mask is per-byte. 1439d106c6dSDmitry Bogdanov * 0: don't care 1449d106c6dSDmitry Bogdanov * 1: enable comparison of SCI 1459d106c6dSDmitry Bogdanov * Note: If this field is not 0, this means the input packet's 1469d106c6dSDmitry Bogdanov * SECTAG is explicitly tagged and MACSEC module will only update 1479d106c6dSDmitry Bogdanov * the MSDU. 1489d106c6dSDmitry Bogdanov * PN number is hardware controlled. 1499d106c6dSDmitry Bogdanov */ 1509d106c6dSDmitry Bogdanov u32 sci_mask; 1519d106c6dSDmitry Bogdanov /*! Mask is per-byte. 1529d106c6dSDmitry Bogdanov * 0: don't care 1539d106c6dSDmitry Bogdanov * 1: enable comparison of Ethertype. 1549d106c6dSDmitry Bogdanov */ 1559d106c6dSDmitry Bogdanov u32 eth_type_mask; 1569d106c6dSDmitry Bogdanov /*! Mask is per-byte. 1579d106c6dSDmitry Bogdanov * 0: don't care and no SNAP header exist. 1589d106c6dSDmitry Bogdanov * 1: compare the SNAP header. 1599d106c6dSDmitry Bogdanov * If this bit is set to 1, the extracted filed will assume the 1609d106c6dSDmitry Bogdanov * SNAP header exist as encapsulated in 802.3 (RFC 1042). I.E. the 161*63769819SJilin Yuan * next 5 bytes after the LLC header is SNAP header. 1629d106c6dSDmitry Bogdanov */ 1639d106c6dSDmitry Bogdanov u32 snap_mask; 1649d106c6dSDmitry Bogdanov /*! 0: don't care and no LLC header exist. 1659d106c6dSDmitry Bogdanov * 1: compare the LLC header. 1669d106c6dSDmitry Bogdanov * If this bit is set to 1, the extracted filed will assume the 1679d106c6dSDmitry Bogdanov * LLC header exist as encapsulated in 802.3 (RFC 1042). I.E. the 1689d106c6dSDmitry Bogdanov * next three bytes after the 802.3MAC header is LLC header. 1699d106c6dSDmitry Bogdanov */ 1709d106c6dSDmitry Bogdanov u32 llc_mask; 1719d106c6dSDmitry Bogdanov /*! Mask is per-byte. 1729d106c6dSDmitry Bogdanov * 0: don't care 1739d106c6dSDmitry Bogdanov * 1: enable comparison of MAC_SA. 1749d106c6dSDmitry Bogdanov */ 1759d106c6dSDmitry Bogdanov u32 sa_mask; 1769d106c6dSDmitry Bogdanov /*! Mask is per-byte. 1779d106c6dSDmitry Bogdanov * 0: don't care 1789d106c6dSDmitry Bogdanov * 1: enable comparison of MAC_DA. 1799d106c6dSDmitry Bogdanov */ 1809d106c6dSDmitry Bogdanov u32 da_mask; 1819d106c6dSDmitry Bogdanov /*! Mask is per-byte. */ 1829d106c6dSDmitry Bogdanov u32 pn_mask; 1839d106c6dSDmitry Bogdanov /*! Reserved. This bit should be always 0. */ 1849d106c6dSDmitry Bogdanov u32 eight02dot2; 1859d106c6dSDmitry Bogdanov /*! 1: For explicit sectag case use TCI_SC from table 1869d106c6dSDmitry Bogdanov * 0: use TCI_SC from explicit sectag. 1879d106c6dSDmitry Bogdanov */ 1889d106c6dSDmitry Bogdanov u32 tci_sc; 1899d106c6dSDmitry Bogdanov /*! 1: For explicit sectag case,use TCI_V,ES,SCB,E,C from table 1909d106c6dSDmitry Bogdanov * 0: use TCI_V,ES,SCB,E,C from explicit sectag. 1919d106c6dSDmitry Bogdanov */ 1929d106c6dSDmitry Bogdanov u32 tci_87543; 1939d106c6dSDmitry Bogdanov /*! 1: indicates that incoming packet has explicit sectag. */ 1949d106c6dSDmitry Bogdanov u32 exp_sectag_en; 1959d106c6dSDmitry Bogdanov /*! If packet matches and tagged as controlled-packet, this SC/SA 1969d106c6dSDmitry Bogdanov * index is used for later SC and SA table lookup. 1979d106c6dSDmitry Bogdanov */ 1989d106c6dSDmitry Bogdanov u32 sc_idx; 1999d106c6dSDmitry Bogdanov /*! This field is used to specify how many SA entries are 2009d106c6dSDmitry Bogdanov * associated with 1 SC entry. 2019d106c6dSDmitry Bogdanov * 2'b00: 1 SC has 4 SA. 2029d106c6dSDmitry Bogdanov * SC index is equivalent to {SC_Index[4:2], 1'b0}. 2039d106c6dSDmitry Bogdanov * SA index is equivalent to {SC_Index[4:2], SC entry's current AN[1:0] 2049d106c6dSDmitry Bogdanov * 2'b10: 1 SC has 2 SA. 2059d106c6dSDmitry Bogdanov * SC index is equivalent to SC_Index[4:1] 2069d106c6dSDmitry Bogdanov * SA index is equivalent to {SC_Index[4:1], SC entry's current AN[0]} 2079d106c6dSDmitry Bogdanov * 2'b11: 1 SC has 1 SA. No SC entry exists for the specific SA. 2089d106c6dSDmitry Bogdanov * SA index is equivalent to SC_Index[4:0] 2099d106c6dSDmitry Bogdanov * Note: if specified as 2'b11, hardware AN roll over is not 2109d106c6dSDmitry Bogdanov * supported. 2119d106c6dSDmitry Bogdanov */ 2129d106c6dSDmitry Bogdanov u32 sc_sa; 2139d106c6dSDmitry Bogdanov /*! 0: the packets will be sent to MAC FIFO 2149d106c6dSDmitry Bogdanov * 1: The packets will be sent to Debug/Loopback FIFO. 2159d106c6dSDmitry Bogdanov * If the above's action is drop, this bit has no meaning. 2169d106c6dSDmitry Bogdanov */ 2179d106c6dSDmitry Bogdanov u32 debug; 2189d106c6dSDmitry Bogdanov /*! 0: forward to remaining modules 2199d106c6dSDmitry Bogdanov * 1: bypass the next encryption modules. This packet is considered 2209d106c6dSDmitry Bogdanov * un-control packet. 2219d106c6dSDmitry Bogdanov * 2: drop 2229d106c6dSDmitry Bogdanov * 3: Reserved. 2239d106c6dSDmitry Bogdanov */ 2249d106c6dSDmitry Bogdanov u32 action; 2259d106c6dSDmitry Bogdanov /*! 0: Not valid entry. This entry is not used 2269d106c6dSDmitry Bogdanov * 1: valid entry. 2279d106c6dSDmitry Bogdanov */ 2289d106c6dSDmitry Bogdanov u32 valid; 2299d106c6dSDmitry Bogdanov }; 2309d106c6dSDmitry Bogdanov 2319d106c6dSDmitry Bogdanov /*! Represents the bitfields of a single row in the Egress SC Lookup table. */ 2329d106c6dSDmitry Bogdanov struct aq_mss_egress_sc_record { 2339d106c6dSDmitry Bogdanov /*! This is to specify when the SC was first used. Set by HW. */ 2349d106c6dSDmitry Bogdanov u32 start_time; 2359d106c6dSDmitry Bogdanov /*! This is to specify when the SC was last used. Set by HW. */ 2369d106c6dSDmitry Bogdanov u32 stop_time; 2379d106c6dSDmitry Bogdanov /*! This is to specify which of the SA entries are used by current HW. 2389d106c6dSDmitry Bogdanov * Note: This value need to be set by SW after reset. It will be 2399d106c6dSDmitry Bogdanov * automatically updated by HW, if AN roll over is enabled. 