13b49e2e9SPablo Neira Ayuso #ifndef _NF_FLOW_TABLE_H 23b49e2e9SPablo Neira Ayuso #define _NF_FLOW_TABLE_H 33b49e2e9SPablo Neira Ayuso 4ac2a6666SPablo Neira Ayuso #include <linux/in.h> 5ac2a6666SPablo Neira Ayuso #include <linux/in6.h> 6ac2a6666SPablo Neira Ayuso #include <linux/netdevice.h> 70eb71a9dSNeilBrown #include <linux/rhashtable-types.h> 8ac2a6666SPablo Neira Ayuso #include <linux/rcupdate.h> 9a1b2f04eSJeremy Sowden #include <linux/netfilter.h> 10af81f9e7SFelix Fietkau #include <linux/netfilter/nf_conntrack_tuple_common.h> 118bb69f3bSPablo Neira Ayuso #include <net/flow_offload.h> 12ac2a6666SPablo Neira Ayuso #include <net/dst.h> 133b49e2e9SPablo Neira Ayuso 143b49e2e9SPablo Neira Ayuso struct nf_flowtable; 15c29f74e0SPablo Neira Ayuso struct nf_flow_rule; 16c29f74e0SPablo Neira Ayuso struct flow_offload; 17c29f74e0SPablo Neira Ayuso enum flow_offload_tuple_dir; 183b49e2e9SPablo Neira Ayuso 199c26ba9bSPaul Blakey struct nf_flow_key { 209c26ba9bSPaul Blakey struct flow_dissector_key_meta meta; 219c26ba9bSPaul Blakey struct flow_dissector_key_control control; 22cfab6dbdSwenxu struct flow_dissector_key_control enc_control; 239c26ba9bSPaul Blakey struct flow_dissector_key_basic basic; 243e1b0c16Swenxu struct flow_dissector_key_vlan vlan; 253e1b0c16Swenxu struct flow_dissector_key_vlan cvlan; 269c26ba9bSPaul Blakey union { 279c26ba9bSPaul Blakey struct flow_dissector_key_ipv4_addrs ipv4; 289c26ba9bSPaul Blakey struct flow_dissector_key_ipv6_addrs ipv6; 299c26ba9bSPaul Blakey }; 30cfab6dbdSwenxu struct flow_dissector_key_keyid enc_key_id; 31cfab6dbdSwenxu union { 32cfab6dbdSwenxu struct flow_dissector_key_ipv4_addrs enc_ipv4; 33cfab6dbdSwenxu struct flow_dissector_key_ipv6_addrs enc_ipv6; 34cfab6dbdSwenxu }; 359c26ba9bSPaul Blakey struct flow_dissector_key_tcp tcp; 369c26ba9bSPaul Blakey struct flow_dissector_key_ports tp; 379c26ba9bSPaul Blakey } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */ 389c26ba9bSPaul Blakey 399c26ba9bSPaul Blakey struct nf_flow_match { 409c26ba9bSPaul Blakey struct flow_dissector dissector; 419c26ba9bSPaul Blakey struct nf_flow_key key; 429c26ba9bSPaul Blakey struct nf_flow_key mask; 439c26ba9bSPaul Blakey }; 449c26ba9bSPaul Blakey 459c26ba9bSPaul Blakey struct nf_flow_rule { 469c26ba9bSPaul Blakey struct nf_flow_match match; 479c26ba9bSPaul Blakey struct flow_rule *rule; 489c26ba9bSPaul Blakey }; 499c26ba9bSPaul Blakey 503b49e2e9SPablo Neira Ayuso struct nf_flowtable_type { 513b49e2e9SPablo Neira Ayuso struct list_head list; 523b49e2e9SPablo Neira Ayuso int family; 53a268de77SFelix Fietkau int (*init)(struct nf_flowtable *ft); 548bb69f3bSPablo Neira Ayuso int (*setup)(struct nf_flowtable *ft, 558bb69f3bSPablo Neira Ayuso struct net_device *dev, 568bb69f3bSPablo