13b49e2e9SPablo Neira Ayuso #ifndef _NF_FLOW_TABLE_H
23b49e2e9SPablo Neira Ayuso #define _NF_FLOW_TABLE_H
33b49e2e9SPablo Neira Ayuso
4ac2a6666SPablo Neira Ayuso #include <linux/in.h>
5ac2a6666SPablo Neira Ayuso #include <linux/in6.h>
6ac2a6666SPablo Neira Ayuso #include <linux/netdevice.h>
70eb71a9dSNeilBrown #include <linux/rhashtable-types.h>
8ac2a6666SPablo Neira Ayuso #include <linux/rcupdate.h>
9a1b2f04eSJeremy Sowden #include <linux/netfilter.h>
10af81f9e7SFelix Fietkau #include <linux/netfilter/nf_conntrack_tuple_common.h>
118bb69f3bSPablo Neira Ayuso #include <net/flow_offload.h>
12ac2a6666SPablo Neira Ayuso #include <net/dst.h>
130492d857SPablo Neira Ayuso #include <linux/if_pppox.h>
140492d857SPablo Neira Ayuso #include <linux/ppp_defs.h>
153b49e2e9SPablo Neira Ayuso
163b49e2e9SPablo Neira Ayuso struct nf_flowtable;
17c29f74e0SPablo Neira Ayuso struct nf_flow_rule;
18c29f74e0SPablo Neira Ayuso struct flow_offload;
19c29f74e0SPablo Neira Ayuso enum flow_offload_tuple_dir;
203b49e2e9SPablo Neira Ayuso
219c26ba9bSPaul Blakey struct nf_flow_key {
229c26ba9bSPaul Blakey struct flow_dissector_key_meta meta;
239c26ba9bSPaul Blakey struct flow_dissector_key_control control;
24cfab6dbdSwenxu struct flow_dissector_key_control enc_control;
259c26ba9bSPaul Blakey struct flow_dissector_key_basic basic;
263e1b0c16Swenxu struct flow_dissector_key_vlan vlan;
273e1b0c16Swenxu struct flow_dissector_key_vlan cvlan;
289c26ba9bSPaul Blakey union {
299c26ba9bSPaul Blakey struct flow_dissector_key_ipv4_addrs ipv4;
309c26ba9bSPaul Blakey struct flow_dissector_key_ipv6_addrs ipv6;
319c26ba9bSPaul Blakey };
32cfab6dbdSwenxu struct flow_dissector_key_keyid enc_key_id;
33cfab6dbdSwenxu union {
34cfab6dbdSwenxu struct flow_dissector_key_ipv4_addrs enc_ipv4;
35cfab6dbdSwenxu struct flow_dissector_key_ipv6_addrs enc_ipv6;
36cfab6dbdSwenxu };
379c26ba9bSPaul Blakey struct flow_dissector_key_tcp tcp;
389c26ba9bSPaul Blakey struct flow_dissector_key_ports tp;
399c26ba9bSPaul Blakey } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
409c26ba9bSPaul Blakey
419c26ba9bSPaul Blakey struct nf_flow_match {
429c26ba9bSPaul Blakey struct flow_dissector dissector;
439c26ba9bSPaul Blakey struct nf_flow_key key;
449c26ba9bSPaul Blakey struct nf_flow_key mask;
459c26ba9bSPaul Blakey };
469c26ba9bSPaul Blakey
479c26ba9bSPaul Blakey struct nf_flow_rule {
489c26ba9bSPaul Blakey struct nf_flow_match match;
499c26ba9bSPaul Blakey struct flow_rule *rule;
509c26ba9bSPaul Blakey };
519c26ba9bSPaul Blakey
523b49e2e9SPablo Neira Ayuso struct nf_flowtable_type {
533b49e2e9SPablo Neira Ayuso struct list_head list;
543b49e2e9SPablo Neira Ayuso int family;
55a268de77SFelix Fietkau int (*init)(struct nf_flowtable *ft);
56735795f6SPablo Neira Ayuso bool (*gc)(const struct flow_offload *flow);
578bb69f3bSPablo Neira Ayuso int (*setup)(struct nf_flowtable *ft,
588bb69f3bSPablo Neira Ayuso struct net_device *dev,
