13b49e2e9SPablo Neira Ayuso #ifndef _NF_FLOW_TABLE_H 23b49e2e9SPablo Neira Ayuso #define _NF_FLOW_TABLE_H 33b49e2e9SPablo Neira Ayuso 4ac2a6666SPablo Neira Ayuso #include <linux/in.h> 5ac2a6666SPablo Neira Ayuso #include <linux/in6.h> 6ac2a6666SPablo Neira Ayuso #include <linux/netdevice.h> 73b49e2e9SPablo Neira Ayuso #include <linux/rhashtable.h> 8ac2a6666SPablo Neira Ayuso #include <linux/rcupdate.h> 9ac2a6666SPablo Neira Ayuso #include <net/dst.h> 103b49e2e9SPablo Neira Ayuso 113b49e2e9SPablo Neira Ayuso struct nf_flowtable; 123b49e2e9SPablo Neira Ayuso 133b49e2e9SPablo Neira Ayuso struct nf_flowtable_type { 143b49e2e9SPablo Neira Ayuso struct list_head list; 153b49e2e9SPablo Neira Ayuso int family; 163b49e2e9SPablo Neira Ayuso void (*gc)(struct work_struct *work); 173b49e2e9SPablo Neira Ayuso const struct rhashtable_params *params; 183b49e2e9SPablo Neira Ayuso nf_hookfn *hook; 193b49e2e9SPablo Neira Ayuso struct module *owner; 203b49e2e9SPablo Neira Ayuso }; 213b49e2e9SPablo Neira Ayuso 223b49e2e9SPablo Neira Ayuso struct nf_flowtable { 233b49e2e9SPablo Neira Ayuso struct rhashtable rhashtable; 243b49e2e9SPablo Neira Ayuso const struct nf_flowtable_type *type; 253b49e2e9SPablo Neira Ayuso struct delayed_work gc_work; 263b49e2e9SPablo Neira Ayuso }; 273b49e2e9SPablo Neira Ayuso 28ac2a6666SPablo Neira Ayuso enum flow_offload_tuple_dir { 29ac2a6666SPablo Neira Ayuso FLOW_OFFLOAD_DIR_ORIGINAL, 30ac2a6666SPablo Neira Ayuso FLOW_OFFLOAD_DIR_REPLY, 31ac2a6666SPablo Neira Ayuso __FLOW_OFFLOAD_DIR_MAX = FLOW_OFFLOAD_DIR_REPLY, 32ac2a6666SPablo Neira Ayuso }; 33ac2a6666SPablo Neira Ayuso #define FLOW_OFFLOAD_DIR_MAX (__FLOW_OFFLOAD_DIR_MAX + 1) 34ac2a6666SPablo Neira Ayuso 35ac2a6666SPablo Neira Ayuso struct flow_offload_tuple { 36ac2a6666SPablo Neira Ayuso union { 37ac2a6666SPablo Neira Ayuso struct in_addr src_v4; 38ac2a6666SPablo Neira Ayuso struct in6_addr src_v6; 39ac2a6666SPablo Neira Ayuso }; 40ac2a6666SPablo Neira Ayuso union { 41ac2a6666SPablo Neira Ayuso struct in_addr dst_v4; 42ac2a6666SPablo Neira Ayuso struct in6_addr dst_v6; 43ac2a6666SPablo Neira Ayuso }; 44ac2a6666SPablo Neira Ayuso struct { 45ac2a6666SPablo Neira Ayuso __be16 src_port; 46ac2a6666SPablo Neira Ayuso __be16 dst_port; 47ac2a6666SPablo Neira Ayuso }; 48ac2a6666SPablo Neira Ayuso 49ac2a6666SPablo Neira Ayuso int iifidx; 50ac2a6666SPablo Neira Ayuso 51ac2a6666SPablo Neira Ayuso u8 l3proto; 52ac2a6666SPablo Neira Ayuso u8 l4proto; 53ac2a6666SPablo Neira Ayuso u8 dir; 54ac2a6666SPablo Neira Ayuso 55ac2a6666SPablo Neira Ayuso int oifidx; 56ac2a6666SPablo Neira Ayuso 57ac2a6666SPablo Neira Ayuso struct dst_entry *dst_cache; 58ac2a6666SPablo Neira Ayuso }; 59ac2a6666SPablo Neira Ayuso 60ac2a6666SPablo Neira Ayuso struct flow_offload_tuple_rhash { 61ac2a6666SPablo Neira Ayuso struct rhash_head node; 62ac2a6666SPablo Neira Ayuso struct flow_offload_tuple tuple; 63ac2a6666SPablo Neira Ayuso }; 64ac2a6666SPablo Neira Ayuso 65ac2a6666SPablo Neira Ayuso #define FLOW_OFFLOAD_SNAT 0x1 66ac2a6666SPablo Neira