2409d106c6dSDmitry Bogdanov */ 2419d106c6dSDmitry Bogdanov u32 curr_an; 2429d106c6dSDmitry Bogdanov /*! 0: Clear the SA Valid Bit after PN expiry. 2439d106c6dSDmitry Bogdanov * 1: Do not Clear the SA Valid bit after PN expiry of the current SA. 2449d106c6dSDmitry Bogdanov * When the Enable AN roll over is set, S/W does not need to 2459d106c6dSDmitry Bogdanov * program the new SA's and the H/W will automatically roll over 2469d106c6dSDmitry Bogdanov * between the SA's without session expiry. 2479d106c6dSDmitry Bogdanov * For normal operation, Enable AN Roll over will be set to '0' 2489d106c6dSDmitry Bogdanov * and in which case, the SW needs to program the new SA values 2499d106c6dSDmitry Bogdanov * after the current PN expires. 2509d106c6dSDmitry Bogdanov */ 2519d106c6dSDmitry Bogdanov u32 an_roll; 2529d106c6dSDmitry Bogdanov /*! This is the TCI field used if packet is not explicitly tagged. */ 2539d106c6dSDmitry Bogdanov u32 tci; 2549d106c6dSDmitry Bogdanov /*! This value indicates the offset where the decryption will start. 2559d106c6dSDmitry Bogdanov * [[Values of 0, 4, 8-50]. 2569d106c6dSDmitry Bogdanov */ 2579d106c6dSDmitry Bogdanov u32 enc_off; 2589d106c6dSDmitry Bogdanov /*! 0: Do not protect frames, all the packets will be forwarded 2599d106c6dSDmitry Bogdanov * unchanged. MIB counter (OutPktsUntagged) will be updated. 2609d106c6dSDmitry Bogdanov * 1: Protect. 2619d106c6dSDmitry Bogdanov */ 2629d106c6dSDmitry Bogdanov u32 protect; 2639d106c6dSDmitry Bogdanov /*! 0: when none of the SA related to SC has inUse set. 2649d106c6dSDmitry Bogdanov * 1: when either of the SA related to the SC has inUse set. 2659d106c6dSDmitry Bogdanov * This bit is set by HW. 2669d106c6dSDmitry Bogdanov */ 2679d106c6dSDmitry Bogdanov u32 recv; 2689d106c6dSDmitry Bogdanov /*! 0: H/W Clears this bit on the first use. 2699d106c6dSDmitry Bogdanov * 1: SW updates this entry, when programming the SC Table. 2709d106c6dSDmitry Bogdanov */ 2719d106c6dSDmitry Bogdanov u32 fresh; 2729d106c6dSDmitry Bogdanov /*! AES Key size 2739d106c6dSDmitry Bogdanov * 00 - 128bits 2749d106c6dSDmitry Bogdanov * 01 - 192bits 2759d106c6dSDmitry Bogdanov * 10 - 256bits 2769d106c6dSDmitry Bogdanov * 11 - Reserved. 2779d106c6dSDmitry Bogdanov */ 2789d106c6dSDmitry Bogdanov u32 sak_len; 2799d106c6dSDmitry Bogdanov /*! 0: Invalid SC 2809d106c6dSDmitry Bogdanov * 1: Valid SC. 2819d106c6dSDmitry Bogdanov */ 2829d106c6dSDmitry Bogdanov u32 valid; 2839d106c6dSDmitry Bogdanov }; 2849d106c6dSDmitry Bogdanov 2859d106c6dSDmitry Bogdanov /*! Represents the bitfields of a single row in the Egress SA Lookup table. */ 2869d106c6dSDmitry Bogdanov struct aq_mss_egress_sa_record { 2879d106c6dSDmitry Bogdanov /*! This is to specify when the SC was first used. Set by HW. */ 2889d106c6dSDmitry Bogdanov u32 start_time; 2899d106c6dSDmitry Bogdanov /*! This is to specify when the SC was last used. Set by HW. */ 2909d106c6dSDmitry Bogdanov u32 stop_time; 2919d106c6dSDmitry Bogdanov /*! This is set by SW and updated by HW to store the Next PN number 2929d106c6dSDmitry Bogdanov * used for encryption. 2939d106c6dSDmitry Bogdanov */ 2949d106c6dSDmitry Bogdanov u32 next_pn; 2959d106c6dSDmitry Bogdanov /*! The Next_PN number is going to wrapped around from 0xFFFF_FFFF 2969d106c6dSDmitry Bogdanov * to 0. set by HW. 2979d106c6dSDmitry Bogdanov */ 2989d106c6dSDmitry Bogdanov u32 sat_pn; 2999d106c6dSDmitry Bogdanov /*! 0: This SA is in use. 3009d106c6dSDmitry Bogdanov * 1: This SA is Fresh and set by SW. 3019d106c6dSDmitry Bogdanov */ 3029d106c6dSDmitry Bogdanov u32 fresh; 3039d106c6dSDmitry Bogdanov /*! 0: Invalid SA 3049d106c6dSDmitry Bogdanov * 1: Valid SA. 3059d106c6dSDmitry Bogdanov */ 3069d106c6dSDmitry Bogdanov u32 valid; 3079d106c6dSDmitry Bogdanov }; 3089d106c6dSDmitry Bogdanov 3099d106c6dSDmitry Bogdanov /*! Represents the bitfields of a single row in the Egress SA Key 3109d106c6dSDmitry Bogdanov * Lookup table. 3119d106c6dSDmitry Bogdanov */ 3129d106c6dSDmitry Bogdanov struct aq_mss_egress_sakey_record { 3139d106c6dSDmitry Bogdanov /*! Key for AES-GCM processing. */ 3149d106c6dSDmitry Bogdanov u32 key[8]; 3159d106c6dSDmitry Bogdanov }; 3169d106c6dSDmitry Bogdanov 317b8f8a0b7SMark Starovoytov /*! Represents the bitfields of a single row in the Ingress Pre-MACSec 318b8f8a0b7SMark Starovoytov * CTL Filter table. 319b8f8a0b7SMark Starovoytov */ 320b8f8a0b7SMark Starovoytov struct aq_mss_ingress_prectlf_record { 321b8f8a0b7SMark Starovoytov /*! This is used to store the 48 bit value used to compare SA, DA 322b8f8a0b7SMark Starovoytov * or halfDA+half SA value. 323b8f8a0b7SMark Starovoytov */ 324b8f8a0b7SMark Starovoytov u32 sa_da[2]; 325b8f8a0b7SMark Starovoytov /*! This is used to store the 16 bit ethertype value used for 326b8f8a0b7SMark Starovoytov * comparison. 327b8f8a0b7SMark Starovoytov */ 328b8f8a0b7SMark Starovoytov u32 eth_type; 329b8f8a0b7SMark Starovoytov /*! The match mask is per-nibble. 0 means don't care, i.e. every 330b8f8a0b7SMark Starovoytov * value will match successfully. The total data is 64 bit, i.e. 331b8f8a0b7SMark Starovoytov * 16 nibbles masks. 332b8f8a0b7SMark Starovoytov */ 333b8f8a0b7SMark Starovoytov u32 match_mask; 334b8f8a0b7SMark Starovoytov /*! 0: No compare, i.e. This entry is not used 335b8f8a0b7SMark Starovoytov * 1: compare DA only 336b8f8a0b7SMark Starovoytov * 2: compare SA only 337b8f8a0b7SMark Starovoytov * 3: compare half DA + half SA 338b8f8a0b7SMark Starovoytov * 4: compare ether type only 339b8f8a0b7SMark Starovoytov * 5: compare DA + ethertype 340b8f8a0b7SMark Starovoytov * 6: compare SA + ethertype 341b8f8a0b7SMark Starovoytov * 7: compare DA+ range. 