598bb69f3bSPablo Neira Ayuso enum flow_block_command cmd);
60c29f74e0SPablo Neira Ayuso int (*action)(struct net *net,
611a441a9bSVlad Buslov struct flow_offload *flow,
62c29f74e0SPablo Neira Ayuso enum flow_offload_tuple_dir dir,
63c29f74e0SPablo Neira Ayuso struct nf_flow_rule *flow_rule);
64b408c5b0SPablo Neira Ayuso void (*free)(struct nf_flowtable *ft);
6515f300edSVlad Buslov void (*get)(struct nf_flowtable *ft);
6615f300edSVlad Buslov void (*put)(struct nf_flowtable *ft);
673b49e2e9SPablo Neira Ayuso nf_hookfn *hook;
683b49e2e9SPablo Neira Ayuso struct module *owner;
693b49e2e9SPablo Neira Ayuso };
703b49e2e9SPablo Neira Ayuso
718bb69f3bSPablo Neira Ayuso enum nf_flowtable_flags {
72cfbd1125SPablo Neira Ayuso NF_FLOWTABLE_HW_OFFLOAD = 0x1, /* NFT_FLOWTABLE_HW_OFFLOAD */
7353c2b289SPablo Neira Ayuso NF_FLOWTABLE_COUNTER = 0x2, /* NFT_FLOWTABLE_COUNTER */
748bb69f3bSPablo Neira Ayuso };
758bb69f3bSPablo Neira Ayuso
763b49e2e9SPablo Neira Ayuso struct nf_flowtable {
7784453a90SFelix Fietkau struct list_head list;
783b49e2e9SPablo Neira Ayuso struct rhashtable rhashtable;
7971a8a63bSPablo Neira Ayuso int priority;
803b49e2e9SPablo Neira Ayuso const struct nf_flowtable_type *type;
813b49e2e9SPablo Neira Ayuso struct delayed_work gc_work;
828bb69f3bSPablo Neira Ayuso unsigned int flags;
838bb69f3bSPablo Neira Ayuso struct flow_block flow_block;
84422c032aSPaul Blakey struct rw_semaphore flow_block_lock; /* Guards flow_block */
858bb69f3bSPablo Neira Ayuso possible_net_t net;
863b49e2e9SPablo Neira Ayuso };
873b49e2e9SPablo Neira Ayuso
nf_flowtable_hw_offload(struct nf_flowtable * flowtable)88a5449cdcSPablo Neira Ayuso static inline bool nf_flowtable_hw_offload(struct nf_flowtable *flowtable)
89a5449cdcSPablo Neira Ayuso {
90a5449cdcSPablo Neira Ayuso return flowtable->flags & NF_FLOWTABLE_HW_OFFLOAD;
91a5449cdcSPablo Neira Ayuso }
92a5449cdcSPablo Neira Ayuso
93ac2a6666SPablo Neira Ayuso enum flow_offload_tuple_dir {
94af81f9e7SFelix Fietkau FLOW_OFFLOAD_DIR_ORIGINAL = IP_CT_DIR_ORIGINAL,
95af81f9e7SFelix Fietkau FLOW_OFFLOAD_DIR_REPLY = IP_CT_DIR_REPLY,
96ac2a6666SPablo Neira Ayuso };
974f08f173SPablo Neira Ayuso #define FLOW_OFFLOAD_DIR_MAX IP_CT_DIR_MAX
98ac2a6666SPablo Neira Ayuso
995139c0c0SPablo Neira Ayuso enum flow_offload_xmit_type {
10078ed0a9bSRoi Dayan FLOW_OFFLOAD_XMIT_UNSPEC = 0,
10178ed0a9bSRoi Dayan FLOW_OFFLOAD_XMIT_NEIGH,
1025139c0c0SPablo Neira Ayuso FLOW_OFFLOAD_XMIT_XFRM,
1037a27f6abSPablo Neira Ayuso FLOW_OFFLOAD_XMIT_DIRECT,
104db6140e5SPaul Blakey FLOW_OFFLOAD_XMIT_TC,
1055139c0c0SPablo Neira Ayuso };
1065139c0c0SPablo Neira Ayuso
1074cd91f7cSPablo Neira Ayuso #define NF_FLOW_TABLE_ENCAP_MAX 2
1084cd91f7cSPablo Neira Ayuso
109ac2a6666SPablo Neira Ayuso struct flow_offload_tuple {
110ac2a6666SPablo Neira Ayuso union {
111ac2a6666SPablo Neira Ayuso struct in_addr src_v4;
112ac2a6666SPablo Neira Ayuso struct in6_addr src_v6;
