2 * Copyright (C) 2013 Realtek Semiconductor Corp.
5 * Unless you and Realtek execute a separate written software license
6 * agreement governing use of this software, this software is licensed
7 * to you under the terms of the GNU General Public License version 2,
8 * available at https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
11 * $Date: 2017-02-13 14:54:53 +0800 (週一, 13 二月 2017) $
13 * Purpose : RTK switch high-level API for RTL8367/RTL8367C
14 * Feature : Here is a list of all functions and variables in 1X module.
18 #include <rtk_switch.h>
19 #include <rtk_error.h>
23 #include <rtl8367c_asicdrv.h>
24 #include <rtl8367c_asicdrv_dot1x.h>
25 #include <rtl8367c_asicdrv_rma.h>
26 #include <rtl8367c_asicdrv_lut.h>
27 #include <rtl8367c_asicdrv_vlan.h>
30 * rtk_dot1x_unauthPacketOper_set
32 * Set 802.1x unauth action configuration.
35 * unauth_action - 802.1X unauth action.
40 * RT_ERR_FAILED - Failed
41 * RT_ERR_SMI - SMI access error
42 * RT_ERR_PORT_ID - Invalid port number.
43 * RT_ERR_INPUT - Invalid input parameter.
45 * This API can set 802.1x unauth action configuration.
46 * The unauth action is as following:
48 * - DOT1X_ACTION_TRAP2CPU
49 * - DOT1X_ACTION_GUESTVLAN
51 rtk_api_ret_t
rtk_dot1x_unauthPacketOper_set(rtk_port_t port
, rtk_dot1x_unauth_action_t unauth_action
)
55 /* Check initialization state */
58 /* Check port Valid */
59 RTK_CHK_PORT_VALID(port
);
61 if (unauth_action
>= DOT1X_ACTION_END
)
62 return RT_ERR_DOT1X_PROC
;
64 if ((retVal
= rtl8367c_setAsic1xProcConfig(rtk_switch_port_L2P_get(port
), unauth_action
)) != RT_ERR_OK
)
71 * rtk_dot1x_unauthPacketOper_get
73 * Get 802.1x unauth action configuration.
77 * pUnauth_action - 802.1X unauth action.
80 * RT_ERR_FAILED - Failed
81 * RT_ERR_SMI - SMI access error
82 * RT_ERR_INPUT - Invalid input parameters.
83 * RT_ERR_PORT_ID - Invalid port number.
85 * This API can get 802.1x unauth action configuration.
86 * The unauth action is as following:
88 * - DOT1X_ACTION_TRAP2CPU
89 * - DOT1X_ACTION_GUESTVLAN
91 rtk_api_ret_t
rtk_dot1x_unauthPacketOper_get(rtk_port_t port
, rtk_dot1x_unauth_action_t
*pUnauth_action
)
95 /* Check initialization state */
98 /* Check port Valid */
99 RTK_CHK_PORT_VALID(port
);
101 if(NULL
== pUnauth_action
)
102 return RT_ERR_NULL_POINTER
;
104 if ((retVal
= rtl8367c_getAsic1xProcConfig(rtk_switch_port_L2P_get(port
), pUnauth_action
)) != RT_ERR_OK
)
111 * rtk_dot1x_eapolFrame2CpuEnable_set
113 * Set 802.1x EAPOL packet trap to CPU configuration
115 * enable - The status of 802.1x EAPOL packet.
120 * RT_ERR_FAILED - Failed
121 * RT_ERR_SMI - SMI access error
122 * RT_ERR_ENABLE - Invalid enable input.