342b8f8a0b7SMark Starovoytov */ 343b8f8a0b7SMark Starovoytov u32 match_type; 344b8f8a0b7SMark Starovoytov /*! 0: Bypass the remaining modules if matched. 345b8f8a0b7SMark Starovoytov * 1: Forward to next module for more classifications. 346b8f8a0b7SMark Starovoytov */ 347b8f8a0b7SMark Starovoytov u32 action; 348b8f8a0b7SMark Starovoytov }; 349b8f8a0b7SMark Starovoytov 350b8f8a0b7SMark Starovoytov /*! Represents the bitfields of a single row in the Ingress Pre-MACSec 351b8f8a0b7SMark Starovoytov * Packet Classifier table. 352b8f8a0b7SMark Starovoytov */ 353b8f8a0b7SMark Starovoytov struct aq_mss_ingress_preclass_record { 354b8f8a0b7SMark Starovoytov /*! The 64 bit SCI field used to compare with extracted value. 355b8f8a0b7SMark Starovoytov * Should have SCI value in case TCI[SCI_SEND] == 0. This will be 356b8f8a0b7SMark Starovoytov * used for ICV calculation. 357b8f8a0b7SMark Starovoytov */ 358b8f8a0b7SMark Starovoytov u32 sci[2]; 359b8f8a0b7SMark Starovoytov /*! The 8 bit TCI field used to compare with extracted value. */ 360b8f8a0b7SMark Starovoytov u32 tci; 361b8f8a0b7SMark Starovoytov /*! 8 bit encryption offset. */ 362b8f8a0b7SMark Starovoytov u32 encr_offset; 363b8f8a0b7SMark Starovoytov /*! The 16 bit Ethertype (in the clear) field used to compare with 364b8f8a0b7SMark Starovoytov * extracted value. 365b8f8a0b7SMark Starovoytov */ 366b8f8a0b7SMark Starovoytov u32 eth_type; 367b8f8a0b7SMark Starovoytov /*! This is to specify the 40bit SNAP header if the SNAP header's 368b8f8a0b7SMark Starovoytov * mask is enabled. 369b8f8a0b7SMark Starovoytov */ 370b8f8a0b7SMark Starovoytov u32 snap[2]; 371b8f8a0b7SMark Starovoytov /*! This is to specify the 24bit LLC header if the LLC header's 372b8f8a0b7SMark Starovoytov * mask is enabled. 373b8f8a0b7SMark Starovoytov */ 374b8f8a0b7SMark Starovoytov u32 llc; 375b8f8a0b7SMark Starovoytov /*! The 48 bit MAC_SA field used to compare with extracted value. */ 376b8f8a0b7SMark Starovoytov u32 mac_sa[2]; 377b8f8a0b7SMark Starovoytov /*! The 48 bit MAC_DA field used to compare with extracted value. */ 378b8f8a0b7SMark Starovoytov u32 mac_da[2]; 379b8f8a0b7SMark Starovoytov /*! 0: this is to compare with non-LPBK packet 380b8f8a0b7SMark Starovoytov * 1: this is to compare with LPBK packet. 381b8f8a0b7SMark Starovoytov * This value is used to compare with a controlled-tag which goes 382b8f8a0b7SMark Starovoytov * with the packet when looped back from Egress port. 383b8f8a0b7SMark Starovoytov */ 384b8f8a0b7SMark Starovoytov u32 lpbk_packet; 385b8f8a0b7SMark Starovoytov /*! The value of this bit mask will affects how the SC index and SA 386b8f8a0b7SMark Starovoytov * index created. 387b8f8a0b7SMark Starovoytov * 2'b00: 1 SC has 4 SA. 388b8f8a0b7SMark Starovoytov * SC index is equivalent to {SC_Index[4:2], 1'b0}. 389b8f8a0b7SMark Starovoytov * SA index is equivalent to {SC_Index[4:2], SECTAG's AN[1:0]} 390b8f8a0b7SMark Starovoytov * Here AN bits are not compared. 391b8f8a0b7SMark Starovoytov * 2'b10: 1 SC has 2 SA. 392b8f8a0b7SMark Starovoytov * SC index is equivalent to SC_Index[4:1] 393b8f8a0b7SMark Starovoytov * SA index is equivalent to {SC_Index[4:1], SECTAG's AN[0]} 394b8f8a0b7SMark Starovoytov * Compare AN[1] field only 395b8f8a0b7SMark Starovoytov * 2'b11: 1 SC has 1 SA. No SC entry exists for the specific SA. 396b8f8a0b7SMark Starovoytov * SA index is equivalent to SC_Index[4:0] 397b8f8a0b7SMark Starovoytov * AN[1:0] bits are compared. 398b8f8a0b7SMark Starovoytov * NOTE: This design is to supports different usage of AN. User 399b8f8a0b7SMark Starovoytov * can either ping-pong buffer 2 SA by using only the AN[0] bit. 400b8f8a0b7SMark Starovoytov * Or use 4 SA per SC by use AN[1:0] bits. Or even treat each SA 401b8f8a0b7SMark Starovoytov * as independent. i.e. AN[1:0] is just another matching pointer 402b8f8a0b7SMark Starovoytov * to select SA. 403b8f8a0b7SMark Starovoytov */ 404b8f8a0b7SMark Starovoytov u32 an_mask; 405b8f8a0b7SMark Starovoytov /*! This is bit mask to enable comparison the upper 6 bits TCI 406b8f8a0b7SMark Starovoytov * field, which does not include the AN field. 407b8f8a0b7SMark Starovoytov * 0: don't compare 408b8f8a0b7SMark Starovoytov * 1: enable comparison of the bits. 409b8f8a0b7SMark Starovoytov */ 410b8f8a0b7SMark Starovoytov u32 tci_mask; 411b8f8a0b7SMark Starovoytov /*! 0: don't care 412b8f8a0b7SMark Starovoytov * 1: enable comparison of SCI. 413b8f8a0b7SMark Starovoytov */ 414b8f8a0b7SMark Starovoytov u32 sci_mask; 415b8f8a0b7SMark Starovoytov /*! Mask is per-byte. 416b8f8a0b7SMark Starovoytov * 0: don't care 417b8f8a0b7SMark Starovoytov * 1: enable comparison of Ethertype. 418b8f8a0b7SMark Starovoytov */ 419b8f8a0b7SMark Starovoytov u32 eth_type_mask; 420b8f8a0b7SMark Starovoytov /*! Mask is per-byte. 421b8f8a0b7SMark Starovoytov * 0: don't care and no SNAP header exist. 422b8f8a0b7SMark Starovoytov * 1: compare the SNAP header. 423b8f8a0b7SMark Starovoytov * If this bit is set to 1, the extracted filed will assume the 424b8f8a0b7SMark Starovoytov * SNAP header exist as encapsulated in 802.3 (RFC 1042). I.E. the 425*63769819SJilin Yuan * next 5 bytes after the LLC header is SNAP header. 426b8f8a0b7SMark Starovoytov */ 427b8f8a0b7SMark Starovoytov u32 snap_mask; 428b8f8a0b7SMark Starovoytov /*! Mask is per-byte. 429b8f8a0b7SMark Starovoytov * 0: don't care and no LLC header exist. 430b8f8a0b7SMark Starovoytov * 1: compare the LLC header. 431b8f8a0b7SMark Starovoytov * If this bit is set to 1, the extracted filed will assume the 432b8f8a0b7SMark Starovoytov * LLC header exist as encapsulated in 802.3 (RFC 1042). I.E. the 433b8f8a0b7SMark Starovoytov * next three bytes after the 802.3MAC header is LLC header. 