13b49e2e9SPablo Neira Ayuso #ifndef _NF_FLOW_TABLE_H 23b49e2e9SPablo Neira Ayuso #define _NF_FLOW_TABLE_H 33b49e2e9SPablo Neira Ayuso 4ac2a6666SPablo Neira Ayuso #include <linux/in.h> 5ac2a6666SPablo Neira Ayuso #include <linux/in6.h> 6ac2a6666SPablo Neira Ayuso #include <linux/netdevice.h> 70eb71a9dSNeilBrown #include <linux/rhashtable-types.h> 8ac2a6666SPablo Neira Ayuso #include <linux/rcupdate.h> 9a1b2f04eSJeremy Sowden #include <linux/netfilter.h> 10af81f9e7SFelix Fietkau #include <linux/netfilter/nf_conntrack_tuple_common.h> 118bb69f3bSPablo Neira Ayuso #include <net/flow_offload.h> 12ac2a6666SPablo Neira Ayuso #include <net/dst.h> 133b49e2e9SPablo Neira Ayuso 143b49e2e9SPablo Neira Ayuso struct nf_flowtable; 15c29f74e0SPablo Neira Ayuso struct nf_flow_rule; 16c29f74e0SPablo Neira Ayuso struct flow_offload; 17c29f74e0SPablo Neira Ayuso enum flow_offload_tuple_dir; 183b49e2e9SPablo Neira Ayuso 193b49e2e9SPablo Neira Ayuso struct nf_flowtable_type { 203b49e2e9SPablo Neira Ayuso struct list_head list; 213b49e2e9SPablo Neira Ayuso int family; 22a268de77SFelix Fietkau int (*init)(struct nf_flowtable *ft); 238bb69f3bSPablo Neira Ayuso int (*setup)(struct nf_flowtable *ft, 248bb69f3bSPablo Neira Ayuso struct net_device *dev, 258bb69f3bSPablo Neira Ayuso enum flow_block_command cmd); 26c29f74e0SPablo Neira Ayuso int (*action)(struct net *net, 27c29f74e0SPablo Neira Ayuso const struct flow_offload *flow, 28c29f74e0SPablo Neira Ayuso enum flow_offload_tuple_dir dir, 29c29f74e0SPablo Neira Ayuso struct nf_flow_rule *flow_rule); 30b408c5b0SPablo Neira Ayuso void (*free)(struct nf_flowtable *ft); 313b49e2e9SPablo Neira Ayuso nf_hookfn *hook; 323b49e2e9SPablo Neira Ayuso struct module *owner; 333b49e2e9SPablo Neira Ayuso }; 343b49e2e9SPablo Neira Ayuso 358bb69f3bSPablo Neira Ayuso enum nf_flowtable_flags { 368bb69f3bSPablo Neira Ayuso NF_FLOWTABLE_HW_OFFLOAD = 0x1, 378bb69f3bSPablo Neira Ayuso }; 388bb69f3bSPablo Neira Ayuso 393b49e2e9SPablo Neira Ayuso struct nf_flowtable { 4084453a90SFelix Fietkau struct list_head list; 413b49e2e9SPablo Neira Ayuso struct rhashtable rhashtable; 4271a8a63bSPablo Neira Ayuso int priority; 433b49e2e9SPablo Neira Ayuso const struct nf_flowtable_type *type; 443b49e2e9SPablo Neira Ayuso struct delayed_work gc_work; 458bb69f3bSPablo Neira Ayuso unsigned int flags; 468bb69f3bSPablo Neira Ayuso struct flow_block flow_block; 478bb69f3bSPablo Neira Ayuso possible_net_t net; 483b49e2e9SPablo Neira Ayuso }; 493b49e2e9SPablo Neira Ayuso 50a5449cdcSPablo Neira Ayuso static inline bool nf_flowtable_hw_offload(struct nf_flowtable *flowtable) 51a5449cdcSPablo Neira Ayuso { 52a5449cdcSPablo Neira Ayuso return flowtable->flags & NF_FLOWTABLE_HW_OFFLOAD; 53a5449cdcSPablo Neira Ayuso } 54a5449cdcSPablo Neira Ayuso 55ac2a6666SPablo Neira Ayuso enum flow_offload_tuple_dir { 56af81f9e7SFelix Fietkau FLOW_OFFLOAD_DIR_ORIGINAL = IP_CT_DIR_ORIGINAL, 57af81f9e7SFelix Fietkau FLOW_OFFLOAD_DIR_REPLY = IP_CT_DIR_REPLY, 58af81f9e7SFelix Fietkau FLOW_OFFLOAD_DIR_MAX = IP_CT_DIR_MAX 59ac2a6666SPablo Neira Ayuso }; 60ac2a6666SPablo Neira Ayuso 61ac2a6666SPablo Neira Ayuso struct flow_offload_tuple { 62ac2a6666SPablo Neira Ayuso union { 63ac2a6666SPablo Neira Ayuso struct in_addr src_v4; 64ac2a6666SPablo Neira Ayuso struct in6_addr