113ac2a6666SPablo Neira Ayuso };
114ac2a6666SPablo Neira Ayuso union {
115ac2a6666SPablo Neira Ayuso struct in_addr dst_v4;
116ac2a6666SPablo Neira Ayuso struct in6_addr dst_v6;
117ac2a6666SPablo Neira Ayuso };
118ac2a6666SPablo Neira Ayuso struct {
119ac2a6666SPablo Neira Ayuso __be16 src_port;
120ac2a6666SPablo Neira Ayuso __be16 dst_port;
121ac2a6666SPablo Neira Ayuso };
122ac2a6666SPablo Neira Ayuso
123ac2a6666SPablo Neira Ayuso int iifidx;
124ac2a6666SPablo Neira Ayuso
125ac2a6666SPablo Neira Ayuso u8 l3proto;
126ac2a6666SPablo Neira Ayuso u8 l4proto;
1274cd91f7cSPablo Neira Ayuso struct {
1284cd91f7cSPablo Neira Ayuso u16 id;
1294cd91f7cSPablo Neira Ayuso __be16 proto;
1304cd91f7cSPablo Neira Ayuso } encap[NF_FLOW_TABLE_ENCAP_MAX];
131dbc859d9SPablo Neira Ayuso
132dbc859d9SPablo Neira Ayuso /* All members above are keys for lookups, see flow_offload_hash(). */
133dbc859d9SPablo Neira Ayuso struct { } __hash;
134dbc859d9SPablo Neira Ayuso
13526267bf9SFelix Fietkau u8 dir:2,
136db6140e5SPaul Blakey xmit_type:3,
13726267bf9SFelix Fietkau encap_num:2,
13826267bf9SFelix Fietkau in_vlan_ingress:2;
1394f3780c0SFelix Fietkau u16 mtu;
1407a27f6abSPablo Neira Ayuso union {
1418b9229d1SPablo Neira Ayuso struct {
142ac2a6666SPablo Neira Ayuso struct dst_entry *dst_cache;
1438b9229d1SPablo Neira Ayuso u32 dst_cookie;
1448b9229d1SPablo Neira Ayuso };
1457a27f6abSPablo Neira Ayuso struct {
1467a27f6abSPablo Neira Ayuso u32 ifidx;
14773f97025SPablo Neira Ayuso u32 hw_ifidx;
1487a27f6abSPablo Neira Ayuso u8 h_source[ETH_ALEN];
1497a27f6abSPablo Neira Ayuso u8 h_dest[ETH_ALEN];
1507a27f6abSPablo Neira Ayuso } out;
151db6140e5SPaul Blakey struct {
152db6140e5SPaul Blakey u32 iifidx;
153db6140e5SPaul Blakey } tc;
1547a27f6abSPablo Neira Ayuso };
155ac2a6666SPablo Neira Ayuso };
156ac2a6666SPablo Neira Ayuso
157ac2a6666SPablo Neira Ayuso struct flow_offload_tuple_rhash {
158ac2a6666SPablo Neira Ayuso struct rhash_head node;
159ac2a6666SPablo Neira Ayuso struct flow_offload_tuple tuple;
160ac2a6666SPablo Neira Ayuso };
161ac2a6666SPablo Neira Ayuso
162355a8b13SPablo Neira Ayuso enum nf_flow_flags {
163355a8b13SPablo Neira Ayuso NF_FLOW_SNAT,
164355a8b13SPablo Neira Ayuso NF_FLOW_DNAT,
165355a8b13SPablo Neira Ayuso NF_FLOW_TEARDOWN,
166355a8b13SPablo Neira Ayuso NF_FLOW_HW,
167355a8b13SPablo Neira Ayuso NF_FLOW_HW_DYING,
168355a8b13SPablo Neira Ayuso NF_FLOW_HW_DEAD,
1692c889795SPaul Blakey NF_FLOW_HW_PENDING,
1708f84780bSVlad Buslov NF_FLOW_HW_BIDIRECTIONAL,
1711a441a9bSVlad Buslov NF_FLOW_HW_ESTABLISHED,
172355a8b13SPablo Neira Ayuso };
173ac2a6666SPablo Neira Ayuso
174f1363e05SPablo Neira Ayuso enum flow_offload_type {
175f1363e05SPablo Neira Ayuso NF_FLOW_OFFLOAD_UNSPEC = 0,
176f1363e05SPablo Neira Ayuso NF_FLOW_OFFLOAD_ROUTE,
177f1363e05SPablo Neira Ayuso };
178f1363e05SPablo Neira Ayuso
179ac2a6666SPablo Neira Ayuso struct flow_offload {
