1 #ifndef _NF_FLOW_TABLE_H
2 #define _NF_FLOW_TABLE_H
3 
4 #include <linux/in.h>
5 #include <linux/in6.h>
6 #include <linux/netdevice.h>
7 #include <linux/rhashtable.h>
8 #include <linux/rcupdate.h>
9 #include <net/dst.h>
10 
11 struct nf_flowtable;
12 
13 struct nf_flowtable_type {
14 	struct list_head		list;
15 	int				family;
16 	void				(*gc)(struct work_struct *work);
17 	void				(*free)(struct nf_flowtable *ft);
18 	const struct rhashtable_params	*params;
19 	nf_hookfn			*hook;
20 	struct module			*owner;
21 };
22 
23 struct nf_flowtable {
24 	struct rhashtable		rhashtable;
25 	const struct nf_flowtable_type	*type;
26 	struct delayed_work		gc_work;
27 };
28 
29 enum flow_offload_tuple_dir {
30 	FLOW_OFFLOAD_DIR_ORIGINAL,
31 	FLOW_OFFLOAD_DIR_REPLY,
32 	__FLOW_OFFLOAD_DIR_MAX		= FLOW_OFFLOAD_DIR_REPLY,
33 };
34 #define FLOW_OFFLOAD_DIR_MAX	(__FLOW_OFFLOAD_DIR_MAX + 1)
35 
36 struct flow_offload_tuple {
37 	union {
38 		struct in_addr		src_v4;
39 		struct in6_addr		src_v6;
40 	};
41 	union {
42 		struct in_addr		dst_v4;
43 		struct in6_addr		dst_v6;
44 	};
45 	struct {
46 		__be16			src_port;
47 		__be16			dst_port;
48 	};
49 
50 	int				iifidx;
51 
52 	u8				l3proto;
53 	u8				l4proto;
54 	u8				dir;
55 
56 	int				oifidx;
57 
58 	struct dst_entry		*dst_cache;
59 };
60 
61 struct flow_offload_tuple_rhash {
62 	struct rhash_head		node;
63 	struct flow_offload_tuple	tuple;
64 };
65 
66 #define FLOW_OFFLOAD_SNAT	0x1
67 #define FLOW_OFFLOAD_DNAT	0x2
68 #define FLOW_OFFLOAD_DYING	0x4
69 
70 struct flow_offload {
71 	struct flow_offload_tuple_rhash		tuplehash[FLOW_OFFLOAD_DIR_MAX];
72 	u32					flags;
73 	union {
74 		/* Your private driver data here. */
75 		u32		timeout;
76 	};
77 };
78 
79 #define NF_FLOW_TIMEOUT (30 * HZ)
80 
81 struct nf_flow_route {
82 	struct {
83 		struct dst_entry	*dst;
84 		int			ifindex;
85 	} tuple[FLOW_OFFLOAD_DIR_MAX];
86 };
87 
88 struct flow_offload *flow_offload_alloc(struct nf_conn *ct,
89 					struct nf_flow_route *route);
90 void flow_offload_free(struct flow_offload *flow);
91 
92 int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow);
93 struct flow_offload_tuple_rhash *flow_offload_lookup(struct nf_flowtable *flow_table,
94 						     struct flow_offload_tuple *tuple);
95 int nf_flow_table_iterate(struct nf_flowtable *flow_table,
96 			  void (*iter)(struct flow_offload *flow, void *data),
97 			  void *data);
98 
99 void nf_flow_table_cleanup(struct net *net, struct net_device *dev);
100 
101 void nf_flow_table_free(struct nf_flowtable *flow_table);
102 void nf_flow_offload_work_gc(struct work_struct *work);
103 extern const struct rhashtable_params nf_flow_offload_rhash_params;
104 
105 void flow_offload_dead(struct flow_offload *flow);
106 
107 int nf_flow_snat_port(const struct flow_offload *flow,
108 		      struct sk_buff *skb, unsigned int thoff,
109 		      u8 protocol, enum flow_offload_tuple_dir dir);
110 int nf_flow_dnat_port(const struct flow_offload *flow,
111 		      struct sk_buff *skb, unsigned int thoff,
112 		      u8 protocol, enum flow_offload_tuple_dir dir);
113 
114 struct flow_ports {
115 	__be16 source, dest;
116 };
117 
118 unsigned int nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
119 				     const struct nf_hook_state *state);
120 unsigned int nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb,
121 				       const struct nf_hook_state *state);
122 
123 #define MODULE_ALIAS_NF_FLOWTABLE(family)	\
124 	MODULE_ALIAS("nf-flowtable-" __stringify(family))
125 
126 #endif /* _FLOW_OFFLOAD_H */
127