434b8f8a0b7SMark Starovoytov */ 435b8f8a0b7SMark Starovoytov u32 llc_mask; 436b8f8a0b7SMark Starovoytov /*! Reserved. This bit should be always 0. */ 437b8f8a0b7SMark Starovoytov u32 _802_2_encapsulate; 438b8f8a0b7SMark Starovoytov /*! Mask is per-byte. 439b8f8a0b7SMark Starovoytov * 0: don't care 440b8f8a0b7SMark Starovoytov * 1: enable comparison of MAC_SA. 441b8f8a0b7SMark Starovoytov */ 442b8f8a0b7SMark Starovoytov u32 sa_mask; 443b8f8a0b7SMark Starovoytov /*! Mask is per-byte. 444b8f8a0b7SMark Starovoytov * 0: don't care 445b8f8a0b7SMark Starovoytov * 1: enable comparison of MAC_DA. 446b8f8a0b7SMark Starovoytov */ 447b8f8a0b7SMark Starovoytov u32 da_mask; 448b8f8a0b7SMark Starovoytov /*! 0: don't care 449b8f8a0b7SMark Starovoytov * 1: enable checking if this is loopback packet or not. 450b8f8a0b7SMark Starovoytov */ 451b8f8a0b7SMark Starovoytov u32 lpbk_mask; 452b8f8a0b7SMark Starovoytov /*! If packet matches and tagged as controlled-packet. This SC/SA 453b8f8a0b7SMark Starovoytov * index is used for later SC and SA table lookup. 454b8f8a0b7SMark Starovoytov */ 455b8f8a0b7SMark Starovoytov u32 sc_idx; 456b8f8a0b7SMark Starovoytov /*! 0: the packets will be sent to MAC FIFO 457b8f8a0b7SMark Starovoytov * 1: The packets will be sent to Debug/Loopback FIFO. 458b8f8a0b7SMark Starovoytov * If the above's action is drop. This bit has no meaning. 459b8f8a0b7SMark Starovoytov */ 460b8f8a0b7SMark Starovoytov u32 proc_dest; 461b8f8a0b7SMark Starovoytov /*! 0: Process: Forward to next two modules for 802.1AE decryption. 462b8f8a0b7SMark Starovoytov * 1: Process but keep SECTAG: Forward to next two modules for 463b8f8a0b7SMark Starovoytov * 802.1AE decryption but keep the MACSEC header with added error 464b8f8a0b7SMark Starovoytov * code information. ICV will be stripped for all control packets. 465b8f8a0b7SMark Starovoytov * 2: Bypass: Bypass the next two decryption modules but processed 466b8f8a0b7SMark Starovoytov * by post-classification. 467b8f8a0b7SMark Starovoytov * 3: Drop: drop this packet and update counts accordingly. 468b8f8a0b7SMark Starovoytov */ 469b8f8a0b7SMark Starovoytov u32 action; 470b8f8a0b7SMark Starovoytov /*! 0: This is a controlled-port packet if matched. 471b8f8a0b7SMark Starovoytov * 1: This is an uncontrolled-port packet if matched. 472b8f8a0b7SMark Starovoytov */ 473b8f8a0b7SMark Starovoytov u32 ctrl_unctrl; 474b8f8a0b7SMark Starovoytov /*! Use the SCI value from the Table if 'SC' bit of the input 475b8f8a0b7SMark Starovoytov * packet is not present. 476b8f8a0b7SMark Starovoytov */ 477b8f8a0b7SMark Starovoytov u32 sci_from_table; 478b8f8a0b7SMark Starovoytov /*! Reserved. */ 479b8f8a0b7SMark Starovoytov u32 reserved; 480b8f8a0b7SMark Starovoytov /*! 0: Not valid entry. This entry is not used 481b8f8a0b7SMark Starovoytov * 1: valid entry. 482b8f8a0b7SMark Starovoytov */ 483b8f8a0b7SMark Starovoytov u32 valid; 484b8f8a0b7SMark Starovoytov }; 485b8f8a0b7SMark Starovoytov 486b8f8a0b7SMark Starovoytov /*! Represents the bitfields of a single row in the Ingress SC Lookup table. */ 487b8f8a0b7SMark Starovoytov struct aq_mss_ingress_sc_record { 488b8f8a0b7SMark Starovoytov /*! This is to specify when the SC was first used. Set by HW. */ 489b8f8a0b7SMark Starovoytov u32 stop_time; 490b8f8a0b7SMark Starovoytov /*! This is to specify when the SC was first used. Set by HW. */ 491b8f8a0b7SMark Starovoytov u32 start_time; 492b8f8a0b7SMark Starovoytov /*! 0: Strict 493b8f8a0b7SMark Starovoytov * 1: Check 494b8f8a0b7SMark Starovoytov * 2: Disabled. 495b8f8a0b7SMark Starovoytov */ 496b8f8a0b7SMark Starovoytov u32 validate_frames; 497b8f8a0b7SMark Starovoytov /*! 1: Replay control enabled. 498b8f8a0b7SMark Starovoytov * 0: replay control disabled. 499b8f8a0b7SMark Starovoytov */ 500b8f8a0b7SMark Starovoytov u32 replay_protect; 501b8f8a0b7SMark Starovoytov /*! This is to specify the window range for anti-replay. Default is 0. 502b8f8a0b7SMark Starovoytov * 0: is strict order enforcement. 503b8f8a0b7SMark Starovoytov */ 504b8f8a0b7SMark Starovoytov u32 anti_replay_window; 505b8f8a0b7SMark Starovoytov /*! 0: when none of the SA related to SC has inUse set. 506b8f8a0b7SMark Starovoytov * 1: when either of the SA related to the SC has inUse set. 507b8f8a0b7SMark Starovoytov * This bit is set by HW. 508b8f8a0b7SMark Starovoytov */ 509b8f8a0b7SMark Starovoytov u32 receiving; 510b8f8a0b7SMark Starovoytov /*! 0: when hardware processed the SC for the first time, it clears 511b8f8a0b7SMark Starovoytov * this bit 512b8f8a0b7SMark Starovoytov * 1: This bit is set by SW, when it sets up the SC. 513b8f8a0b7SMark Starovoytov */ 514b8f8a0b7SMark Starovoytov u32 fresh; 515b8f8a0b7SMark Starovoytov /*! 0: The AN number will not automatically roll over if Next_PN is 516b8f8a0b7SMark Starovoytov * saturated. 517b8f8a0b7SMark Starovoytov * 1: The AN number will automatically roll over if Next_PN is 518b8f8a0b7SMark Starovoytov * saturated. 519b8f8a0b7SMark Starovoytov * Rollover is valid only after expiry. Normal roll over between 520b8f8a0b7SMark Starovoytov * SA's should be normal process. 521b8f8a0b7SMark Starovoytov */ 522b8f8a0b7SMark Starovoytov u32 an_rol; 523b8f8a0b7SMark Starovoytov /*! Reserved. */ 524b8f8a0b7SMark Starovoytov u32 reserved; 525b8f8a0b7SMark Starovoytov /*! 0: Invalid SC 526b8f8a0b7SMark Starovoytov * 1: Valid SC. 527b8f8a0b7SMark Starovoytov */ 528b8f8a0b7SMark Starovoytov u32 valid; 529b8f8a0b7SMark Starovoytov }; 530b8f8a0b7SMark Starovoytov 531b8f8a0b7SMark Starovoytov /*! Represents the bitfields of a single row in the Ingress SA Lookup table. */ 532b8f8a0b7SMark Starovoytov struct aq_mss_ingress_sa_record { 533b8f8a0b7SMark Starovoytov /*! This is to specify when the SC was first used. Set by HW. */ 534b8f8a0b7SMark Starovoytov u32 stop_time; 535b8f8a0b7SMark Starovoytov /*! This is to specify when the SC was first used. Set by HW. */ 536b8f8a0b7SMark Starovoytov u32 start_time; 537b8f8a0b7SMark Starovoytov /*! This is updated by HW to store the expected NextPN number for 538b8f8a0b7SMark Starovoytov * anti-replay. 