180ac2a6666SPablo Neira Ayuso struct flow_offload_tuple_rhash tuplehash[FLOW_OFFLOAD_DIR_MAX];
181b32d2f34SPablo Neira Ayuso struct nf_conn *ct;
182355a8b13SPablo Neira Ayuso unsigned long flags;
183f1363e05SPablo Neira Ayuso u16 type;
184ac2a6666SPablo Neira Ayuso u32 timeout;
18562248df8SPablo Neira Ayuso struct rcu_head rcu_head;
186ac2a6666SPablo Neira Ayuso };
187ac2a6666SPablo Neira Ayuso
188ac2a6666SPablo Neira Ayuso #define NF_FLOW_TIMEOUT (30 * HZ)
189fb46f1b7SPablo Neira Ayuso #define nf_flowtable_time_stamp (u32)jiffies
190fb46f1b7SPablo Neira Ayuso
1911d91d2e1SOz Shlomo unsigned long flow_offload_get_timeout(struct flow_offload *flow);
1921d91d2e1SOz Shlomo
nf_flow_timeout_delta(unsigned int timeout)193fb46f1b7SPablo Neira Ayuso static inline __s32 nf_flow_timeout_delta(unsigned int timeout)
194fb46f1b7SPablo Neira Ayuso {
195fb46f1b7SPablo Neira Ayuso return (__s32)(timeout - nf_flowtable_time_stamp);
196fb46f1b7SPablo Neira Ayuso }
197ac2a6666SPablo Neira Ayuso
198ac2a6666SPablo Neira Ayuso struct nf_flow_route {
199ac2a6666SPablo Neira Ayuso struct {
200ac2a6666SPablo Neira Ayuso struct dst_entry *dst;
201c63a7cc4SPablo Neira Ayuso struct {
202c63a7cc4SPablo Neira Ayuso u32 ifindex;
2034cd91f7cSPablo Neira Ayuso struct {
2044cd91f7cSPablo Neira Ayuso u16 id;
2054cd91f7cSPablo Neira Ayuso __be16 proto;
2064cd91f7cSPablo Neira Ayuso } encap[NF_FLOW_TABLE_ENCAP_MAX];
20726267bf9SFelix Fietkau u8 num_encaps:2,
20826267bf9SFelix Fietkau ingress_vlans:2;
209c63a7cc4SPablo Neira Ayuso } in;
2107a27f6abSPablo Neira Ayuso struct {
2117a27f6abSPablo Neira Ayuso u32 ifindex;
21273f97025SPablo Neira Ayuso u32 hw_ifindex;
2137a27f6abSPablo Neira Ayuso u8 h_source[ETH_ALEN];
2147a27f6abSPablo Neira Ayuso u8 h_dest[ETH_ALEN];
2157a27f6abSPablo Neira Ayuso } out;
2165139c0c0SPablo Neira Ayuso enum flow_offload_xmit_type xmit_type;
217ac2a6666SPablo Neira Ayuso } tuple[FLOW_OFFLOAD_DIR_MAX];
218ac2a6666SPablo Neira Ayuso };
219ac2a6666SPablo Neira Ayuso
220f1363e05SPablo Neira Ayuso struct flow_offload *flow_offload_alloc(struct nf_conn *ct);
221ac2a6666SPablo Neira Ayuso void flow_offload_free(struct flow_offload *flow);
222ac2a6666SPablo Neira Ayuso
223505ee3a1SAlaa Hleihel static inline int
nf_flow_table_offload_add_cb(struct nf_flowtable * flow_table,flow_setup_cb_t * cb,void * cb_priv)224505ee3a1SAlaa Hleihel nf_flow_table_offload_add_cb(struct nf_flowtable *flow_table,
225505ee3a1SAlaa Hleihel flow_setup_cb_t *cb, void *cb_priv)
226505ee3a1SAlaa Hleihel {
227505ee3a1SAlaa Hleihel struct flow_block *block = &flow_table->flow_block;
228505ee3a1SAlaa Hleihel struct flow_block_cb *block_cb;
229505ee3a1SAlaa Hleihel int err = 0;
230505ee3a1SAlaa Hleihel
231505ee3a1SAlaa Hleihel down_write(&flow_table->flow_block_lock);
232505ee3a1SAlaa Hleihel block_cb = flow_block_cb_lookup(block, cb, cb_priv);
233505ee3a1SAlaa Hleihel if (block_cb) {
234505ee3a1SAlaa Hleihel err = -EEXIST;