124 * To support 802.1x authentication functionality, EAPOL frame (ether type = 0x888E) has to
126 * The status of EAPOL frame trap to CPU is as following:
130 rtk_api_ret_t
rtk_dot1x_eapolFrame2CpuEnable_set(rtk_enable_t enable
)
132 rtk_api_ret_t retVal
;
133 rtl8367c_rma_t rmacfg
;
135 /* Check initialization state */
136 RTK_CHK_INIT_STATE();
138 if (enable
>= RTK_ENABLE_END
)
139 return RT_ERR_ENABLE
;
141 if ((retVal
= rtl8367c_getAsicRma(3, &rmacfg
)) != RT_ERR_OK
)
144 if (ENABLED
== enable
)
145 rmacfg
.operation
= RMAOP_TRAP_TO_CPU
;
146 else if (DISABLED
== enable
)
147 rmacfg
.operation
= RMAOP_FORWARD
;
149 if ((retVal
= rtl8367c_setAsicRma(3, &rmacfg
)) != RT_ERR_OK
)
156 * rtk_dot1x_eapolFrame2CpuEnable_get
158 * Get 802.1x EAPOL packet trap to CPU configuration
162 * pEnable - The status of 802.1x EAPOL packet.
165 * RT_ERR_FAILED - Failed
166 * RT_ERR_SMI - SMI access error
167 * RT_ERR_INPUT - Invalid input parameters.
169 * To support 802.1x authentication functionality, EAPOL frame (ether type = 0x888E) has to
171 * The status of EAPOL frame trap to CPU is as following:
175 rtk_api_ret_t
rtk_dot1x_eapolFrame2CpuEnable_get(rtk_enable_t
*pEnable
)
177 rtk_api_ret_t retVal
;
178 rtl8367c_rma_t rmacfg
;
180 /* Check initialization state */
181 RTK_CHK_INIT_STATE();
184 return RT_ERR_NULL_POINTER
;
186 if ((retVal
= rtl8367c_getAsicRma(3, &rmacfg
)) != RT_ERR_OK
)
189 if (RMAOP_TRAP_TO_CPU
== rmacfg
.operation
)
198 * rtk_dot1x_portBasedEnable_set
200 * Set 802.1x port-based enable configuration
203 * enable - The status of 802.1x port.
208 * RT_ERR_FAILED - Failed
209 * RT_ERR_SMI - SMI access error
210 * RT_ERR_PORT_ID - Invalid port number.
211 * RT_ERR_ENABLE - Invalid enable input.
212 * RT_ERR_DOT1X_PORTBASEDPNEN - 802.1X port-based enable error
214 * The API can update the port-based port enable register content. If a port is 802.1x
215 * port based network access control "enabled", it should be authenticated so packets
216 * from that port won't be dropped or trapped to CPU.
217 * The status of 802.1x port-based network access control is as following:
221 rtk_api_ret_t
rtk_dot1x_portBasedEnable_set(rtk_port_t port
, rtk_enable_t enable
)
223 rtk_api_ret_t retVal
;
225 /* Check initialization state */
226 RTK_CHK_INIT_STATE();
228 /* Check port Valid */
229 RTK_CHK_PORT_VALID(port
);
231 if (enable
>= RTK_ENABLE_END
)
232 return RT_ERR_ENABLE
;
234 if ((retVal
= rtl8367c_setAsic1xPBEnConfig(rtk_switch_port_L2P_get(port
),enable
)) != RT_ERR_OK
)
241 * rtk_dot1x_portBasedEnable_get
243 * Get 802.1x port-based enable configuration
247 * pEnable - The status of 802.1x port.
250 * RT_ERR_FAILED - Failed
251 * RT_ERR_SMI - SMI access error
252 * RT_ERR_INPUT - Invalid input parameters.
253 * RT_ERR_PORT_ID - Invalid port number.
255 * The API can get the 802.1x port-based port status.
257 rtk_api_ret_t
rtk_dot1x_portBasedEnable_get(rtk_port_t port
, rtk_enable_t
*pEnable
)
259 rtk_api_ret_t retVal
;
261 /* Check initialization state */
262 RTK_CHK_INIT_STATE();
264 /* Check port Valid */
265 RTK_CHK_PORT_VALID(port
);
268 return RT_ERR_NULL_POINTER
;
270 if ((retVal
= rtl8367c_getAsic1xPBEnConfig(rtk_switch_port_L2P_get(port
), pEnable
)) != RT_ERR_OK
)
277 * rtk_dot1x_portBasedAuthStatus_set
279 * Set 802.1x port-based auth. port configuration
282 * port_auth - The status of 802.1x port.
287 * RT_ERR_FAILED - Failed
288 * RT_ERR_SMI - SMI access error
289 * RT_ERR_PORT_ID - Invalid port number.
