/* * Copyright(c) Realtek Semiconductor Corporation, 2009 * All rights reserved. * * $Revision$ * $Date$ * * Purpose : Definition those public security APIs and its data type in the SDK. * * Feature : The file have include the following module and sub-modules * 1) Attack prevention */ #ifndef __DAL_CYPRESS_SEC_H__ #define __DAL_CYPRESS_SEC_H__ /* * Include Files */ #include #include #include /* * Symbol Definition */ /* * Data Declaration */ /* * Macro Declaration */ /* * Function Declaration */ /* Function Name: * dal_cypress_secMapper_init * Description: * Hook sec module of the specified device. * Input: * unit - unit id * Output: * None * Return: * RT_ERR_OK * RT_ERR_FAILED * Note: * Must Hook sec module before calling any sec APIs. */ extern int32 dal_cypress_secMapper_init(dal_mapper_t *pMapper); /* Module Name : Security */ /* Function Name: * dal_cypress_sec_init * Description: * Initialize security module of the specified device. * Input: * unit - unit id * Output: * None * Return: * RT_ERR_OK * RT_ERR_FAILED * Note: * Must initialize security module before calling any sec APIs. */ extern int32 dal_cypress_sec_init(uint32 unit); /* Module Name : Security */ /* Sub-module Name: Attack prevention */ /* Function Name: * dal_cypress_sec_portAttackPrevent_get * Description: * Get action for each kind of attack on specified port. * Input: * unit - unit id * port - port id * attack_type - type of attack * Output: * pAction - pointer to action for attack * Return: * RT_ERR_OK * RT_ERR_FAILED * RT_ERR_NOT_INIT - The module is not initial * RT_ERR_PORT_ID - invalid port id * RT_ERR_INPUT - invalid input parameter * RT_ERR_NULL_POINTER - input parameter may be null pointer * Note: * Type of attack is as following: * - ARP_INVALID * - GRATUITOUS_ARP * * Action is as following: * - ACTION_FORWARD * - ACTION_DROP * - ACTION_TRAP2CPU */ extern int32 dal_cypress_sec_portAttackPrevent_get( uint32 unit, rtk_port_t port, rtk_sec_attackType_t attack_type, rtk_action_t *pAction); /* Function Name: * dal_cypress_sec_portAttackPrevent_set * Description: * Set action for each kind of attack on specified port. * Input: * unit - unit id * port - port id * attack_type - type of attack * action - action for attack * Output: * None * Return: * RT_ERR_OK * RT_ERR_FAILED * RT_ERR_NOT_INIT - The module is not initial * RT_ERR_PORT_ID - invalid port id * RT_ERR_FWD_ACTION - invalid forwarding action * RT_ERR_INPUT - invalid input parameter * Note: * Type of attack is as following: * - ARP_INVALID * - GRATUITOUS_ARP * * Action is as following: * - ACTION_FORWARD * - ACTION_DROP * - ACTION_TRAP2CPU */ extern int32 dal_cypress_sec_portAttackPrevent_set( uint32 unit, rtk_port_t port, rtk_sec_attackType_t attack_type, rtk_action_t action); /* Function Name: * dal_cypress_sec_portAttackPreventEnable_get * Description: * Get the attack prevention status of the specific port * Input: * unit - unit id * port - port id * Output: * pEnable - pointer to the status of the attack prevention * Return: * RT_ERR_OK * RT_ERR_FAILED * RT_ERR_PORT_ID - invalid port id * RT_ERR_NULL_POINTER - input parameter may be null pointer * Note: * None */ extern int32 dal_cypress_sec_portAttackPreventEnable_get(uint32 unit, rtk_port_t port, rtk_enable_t *pEnable); /* Function Name: * dal_cypress_sec_portAttackPreventEnable_set * Description: * Set the attack prevention status of the specific port * Input: * unit - unit id * port - port id * enable - pointer to the status of the attack prevention * Output: * None * Return: * RT_ERR_OK * RT_ERR_FAILED * RT_ERR_PORT_ID - invalid port id * RT_ERR_INPUT - invalid input parameter * Note: * None */ extern int32 dal_cypress_sec_portAttackPreventEnable_set(uint32 unit, rtk_port_t port, rtk_enable_t enable); /* Function Name: * dal_cypress_sec_attackPreventAction_get * Description: * Get action for each kind of attack. * Input: * unit - unit id * attack_type - type of attack * Output: * pAction - pointer to action for attack * Return: * RT_ERR_OK * RT_ERR_FAILED * RT_ERR_NOT_INIT - The module is not initial * RT_ERR_INPUT - invalid input parameter * RT_ERR_NULL_POINTER - input parameter may be null pointer * Note: * Type of attack is as following: * - TCP_FRAG_OFF_MIN_CHECK * - SYNRST_DENY * - SYNFIN_DENY * - XMA_DENY * - XMA_DENY * - SYN_SPORTL1024_DENY * - TCPHDR_MIN_CHECK * - SMURF_DENY * - ICMPV6_PING_MAX_CHECK * - ICMPV4_PING_MAX_CHECK * - ICMP_FRAG_PKTS_DENY * - IPV6_MIN_FRAG_SIZE_CHECK * - POD_DENY * - TCPBLAT_DENY * - UDPBLAT_DENY * - LAND_DENY * - DAEQSA_DENY * * Action is as following: * - ACTION_FORWARD * - ACTION_DROP * - ACTION_TRAP2CPU */ extern int32 