Warning: This file is not a C or C++ file. It does not have highlighting.
| 1 | #ifndef _NET_NF_TABLES_OFFLOAD_H |
|---|---|
| 2 | #define _NET_NF_TABLES_OFFLOAD_H |
| 3 | |
| 4 | #include <net/flow_offload.h> |
| 5 | #include <net/netfilter/nf_tables.h> |
| 6 | |
| 7 | enum nft_offload_reg_flags { |
| 8 | NFT_OFFLOAD_F_NETWORK2HOST = (1 << 0), |
| 9 | }; |
| 10 | |
| 11 | struct nft_offload_reg { |
| 12 | u32 key; |
| 13 | u32 len; |
| 14 | u32 base_offset; |
| 15 | u32 offset; |
| 16 | u32 flags; |
| 17 | struct nft_data data; |
| 18 | struct nft_data mask; |
| 19 | }; |
| 20 | |
| 21 | enum nft_offload_dep_type { |
| 22 | NFT_OFFLOAD_DEP_UNSPEC = 0, |
| 23 | NFT_OFFLOAD_DEP_NETWORK, |
| 24 | NFT_OFFLOAD_DEP_TRANSPORT, |
| 25 | }; |
| 26 | |
| 27 | struct nft_offload_ctx { |
| 28 | struct { |
| 29 | enum nft_offload_dep_type type; |
| 30 | __be16 l3num; |
| 31 | u8 protonum; |
| 32 | } dep; |
| 33 | unsigned int num_actions; |
| 34 | struct net *net; |
| 35 | struct nft_offload_reg regs[NFT_REG32_15 + 1]; |
| 36 | }; |
| 37 | |
| 38 | void nft_offload_set_dependency(struct nft_offload_ctx *ctx, |
| 39 | enum nft_offload_dep_type type); |
| 40 | void nft_offload_update_dependency(struct nft_offload_ctx *ctx, |
| 41 | const void *data, u32 len); |
| 42 | |
| 43 | struct nft_flow_key { |
| 44 | struct flow_dissector_key_basic basic; |
| 45 | struct flow_dissector_key_control control; |
| 46 | union { |
| 47 | struct flow_dissector_key_ipv4_addrs ipv4; |
| 48 | struct flow_dissector_key_ipv6_addrs ipv6; |
| 49 | }; |
| 50 | struct flow_dissector_key_ports tp; |
| 51 | struct flow_dissector_key_ip ip; |
| 52 | struct flow_dissector_key_vlan vlan; |
| 53 | struct flow_dissector_key_vlan cvlan; |
| 54 | struct flow_dissector_key_eth_addrs eth_addrs; |
| 55 | struct flow_dissector_key_meta meta; |
| 56 | } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */ |
| 57 | |
| 58 | struct nft_flow_match { |
| 59 | struct flow_dissector dissector; |
| 60 | struct nft_flow_key key; |
| 61 | struct nft_flow_key mask; |
| 62 | }; |
| 63 | |
| 64 | struct nft_flow_rule { |
| 65 | __be16 proto; |
| 66 | struct nft_flow_match match; |
| 67 | struct flow_rule *rule; |
| 68 | }; |
| 69 | |
| 70 | void nft_flow_rule_set_addr_type(struct nft_flow_rule *flow, |
| 71 | enum flow_dissector_key_id addr_type); |
| 72 | |
| 73 | struct nft_rule; |
| 74 | struct nft_flow_rule *nft_flow_rule_create(struct net *net, const struct nft_rule *rule); |
| 75 | int nft_flow_rule_stats(const struct nft_chain *chain, const struct nft_rule *rule); |
| 76 | void nft_flow_rule_destroy(struct nft_flow_rule *flow); |
| 77 | int nft_flow_rule_offload_commit(struct net *net); |
| 78 | |
| 79 | #define NFT_OFFLOAD_MATCH_FLAGS(__key, __base, __field, __len, __reg, __flags) \ |
| 80 | (__reg)->base_offset = \ |
| 81 | offsetof(struct nft_flow_key, __base); \ |
| 82 | (__reg)->offset = \ |
| 83 | offsetof(struct nft_flow_key, __base.__field); \ |
| 84 | (__reg)->len = __len; \ |
| 85 | (__reg)->key = __key; \ |
| 86 | (__reg)->flags = __flags; |
| 87 | |
| 88 | #define NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg) \ |
| 89 | NFT_OFFLOAD_MATCH_FLAGS(__key, __base, __field, __len, __reg, 0) |
| 90 | |
| 91 | #define NFT_OFFLOAD_MATCH_EXACT(__key, __base, __field, __len, __reg) \ |
| 92 | NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg) \ |
| 93 | memset(&(__reg)->mask, 0xff, (__reg)->len); |
| 94 | |
| 95 | bool nft_chain_offload_support(const struct nft_base_chain *basechain); |
| 96 | |
| 97 | int nft_offload_init(void); |
| 98 | void nft_offload_exit(void); |
| 99 | |
| 100 | #endif |
| 101 |
Warning: This file is not a C or C++ file. It does not have highlighting.