290 * RT_ERR_DOT1X_PORTBASEDAUTH - 802.1X port-based auth error
292 * The authenticated status of 802.1x port-based network access control is as following:
296 rtk_api_ret_t
rtk_dot1x_portBasedAuthStatus_set(rtk_port_t port
, rtk_dot1x_auth_status_t port_auth
)
298 rtk_api_ret_t retVal
;
300 /* Check initialization state */
301 RTK_CHK_INIT_STATE();
303 /* Check port Valid */
304 RTK_CHK_PORT_VALID(port
);
306 if (port_auth
>= AUTH_STATUS_END
)
307 return RT_ERR_DOT1X_PORTBASEDAUTH
;
309 if ((retVal
= rtl8367c_setAsic1xPBAuthConfig(rtk_switch_port_L2P_get(port
), port_auth
)) != RT_ERR_OK
)
317 * rtk_dot1x_portBasedAuthStatus_get
319 * Get 802.1x port-based auth. port configuration
323 * pPort_auth - The status of 802.1x port.
326 * RT_ERR_FAILED - Failed
327 * RT_ERR_SMI - SMI access error
328 * RT_ERR_INPUT - Invalid input parameters.
329 * RT_ERR_PORT_ID - Invalid port number.
331 * The API can get 802.1x port-based port auth.information.
333 rtk_api_ret_t
rtk_dot1x_portBasedAuthStatus_get(rtk_port_t port
, rtk_dot1x_auth_status_t
*pPort_auth
)
335 rtk_api_ret_t retVal
;
337 /* Check initialization state */
338 RTK_CHK_INIT_STATE();
340 if(NULL
== pPort_auth
)
341 return RT_ERR_NULL_POINTER
;
343 /* Check port Valid */
344 RTK_CHK_PORT_VALID(port
);
346 if ((retVal
= rtl8367c_getAsic1xPBAuthConfig(rtk_switch_port_L2P_get(port
), pPort_auth
)) != RT_ERR_OK
)
352 * rtk_dot1x_portBasedDirection_set
354 * Set 802.1x port-based operational direction configuration
357 * port_direction - Operation direction
362 * RT_ERR_FAILED - Failed
363 * RT_ERR_SMI - SMI access error
364 * RT_ERR_PORT_ID - Invalid port number.
365 * RT_ERR_DOT1X_PORTBASEDOPDIR - 802.1X port-based operation direction error
367 * The operate controlled direction of 802.1x port-based network access control is as following:
371 rtk_api_ret_t
rtk_dot1x_portBasedDirection_set(rtk_port_t port
, rtk_dot1x_direction_t port_direction
)
373 rtk_api_ret_t retVal
;
375 /* Check initialization state */
376 RTK_CHK_INIT_STATE();
378 /* Check port Valid */
379 RTK_CHK_PORT_VALID(port
);
381 if (port_direction
>= DIRECTION_END
)
382 return RT_ERR_DOT1X_PORTBASEDOPDIR
;
384 if ((retVal
= rtl8367c_setAsic1xPBOpdirConfig(rtk_switch_port_L2P_get(port
), port_direction
)) != RT_ERR_OK
)
391 * rtk_dot1x_portBasedDirection_get
393 * Get 802.1X port-based operational direction configuration
397 * pPort_direction - Operation direction
400 * RT_ERR_FAILED - Failed
401 * RT_ERR_SMI - SMI access error
402 * RT_ERR_INPUT - Invalid input parameters.
403 * RT_ERR_PORT_ID - Invalid port number.
405 * The API can get 802.1x port-based operational direction information.
407 rtk_api_ret_t
rtk_dot1x_portBasedDirection_get(rtk_port_t port
, rtk_dot1x_direction_t
*pPort_direction
)
409 rtk_api_ret_t retVal
;
411 /* Check initialization state */
412 RTK_CHK_INIT_STATE();
414 if(NULL
== pPort_direction
)
415 return RT_ERR_NULL_POINTER
;
417 /* Check port Valid */
418 RTK_CHK_PORT_VALID(port
);
420 if ((retVal
= rtl8367c_getAsic1xPBOpdirConfig(rtk_switch_port_L2P_get(port
), pPort_direction
)) != RT_ERR_OK
)
427 * rtk_dot1x_macBasedEnable_set
429 * Set 802.1x mac-based port enable configuration
432 * enable - The status of 802.1x port.