Neira Ayuso enum flow_block_command cmd); 57c29f74e0SPablo Neira Ayuso int (*action)(struct net *net, 58c29f74e0SPablo Neira Ayuso const struct flow_offload *flow, 59c29f74e0SPablo Neira Ayuso enum flow_offload_tuple_dir dir, 60c29f74e0SPablo Neira Ayuso struct nf_flow_rule *flow_rule); 61b408c5b0SPablo Neira Ayuso void (*free)(struct nf_flowtable *ft); 623b49e2e9SPablo Neira Ayuso nf_hookfn *hook; 633b49e2e9SPablo Neira Ayuso struct module *owner; 643b49e2e9SPablo Neira Ayuso }; 653b49e2e9SPablo Neira Ayuso 668bb69f3bSPablo Neira Ayuso enum nf_flowtable_flags { 67cfbd1125SPablo Neira Ayuso NF_FLOWTABLE_HW_OFFLOAD = 0x1, /* NFT_FLOWTABLE_HW_OFFLOAD */ 6853c2b289SPablo Neira Ayuso NF_FLOWTABLE_COUNTER = 0x2, /* NFT_FLOWTABLE_COUNTER */ 698bb69f3bSPablo Neira Ayuso }; 708bb69f3bSPablo Neira Ayuso 713b49e2e9SPablo Neira Ayuso struct nf_flowtable { 7284453a90SFelix Fietkau struct list_head list; 733b49e2e9SPablo Neira Ayuso struct rhashtable rhashtable; 7471a8a63bSPablo Neira Ayuso int priority; 753b49e2e9SPablo Neira Ayuso const struct nf_flowtable_type *type; 763b49e2e9SPablo Neira Ayuso struct delayed_work gc_work; 778bb69f3bSPablo Neira Ayuso unsigned int flags; 788bb69f3bSPablo Neira Ayuso struct flow_block flow_block; 79422c032aSPaul Blakey struct rw_semaphore flow_block_lock; /* Guards flow_block */ 808bb69f3bSPablo Neira Ayuso possible_net_t net; 813b49e2e9SPablo Neira Ayuso }; 823b49e2e9SPablo Neira Ayuso 83a5449cdcSPablo Neira Ayuso static inline bool nf_flowtable_hw_offload(struct nf_flowtable *flowtable) 84a5449cdcSPablo Neira Ayuso { 85a5449cdcSPablo Neira Ayuso return flowtable->flags & NF_FLOWTABLE_HW_OFFLOAD; 86a5449cdcSPablo Neira Ayuso } 87a5449cdcSPablo Neira Ayuso 88ac2a6666SPablo Neira Ayuso enum flow_offload_tuple_dir { 89af81f9e7SFelix Fietkau FLOW_OFFLOAD_DIR_ORIGINAL = IP_CT_DIR_ORIGINAL, 90af81f9e7SFelix Fietkau FLOW_OFFLOAD_DIR_REPLY = IP_CT_DIR_REPLY, 91ac2a6666SPablo Neira Ayuso }; 924f08f173SPablo Neira Ayuso #define FLOW_OFFLOAD_DIR_MAX IP_CT_DIR_MAX 93ac2a6666SPablo Neira Ayuso 945139c0c0SPablo Neira Ayuso enum flow_offload_xmit_type { 9578ed0a9bSRoi Dayan FLOW_OFFLOAD_XMIT_UNSPEC = 0, 9678ed0a9bSRoi Dayan FLOW_OFFLOAD_XMIT_NEIGH, 975139c0c0SPablo Neira Ayuso FLOW_OFFLOAD_XMIT_XFRM, 987a27f6abSPablo Neira Ayuso FLOW_OFFLOAD_XMIT_DIRECT, 99*db6140e5SPaul Blakey FLOW_OFFLOAD_XMIT_TC, 1005139c0c0SPablo Neira Ayuso }; 1015139c0c0SPablo Neira Ayuso 1024cd91f7cSPablo Neira Ayuso #define NF_FLOW_TABLE_ENCAP_MAX 2 1034cd91f7cSPablo Neira Ayuso 104ac2a6666SPablo Neira Ayuso struct flow_offload_tuple { 105ac2a6666SPablo Neira Ayuso union { 106ac2a6666SPablo Neira Ayuso struct in_addr src_v4; 107ac2a6666SPablo Neira Ayuso struct in6_addr src_v6; 108ac2a6666SPablo Neira