235505ee3a1SAlaa Hleihel goto unlock;
236505ee3a1SAlaa Hleihel }
237505ee3a1SAlaa Hleihel
238505ee3a1SAlaa Hleihel block_cb = flow_block_cb_alloc(cb, cb_priv, cb_priv, NULL);
239505ee3a1SAlaa Hleihel if (IS_ERR(block_cb)) {
240505ee3a1SAlaa Hleihel err = PTR_ERR(block_cb);
241505ee3a1SAlaa Hleihel goto unlock;
242505ee3a1SAlaa Hleihel }
243505ee3a1SAlaa Hleihel
244505ee3a1SAlaa Hleihel list_add_tail(&block_cb->list, &block->cb_list);
24515f300edSVlad Buslov up_write(&flow_table->flow_block_lock);
24615f300edSVlad Buslov
24715f300edSVlad Buslov if (flow_table->type->get)
24815f300edSVlad Buslov flow_table->type->get(flow_table);
24915f300edSVlad Buslov return 0;
250505ee3a1SAlaa Hleihel
251505ee3a1SAlaa Hleihel unlock:
252505ee3a1SAlaa Hleihel up_write(&flow_table->flow_block_lock);
253505ee3a1SAlaa Hleihel return err;
254505ee3a1SAlaa Hleihel }
255505ee3a1SAlaa Hleihel
256505ee3a1SAlaa Hleihel static inline void
nf_flow_table_offload_del_cb(struct nf_flowtable * flow_table,flow_setup_cb_t * cb,void * cb_priv)257505ee3a1SAlaa Hleihel nf_flow_table_offload_del_cb(struct nf_flowtable *flow_table,
258505ee3a1SAlaa Hleihel flow_setup_cb_t *cb, void *cb_priv)
259505ee3a1SAlaa Hleihel {
260505ee3a1SAlaa Hleihel struct flow_block *block = &flow_table->flow_block;
261505ee3a1SAlaa Hleihel struct flow_block_cb *block_cb;
262505ee3a1SAlaa Hleihel
263505ee3a1SAlaa Hleihel down_write(&flow_table->flow_block_lock);
264505ee3a1SAlaa Hleihel block_cb = flow_block_cb_lookup(block, cb, cb_priv);
265505ee3a1SAlaa Hleihel if (block_cb) {
266505ee3a1SAlaa Hleihel list_del(&block_cb->list);
267505ee3a1SAlaa Hleihel flow_block_cb_free(block_cb);
268505ee3a1SAlaa Hleihel } else {
269505ee3a1SAlaa Hleihel WARN_ON(true);
270505ee3a1SAlaa Hleihel }
271505ee3a1SAlaa Hleihel up_write(&flow_table->flow_block_lock);
27215f300edSVlad Buslov
27315f300edSVlad Buslov if (flow_table->type->put)
27415f300edSVlad Buslov flow_table->type->put(flow_table);
275505ee3a1SAlaa Hleihel }
276978703f4SPaul Blakey
277fa502c86SPablo Neira Ayuso void flow_offload_route_init(struct flow_offload *flow,
278558b00a3SPablo Neira Ayuso struct nf_flow_route *route);
279f1363e05SPablo Neira Ayuso
280ac2a6666SPablo Neira Ayuso int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow);
2818b3646d6SPaul Blakey void flow_offload_refresh(struct nf_flowtable *flow_table,
28241f2c7c3SPaul Blakey struct flow_offload *flow, bool force);
2838b3646d6SPaul Blakey
284ac2a6666SPablo Neira Ayuso struct flow_offload_tuple_rhash *flow_offload_lookup(struct nf_flowtable *flow_table,
285ac2a6666SPablo Neira Ayuso struct flow_offload_tuple *tuple);
286759eebbcSPablo Neira Ayuso void nf_flow_table_gc_run(struct nf_flowtable *flow_table);
287a8284c68SPablo Neira Ayuso void nf_flow_table_gc_cleanup(struct nf_flowtable *flowtable,
288a8284c68SPablo Neira Ayuso struct net_device *dev);