437 * RT_ERR_FAILED - Failed
438 * RT_ERR_SMI - SMI access error
439 * RT_ERR_PORT_ID - Invalid port number.
440 * RT_ERR_ENABLE - Invalid enable input.
441 * RT_ERR_DOT1X_MACBASEDPNEN - 802.1X mac-based enable error
443 * If a port is 802.1x MAC based network access control "enabled", the incoming packets should
444 * be authenticated so packets from that port won't be dropped or trapped to CPU.
445 * The status of 802.1x MAC-based network access control is as following:
449 rtk_api_ret_t
rtk_dot1x_macBasedEnable_set(rtk_port_t port
, rtk_enable_t enable
)
451 rtk_api_ret_t retVal
;
453 /* Check initialization state */
454 RTK_CHK_INIT_STATE();
456 /* Check port Valid */
457 RTK_CHK_PORT_VALID(port
);
459 if (enable
>= RTK_ENABLE_END
)
460 return RT_ERR_ENABLE
;
462 if ((retVal
= rtl8367c_setAsic1xMBEnConfig(rtk_switch_port_L2P_get(port
),enable
)) != RT_ERR_OK
)
469 * rtk_dot1x_macBasedEnable_get
471 * Get 802.1x mac-based port enable configuration
475 * pEnable - The status of 802.1x port.
478 * RT_ERR_FAILED - Failed
479 * RT_ERR_SMI - SMI access error
480 * RT_ERR_INPUT - Invalid input parameters.
481 * RT_ERR_PORT_ID - Invalid port number.
483 * If a port is 802.1x MAC based network access control "enabled", the incoming packets should
484 * be authenticated so packets from that port wont be dropped or trapped to CPU.
485 * The status of 802.1x MAC-based network access control is as following:
489 rtk_api_ret_t
rtk_dot1x_macBasedEnable_get(rtk_port_t port
, rtk_enable_t
*pEnable
)
491 rtk_api_ret_t retVal
;
493 /* Check initialization state */
494 RTK_CHK_INIT_STATE();
497 return RT_ERR_NULL_POINTER
;
499 /* Check port Valid */
500 RTK_CHK_PORT_VALID(port
);
502 if ((retVal
= rtl8367c_getAsic1xMBEnConfig(rtk_switch_port_L2P_get(port
), pEnable
)) != RT_ERR_OK
)
509 * rtk_dot1x_macBasedAuthMac_add
511 * Add an authenticated MAC to ASIC
514 * pAuth_mac - The authenticated MAC.
515 * fid - filtering database.
520 * RT_ERR_FAILED - Failed
521 * RT_ERR_SMI - SMI access error
522 * RT_ERR_PORT_ID - Invalid port number.
523 * RT_ERR_ENABLE - Invalid enable input.
524 * RT_ERR_DOT1X_MACBASEDPNEN - 802.1X mac-based enable error
526 * The API can add a 802.1x authenticated MAC address to port. If the MAC does not exist in LUT,
527 * user can't add this MAC to auth status.
529 rtk_api_ret_t
rtk_dot1x_macBasedAuthMac_add(rtk_port_t port
, rtk_mac_t
*pAuth_mac
, rtk_fid_t fid
)
531 rtk_api_ret_t retVal
;
533 rtl8367c_luttb l2Table
;
535 /* Check initialization state */
536 RTK_CHK_INIT_STATE();
538 /* must be unicast address */
539 if ((pAuth_mac
== NULL
) || (pAuth_mac
->octet
[0] & 0x1))
542 /* Check port Valid */
543 RTK_CHK_PORT_VALID(port
);
545 if (fid
> RTL8367C_FIDMAX
)
546 return RT_ERR_L2_FID
;
548 memset(&l2Table
, 0, sizeof(rtl8367c_luttb
));
550 /* fill key (MAC,FID) to get L2 entry */
551 memcpy(l2Table
.mac
.octet
, pAuth_mac
->octet
, ETHER_ADDR_LEN
);
553 method
= LUTREADMETHOD_MAC
;
554 retVal
= rtl8367c_getAsicL2LookupTb(method
, &l2Table
);
555 if ( RT_ERR_OK
== retVal
)
557 if (l2Table
.spa
!= rtk_switch_port_L2P_get(port
))
558 return RT_ERR_DOT1X_MAC_PORT_MISMATCH
;
560 memcpy(l2Table
.mac
.octet
, pAuth_mac
->octet
, ETHER_ADDR_LEN
);
564 retVal
= rtl8367c_setAsicL2LookupTb(&l2Table
);
573 * rtk_dot1x_macBasedAuthMac_del
575 * Delete an authenticated MAC to ASIC
578 * pAuth_mac - The authenticated MAC.
