1
0
uboot-1.1.4-kirkwood/board/mv_feroceon/mv_hal/eth/nfp/mvNfpSec.h

185 lines
6.5 KiB
C
Raw Normal View History

2024-01-09 13:43:28 +01:00
/*******************************************************************************
Copyright (C) Marvell International Ltd. and its affiliates
This software file (the "File") is owned and distributed by Marvell
International Ltd. and/or its affiliates ("Marvell") under the following
alternative licensing terms. Once you have made an election to distribute the
File under one of the following license alternatives, please (i) delete this
introductory statement regarding license alternatives, (ii) delete the two
license alternatives that you have not elected to use and (iii) preserve the
Marvell copyright notice above.
********************************************************************************
Marvell Commercial License Option
If you received this File from Marvell and you have entered into a commercial
license agreement (a "Commercial License") with Marvell, the File is licensed
to you under the terms of the applicable Commercial License.
********************************************************************************
Marvell GPL License Option
If you received this File from Marvell, you may opt to use, redistribute and/or
modify this File in accordance with the terms and conditions of the General
Public License Version 2, June 1991 (the "GPL License"), a copy of which is
available along with the File in the license.txt file or by writing to the Free
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 or
on the worldwide web at http://www.gnu.org/licenses/gpl.txt.
THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE ARE EXPRESSLY
DISCLAIMED. The GPL License provides additional details about this warranty
disclaimer.
********************************************************************************
Marvell BSD License Option
If you received this File from Marvell, you may opt to use, redistribute and/or
modify this File under the following licensing terms.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of Marvell nor the names of its contributors may be
used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*******************************************************************************/
/*******************************************************************************
* mvNfpSec.h - Header File for Marvell NFP IPSec (Routing only)
*
* DESCRIPTION:
* This header file contains macros, typedefs and function declarations
* specific to the Marvell Network Fast Processing with IPSec(Routing only).
*
* DEPENDENCIES:
* None.
*
*******************************************************************************/
#ifndef __mvNfpSec_h__
#define __mvNfpSec_h__
#ifdef CONFIG_MV_ETH_NFP_SEC
#include "mvCommon.h"
#include "cesa/mvCesa.h"
/* IPSec defines */
#define MV_NFP_SEC_MAX_PACKET 1540
#define MV_NFP_SEC_ENC_BLOCK_SIZE 16
#define MV_NFP_SEC_ESP_OFFSET 34
/* IPSec Enumerators */
typedef enum {
MV_NFP_SEC_TUNNEL = 0,
MV_NFP_SEC_TRANSPORT,
} MV_NFP_SEC_PROT;
typedef enum {
MV_NFP_SEC_ESP = 0,
MV_NFP_SEC_AH,
} MV_NFP_SEC_ENCAP;
typedef enum {
MV_NFP_SEC_RULE_DB_IN = 0,
MV_NFP_SEC_RULE_DB_OUT,
} MV_NFP_SEC_RULE_DB_DIR;
typedef enum {
MV_NFP_SEC_DROP = 0,
MV_NFP_SEC_FWD,
MV_NFP_SEC_SECURE
} MV_NFP_SEC_ACTION;
typedef enum {
MV_NFP_SEC_ENCRYPT = 0,
MV_NFP_SEC_DECRYPT,
} MV_NFP_SEC_OP;
/* IPSec Structures */
typedef struct _mv_nfp_sec_tunnel_hdr {
MV_U32 sIp; // BE
MV_U32 dIp; //BE
/* dstMac should be 2 byte aligned */
MV_U8 dstMac[MV_MAC_ADDR_SIZE]; //BE
MV_U8 srcMac[MV_MAC_ADDR_SIZE]; //BE
MV_U8 outIfIndex;
} MV_NFP_SEC_TUNNEL_HDR;
typedef struct _mv_nfp_sec_sa_entry {
MV_U32 spi; //BE
MV_NFP_SEC_PROT tunProt;
MV_NFP_SEC_ENCAP encap;
MV_U16 sid;
MV_U32 seqNum; //LE
MV_NFP_SEC_TUNNEL_HDR tunnelHdr;
MV_U32 lifeTime;
MV_U8 ivSize;
MV_U8 cipherBlockSize;
MV_U8 digestSize;
MV_NFP_SEC_OP secOp;
} MV_NFP_SEC_SA_ENTRY;
typedef struct _mv_nfp_sec_spd_rule {
MV_U32 sIp; //BE
MV_U32 dIp; //BE
MV_U8 proto;
MV_U16 dstPort; //BE
MV_U16 srcPort; //BE
MV_NFP_SEC_ACTION actionType;
MV_NFP_SEC_SA_ENTRY* pSAEntry;
} MV_NFP_SEC_SPD_RULE;
typedef struct _mv_nfp_sec_cesa_priv {
MV_NFP_SEC_SA_ENTRY *pSaEntry;
MV_PKT_INFO *pPktInfo;
MV_U8 orgDigest[MV_CESA_MAX_DIGEST_SIZE];
MV_CESA_COMMAND *pCesaCmd;
} MV_NFP_SEC_CESA_PRIV;
MV_NFP_SEC_SPD_RULE* mvNfpSecSPDRuleFind(MV_U32 dstIp, MV_U32 srcIp,
MV_U8 proto, MV_U16 dport, MV_U16 sport, MV_NFP_SEC_RULE_DB_DIR inOut);
MV_STATUS mvNfpSecOutCheck(MV_PKT_INFO *pPktInfo);
MV_STATUS mvNfpSecOutgoing(MV_PKT_INFO *pPktInfo, MV_NFP_SEC_SA_ENTRY* pSAEntry);
MV_STATUS mvNfpSecEspProcess(MV_PKT_INFO *pPktInfo, MV_NFP_SEC_SA_ENTRY* pSAEntry);
MV_NFP_SEC_SA_ENTRY* mvNfpSecSARuleFind(MV_U32 spiPkt);
MV_STATUS mvNfpSecIncoming(MV_PKT_INFO *pPktInfo, MV_NFP_SEC_SA_ENTRY* pSAEntry);
MV_NFP_SEC_SPD_RULE* mvNfpSecSPDRuleSet(MV_NFP_SEC_SPD_RULE* pSpdRule, MV_NFP_SEC_RULE_DB_DIR inOut);
MV_NFP_SEC_SA_ENTRY* mvNfpSecSAEntrySet(MV_NFP_SEC_SA_ENTRY* pSAEntry, MV_NFP_SEC_RULE_DB_DIR inOut);
MV_STATUS mvNfpSecInit(MV_U32 dbSize); // global init
MV_VOID mvNfpSecDbPrint(MV_VOID);
#endif /* CONFIG_MV_ETH_NFP_SEC */
#endif /* __mvNfpSec_h__ */