13b49e2e9SPablo Neira Ayuso #ifndef _NF_FLOW_TABLE_H 23b49e2e9SPablo Neira Ayuso #define _NF_FLOW_TABLE_H 33b49e2e9SPablo Neira Ayuso 4ac2a6666SPablo Neira Ayuso #include <linux/in.h> 5ac2a6666SPablo Neira Ayuso #include <linux/in6.h> 6ac2a6666SPablo Neira Ayuso #include <linux/netdevice.h> 73b49e2e9SPablo Neira Ayuso #include <linux/rhashtable.h> 8ac2a6666SPablo Neira Ayuso #include <linux/rcupdate.h> 9af81f9e7SFelix Fietkau #include <linux/netfilter/nf_conntrack_tuple_common.h> 10ac2a6666SPablo Neira Ayuso #include <net/dst.h> 113b49e2e9SPablo Neira Ayuso 123b49e2e9SPablo Neira Ayuso struct nf_flowtable; 133b49e2e9SPablo Neira Ayuso 143b49e2e9SPablo Neira Ayuso struct nf_flowtable_type { 153b49e2e9SPablo Neira Ayuso struct list_head list; 163b49e2e9SPablo Neira Ayuso int family; 17a268de77SFelix Fietkau int (*init)(struct nf_flowtable *ft); 18b408c5b0SPablo Neira Ayuso void (*free)(struct nf_flowtable *ft); 193b49e2e9SPablo Neira Ayuso nf_hookfn *hook; 203b49e2e9SPablo Neira Ayuso struct module *owner; 213b49e2e9SPablo Neira Ayuso }; 223b49e2e9SPablo Neira Ayuso 233b49e2e9SPablo Neira Ayuso struct nf_flowtable { 2484453a90SFelix Fietkau struct list_head list; 253b49e2e9SPablo Neira Ayuso struct rhashtable rhashtable; 263b49e2e9SPablo Neira Ayuso const struct nf_flowtable_type *type; 273b49e2e9SPablo Neira Ayuso struct delayed_work gc_work; 283b49e2e9SPablo Neira Ayuso }; 293b49e2e9SPablo Neira Ayuso 30ac2a6666SPablo Neira Ayuso enum flow_offload_tuple_dir { 31af81f9e7SFelix Fietkau FLOW_OFFLOAD_DIR_ORIGINAL = IP_CT_DIR_ORIGINAL, 32af81f9e7SFelix Fietkau FLOW_OFFLOAD_DIR_REPLY = IP_CT_DIR_REPLY, 33af81f9e7SFelix Fietkau FLOW_OFFLOAD_DIR_MAX = IP_CT_DIR_MAX 34ac2a6666SPablo Neira Ayuso }; 35ac2a6666SPablo Neira Ayuso 36ac2a6666SPablo Neira Ayuso struct flow_offload_tuple { 37ac2a6666SPablo Neira Ayuso union { 38ac2a6666SPablo Neira Ayuso struct in_addr src_v4; 39ac2a6666SPablo Neira Ayuso struct in6_addr src_v6; 40ac2a6666SPablo Neira Ayuso }; 41ac2a6666SPablo Neira Ayuso union { 42ac2a6666SPablo Neira Ayuso struct in_addr dst_v4; 43ac2a6666SPablo Neira Ayuso struct in6_addr dst_v6; 44ac2a6666SPablo Neira Ayuso }; 45ac2a6666SPablo Neira Ayuso struct { 46ac2a6666SPablo Neira Ayuso __be16 src_port; 47ac2a6666SPablo Neira Ayuso __be16 dst_port; 48ac2a6666SPablo Neira Ayuso }; 49ac2a6666SPablo Neira Ayuso 50ac2a6666SPablo Neira Ayuso int iifidx; 51ac2a6666SPablo Neira Ayuso 52ac2a6666SPablo Neira Ayuso u8 l3proto; 53ac2a6666SPablo Neira Ayuso u8 l4proto; 54ac2a6666SPablo Neira Ayuso u8 dir; 55ac2a6666SPablo Neira Ayuso 56ac2a6666SPablo Neira Ayuso int oifidx; 57ac2a6666SPablo Neira Ayuso 584f3780c0SFelix Fietkau u16 mtu; 594f3780c0SFelix Fietkau 60ac2a6666SPablo Neira Ayuso struct dst_entry *dst_cache; 61ac2a6666SPablo Neira Ayuso }; 62ac2a6666SPablo Neira Ayuso 63ac2a6666SPablo Neira Ayuso struct flow_offload_tuple_rhash { 64ac2a6666SPablo Neira Ayuso struct rhash_head node; 65ac2a6666SPablo Neira Ayuso struct flow_offload_tuple tuple; 66ac2a6666SPablo Neira Ayuso }; 67ac2a6666SPablo Neira Ayuso 68ac2a6666SPablo Neira Ayuso #define FLOW_OFFLOAD_SNAT 0x1 69ac2a6666SPablo Neira Ayuso #define FLOW_OFFLOAD_DNAT 0x2 70ac2a6666SPablo Neira Ayuso #define FLOW_OFFLOAD_DYING 0x4 7159c466ddSFelix Fietkau #define FLOW_OFFLOAD_TEARDOWN 0x8 72ac2a6666SPablo Neira Ayuso 73ac2a6666SPablo Neira Ayuso struct flow_offload { 74ac2a6666SPablo Neira Ayuso struct