579 * fid - filtering database.
584 * RT_ERR_FAILED - Failed
585 * RT_ERR_SMI - SMI access error
586 * RT_ERR_MAC - Invalid MAC address.
587 * RT_ERR_PORT_ID - Invalid port number.
589 * The API can delete a 802.1x authenticated MAC address to port. It only change the auth status of
590 * the MAC and won't delete it from LUT.
592 rtk_api_ret_t
rtk_dot1x_macBasedAuthMac_del(rtk_port_t port
, rtk_mac_t
*pAuth_mac
, rtk_fid_t fid
)
594 rtk_api_ret_t retVal
;
596 rtl8367c_luttb l2Table
;
598 /* Check initialization state */
599 RTK_CHK_INIT_STATE();
601 /* must be unicast address */
602 if ((pAuth_mac
== NULL
) || (pAuth_mac
->octet
[0] & 0x1))
605 /* Check port Valid */
606 RTK_CHK_PORT_VALID(port
);
608 if (fid
> RTL8367C_FIDMAX
)
609 return RT_ERR_L2_FID
;
611 memset(&l2Table
, 0, sizeof(rtl8367c_luttb
));
613 /* fill key (MAC,FID) to get L2 entry */
614 memcpy(l2Table
.mac
.octet
, pAuth_mac
->octet
, ETHER_ADDR_LEN
);
616 method
= LUTREADMETHOD_MAC
;
617 retVal
= rtl8367c_getAsicL2LookupTb(method
, &l2Table
);
618 if (RT_ERR_OK
== retVal
)
620 if (l2Table
.spa
!= rtk_switch_port_L2P_get(port
))
621 return RT_ERR_DOT1X_MAC_PORT_MISMATCH
;
623 memcpy(l2Table
.mac
.octet
, pAuth_mac
->octet
, ETHER_ADDR_LEN
);
626 retVal
= rtl8367c_setAsicL2LookupTb(&l2Table
);
635 * rtk_dot1x_macBasedDirection_set
637 * Set 802.1x mac-based operational direction configuration
639 * mac_direction - Operation direction
644 * RT_ERR_FAILED - Failed
645 * RT_ERR_SMI - SMI access error
646 * RT_ERR_INPUT - Invalid input parameter.
647 * RT_ERR_DOT1X_MACBASEDOPDIR - 802.1X mac-based operation direction error
649 * The operate controlled direction of 802.1x mac-based network access control is as following:
653 rtk_api_ret_t
rtk_dot1x_macBasedDirection_set(rtk_dot1x_direction_t mac_direction
)
655 rtk_api_ret_t retVal
;
657 /* Check initialization state */
658 RTK_CHK_INIT_STATE();
660 if (mac_direction
>= DIRECTION_END
)
661 return RT_ERR_DOT1X_MACBASEDOPDIR
;
663 if ((retVal
= rtl8367c_setAsic1xMBOpdirConfig(mac_direction
)) != RT_ERR_OK
)
670 * rtk_dot1x_macBasedDirection_get
672 * Get 802.1x mac-based operational direction configuration
676 * pMac_direction - Operation direction
679 * RT_ERR_FAILED - Failed
680 * RT_ERR_SMI - SMI access error
681 * RT_ERR_INPUT - Invalid input parameters.
683 * The API can get 802.1x mac-based operational direction information.