2895f1be84aSTaehee Yoo void nf_flow_table_cleanup(struct net_device *dev);
290c0ea1bcbSPablo Neira Ayuso
291a268de77SFelix Fietkau int nf_flow_table_init(struct nf_flowtable *flow_table);
292b408c5b0SPablo Neira Ayuso void nf_flow_table_free(struct nf_flowtable *flow_table);
293ac2a6666SPablo Neira Ayuso
29459c466ddSFelix Fietkau void flow_offload_teardown(struct flow_offload *flow);
295ac2a6666SPablo Neira Ayuso
296f4401262SPablo Neira Ayuso void nf_flow_snat_port(const struct flow_offload *flow,
297ac2a6666SPablo Neira Ayuso struct sk_buff *skb, unsigned int thoff,
298ac2a6666SPablo Neira Ayuso u8 protocol, enum flow_offload_tuple_dir dir);
299f4401262SPablo Neira Ayuso void nf_flow_dnat_port(const struct flow_offload *flow,
300ac2a6666SPablo Neira Ayuso struct sk_buff *skb, unsigned int thoff,
301ac2a6666SPablo Neira Ayuso u8 protocol, enum flow_offload_tuple_dir dir);
302ac2a6666SPablo Neira Ayuso
303ac2a6666SPablo Neira Ayuso struct flow_ports {
304ac2a6666SPablo Neira Ayuso __be16 source, dest;
305ac2a6666SPablo Neira Ayuso };
306ac2a6666SPablo Neira Ayuso
3077c23b629SPablo Neira Ayuso unsigned int nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
3087c23b629SPablo Neira Ayuso const struct nf_hook_state *state);
3097c23b629SPablo Neira Ayuso unsigned int nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb,
3107c23b629SPablo Neira Ayuso const struct nf_hook_state *state);
3117c23b629SPablo Neira Ayuso
312ac2a6666SPablo Neira Ayuso #define MODULE_ALIAS_NF_FLOWTABLE(family) \
313ac2a6666SPablo Neira Ayuso MODULE_ALIAS("nf-flowtable-" __stringify(family))
314ac2a6666SPablo Neira Ayuso
315c29f74e0SPablo Neira Ayuso void nf_flow_offload_add(struct nf_flowtable *flowtable,
316c29f74e0SPablo Neira Ayuso struct flow_offload *flow);
317c29f74e0SPablo Neira Ayuso void nf_flow_offload_del(struct nf_flowtable *flowtable,
318c29f74e0SPablo Neira Ayuso struct flow_offload *flow);
319c29f74e0SPablo Neira Ayuso void nf_flow_offload_stats(struct nf_flowtable *flowtable,
320c29f74e0SPablo Neira Ayuso struct flow_offload *flow);
321c29f74e0SPablo Neira Ayuso
322c29f74e0SPablo Neira Ayuso void nf_flow_table_offload_flush(struct nf_flowtable *flowtable);
3239afb4b27SPablo Neira Ayuso void nf_flow_table_offload_flush_cleanup(struct nf_flowtable *flowtable);
3249afb4b27SPablo Neira Ayuso
325c29f74e0SPablo Neira Ayuso int nf_flow_table_offload_setup(struct nf_flowtable *flowtable,
3268bb69f3bSPablo Neira Ayuso struct net_device *dev,
327c29f74e0SPablo Neira Ayuso enum flow_block_command cmd);
3281a441a9bSVlad Buslov int nf_flow_rule_route_ipv4(struct net *net, struct flow_offload *flow,
3295c27d8d7SPablo Neira Ayuso enum flow_offload_tuple_dir dir,
3305c27d8d7SPablo Neira Ayuso struct nf_flow_rule *flow_rule);
3311a441a9bSVlad Buslov int nf_flow_rule_route_ipv6(struct net *net, struct flow_offload *flow,
332c29f74e0SPablo Neira Ayuso enum flow_offload_tuple_dir dir,