Ayuso }; 109ac2a6666SPablo Neira Ayuso union { 110ac2a6666SPablo Neira Ayuso struct in_addr dst_v4; 111ac2a6666SPablo Neira Ayuso struct in6_addr dst_v6; 112ac2a6666SPablo Neira Ayuso }; 113ac2a6666SPablo Neira Ayuso struct { 114ac2a6666SPablo Neira Ayuso __be16 src_port; 115ac2a6666SPablo Neira Ayuso __be16 dst_port; 116ac2a6666SPablo Neira Ayuso }; 117ac2a6666SPablo Neira Ayuso 118ac2a6666SPablo Neira Ayuso int iifidx; 119ac2a6666SPablo Neira Ayuso 120ac2a6666SPablo Neira Ayuso u8 l3proto; 121ac2a6666SPablo Neira Ayuso u8 l4proto; 1224cd91f7cSPablo Neira Ayuso struct { 1234cd91f7cSPablo Neira Ayuso u16 id; 1244cd91f7cSPablo Neira Ayuso __be16 proto; 1254cd91f7cSPablo Neira Ayuso } encap[NF_FLOW_TABLE_ENCAP_MAX]; 126dbc859d9SPablo Neira Ayuso 127dbc859d9SPablo Neira Ayuso /* All members above are keys for lookups, see flow_offload_hash(). */ 128dbc859d9SPablo Neira Ayuso struct { } __hash; 129dbc859d9SPablo Neira Ayuso 13026267bf9SFelix Fietkau u8 dir:2, 131*db6140e5SPaul Blakey xmit_type:3, 13226267bf9SFelix Fietkau encap_num:2, 13326267bf9SFelix Fietkau in_vlan_ingress:2; 1344f3780c0SFelix Fietkau u16 mtu; 1357a27f6abSPablo Neira Ayuso union { 1368b9229d1SPablo Neira Ayuso struct { 137ac2a6666SPablo Neira Ayuso struct dst_entry *dst_cache; 1388b9229d1SPablo Neira Ayuso u32 dst_cookie; 1398b9229d1SPablo Neira Ayuso }; 1407a27f6abSPablo Neira Ayuso struct { 1417a27f6abSPablo Neira Ayuso u32 ifidx; 14273f97025SPablo Neira Ayuso u32 hw_ifidx; 1437a27f6abSPablo Neira Ayuso u8 h_source[ETH_ALEN]; 1447a27f6abSPablo Neira Ayuso u8 h_dest[ETH_ALEN]; 1457a27f6abSPablo Neira Ayuso } out; 146*db6140e5SPaul Blakey struct { 147*db6140e5SPaul Blakey u32 iifidx; 148*db6140e5SPaul Blakey } tc; 1497a27f6abSPablo Neira Ayuso }; 150ac2a6666SPablo Neira Ayuso }; 151ac2a6666SPablo Neira Ayuso 152ac2a6666SPablo Neira Ayuso struct flow_offload_tuple_rhash { 153ac2a6666SPablo Neira Ayuso struct rhash_head node; 154ac2a6666SPablo Neira Ayuso struct flow_offload_tuple tuple; 155ac2a6666SPablo Neira Ayuso }; 156ac2a6666SPablo Neira Ayuso 157355a8b13SPablo Neira Ayuso enum nf_flow_flags { 158355a8b13SPablo Neira Ayuso NF_FLOW_SNAT, 159355a8b13SPablo Neira Ayuso NF_FLOW_DNAT, 160355a8b13SPablo Neira Ayuso NF_FLOW_TEARDOWN, 161355a8b13SPablo Neira Ayuso NF_FLOW_HW, 162355a8b13SPablo Neira Ayuso NF_FLOW_HW_DYING, 163355a8b13SPablo Neira Ayuso NF_FLOW_HW_DEAD, 1642c889795SPaul Blakey NF_FLOW_HW_PENDING, 165355a8b13SPablo Neira Ayuso }; 166ac2a6666SPablo Neira Ayuso 167f1363e05SPablo Neira Ayuso enum flow_offload_type { 168f1363e05SPablo Neira Ayuso NF_FLOW_OFFLOAD_UNSPEC = 0, 169f1363e05SPablo Neira Ayuso NF_FLOW_OFFLOAD_ROUTE, 170f1363e05SPablo Neira Ayuso }; 171f1363e05SPablo Neira Ayuso 172ac2a6666SPablo Neira Ayuso