539b8f8a0b7SMark Starovoytov */ 540b8f8a0b7SMark Starovoytov u32 next_pn; 541b8f8a0b7SMark Starovoytov /*! The Next_PN number is going to wrapped around from 0XFFFF_FFFF 542b8f8a0b7SMark Starovoytov * to 0. set by HW. 543b8f8a0b7SMark Starovoytov */ 544b8f8a0b7SMark Starovoytov u32 sat_nextpn; 545b8f8a0b7SMark Starovoytov /*! 0: This SA is not yet used. 546b8f8a0b7SMark Starovoytov * 1: This SA is inUse. 547b8f8a0b7SMark Starovoytov */ 548b8f8a0b7SMark Starovoytov u32 in_use; 549b8f8a0b7SMark Starovoytov /*! 0: when hardware processed the SC for the first time, it clears 550b8f8a0b7SMark Starovoytov * this timer 551b8f8a0b7SMark Starovoytov * 1: This bit is set by SW, when it sets up the SC. 552b8f8a0b7SMark Starovoytov */ 553b8f8a0b7SMark Starovoytov u32 fresh; 554b8f8a0b7SMark Starovoytov /*! Reserved. */ 555b8f8a0b7SMark Starovoytov u32 reserved; 556b8f8a0b7SMark Starovoytov /*! 0: Invalid SA. 557b8f8a0b7SMark Starovoytov * 1: Valid SA. 558b8f8a0b7SMark Starovoytov */ 559b8f8a0b7SMark Starovoytov u32 valid; 560b8f8a0b7SMark Starovoytov }; 561b8f8a0b7SMark Starovoytov 562b8f8a0b7SMark Starovoytov /*! Represents the bitfields of a single row in the Ingress SA Key 563b8f8a0b7SMark Starovoytov * Lookup table. 564b8f8a0b7SMark Starovoytov */ 565b8f8a0b7SMark Starovoytov struct aq_mss_ingress_sakey_record { 566b8f8a0b7SMark Starovoytov /*! Key for AES-GCM processing. */ 567b8f8a0b7SMark Starovoytov u32 key[8]; 568b8f8a0b7SMark Starovoytov /*! AES key size 569b8f8a0b7SMark Starovoytov * 00 - 128bits 570b8f8a0b7SMark Starovoytov * 01 - 192bits 571b8f8a0b7SMark Starovoytov * 10 - 256bits 572b8f8a0b7SMark Starovoytov * 11 - reserved. 573b8f8a0b7SMark Starovoytov */ 574b8f8a0b7SMark Starovoytov u32 key_len; 575b8f8a0b7SMark Starovoytov }; 576b8f8a0b7SMark Starovoytov 577b8f8a0b7SMark Starovoytov /*! Represents the bitfields of a single row in the Ingress Post- 578b8f8a0b7SMark Starovoytov * MACSec Packet Classifier table. 579b8f8a0b7SMark Starovoytov */ 580b8f8a0b7SMark Starovoytov struct aq_mss_ingress_postclass_record { 581b8f8a0b7SMark Starovoytov /*! The 8 bit value used to compare with extracted value for byte 0. */ 582b8f8a0b7SMark Starovoytov u32 byte0; 583b8f8a0b7SMark Starovoytov /*! The 8 bit value used to compare with extracted value for byte 1. */ 584b8f8a0b7SMark Starovoytov u32 byte1; 585b8f8a0b7SMark Starovoytov /*! The 8 bit value used to compare with extracted value for byte 2. */ 586b8f8a0b7SMark Starovoytov u32 byte2; 587b8f8a0b7SMark Starovoytov /*! The 8 bit value used to compare with extracted value for byte 3. */ 588b8f8a0b7SMark Starovoytov u32 byte3; 589b8f8a0b7SMark Starovoytov /*! Ethertype in the packet. */ 590b8f8a0b7SMark Starovoytov u32 eth_type; 591b8f8a0b7SMark Starovoytov /*! Ether Type value > 1500 (0x5dc). */ 592b8f8a0b7SMark Starovoytov u32 eth_type_valid; 593b8f8a0b7SMark Starovoytov /*! VLAN ID after parsing. */ 594b8f8a0b7SMark Starovoytov u32 vlan_id; 595b8f8a0b7SMark Starovoytov /*! VLAN priority after parsing. */ 596b8f8a0b7SMark Starovoytov u32 vlan_up; 597b8f8a0b7SMark Starovoytov /*! Valid VLAN coding. */ 598b8f8a0b7SMark Starovoytov u32 vlan_valid; 599b8f8a0b7SMark Starovoytov /*! SA index. */ 600b8f8a0b7SMark Starovoytov u32 sai; 601b8f8a0b7SMark Starovoytov /*! SAI hit, i.e. controlled packet. */ 602b8f8a0b7SMark Starovoytov u32 sai_hit; 603b8f8a0b7SMark Starovoytov /*! Mask for payload ethertype field. */ 604b8f8a0b7SMark Starovoytov u32 eth_type_mask; 605b8f8a0b7SMark Starovoytov /*! 0~63: byte location used extracted by packets comparator, which 606b8f8a0b7SMark Starovoytov * can be anything from the first 64 bytes of the MAC packets. 607b8f8a0b7SMark Starovoytov * This byte location counted from MAC' DA address. i.e. set to 0 608b8f8a0b7SMark Starovoytov * will point to byte 0 of DA address. 609b8f8a0b7SMark Starovoytov */ 610b8f8a0b7SMark Starovoytov u32 byte3_location; 611b8f8a0b7SMark Starovoytov /*! Mask for Byte Offset 3. */ 612b8f8a0b7SMark Starovoytov u32 byte3_mask; 613b8f8a0b7SMark Starovoytov /*! 0~63: byte location used extracted by packets comparator, which 614b8f8a0b7SMark Starovoytov * can be anything from the first 64 bytes of the MAC packets. 615b8f8a0b7SMark Starovoytov * This byte location counted from MAC' DA address. i.e. set to 0 616b8f8a0b7SMark Starovoytov * will point to byte 0 of DA address. 617b8f8a0b7SMark Starovoytov */ 618b8f8a0b7SMark Starovoytov u32 byte2_location; 619b8f8a0b7SMark Starovoytov /*! Mask for Byte Offset 2. */ 620b8f8a0b7SMark Starovoytov u32 byte2_mask; 621b8f8a0b7SMark Starovoytov /*! 0~63: byte location used extracted by packets comparator, which 622b8f8a0b7SMark Starovoytov * can be anything from the first 64 bytes of the MAC packets. 623b8f8a0b7SMark Starovoytov * This byte location counted from MAC' DA address. i.e. set to 0 624b8f8a0b7SMark Starovoytov * will point to byte 0 of DA address. 625b8f8a0b7SMark Starovoytov */ 626b8f8a0b7SMark Starovoytov u32 byte1_location; 627b8f8a0b7SMark Starovoytov /*! Mask for Byte Offset 1. */ 628b8f8a0b7SMark Starovoytov u32 byte1_mask; 629b8f8a0b7SMark Starovoytov /*! 0~63: byte location used extracted by packets comparator, which 630b8f8a0b7SMark Starovoytov * can be anything from the first 64 bytes of the MAC packets. 631b8f8a0b7SMark Starovoytov * This byte location counted from MAC' DA address. i.e. set to 0 632b8f8a0b7SMark Starovoytov * will point to byte 0 of DA address. 