dal_cypress_sec_attackPreventAction_get( uint32 unit, rtk_sec_attackType_t attack_type, rtk_action_t *pAction); /* Function Name: * dal_cypress_sec_attackPreventAction_set * Description: * Set action for each kind of attack on specified port. * Input: * unit - unit id * attack_type - type of attack * action - action for attack * Output: * None * Return: * RT_ERR_OK * RT_ERR_FAILED * RT_ERR_NOT_INIT - The module is not initial * RT_ERR_FWD_ACTION - invalid forwarding action * RT_ERR_INPUT - invalid input parameter * Note: * Type of attack is as following: * - TCP_FRAG_OFF_MIN_CHECK * - SYNRST_DENY * - SYNFIN_DENY * - XMA_DENY * - XMA_DENY * - SYN_SPORTL1024_DENY * - TCPHDR_MIN_CHECK * - SMURF_DENY * - ICMPV6_PING_MAX_CHECK * - ICMPV4_PING_MAX_CHECK * - ICMP_FRAG_PKTS_DENY * - IPV6_MIN_FRAG_SIZE_CHECK * - POD_DENY * - TCPBLAT_DENY * - UDPBLAT_DENY * - LAND_DENY * - DAEQSA_DENY * * Action is as following: * - ACTION_FORWARD * - ACTION_DROP * - ACTION_TRAP2CPU */ extern int32 dal_cypress_sec_attackPreventAction_set( uint32 unit, rtk_sec_attackType_t attack_type, rtk_action_t action); /* Function Name: * dal_cypress_sec_minIPv6FragLen_get * Description: * Get minimum length of IPv6 fragments. * Input: * unit - unit id * Output: * pLength - pointer to minimum length of IPv6 fragments * Return: * RT_ERR_OK * RT_ERR_FAILED * RT_ERR_NOT_INIT - The module is not initial * RT_ERR_NULL_POINTER - input parameter may be null pointer * Note: * None */ extern int32 dal_cypress_sec_minIPv6FragLen_get(uint32 unit, uint32 *pLength); /* Function Name: * dal_cypress_sec_minIPv6FragLen_set * Description: * Set minimum length of IPv6 fragments on specified port. * Input: * unit - unit id * length - minimum length of IPv6 fragments * Output: * None * Return: * RT_ERR_OK * RT_ERR_FAILED * RT_ERR_NOT_INIT - The module is not initial * RT_ERR_OUT_OF_RANGE - input parameter out of range * Note: * None */ extern int32 dal_cypress_sec_minIPv6FragLen_set(uint32 unit, uint32 length); /* Function Name: * dal_cypress_sec_maxPingLen_get * Description: * Get maximum length of ICMP packet on specified port. * Input: * unit - unit id * port - port id * Output: * pLength - pointer to maximum length of ICMP packet * Return: * RT_ERR_OK * RT_ERR_FAILED * RT_ERR_NOT_INIT - The module is not initial * RT_ERR_NULL_POINTER - input parameter may be null pointer * Note: * None */ extern int32 dal_cypress_sec_maxPingLen_get(uint32 unit, uint32 *pLength); /* Function Name: * dal_cypress_sec_maxPingLen_set * Description: * Set maximum length of ICMP packet. * Input: * unit - unit id * length - maximum length of ICMP packet * Output: * None * Return: * RT_ERR_OK * RT_ERR_FAILED * RT_ERR_NOT_INIT - The module is not initial * RT_ERR_OUT_OF_RANGE - input parameter out of range * Note: * None */ extern int32 dal_cypress_sec_maxPingLen_set(uint32 unit, uint32 length); /* Function Name: * dal_cypress_sec_minTCPHdrLen_get * Description: * Get minimum length of TCP header. * Input: * unit - unit id * Output: * pLength - pointer to minimum length of TCP header * Return: * RT_ERR_OK * RT_ERR_FAILED * RT_ERR_NOT_INIT - The module is not initial * RT_ERR_NULL_POINTER - input parameter may be null pointer * Note: * None */ extern int32 dal_cypress_sec_minTCPHdrLen_get(uint32 unit, uint32 *pLength); /* Function Name: * dal_cypress_sec_minTCPHdrLen_set * Description: * Set minimum length of TCP header on specified port. * Input: * unit - unit id * length - minimum length of TCP header * Output: * None * Return: * RT_ERR_OK * RT_ERR_FAILED * RT_ERR_NOT_INIT - The module is not initial * RT_ERR_OUT_OF_RANGE - input parameter out of range * Note: * None */ extern int32 dal_cypress_sec_minTCPHdrLen_set(uint32 unit, uint32 length); /* Function Name: * dal_cypress_sec_smurfNetmaskLen_get * Description: * Get netmask length for preventing SMURF attack. * Input: * unit - unit id * Output: * pLength - pointer to netmask length * Return: * RT_ERR_OK * RT_ERR_FAILED * RT_ERR_NOT_INIT - The module is not initial * RT_ERR_NULL_POINTER - input parameter may be null pointer * Note: * None */ extern int32 dal_cypress_sec_smurfNetmaskLen_get(uint32 unit, uint32 *pLength); /* Function Name: * dal_cypress_sec_smurfNetmaskLen_set * Description: * Set netmask length for preventing SMURF attack on specified port. * Input: * unit - unit id * length - netmask length * Output: * None * Return: * RT_ERR_OK * RT_ERR_FAILED * RT_ERR_NOT_INIT - The module is not initial * RT_ERR_OUT_OF_RANGE - input parameter out of range * Note: * None */ extern int32 dal_cypress_sec_smurfNetmaskLen_set(uint32 unit, uint32 length); #endif /* __DAL_cypress_SEC_H__ */