1 #ifndef _NF_FLOW_TABLE_H
2 #define _NF_FLOW_TABLE_H
3 
4 #include <linux/in.h>
5 #include <linux/in6.h>
6 #include <linux/netdevice.h>
7 #include <linux/rhashtable.h>
8 #include <linux/rcupdate.h>
9 #include <linux/netfilter/nf_conntrack_tuple_common.h>
10 #include <net/dst.h>
11 
12 struct nf_flowtable;
13 
14 struct nf_flowtable_type {
15 	struct list_head		list;
16 	int				family;
17 	int				(*init)(struct nf_flowtable *ft);
18 	void				(*free)(struct nf_flowtable *ft);
19 	nf_hookfn			*hook;
20 	struct module			*owner;
21 };
22 
23 struct nf_flowtable {
24 	struct list_head		list;
25 	struct rhashtable		rhashtable;
26 	const struct nf_flowtable_type	*type;
27 	struct delayed_work		gc_work;
28 };
29 
30 enum flow_offload_tuple_dir {
31 	FLOW_OFFLOAD_DIR_ORIGINAL = IP_CT_DIR_ORIGINAL,
32 	FLOW_OFFLOAD_DIR_REPLY = IP_CT_DIR_REPLY,
33 	FLOW_OFFLOAD_DIR_MAX = IP_CT_DIR_MAX
34 };
35 
36 struct flow_offload_tuple {
37 	union {
38 		struct in_addr		src_v4;
39 		struct in6_addr		src_v6;
40 	};
41 	union {
42 		struct in_addr		dst_v4;
43 		struct in6_addr		dst_v6;
44 	};
45 	struct {
46 		__be16			src_port;
47 		__be16			dst_port;
48 	};
49 
50 	int				iifidx;
51 
52 	u8				l3proto;
53 	u8				l4proto;
54 	u8				dir;
55 
56 	int				oifidx;
57 
58 	u16				mtu;
59 
60 	struct dst_entry		*dst_cache;
61 };
62 
63 struct flow_offload_tuple_rhash {
64 	struct rhash_head		node;
65 	struct flow_offload_tuple	tuple;
66 };
67 
68 #define FLOW_OFFLOAD_SNAT	0x1
69 #define FLOW_OFFLOAD_DNAT	0x2
70 #define FLOW_OFFLOAD_DYING	0x4
71 #define FLOW_OFFLOAD_TEARDOWN	0x8
72 
73 struct flow_offload {
74 	struct flow_offload_tuple_rhash		tuplehash[FLOW_OFFLOAD_DIR_MAX];
75 	u32					flags;
76 	union {
77 		/* Your private driver data here. */
78 		u32		timeout;
79 	};
80 };
81 
82 #define NF_FLOW_TIMEOUT (30 * HZ)
83 
84 struct nf_flow_route {
85 	struct {
86 		struct dst_entry	*dst;
87 		int			ifindex;
88 	} tuple[FLOW_OFFLOAD_DIR_MAX];
89 };
90 
91 struct flow_offload *flow_offload_alloc(struct nf_conn *ct,
92 					struct nf_flow_route *route);
93 void flow_offload_free(struct flow_offload *flow);
94 
95 int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow);
96 struct flow_offload_tuple_rhash *flow_offload_lookup(struct nf_flowtable *flow_table,
97 						     struct flow_offload_tuple *tuple);
98 int nf_flow_table_iterate(struct nf_flowtable *flow_table,
99 			  void (*iter)(struct flow_offload *flow, void *data),
100 			  void *data);
101 
102 void nf_flow_table_cleanup(struct net *net, struct net_device *dev);
103 
104 int nf_flow_table_init(struct nf_flowtable *flow_table);
105 void nf_flow_table_free(struct nf_flowtable *flow_table);
106 
107 void flow_offload_teardown(struct flow_offload *flow);
108 static inline void flow_offload_dead(struct flow_offload *flow)
109 {
110 	flow->flags |= FLOW_OFFLOAD_DYING;
111 }
112 
113 int nf_flow_snat_port(const struct flow_offload *flow,
114 		      struct sk_buff *skb, unsigned int thoff,
115 		      u8 protocol, enum flow_offload_tuple_dir dir);
116 int nf_flow_dnat_port(const struct flow_offload *flow,
117 		      struct sk_buff *skb, unsigned int thoff,
118 		      u8 protocol, enum flow_offload_tuple_dir dir);
119 
120 struct flow_ports {
121 	__be16 source, dest;
122 };
123 
124 unsigned int nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
125 				     const struct nf_hook_state *state);
126 unsigned int nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb,
127 				       const struct nf_hook_state *state);
128 
129 #define MODULE_ALIAS_NF_FLOWTABLE(family)	\
130 	MODULE_ALIAS("nf-flowtable-" __stringify(family))
131 
132 #endif /* _FLOW_OFFLOAD_H */
133