633b8f8a0b7SMark Starovoytov */ 634b8f8a0b7SMark Starovoytov u32 byte0_location; 635b8f8a0b7SMark Starovoytov /*! Mask for Byte Offset 0. */ 636b8f8a0b7SMark Starovoytov u32 byte0_mask; 637b8f8a0b7SMark Starovoytov /*! Mask for Ethertype valid field. Indicates 802.3 vs. Other. */ 638b8f8a0b7SMark Starovoytov u32 eth_type_valid_mask; 639b8f8a0b7SMark Starovoytov /*! Mask for VLAN ID field. */ 640b8f8a0b7SMark Starovoytov u32 vlan_id_mask; 641b8f8a0b7SMark Starovoytov /*! Mask for VLAN UP field. */ 642b8f8a0b7SMark Starovoytov u32 vlan_up_mask; 643b8f8a0b7SMark Starovoytov /*! Mask for VLAN valid field. */ 644b8f8a0b7SMark Starovoytov u32 vlan_valid_mask; 645b8f8a0b7SMark Starovoytov /*! Mask for SAI. */ 646b8f8a0b7SMark Starovoytov u32 sai_mask; 647b8f8a0b7SMark Starovoytov /*! Mask for SAI_HIT. */ 648b8f8a0b7SMark Starovoytov u32 sai_hit_mask; 649b8f8a0b7SMark Starovoytov /*! Action if only first level matches and second level does not. 650b8f8a0b7SMark Starovoytov * 0: pass 651b8f8a0b7SMark Starovoytov * 1: drop (fail). 652b8f8a0b7SMark Starovoytov */ 653b8f8a0b7SMark Starovoytov u32 firstlevel_actions; 654b8f8a0b7SMark Starovoytov /*! Action if both first and second level matched. 655b8f8a0b7SMark Starovoytov * 0: pass 656b8f8a0b7SMark Starovoytov * 1: drop (fail). 657b8f8a0b7SMark Starovoytov */ 658b8f8a0b7SMark Starovoytov u32 secondlevel_actions; 659b8f8a0b7SMark Starovoytov /*! Reserved. */ 660b8f8a0b7SMark Starovoytov u32 reserved; 661b8f8a0b7SMark Starovoytov /*! 0: Not valid entry. This entry is not used 662b8f8a0b7SMark Starovoytov * 1: valid entry. 663b8f8a0b7SMark Starovoytov */ 664b8f8a0b7SMark Starovoytov u32 valid; 665b8f8a0b7SMark Starovoytov }; 666b8f8a0b7SMark Starovoytov 667b8f8a0b7SMark Starovoytov /*! Represents the bitfields of a single row in the Ingress Post- 668b8f8a0b7SMark Starovoytov * MACSec CTL Filter table. 669b8f8a0b7SMark Starovoytov */ 670b8f8a0b7SMark Starovoytov struct aq_mss_ingress_postctlf_record { 671b8f8a0b7SMark Starovoytov /*! This is used to store the 48 bit value used to compare SA, DA 672b8f8a0b7SMark Starovoytov * or halfDA+half SA value. 673b8f8a0b7SMark Starovoytov */ 674b8f8a0b7SMark Starovoytov u32 sa_da[2]; 675b8f8a0b7SMark Starovoytov /*! This is used to store the 16 bit ethertype value used for 676b8f8a0b7SMark Starovoytov * comparison. 677b8f8a0b7SMark Starovoytov */ 678b8f8a0b7SMark Starovoytov u32 eth_type; 679b8f8a0b7SMark Starovoytov /*! The match mask is per-nibble. 0 means don't care, i.e. every 680b8f8a0b7SMark Starovoytov * value will match successfully. The total data is 64 bit, i.e. 681b8f8a0b7SMark Starovoytov * 16 nibbles masks. 682b8f8a0b7SMark Starovoytov */ 683b8f8a0b7SMark Starovoytov u32 match_mask; 684b8f8a0b7SMark Starovoytov /*! 0: No compare, i.e. This entry is not used 685b8f8a0b7SMark Starovoytov * 1: compare DA only 686b8f8a0b7SMark Starovoytov * 2: compare SA only 687b8f8a0b7SMark Starovoytov * 3: compare half DA + half SA 688b8f8a0b7SMark Starovoytov * 4: compare ether type only 689b8f8a0b7SMark Starovoytov * 5: compare DA + ethertype 690b8f8a0b7SMark Starovoytov * 6: compare SA + ethertype 691b8f8a0b7SMark Starovoytov * 7: compare DA+ range. 692b8f8a0b7SMark Starovoytov */ 693b8f8a0b7SMark Starovoytov u32 match_type; 694b8f8a0b7SMark Starovoytov /*! 0: Bypass the remaining modules if matched. 695b8f8a0b7SMark Starovoytov * 1: Forward to next module for more classifications. 696b8f8a0b7SMark Starovoytov */ 697b8f8a0b7SMark Starovoytov u32 action; 698b8f8a0b7SMark Starovoytov }; 699b8f8a0b7SMark Starovoytov 700aaa36515SDmitry Bogdanov /*! Represents the Egress MIB counters for a single SC. Counters are 701aaa36515SDmitry Bogdanov * 64 bits, lower 32 bits in field[0]. 702aaa36515SDmitry Bogdanov */ 703aaa36515SDmitry Bogdanov struct aq_mss_egress_sc_counters { 704aaa36515SDmitry Bogdanov /*! The number of integrity protected but not encrypted packets 705aaa36515SDmitry Bogdanov * for this transmitting SC. 706aaa36515SDmitry Bogdanov */ 707aaa36515SDmitry Bogdanov u32 sc_protected_pkts[2]; 708aaa36515SDmitry Bogdanov /*! The number of integrity protected and encrypted packets for 709aaa36515SDmitry Bogdanov * this transmitting SC. 710aaa36515SDmitry Bogdanov */ 711aaa36515SDmitry Bogdanov u32 sc_encrypted_pkts[2]; 712aaa36515SDmitry Bogdanov /*! The number of plain text octets that are integrity protected 713aaa36515SDmitry Bogdanov * but not encrypted on the transmitting SC. 714aaa36515SDmitry Bogdanov */ 715aaa36515SDmitry Bogdanov u32 sc_protected_octets[2]; 716aaa36515SDmitry Bogdanov /*! The number of plain text octets that are integrity protected 717aaa36515SDmitry Bogdanov * and encrypted on the transmitting SC. 718aaa36515SDmitry Bogdanov */ 719aaa36515SDmitry Bogdanov u32 sc_encrypted_octets[2]; 720aaa36515SDmitry Bogdanov }; 721aaa36515SDmitry Bogdanov 722aaa36515SDmitry Bogdanov /*! Represents the Egress MIB counters for a single SA. Counters are 723aaa36515SDmitry Bogdanov * 64 bits, lower 32 bits in field[0]. 724aaa36515SDmitry Bogdanov */ 725aaa36515SDmitry Bogdanov struct aq_mss_egress_sa_counters { 726aaa36515SDmitry Bogdanov /*! The number of dropped packets for this transmitting SA. */ 727aaa36515SDmitry Bogdanov u32 sa_hit_drop_redirect[2]; 728aaa36515SDmitry Bogdanov /*! TODO */ 729aaa36515SDmitry Bogdanov u32 sa_protected2_pkts[2]; 730aaa36515SDmitry Bogdanov /*! The number of integrity protected but not encrypted packets 731aaa36515SDmitry Bogdanov * for this transmitting SA. 732aaa36515SDmitry Bogdanov */ 733aaa36515SDmitry Bogdanov u32 sa_protected_pkts[2]; 734aaa36515SDmitry Bogdanov /*! The number of integrity protected and encrypted packets for 735aaa36515SDmitry Bogdanov * this transmitting SA. 736aaa36515SDmitry Bogdanov */ 737aaa36515SDmitry Bogdanov u32 sa_encrypted_pkts[2]; 738aaa36515SDmitry Bogdanov }; 739aaa36515SDmitry Bogdanov 740aaa36515SDmitry Bogdanov /*! Represents the common Egress MIB counters; the counter not 741aaa36515SDmitry Bogdanov * associated with a particular SC/SA. Counters are 64 bits, lower 32 742aaa36515SDmitry Bogdanov * bits in field[0]. 