Ayuso #define FLOW_OFFLOAD_DNAT 0x2 67ac2a6666SPablo Neira Ayuso #define FLOW_OFFLOAD_DYING 0x4 68ac2a6666SPablo Neira Ayuso 69ac2a6666SPablo Neira Ayuso struct flow_offload { 70ac2a6666SPablo Neira Ayuso struct flow_offload_tuple_rhash tuplehash[FLOW_OFFLOAD_DIR_MAX]; 71ac2a6666SPablo Neira Ayuso u32 flags; 72ac2a6666SPablo Neira Ayuso union { 73ac2a6666SPablo Neira Ayuso /* Your private driver data here. */ 74ac2a6666SPablo Neira Ayuso u32 timeout; 75ac2a6666SPablo Neira Ayuso }; 76ac2a6666SPablo Neira Ayuso }; 77ac2a6666SPablo Neira Ayuso 78ac2a6666SPablo Neira Ayuso #define NF_FLOW_TIMEOUT (30 * HZ) 79ac2a6666SPablo Neira Ayuso 80ac2a6666SPablo Neira Ayuso struct nf_flow_route { 81ac2a6666SPablo Neira Ayuso struct { 82ac2a6666SPablo Neira Ayuso struct dst_entry *dst; 83ac2a6666SPablo Neira Ayuso int ifindex; 84ac2a6666SPablo Neira Ayuso } tuple[FLOW_OFFLOAD_DIR_MAX]; 85ac2a6666SPablo Neira Ayuso }; 86ac2a6666SPablo Neira Ayuso 87ac2a6666SPablo Neira Ayuso struct flow_offload *flow_offload_alloc(struct nf_conn *ct, 88ac2a6666SPablo Neira Ayuso struct nf_flow_route *route); 89ac2a6666SPablo Neira Ayuso void flow_offload_free(struct flow_offload *flow); 90ac2a6666SPablo Neira Ayuso 91ac2a6666SPablo Neira Ayuso int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow); 92ac2a6666SPablo Neira Ayuso void flow_offload_del(struct nf_flowtable *flow_table, struct flow_offload *flow); 93ac2a6666SPablo Neira Ayuso struct flow_offload_tuple_rhash *flow_offload_lookup(struct nf_flowtable *flow_table, 94ac2a6666SPablo Neira Ayuso struct flow_offload_tuple *tuple); 95ac2a6666SPablo Neira Ayuso int nf_flow_table_iterate(struct nf_flowtable *flow_table, 96ac2a6666SPablo Neira Ayuso void (*iter)(struct flow_offload *flow, void *data), 97ac2a6666SPablo Neira Ayuso void *data); 98ac2a6666SPablo Neira Ayuso void nf_flow_offload_work_gc(struct work_struct *work); 99ac2a6666SPablo Neira Ayuso extern const struct rhashtable_params nf_flow_offload_rhash_params; 100ac2a6666SPablo Neira Ayuso 101ac2a6666SPablo Neira Ayuso void flow_offload_dead(struct flow_offload *flow); 102ac2a6666SPablo Neira Ayuso 103ac2a6666SPablo Neira Ayuso int nf_flow_snat_port(const struct flow_offload *flow, 104ac2a6666SPablo Neira Ayuso struct sk_buff *skb, unsigned int thoff, 105ac2a6666SPablo Neira Ayuso u8 protocol, enum flow_offload_tuple_dir dir); 106ac2a6666SPablo Neira Ayuso int nf_flow_dnat_port(const struct flow_offload *flow, 107ac2a6666SPablo Neira Ayuso struct sk_buff *skb, unsigned int thoff, 108ac2a6666SPablo Neira Ayuso u8 protocol, enum flow_offload_tuple_dir dir); 109ac2a6666SPablo Neira Ayuso 110ac2a6666SPablo Neira Ayuso struct flow_ports { 111ac2a6666SPablo Neira Ayuso __be16 source, dest; 112ac2a6666SPablo Neira Ayuso }; 113ac2a6666SPablo Neira Ayuso 114ac2a6666SPablo Neira Ayuso #define MODULE_ALIAS_NF_FLOWTABLE(family) \ 115ac2a6666SPablo Neira Ayuso MODULE_ALIAS("nf-flowtable-" __stringify(family)) 116ac2a6666SPablo Neira Ayuso 1173b49e2e9SPablo Neira Ayuso #endif /* _FLOW_OFFLOAD_H */ 118