struct flow_offload { 173ac2a6666SPablo Neira Ayuso struct flow_offload_tuple_rhash tuplehash[FLOW_OFFLOAD_DIR_MAX]; 174b32d2f34SPablo Neira Ayuso struct nf_conn *ct; 175355a8b13SPablo Neira Ayuso unsigned long flags; 176f1363e05SPablo Neira Ayuso u16 type; 177ac2a6666SPablo Neira Ayuso u32 timeout; 17862248df8SPablo Neira Ayuso struct rcu_head rcu_head; 179ac2a6666SPablo Neira Ayuso }; 180ac2a6666SPablo Neira Ayuso 181ac2a6666SPablo Neira Ayuso #define NF_FLOW_TIMEOUT (30 * HZ) 182fb46f1b7SPablo Neira Ayuso #define nf_flowtable_time_stamp (u32)jiffies 183fb46f1b7SPablo Neira Ayuso 1841d91d2e1SOz Shlomo unsigned long flow_offload_get_timeout(struct flow_offload *flow); 1851d91d2e1SOz Shlomo 186fb46f1b7SPablo Neira Ayuso static inline __s32 nf_flow_timeout_delta(unsigned int timeout) 187fb46f1b7SPablo Neira Ayuso { 188fb46f1b7SPablo Neira Ayuso return (__s32)(timeout - nf_flowtable_time_stamp); 189fb46f1b7SPablo Neira Ayuso } 190ac2a6666SPablo Neira Ayuso 191ac2a6666SPablo Neira Ayuso struct nf_flow_route { 192ac2a6666SPablo Neira Ayuso struct { 193ac2a6666SPablo Neira Ayuso struct dst_entry *dst; 194c63a7cc4SPablo Neira Ayuso struct { 195c63a7cc4SPablo Neira Ayuso u32 ifindex; 1964cd91f7cSPablo Neira Ayuso struct { 1974cd91f7cSPablo Neira Ayuso u16 id; 1984cd91f7cSPablo Neira Ayuso __be16 proto; 1994cd91f7cSPablo Neira Ayuso } encap[NF_FLOW_TABLE_ENCAP_MAX]; 20026267bf9SFelix Fietkau u8 num_encaps:2, 20126267bf9SFelix Fietkau ingress_vlans:2; 202c63a7cc4SPablo Neira Ayuso } in; 2037a27f6abSPablo Neira Ayuso struct { 2047a27f6abSPablo Neira Ayuso u32 ifindex; 20573f97025SPablo Neira Ayuso u32 hw_ifindex; 2067a27f6abSPablo Neira Ayuso u8 h_source[ETH_ALEN]; 2077a27f6abSPablo Neira Ayuso u8 h_dest[ETH_ALEN]; 2087a27f6abSPablo Neira Ayuso } out; 2095139c0c0SPablo Neira Ayuso enum flow_offload_xmit_type xmit_type; 210ac2a6666SPablo Neira Ayuso } tuple[FLOW_OFFLOAD_DIR_MAX]; 211ac2a6666SPablo Neira Ayuso }; 212ac2a6666SPablo Neira Ayuso 213f1363e05SPablo Neira Ayuso struct flow_offload *flow_offload_alloc(struct nf_conn *ct); 214ac2a6666SPablo Neira Ayuso void flow_offload_free(struct flow_offload *flow); 215ac2a6666SPablo Neira Ayuso 216505ee3a1SAlaa Hleihel static inline int 217505ee3a1SAlaa Hleihel nf_flow_table_offload_add_cb(struct nf_flowtable *flow_table, 218505ee3a1SAlaa Hleihel flow_setup_cb_t *cb, void *cb_priv) 219505ee3a1SAlaa Hleihel { 220505ee3a1SAlaa Hleihel struct flow_block *block = &flow_table->flow_block; 221505ee3a1SAlaa Hleihel struct flow_block_cb *block_cb; 222505ee3a1SAlaa Hleihel int err = 0; 223505ee3a1SAlaa Hleihel 224505ee3a1SAlaa Hleihel down_write(&flow_table->flow_block_lock); 225505ee3a1SAlaa Hleihel block_cb = flow_block_cb_lookup(block, cb, cb_priv); 226505ee3a1SAlaa