743aaa36515SDmitry Bogdanov */ 744aaa36515SDmitry Bogdanov struct aq_mss_egress_common_counters { 745aaa36515SDmitry Bogdanov /*! The number of transmitted packets classified as MAC_CTL packets. */ 746aaa36515SDmitry Bogdanov u32 ctl_pkt[2]; 747aaa36515SDmitry Bogdanov /*! The number of transmitted packets that did not match any rows 748aaa36515SDmitry Bogdanov * in the Egress Packet Classifier table. 749aaa36515SDmitry Bogdanov */ 750aaa36515SDmitry Bogdanov u32 unknown_sa_pkts[2]; 751aaa36515SDmitry Bogdanov /*! The number of transmitted packets where the SC table entry has 752aaa36515SDmitry Bogdanov * protect=0 (so packets are forwarded unchanged). 753aaa36515SDmitry Bogdanov */ 754aaa36515SDmitry Bogdanov u32 untagged_pkts[2]; 755aaa36515SDmitry Bogdanov /*! The number of transmitted packets discarded because the packet 756aaa36515SDmitry Bogdanov * length is greater than the ifMtu of the Common Port interface. 757aaa36515SDmitry Bogdanov */ 758aaa36515SDmitry Bogdanov u32 too_long[2]; 759aaa36515SDmitry Bogdanov /*! The number of transmitted packets for which table memory was 760aaa36515SDmitry Bogdanov * affected by an ECC error during processing. 761aaa36515SDmitry Bogdanov */ 762aaa36515SDmitry Bogdanov u32 ecc_error_pkts[2]; 763aaa36515SDmitry Bogdanov /*! The number of transmitted packets for where the matched row in 764aaa36515SDmitry Bogdanov * the Egress Packet Classifier table has action=drop. 765aaa36515SDmitry Bogdanov */ 766aaa36515SDmitry Bogdanov u32 unctrl_hit_drop_redir[2]; 767aaa36515SDmitry Bogdanov }; 768aaa36515SDmitry Bogdanov 769aaa36515SDmitry Bogdanov /*! Represents the Ingress MIB counters for a single SA. Counters are 770aaa36515SDmitry Bogdanov * 64 bits, lower 32 bits in field[0]. 771aaa36515SDmitry Bogdanov */ 772aaa36515SDmitry Bogdanov struct aq_mss_ingress_sa_counters { 773aaa36515SDmitry Bogdanov /*! For this SA, the number of received packets without a SecTAG. */ 774aaa36515SDmitry Bogdanov u32 untagged_hit_pkts[2]; 775aaa36515SDmitry Bogdanov /*! For this SA, the number of received packets that were dropped. */ 776aaa36515SDmitry Bogdanov u32 ctrl_hit_drop_redir_pkts[2]; 777aaa36515SDmitry Bogdanov /*! For this SA which is not currently in use, the number of 778aaa36515SDmitry Bogdanov * received packets that have been discarded, and have either the 779aaa36515SDmitry Bogdanov * packets encrypted or the matched row in the Ingress SC Lookup 780aaa36515SDmitry Bogdanov * table has validate_frames=Strict. 781aaa36515SDmitry Bogdanov */ 782aaa36515SDmitry Bogdanov u32 not_using_sa[2]; 783aaa36515SDmitry Bogdanov /*! For this SA which is not currently in use, the number of 784aaa36515SDmitry Bogdanov * received, unencrypted, packets with the matched row in the 785aaa36515SDmitry Bogdanov * Ingress SC Lookup table has validate_frames!=Strict. 786aaa36515SDmitry Bogdanov */ 787aaa36515SDmitry Bogdanov u32 unused_sa[2]; 788aaa36515SDmitry Bogdanov /*! For this SA, the number discarded packets with the condition 789aaa36515SDmitry Bogdanov * that the packets are not valid and one of the following 790aaa36515SDmitry Bogdanov * conditions are true: either the matched row in the Ingress SC 791aaa36515SDmitry Bogdanov * Lookup table has validate_frames=Strict or the packets 792aaa36515SDmitry Bogdanov * encrypted. 793aaa36515SDmitry Bogdanov */ 794aaa36515SDmitry Bogdanov u32 not_valid_pkts[2]; 795aaa36515SDmitry Bogdanov /*! For this SA, the number of packets with the condition that the 796aaa36515SDmitry Bogdanov * packets are not valid and the matched row in the Ingress SC 797aaa36515SDmitry Bogdanov * Lookup table has validate_frames=Check. 798aaa36515SDmitry Bogdanov */ 799aaa36515SDmitry Bogdanov u32 invalid_pkts[2]; 800aaa36515SDmitry Bogdanov /*! For this SA, the number of validated packets. */ 801aaa36515SDmitry Bogdanov u32 ok_pkts[2]; 802aaa36515SDmitry Bogdanov /*! For this SC, the number of received packets that have been 803aaa36515SDmitry Bogdanov * discarded with the condition: the matched row in the Ingress 804aaa36515SDmitry Bogdanov * SC Lookup table has replay_protect=1 and the PN of the packet 805aaa36515SDmitry Bogdanov * is lower than the lower bound replay check PN. 806aaa36515SDmitry Bogdanov */ 807aaa36515SDmitry Bogdanov u32 late_pkts[2]; 808aaa36515SDmitry Bogdanov /*! For this SA, the number of packets with the condition that the 809aaa36515SDmitry Bogdanov * PN of the packets is lower than the lower bound replay 810aaa36515SDmitry Bogdanov * protection PN. 811aaa36515SDmitry Bogdanov */ 812aaa36515SDmitry Bogdanov u32 delayed_pkts[2]; 813aaa36515SDmitry Bogdanov /*! For this SC, the number of packets with the following condition: 814aaa36515SDmitry Bogdanov * - the matched row in the Ingress SC Lookup table has 815aaa36515SDmitry Bogdanov * replay_protect=0 or 816aaa36515SDmitry Bogdanov * - the matched row in the Ingress SC Lookup table has 817aaa36515SDmitry Bogdanov * replay_protect=1 and the packet is not encrypted and the 818aaa36515SDmitry Bogdanov * integrity check has failed or 819aaa36515SDmitry Bogdanov * - the matched row in the Ingress SC Lookup table has 820aaa36515SDmitry Bogdanov * replay_protect=1 and the packet is encrypted and integrity 821aaa36515SDmitry Bogdanov * check has failed. 