src_v6; 65ac2a6666SPablo Neira Ayuso }; 66ac2a6666SPablo Neira Ayuso union { 67ac2a6666SPablo Neira Ayuso struct in_addr dst_v4; 68ac2a6666SPablo Neira Ayuso struct in6_addr dst_v6; 69ac2a6666SPablo Neira Ayuso }; 70ac2a6666SPablo Neira Ayuso struct { 71ac2a6666SPablo Neira Ayuso __be16 src_port; 72ac2a6666SPablo Neira Ayuso __be16 dst_port; 73ac2a6666SPablo Neira Ayuso }; 74ac2a6666SPablo Neira Ayuso 75ac2a6666SPablo Neira Ayuso int iifidx; 76ac2a6666SPablo Neira Ayuso 77ac2a6666SPablo Neira Ayuso u8 l3proto; 78ac2a6666SPablo Neira Ayuso u8 l4proto; 79ac2a6666SPablo Neira Ayuso u8 dir; 80ac2a6666SPablo Neira Ayuso 814f3780c0SFelix Fietkau u16 mtu; 824f3780c0SFelix Fietkau 83ac2a6666SPablo Neira Ayuso struct dst_entry *dst_cache; 84ac2a6666SPablo Neira Ayuso }; 85ac2a6666SPablo Neira Ayuso 86ac2a6666SPablo Neira Ayuso struct flow_offload_tuple_rhash { 87ac2a6666SPablo Neira Ayuso struct rhash_head node; 88ac2a6666SPablo Neira Ayuso struct flow_offload_tuple tuple; 89ac2a6666SPablo Neira Ayuso }; 90ac2a6666SPablo Neira Ayuso 91355a8b13SPablo Neira Ayuso enum nf_flow_flags { 92355a8b13SPablo Neira Ayuso NF_FLOW_SNAT, 93355a8b13SPablo Neira Ayuso NF_FLOW_DNAT, 94355a8b13SPablo Neira Ayuso NF_FLOW_TEARDOWN, 95355a8b13SPablo Neira Ayuso NF_FLOW_HW, 96355a8b13SPablo Neira Ayuso NF_FLOW_HW_DYING, 97355a8b13SPablo Neira Ayuso NF_FLOW_HW_DEAD, 98355a8b13SPablo Neira Ayuso }; 99ac2a6666SPablo Neira Ayuso 100f1363e05SPablo Neira Ayuso enum flow_offload_type { 101f1363e05SPablo Neira Ayuso NF_FLOW_OFFLOAD_UNSPEC = 0, 102f1363e05SPablo Neira Ayuso NF_FLOW_OFFLOAD_ROUTE, 103f1363e05SPablo Neira Ayuso }; 104f1363e05SPablo Neira Ayuso 105ac2a6666SPablo Neira Ayuso struct flow_offload { 106ac2a6666SPablo Neira Ayuso struct flow_offload_tuple_rhash tuplehash[FLOW_OFFLOAD_DIR_MAX]; 107b32d2f34SPablo Neira Ayuso struct nf_conn *ct; 108355a8b13SPablo Neira Ayuso unsigned long flags; 109f1363e05SPablo Neira Ayuso u16 type; 110ac2a6666SPablo Neira Ayuso u32 timeout; 11162248df8SPablo Neira Ayuso struct rcu_head rcu_head; 112ac2a6666SPablo Neira Ayuso }; 113ac2a6666SPablo Neira Ayuso 114ac2a6666SPablo Neira Ayuso #define NF_FLOW_TIMEOUT (30 * HZ) 115fb46f1b7SPablo Neira Ayuso #define nf_flowtable_time_stamp (u32)jiffies 116fb46f1b7SPablo Neira Ayuso 117fb46f1b7SPablo Neira Ayuso static inline __s32 nf_flow_timeout_delta(unsigned int timeout) 118fb46f1b7SPablo Neira Ayuso { 119fb46f1b7SPablo Neira Ayuso return (__s32)(timeout - nf_flowtable_time_stamp); 120fb46f1b7SPablo Neira Ayuso } 121ac2a6666SPablo Neira Ayuso 122ac2a6666SPablo Neira Ayuso struct nf_flow_route { 123ac2a6666SPablo Neira Ayuso struct { 124ac2a6666SPablo Neira Ayuso struct dst_entry *dst; 125ac2a6666SPablo Neira Ayuso } tuple[FLOW_OFFLOAD_DIR_MAX]; 126ac2a6666SPablo Neira Ayuso }; 127ac2a6666SPablo Neira Ayuso 128f1363e05SPablo Neira Ayuso struct flow_offload *flow_offload_alloc(struct nf_conn *ct); 129ac2a6666SPablo Neira Ayuso void flow_offload_free(struct flow_offload *flow); 130ac2a6666SPablo Neira Ayuso 131f1363e05SPablo Neira Ayuso int flow_offload_route_init(struct flow_offload *flow, 132f1363e05SPablo Neira Ayuso const struct nf_flow_route *route); 133f1363e05SPablo Neira Ayuso 134ac2a6666SPablo Neira Ayuso int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow); 135ac2a6666SPablo