Realtek switch SoC docs

maple table: IACL

Details

Name
IACL
Feature
TABLE_ACCESS
Type
1
Entries
1536
Data width
576
Control register
TBL_ACCESS_CTRL_0
Data register
TBL_ACCESS_DATA_0

Description

A rule entry for ingress ACL rules

This ACL rule can be used to match packets. It seems usable to do traffic policing but also L3 forwarding to the NEXTHOP DMAC entries (via Rule UNICAST_ROUTING).

Fields

Name LSB Bits Description
FIELD_11 560 16

First field of the fields with user-definable content.

The meaning of these fields depend on the template number that is associated with the rule-block this rule is in. Rule blocks are always 128 rules large on all SoCs and can have 2 to 3 possible templates associated, which are selected by the TID (Template ID) of a rule, so that rules in a block can have different templates.

Some templates (the first 5 on RTL8380) are pre-configured on the SoCs, the other can be configured by the users through the template configuration registers. A template will for example specify that FIELD_0 is bits 0-15 of the destination IP, FIELD_1 is bits 16-31, FIELD_2 is the L4 TCP destination port etc. Note that complex rules apply which fields can hold which type of data.

FIELD_10 544 16
FIELD_9 528 16
FIELD_8 512 16
FIELD_7 496 16
FIELD_6 480 16
FIELD_5 464 16
FIELD_4 448 16
FIELD_3 432 16
FIELD_2 416 16
FIELD_1 400 16
FIELD_0 384 16

Last field of the fields with user-definable content.

SPMMASK_FIX 374 2

First entry in the fixed ACL fields.

SPN 368 6

Source Port Number packet arrived on

MGNT_VLAN 367 1

Packet arrived on management VLAN

DMAC_HIT_SW 366 1

The Destination MAC of the packet is one of the device’s

NOT_FIRST_FRAG 365 1
FRAME_TYPE_L4 362 3

0: UDP, 1: TCP, 2: ICMP/ICMPv6, 3: IGMP

FRAME_TYPE 360 2

0: ARP, 1: L2 only, 2: IPv4, 3: IPv6

OTAG_FMT 359 1

0: outer tag packet, 1: outer priority tag or untagged

ITAG_FMT 358 1

0: inner tag packet, 1: inner priority tag or untagged

OTAG_EXIST 357 1

1: packet with outer tag

ITAG_EXIST 356 1

1: packet with inner tag

FRAME_TYPE_L2 354 2

0: Ethernet, 1: LLC_SNAP, 2: LLC_Other, 3: Reserved

TID 352 2

Last entry in the fixed ACL fields.

BMSK_FIELD_11 336 16

First field of the user-definable content fields. Bitmask for this.

BMSK_FIELD_10 320 16
BMSK_FIELD_9 304 16
BMSK_FIELD_8 288 16
BMSK_FIELD_7 272 16
BMSK_FIELD_6 256 16
BMSK_FIELD_5 240 16
BMSK_FIELD_4 224 16
BMSK_FIELD_3 208 16
BMSK_FIELD_2 192 16
BMSK_FIELD_1 176 16
BMSK_FIELD_0 160 16

Last field of the user-definable content fields. Bitmask for this.

BMSK_SPMMASK_FIX 150 2

First entry in the fixed field ACL entry matching bitmask.

BMSK_SPN 144 6
BMSK_MGNT_VLAN 143 1
BMSK_DMAC_HIT_SW 142 1
BMSK_NOT_FIRST_FRAG 141 1
BMSK_FRAME_TYPE_L4 138 3
BMSK_FRAME_TYPE 136 2
BMSK_OTAG_FMT 135 1
BMSK_ITAG_FMT 134 1
BMSK_OTAG_EXIST 133 1
BMSK_ITAG_EXIST 132 1
BMSK_FRAME_TYPE_L2 130 2
BMSK_TID 128 2

Last entry in the fixed field ACL entry matching bitmask.

VALID 127 1

This templated rule is active.

NOT 126 1

Matches when the matching conditions do NOT match.

AND1 125 1

And match conditions of this rule 2n with the next rule 2n+1 in same block

AND2 124 1

And matching conditions of this rule m in block 2n with rule m in block 2n+1

IVALID 123 1
AIF4 96 9

Fields holding metadata for actions. Actions are performed according to their order in the rule, drop is first. Data for the action is in Fields AIF0-AIF4, the first action that is active uses the data in AIF0, the next one in AIF1 and so on.

AIF3 80 10
AIF2 64 14
AIF1 48 14
AIF0 32 16

Data for the first active action apart from drop (does not need any additional data).

For example a Forwarding action: Type of forwarding action = (field_value >> 13) & 0x7 Actions are 0: PERMIT, 1: DROP, 2: COPY_TO_PORTID, 3: COPY_TO_PORTMASK, 4: REDIRECT_TO_PORTID, 5: REDIRECT_TO_PORTMASK, 6:UNICAST_ROUTING, 7: VLAN_LEAKY

The target of the action is in the other bits of the field value, such as the port-id to forward to or the DMAC entry in the nexthop table for UNICAST_ROUTING.

DROP 14 2

DROP action: various ways to drop the packet, 1 is normal kind

FWD_SEL 13 1

Forward packet: to port, portmask, dest route, next rule, drop

OVID_SEL 12 1

Perform action on OVID (Outer VLAN-ID)

IVID_SEL 11 1

Perform action on IVID (Inner VLAN-ID)

FLT_SEL 10 1

Apply a filter to the packet

LOG_SEL 9 1

Log this packet in one of the log counters in the LOG table

RMK_SEL 8 1

Remark the packet with a different priority

METER_SEL 7 1

Apply a rate meter to this packet

TAGST_SEL 6 1

Changes the egress tag.

MIR_SEL 5 1

Mirror the packet to one of the Link Aggregation Groups

NORPRI_SEL 4 1

Change the normal priority.

CPUPRI_SEL 3 1

Change the CPU priority.

OTPID_SEL 2 1

Change outer Tag Protocol Identifier (802.1q)

ITPID_SEL 1 1

Change inner Tag Protocol Identifier (802.1q)

SHAPER_SEL 0 1

Apply a traffic shaper.