822aaa36515SDmitry Bogdanov */ 823aaa36515SDmitry Bogdanov u32 unchecked_pkts[2]; 824aaa36515SDmitry Bogdanov /*! The number of octets of plaintext recovered from received 825aaa36515SDmitry Bogdanov * packets that were integrity protected but not encrypted. 826aaa36515SDmitry Bogdanov */ 827aaa36515SDmitry Bogdanov u32 validated_octets[2]; 828aaa36515SDmitry Bogdanov /*! The number of octets of plaintext recovered from received 829aaa36515SDmitry Bogdanov * packets that were integrity protected and encrypted. 830aaa36515SDmitry Bogdanov */ 831aaa36515SDmitry Bogdanov u32 decrypted_octets[2]; 832aaa36515SDmitry Bogdanov }; 833aaa36515SDmitry Bogdanov 834aaa36515SDmitry Bogdanov /*! Represents the common Ingress MIB counters; the counter not 835aaa36515SDmitry Bogdanov * associated with a particular SA. Counters are 64 bits, lower 32 836aaa36515SDmitry Bogdanov * bits in field[0]. 837aaa36515SDmitry Bogdanov */ 838aaa36515SDmitry Bogdanov struct aq_mss_ingress_common_counters { 839aaa36515SDmitry Bogdanov /*! The number of received packets classified as MAC_CTL packets. */ 840aaa36515SDmitry Bogdanov u32 ctl_pkts[2]; 841aaa36515SDmitry Bogdanov /*! The number of received packets with the MAC security tag 842aaa36515SDmitry Bogdanov * (SecTAG), not matching any rows in the Ingress Pre-MACSec 843aaa36515SDmitry Bogdanov * Packet Classifier table. 844aaa36515SDmitry Bogdanov */ 845aaa36515SDmitry Bogdanov u32 tagged_miss_pkts[2]; 846aaa36515SDmitry Bogdanov /*! The number of received packets without the MAC security tag 847aaa36515SDmitry Bogdanov * (SecTAG), not matching any rows in the Ingress Pre-MACSec 848aaa36515SDmitry Bogdanov * Packet Classifier table. 849aaa36515SDmitry Bogdanov */ 850aaa36515SDmitry Bogdanov u32 untagged_miss_pkts[2]; 851aaa36515SDmitry Bogdanov /*! The number of received packets discarded without the MAC 852aaa36515SDmitry Bogdanov * security tag (SecTAG) and with the matched row in the Ingress 853aaa36515SDmitry Bogdanov * SC Lookup table having validate_frames=Strict. 854aaa36515SDmitry Bogdanov */ 855aaa36515SDmitry Bogdanov u32 notag_pkts[2]; 856aaa36515SDmitry Bogdanov /*! The number of received packets without the MAC security tag 857aaa36515SDmitry Bogdanov * (SecTAG) and with the matched row in the Ingress SC Lookup 858aaa36515SDmitry Bogdanov * table having validate_frames!=Strict. 859aaa36515SDmitry Bogdanov */ 860aaa36515SDmitry Bogdanov u32 untagged_pkts[2]; 861aaa36515SDmitry Bogdanov /*! The number of received packets discarded with an invalid 862aaa36515SDmitry Bogdanov * SecTAG or a zero value PN or an invalid ICV. 863aaa36515SDmitry Bogdanov */ 864aaa36515SDmitry Bogdanov u32 bad_tag_pkts[2]; 865aaa36515SDmitry Bogdanov /*! The number of received packets discarded with unknown SCI 866aaa36515SDmitry Bogdanov * information with the condition: 867aaa36515SDmitry Bogdanov * the matched row in the Ingress SC Lookup table has 868aaa36515SDmitry Bogdanov * validate_frames=Strict or the C bit in the SecTAG is set. 869aaa36515SDmitry Bogdanov */ 870aaa36515SDmitry Bogdanov u32 no_sci_pkts[2]; 871aaa36515SDmitry Bogdanov /*! The number of received packets with unknown SCI with the condition: 872aaa36515SDmitry Bogdanov * The matched row in the Ingress SC Lookup table has 873aaa36515SDmitry Bogdanov * validate_frames!=Strict and the C bit in the SecTAG is not set. 874aaa36515SDmitry Bogdanov */ 875aaa36515SDmitry Bogdanov u32 unknown_sci_pkts[2]; 876aaa36515SDmitry Bogdanov /*! The number of received packets by the controlled port service 877aaa36515SDmitry Bogdanov * that passed the Ingress Post-MACSec Packet Classifier table 878aaa36515SDmitry Bogdanov * check. 879aaa36515SDmitry Bogdanov */ 880aaa36515SDmitry Bogdanov u32 ctrl_prt_pass_pkts[2]; 881aaa36515SDmitry Bogdanov /*! The number of received packets by the uncontrolled port 882aaa36515SDmitry Bogdanov * service that passed the Ingress Post-MACSec Packet Classifier 883aaa36515SDmitry Bogdanov * table check. 884aaa36515SDmitry Bogdanov */ 885aaa36515SDmitry Bogdanov u32 unctrl_prt_pass_pkts[2]; 886aaa36515SDmitry Bogdanov /*! The number of received packets by the controlled port service 887aaa36515SDmitry Bogdanov * that failed the Ingress Post-MACSec Packet Classifier table 888aaa36515SDmitry Bogdanov * check. 889aaa36515SDmitry Bogdanov */ 890aaa36515SDmitry Bogdanov u32 ctrl_prt_fail_pkts[2]; 891aaa36515SDmitry Bogdanov /*! The number of received packets by the uncontrolled port 892aaa36515SDmitry Bogdanov * service that failed the Ingress Post-MACSec Packet Classifier 893aaa36515SDmitry Bogdanov * table check. 894aaa36515SDmitry Bogdanov */ 895aaa36515SDmitry Bogdanov u32 unctrl_prt_fail_pkts[2]; 896aaa36515SDmitry Bogdanov /*! The number of received packets discarded because the packet 897aaa36515SDmitry Bogdanov * length is greater than the ifMtu of the Common Port interface. 898aaa36515SDmitry Bogdanov */ 899aaa36515SDmitry Bogdanov u32 too_long_pkts[2]; 900aaa36515SDmitry Bogdanov /*! The number of received packets classified as MAC_CTL by the 901aaa36515SDmitry Bogdanov * Ingress Post-MACSec CTL Filter table. 902aaa36515SDmitry Bogdanov */ 903aaa36515SDmitry Bogdanov u32 igpoc_ctl_pkts[2]; 904aaa36515SDmitry Bogdanov /*! The number of received packets for which table memory was 905aaa36515SDmitry Bogdanov * affected by an ECC error during processing. 906aaa36515SDmitry Bogdanov */ 907aaa36515SDmitry Bogdanov u32 ecc_error_pkts[2]; 908aaa36515SDmitry Bogdanov /*! The number of received packets by the uncontrolled port 909aaa36515SDmitry Bogdanov * service that were dropped. 910aaa36515SDmitry Bogdanov */ 911aaa36515SDmitry Bogdanov u32 unctrl_hit_drop_redir[2]; 912aaa36515SDmitry Bogdanov }; 913aaa36515SDmitry Bogdanov 9149d106c6dSDmitry Bogdanov #endif 915