Hleihel if (block_cb) { 227505ee3a1SAlaa Hleihel err = -EEXIST; 228505ee3a1SAlaa Hleihel goto unlock; 229505ee3a1SAlaa Hleihel } 230505ee3a1SAlaa Hleihel 231505ee3a1SAlaa Hleihel block_cb = flow_block_cb_alloc(cb, cb_priv, cb_priv, NULL); 232505ee3a1SAlaa Hleihel if (IS_ERR(block_cb)) { 233505ee3a1SAlaa Hleihel err = PTR_ERR(block_cb); 234505ee3a1SAlaa Hleihel goto unlock; 235505ee3a1SAlaa Hleihel } 236505ee3a1SAlaa Hleihel 237505ee3a1SAlaa Hleihel list_add_tail(&block_cb->list, &block->cb_list); 238505ee3a1SAlaa Hleihel 239505ee3a1SAlaa Hleihel unlock: 240505ee3a1SAlaa Hleihel up_write(&flow_table->flow_block_lock); 241505ee3a1SAlaa Hleihel return err; 242505ee3a1SAlaa Hleihel } 243505ee3a1SAlaa Hleihel 244505ee3a1SAlaa Hleihel static inline void 245505ee3a1SAlaa Hleihel nf_flow_table_offload_del_cb(struct nf_flowtable *flow_table, 246505ee3a1SAlaa Hleihel flow_setup_cb_t *cb, void *cb_priv) 247505ee3a1SAlaa Hleihel { 248505ee3a1SAlaa Hleihel struct flow_block *block = &flow_table->flow_block; 249505ee3a1SAlaa Hleihel struct flow_block_cb *block_cb; 250505ee3a1SAlaa Hleihel 251505ee3a1SAlaa Hleihel down_write(&flow_table->flow_block_lock); 252505ee3a1SAlaa Hleihel block_cb = flow_block_cb_lookup(block, cb, cb_priv); 253505ee3a1SAlaa Hleihel if (block_cb) { 254505ee3a1SAlaa Hleihel list_del(&block_cb->list); 255505ee3a1SAlaa Hleihel flow_block_cb_free(block_cb); 256505ee3a1SAlaa Hleihel } else { 257505ee3a1SAlaa Hleihel WARN_ON(true); 258505ee3a1SAlaa Hleihel } 259505ee3a1SAlaa Hleihel up_write(&flow_table->flow_block_lock); 260505ee3a1SAlaa Hleihel } 261978703f4SPaul Blakey 262f1363e05SPablo Neira Ayuso int flow_offload_route_init(struct flow_offload *flow, 263f1363e05SPablo Neira Ayuso const struct nf_flow_route *route); 264f1363e05SPablo Neira Ayuso 265ac2a6666SPablo Neira Ayuso int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow); 2668b3646d6SPaul Blakey void flow_offload_refresh(struct nf_flowtable *flow_table, 2678b3646d6SPaul Blakey struct flow_offload *flow); 2688b3646d6SPaul Blakey 269ac2a6666SPablo Neira Ayuso struct flow_offload_tuple_rhash *flow_offload_lookup(struct nf_flowtable *flow_table, 270ac2a6666SPablo Neira Ayuso struct flow_offload_tuple *tuple); 271a8284c68SPablo Neira Ayuso void nf_flow_table_gc_cleanup(struct nf_flowtable *flowtable, 272a8284c68SPablo Neira Ayuso struct net_device *dev); 2735f1be84aSTaehee Yoo void nf_flow_table_cleanup(struct net_device *dev); 274c0ea1bcbSPablo Neira Ayuso 275a268de77SFelix Fietkau int nf_flow_table_init(struct nf_flowtable *flow_table); 276b408c5b0SPablo Neira Ayuso void nf_flow_table_free(struct nf_flowtable *flow_table); 277ac2a6666SPablo Neira Ayuso 27859c466ddSFelix Fietkau void flow_offload_teardown(struct flow_offload *flow); 279ac2a6666SPablo Neira Ayuso 280f4401262SPablo Neira Ayuso void nf_flow_snat_port(const struct flow_offload *flow, 281ac2a6666SPablo Neira Ayuso struct sk_buff *skb, unsigned int thoff, 282ac2a6666SPablo Neira Ayuso u8 protocol, enum flow_offload_tuple_dir dir); 283f4401262SPablo Neira Ayuso void nf_flow_dnat_port(const struct flow_offload *flow, 284ac2a6666SPablo Neira Ayuso struct sk_buff *skb, unsigned int thoff, 285ac2a6666SPablo Neira Ayuso u8 protocol, enum flow_offload_tuple_dir dir); 286ac2a6666SPablo Neira Ayuso 287ac2a6666SPablo Neira Ayuso struct flow_ports { 288ac2a6666SPablo Neira Ayuso __be16 source, dest; 289ac2a6666SPablo Neira Ayuso }; 290ac2a6666SPablo Neira Ayuso 2917c23b629SPablo Neira Ayuso unsigned int nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb, 2927c23b629SPablo Neira Ayuso const struct nf_hook_state *state); 2937c23b629SPablo Neira Ayuso unsigned int nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, 2947c23b629SPablo Neira Ayuso const struct nf_hook_state *state); 2957c23b629SPablo Neira Ayuso 296ac2a6666SPablo Neira Ayuso #define MODULE_ALIAS_NF_FLOWTABLE(family) \ 297ac2a6666SPablo Neira Ayuso MODULE_ALIAS("nf-flowtable-" __stringify(family)) 298ac2a6666SPablo Neira Ayuso 299c29f74e0SPablo Neira Ayuso void nf_flow_offload_add(struct nf_flowtable *flowtable, 300c29f74e0SPablo Neira Ayuso struct flow_offload *flow); 301c29f74e0SPablo Neira Ayuso void nf_flow_offload_del(struct nf_flowtable *flowtable, 302c29f74e0SPablo Neira Ayuso struct flow_offload *flow); 303c29f74e0SPablo Neira Ayuso void nf_flow_offload_stats(struct nf_flowtable *flowtable, 304c29f74e0SPablo Neira Ayuso struct flow_offload *flow); 305c29f74e0SPablo Neira Ayuso 306c29f74e0SPablo Neira Ayuso void nf_flow_table_offload_flush(struct nf_flowtable *flowtable); 307c29f74e0SPablo Neira Ayuso int nf_flow_table_offload_setup(struct nf_flowtable *flowtable, 3088bb69f3bSPablo Neira Ayuso struct net_device *dev, 309c29f74e0SPablo Neira Ayuso enum flow_block_command cmd); 3105c27d8d7SPablo Neira Ayuso int nf_flow_rule_route_ipv4(struct net *net, const struct flow_offload *flow, 3115c27d8d7SPablo Neira Ayuso enum flow_offload_tuple_dir dir, 3125c27d8d7SPablo Neira Ayuso struct nf_flow_rule *flow_rule); 3135c27d8d7SPablo Neira Ayuso int nf_flow_rule_route_ipv6(struct net *net, const struct flow_offload *flow, 314c29f74e0SPablo Neira Ayuso enum flow_offload_tuple_dir dir, 315c29f74e0SPablo Neira Ayuso struct nf_flow_rule *flow_rule); 316c29f74e0SPablo Neira Ayuso 317c29f74e0SPablo Neira Ayuso int nf_flow_table_offload_init(void); 318c29f74e0SPablo Neira Ayuso void nf_flow_table_offload_exit(void); 3198bb69f3bSPablo Neira Ayuso 3200286fbc6SJeremy Sowden #endif /* _NF_FLOW_TABLE_H */ 321