flow_offload_tuple_rhash tuplehash[FLOW_OFFLOAD_DIR_MAX]; 75ac2a6666SPablo Neira Ayuso u32 flags; 76ac2a6666SPablo Neira Ayuso union { 77ac2a6666SPablo Neira Ayuso /* Your private driver data here. */ 78ac2a6666SPablo Neira Ayuso u32 timeout; 79ac2a6666SPablo Neira Ayuso }; 80ac2a6666SPablo Neira Ayuso }; 81ac2a6666SPablo Neira Ayuso 82ac2a6666SPablo Neira Ayuso #define NF_FLOW_TIMEOUT (30 * HZ) 83ac2a6666SPablo Neira Ayuso 84ac2a6666SPablo Neira Ayuso struct nf_flow_route { 85ac2a6666SPablo Neira Ayuso struct { 86ac2a6666SPablo Neira Ayuso struct dst_entry *dst; 87ac2a6666SPablo Neira Ayuso int ifindex; 88ac2a6666SPablo Neira Ayuso } tuple[FLOW_OFFLOAD_DIR_MAX]; 89ac2a6666SPablo Neira Ayuso }; 90ac2a6666SPablo Neira Ayuso 91ac2a6666SPablo Neira Ayuso struct flow_offload *flow_offload_alloc(struct nf_conn *ct, 92ac2a6666SPablo Neira Ayuso struct nf_flow_route *route); 93ac2a6666SPablo Neira Ayuso void flow_offload_free(struct flow_offload *flow); 94ac2a6666SPablo Neira Ayuso 95ac2a6666SPablo Neira Ayuso int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow); 96ac2a6666SPablo Neira Ayuso struct flow_offload_tuple_rhash *flow_offload_lookup(struct nf_flowtable *flow_table, 97ac2a6666SPablo Neira Ayuso struct flow_offload_tuple *tuple); 98ac2a6666SPablo Neira Ayuso int nf_flow_table_iterate(struct nf_flowtable *flow_table, 99ac2a6666SPablo Neira Ayuso void (*iter)(struct flow_offload *flow, void *data), 100ac2a6666SPablo Neira Ayuso void *data); 101c0ea1bcbSPablo Neira Ayuso 102c0ea1bcbSPablo Neira Ayuso void nf_flow_table_cleanup(struct net *net, struct net_device *dev); 103c0ea1bcbSPablo Neira Ayuso 104a268de77SFelix Fietkau int nf_flow_table_init(struct nf_flowtable *flow_table); 105b408c5b0SPablo Neira Ayuso void nf_flow_table_free(struct nf_flowtable *flow_table); 106ac2a6666SPablo Neira Ayuso 10759c466ddSFelix Fietkau void flow_offload_teardown(struct flow_offload *flow); 1086bdc3c68SFelix Fietkau static inline void flow_offload_dead(struct flow_offload *flow) 1096bdc3c68SFelix Fietkau { 1106bdc3c68SFelix Fietkau flow->flags |= FLOW_OFFLOAD_DYING; 1116bdc3c68SFelix Fietkau } 112ac2a6666SPablo Neira Ayuso 113ac2a6666SPablo Neira Ayuso int nf_flow_snat_port(const struct flow_offload *flow, 114ac2a6666SPablo Neira Ayuso struct sk_buff *skb, unsigned int thoff, 115ac2a6666SPablo Neira Ayuso u8 protocol, enum flow_offload_tuple_dir dir); 116ac2a6666SPablo Neira Ayuso int nf_flow_dnat_port(const struct flow_offload *flow, 117ac2a6666SPablo Neira Ayuso struct sk_buff *skb, unsigned int thoff, 118ac2a6666SPablo Neira Ayuso u8 protocol, enum flow_offload_tuple_dir dir); 119ac2a6666SPablo Neira Ayuso 120ac2a6666SPablo Neira Ayuso struct flow_ports { 121ac2a6666SPablo Neira Ayuso __be16 source, dest; 122ac2a6666SPablo Neira Ayuso }; 123ac2a6666SPablo Neira Ayuso 1247c23b629SPablo Neira Ayuso unsigned int nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, 1257c23b629SPablo Neira Ayuso const struct nf_hook_state *state); 1267c23b629SPablo Neira Ayuso unsigned int nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, 1277c23b629SPablo Neira Ayuso const struct nf_hook_state *state); 1287c23b629SPablo Neira Ayuso 129ac2a6666SPablo Neira Ayuso #define MODULE_ALIAS_NF_FLOWTABLE(family) \ 130ac2a6666SPablo Neira Ayuso MODULE_ALIAS("nf-flowtable-" __stringify(family)) 131ac2a6666SPablo Neira Ayuso 1323b49e2e9SPablo Neira Ayuso #endif /* _FLOW_OFFLOAD_H */ 133