685 rtk_api_ret_t
rtk_dot1x_macBasedDirection_get(rtk_dot1x_direction_t
*pMac_direction
)
687 rtk_api_ret_t retVal
;
689 /* Check initialization state */
690 RTK_CHK_INIT_STATE();
692 if(NULL
== pMac_direction
)
693 return RT_ERR_NULL_POINTER
;
695 if ((retVal
= rtl8367c_getAsic1xMBOpdirConfig(pMac_direction
)) != RT_ERR_OK
)
702 * Set 802.1x guest VLAN configuration
704 * Set 802.1x mac-based operational direction configuration
706 * vid - 802.1x guest VLAN ID
711 * RT_ERR_FAILED - Failed
712 * RT_ERR_SMI - SMI access error
713 * RT_ERR_INPUT - Invalid input parameter.
715 * The operate controlled 802.1x guest VLAN
717 rtk_api_ret_t
rtk_dot1x_guestVlan_set(rtk_vlan_t vid
)
719 rtk_api_ret_t retVal
;
722 /* Check initialization state */
723 RTK_CHK_INIT_STATE();
725 /* vid must be 0~4095 */
726 if (vid
> RTL8367C_VIDMAX
)
727 return RT_ERR_VLAN_VID
;
729 if((retVal
= rtk_vlan_checkAndCreateMbr(vid
, &index
)) != RT_ERR_OK
)
732 if ((retVal
= rtl8367c_setAsic1xGuestVidx(index
)) != RT_ERR_OK
)
739 * rtk_dot1x_guestVlan_get
741 * Get 802.1x guest VLAN configuration
745 * pVid - 802.1x guest VLAN ID
748 * RT_ERR_FAILED - Failed
749 * RT_ERR_SMI - SMI access error
750 * RT_ERR_INPUT - Invalid input parameters.
752 * The API can get 802.1x guest VLAN information.
754 rtk_api_ret_t
rtk_dot1x_guestVlan_get(rtk_vlan_t
*pVid
)
756 rtk_api_ret_t retVal
;
758 rtl8367c_vlanconfiguser vlanMC
;
760 /* Check initialization state */
761 RTK_CHK_INIT_STATE();
764 return RT_ERR_NULL_POINTER
;
766 if ((retVal
= rtl8367c_getAsic1xGuestVidx(&gvidx
)) != RT_ERR_OK
)
769 if ((retVal
= rtl8367c_getAsicVlanMemberConfig(gvidx
, &vlanMC
)) != RT_ERR_OK
)
778 * rtk_dot1x_guestVlan2Auth_set
780 * Set 802.1x guest VLAN to auth host configuration
782 * enable - The status of guest VLAN to auth host.
787 * RT_ERR_FAILED - Failed
788 * RT_ERR_SMI - SMI access error
789 * RT_ERR_INPUT - Invalid input parameter.
791 * The operational direction of 802.1x guest VLAN to auth host control is as following:
795 rtk_api_ret_t
rtk_dot1x_guestVlan2Auth_set(rtk_enable_t enable
)
797 rtk_api_ret_t retVal
;
799 /* Check initialization state */
800 RTK_CHK_INIT_STATE();
802 if (enable
>= RTK_ENABLE_END
)
803 return RT_ERR_ENABLE
;
805 if ((retVal
= rtl8367c_setAsic1xGVOpdir(enable
)) != RT_ERR_OK
)
812 * rtk_dot1x_guestVlan2Auth_get
814 * Get 802.1x guest VLAN to auth host configuration
818 * pEnable - The status of guest VLAN to auth host.
821 * RT_ERR_FAILED - Failed
822 * RT_ERR_SMI - SMI access error
823 * RT_ERR_INPUT - Invalid input parameters.
825 * The API can get 802.1x guest VLAN to auth host information.
827 rtk_api_ret_t
rtk_dot1x_guestVlan2Auth_get(rtk_enable_t
*pEnable
)
829 rtk_api_ret_t retVal
;
831 /* Check initialization state */
832 RTK_CHK_INIT_STATE();
835 return RT_ERR_NULL_POINTER
;
837 if ((retVal
= rtl8367c_getAsic1xGVOpdir(pEnable
)) != RT_ERR_OK
)