333c29f74e0SPablo Neira Ayuso struct nf_flow_rule *flow_rule);
334c29f74e0SPablo Neira Ayuso
335c29f74e0SPablo Neira Ayuso int nf_flow_table_offload_init(void);
336c29f74e0SPablo Neira Ayuso void nf_flow_table_offload_exit(void);
3378bb69f3bSPablo Neira Ayuso
__nf_flow_pppoe_proto(const struct sk_buff * skb)338a2471d27SPablo Neira Ayuso static inline __be16 __nf_flow_pppoe_proto(const struct sk_buff *skb)
3390492d857SPablo Neira Ayuso {
3400492d857SPablo Neira Ayuso __be16 proto;
3410492d857SPablo Neira Ayuso
3420492d857SPablo Neira Ayuso proto = *((__be16 *)(skb_mac_header(skb) + ETH_HLEN +
3430492d857SPablo Neira Ayuso sizeof(struct pppoe_hdr)));
3440492d857SPablo Neira Ayuso switch (proto) {
3450492d857SPablo Neira Ayuso case htons(PPP_IP):
3460492d857SPablo Neira Ayuso return htons(ETH_P_IP);
3470492d857SPablo Neira Ayuso case htons(PPP_IPV6):
3480492d857SPablo Neira Ayuso return htons(ETH_P_IPV6);
3490492d857SPablo Neira Ayuso }
3500492d857SPablo Neira Ayuso
3510492d857SPablo Neira Ayuso return 0;
3520492d857SPablo Neira Ayuso }
3530492d857SPablo Neira Ayuso
nf_flow_pppoe_proto(struct sk_buff * skb,__be16 * inner_proto)354a2471d27SPablo Neira Ayuso static inline bool nf_flow_pppoe_proto(struct sk_buff *skb, __be16 *inner_proto)
355a2471d27SPablo Neira Ayuso {
356a2471d27SPablo Neira Ayuso if (!pskb_may_pull(skb, PPPOE_SES_HLEN))
357a2471d27SPablo Neira Ayuso return false;
358a2471d27SPablo Neira Ayuso
359a2471d27SPablo Neira Ayuso *inner_proto = __nf_flow_pppoe_proto(skb);
360a2471d27SPablo Neira Ayuso
361a2471d27SPablo Neira Ayuso return true;
362a2471d27SPablo Neira Ayuso }
363a2471d27SPablo Neira Ayuso
364b0381776SVlad Buslov #define NF_FLOW_TABLE_STAT_INC(net, count) __this_cpu_inc((net)->ft.stat->count)
365b0381776SVlad Buslov #define NF_FLOW_TABLE_STAT_DEC(net, count) __this_cpu_dec((net)->ft.stat->count)
366b0381776SVlad Buslov #define NF_FLOW_TABLE_STAT_INC_ATOMIC(net, count) \
367b0381776SVlad Buslov this_cpu_inc((net)->ft.stat->count)
368b0381776SVlad Buslov #define NF_FLOW_TABLE_STAT_DEC_ATOMIC(net, count) \
369b0381776SVlad Buslov this_cpu_dec((net)->ft.stat->count)
370b0381776SVlad Buslov
371b0381776SVlad Buslov #ifdef CONFIG_NF_FLOW_TABLE_PROCFS
372b0381776SVlad Buslov int nf_flow_table_init_proc(struct net *net);
373b0381776SVlad Buslov void nf_flow_table_fini_proc(struct net *net);
374b0381776SVlad Buslov #else
nf_flow_table_init_proc(struct net * net)375b0381776SVlad Buslov static inline int nf_flow_table_init_proc(struct net *net)
376b0381776SVlad Buslov {
377b0381776SVlad Buslov return 0;
378b0381776SVlad Buslov }
379b0381776SVlad Buslov
nf_flow_table_fini_proc(struct net * net)380b0381776SVlad Buslov static inline void nf_flow_table_fini_proc(struct net *net)
381b0381776SVlad Buslov {
382b0381776SVlad Buslov }
383b0381776SVlad Buslov #endif /* CONFIG_NF_FLOW_TABLE_PROCFS */
384b0381776SVlad Buslov
3850286fbc6SJeremy Sowden #endif /* _NF_FLOW_TABLE_H */
386