Neira Ayuso struct flow_offload_tuple_rhash *flow_offload_lookup(struct nf_flowtable *flow_table, 136ac2a6666SPablo Neira Ayuso struct flow_offload_tuple *tuple); 1375f1be84aSTaehee Yoo void nf_flow_table_cleanup(struct net_device *dev); 138c0ea1bcbSPablo Neira Ayuso 139a268de77SFelix Fietkau int nf_flow_table_init(struct nf_flowtable *flow_table); 140b408c5b0SPablo Neira Ayuso void nf_flow_table_free(struct nf_flowtable *flow_table); 141ac2a6666SPablo Neira Ayuso 14259c466ddSFelix Fietkau void flow_offload_teardown(struct flow_offload *flow); 143ac2a6666SPablo Neira Ayuso 144ac2a6666SPablo Neira Ayuso int nf_flow_snat_port(const struct flow_offload *flow, 145ac2a6666SPablo Neira Ayuso struct sk_buff *skb, unsigned int thoff, 146ac2a6666SPablo Neira Ayuso u8 protocol, enum flow_offload_tuple_dir dir); 147ac2a6666SPablo Neira Ayuso int nf_flow_dnat_port(const struct flow_offload *flow, 148ac2a6666SPablo Neira Ayuso struct sk_buff *skb, unsigned int thoff, 149ac2a6666SPablo Neira Ayuso u8 protocol, enum flow_offload_tuple_dir dir); 150ac2a6666SPablo Neira Ayuso 151ac2a6666SPablo Neira Ayuso struct flow_ports { 152ac2a6666SPablo Neira Ayuso __be16 source, dest; 153ac2a6666SPablo Neira Ayuso }; 154ac2a6666SPablo Neira Ayuso 1557c23b629SPablo Neira Ayuso unsigned int nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, 1567c23b629SPablo Neira Ayuso const struct nf_hook_state *state); 1577c23b629SPablo Neira Ayuso unsigned int nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, 1587c23b629SPablo Neira Ayuso const struct nf_hook_state *state); 1597c23b629SPablo Neira Ayuso 160ac2a6666SPablo Neira Ayuso #define MODULE_ALIAS_NF_FLOWTABLE(family) \ 161ac2a6666SPablo Neira Ayuso MODULE_ALIAS("nf-flowtable-" __stringify(family)) 162ac2a6666SPablo Neira Ayuso 163c29f74e0SPablo Neira Ayuso void nf_flow_offload_add(struct nf_flowtable *flowtable, 164c29f74e0SPablo Neira Ayuso struct flow_offload *flow); 165c29f74e0SPablo Neira Ayuso void nf_flow_offload_del(struct nf_flowtable *flowtable, 166c29f74e0SPablo Neira Ayuso struct flow_offload *flow); 167c29f74e0SPablo Neira Ayuso void nf_flow_offload_stats(struct nf_flowtable *flowtable, 168c29f74e0SPablo Neira Ayuso struct flow_offload *flow); 169c29f74e0SPablo Neira Ayuso 170c29f74e0SPablo Neira Ayuso void nf_flow_table_offload_flush(struct nf_flowtable *flowtable); 171c29f74e0SPablo Neira Ayuso int nf_flow_table_offload_setup(struct nf_flowtable *flowtable, 1728bb69f3bSPablo Neira Ayuso struct net_device *dev, 173c29f74e0SPablo Neira Ayuso enum flow_block_command cmd); 1745c27d8d7SPablo Neira Ayuso int nf_flow_rule_route_ipv4(struct net *net, const struct flow_offload *flow, 1755c27d8d7SPablo Neira Ayuso enum flow_offload_tuple_dir dir, 1765c27d8d7SPablo Neira Ayuso struct nf_flow_rule *flow_rule); 1775c27d8d7SPablo Neira Ayuso int nf_flow_rule_route_ipv6(struct net *net, const struct flow_offload *flow, 178c29f74e0SPablo Neira Ayuso enum flow_offload_tuple_dir dir, 179c29f74e0SPablo Neira Ayuso struct nf_flow_rule *flow_rule); 180c29f74e0SPablo Neira Ayuso 181c29f74e0SPablo Neira Ayuso int nf_flow_table_offload_init(void); 182c29f74e0SPablo Neira Ayuso void nf_flow_table_offload_exit(void); 1838bb69f3bSPablo Neira Ayuso 1840286fbc6SJeremy Sowden #endif /* _NF_FLOW_TABLE_H */ 185