1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef _NET_NF_TABLES_CORE_H 3 #define _NET_NF_TABLES_CORE_H 4 5 #include <net/netfilter/nf_tables.h> 6 #include <linux/indirect_call_wrapper.h> 7 8 extern struct nft_expr_type nft_imm_type; 9 extern struct nft_expr_type nft_cmp_type; 10 extern struct nft_expr_type nft_lookup_type; 11 extern struct nft_expr_type nft_bitwise_type; 12 extern struct nft_expr_type nft_byteorder_type; 13 extern struct nft_expr_type nft_payload_type; 14 extern struct nft_expr_type nft_dynset_type; 15 extern struct nft_expr_type nft_range_type; 16 extern struct nft_expr_type nft_meta_type; 17 extern struct nft_expr_type nft_rt_type; 18 extern struct nft_expr_type nft_exthdr_type; 19 extern struct nft_expr_type nft_last_type; 20 21 #ifdef CONFIG_NETWORK_SECMARK 22 extern struct nft_object_type nft_secmark_obj_type; 23 #endif 24 25 int nf_tables_core_module_init(void); 26 void nf_tables_core_module_exit(void); 27 28 struct nft_bitwise_fast_expr { 29 u32 mask; 30 u32 xor; 31 u8 sreg; 32 u8 dreg; 33 }; 34 35 struct nft_cmp_fast_expr { 36 u32 data; 37 u32 mask; 38 u8 sreg; 39 u8 len; 40 bool inv; 41 }; 42 43 struct nft_immediate_expr { 44 struct nft_data data; 45 u8 dreg; 46 u8 dlen; 47 }; 48 49 /* Calculate the mask for the nft_cmp_fast expression. On big endian the 50 * mask needs to include the *upper* bytes when interpreting that data as 51 * something smaller than the full u32, therefore a cpu_to_le32 is done. 52 */ 53 static inline u32 nft_cmp_fast_mask(unsigned int len) 54 { 55 return cpu_to_le32(~0U >> (sizeof_field(struct nft_cmp_fast_expr, 56 data) * BITS_PER_BYTE - len)); 57 } 58 59 extern const struct nft_expr_ops nft_cmp_fast_ops; 60 61 struct nft_payload { 62 enum nft_payload_bases base:8; 63 u8 offset; 64 u8 len; 65 u8 dreg; 66 }; 67 68 struct nft_payload_set { 69 enum nft_payload_bases base:8; 70 u8 offset; 71 u8 len; 72 u8 sreg; 73 u8 csum_type; 74 u8 csum_offset; 75 u8 csum_flags; 76 }; 77 78 extern const struct nft_expr_ops nft_payload_fast_ops; 79 80 extern const struct nft_expr_ops nft_bitwise_fast_ops; 81 82 extern struct static_key_false nft_counters_enabled; 83 extern struct static_key_false nft_trace_enabled; 84 85 extern const struct nft_set_type nft_set_rhash_type; 86 extern const struct nft_set_type nft_set_hash_type; 87 extern const struct nft_set_type nft_set_hash_fast_type; 88 extern const struct nft_set_type nft_set_rbtree_type; 89 extern const struct nft_set_type nft_set_bitmap_type; 90 extern const struct nft_set_type nft_set_pipapo_type; 91 extern const struct nft_set_type nft_set_pipapo_avx2_type; 92 93 #ifdef CONFIG_RETPOLINE 94 bool nft_rhash_lookup(const struct net *net, const struct nft_set *set, 95 const u32 *key, const struct nft_set_ext **ext); 96 bool nft_rbtree_lookup(const struct net *net, const struct nft_set *set, 97 const u32 *key, const struct nft_set_ext **ext); 98 bool nft_bitmap_lookup(const struct net *net, const struct nft_set *set, 99 const u32 *key, const struct nft_set_ext **ext); 100 bool nft_hash_lookup_fast(const struct net *net, 101 const struct nft_set *set, 102 const u32 *key, const struct nft_set_ext **ext); 103 bool nft_hash_lookup(const struct net *net, const struct nft_set *set, 104 const u32 *key, const struct nft_set_ext **ext); 105 bool nft_set_do_lookup(const struct net *net, const struct nft_set *set, 106 const u32 *key, const struct nft_set_ext **ext); 107 #else 108 static inline bool 109 nft_set_do_lookup(const struct net *net, const struct nft_set *set, 110 const u32 *key, const struct nft_set_ext **ext) 111 { 112 return set->ops->lookup(net, set, key, ext); 113 } 114 #endif 115 116 /* called from nft_pipapo_avx2.c */ 117 bool nft_pipapo_lookup(const struct net *net, const struct nft_set *set, 118 const u32 *key, const struct nft_set_ext **ext); 119 /* called from nft_set_pipapo.c */ 120 bool nft_pipapo_avx2_lookup(const struct net *net, const struct nft_set *set, 121 const u32 *key, const struct nft_set_ext **ext); 122 123 struct nft_expr; 124 struct nft_regs; 125 struct nft_pktinfo; 126 void nft_meta_get_eval(const struct nft_expr *expr, 127 struct nft_regs *regs, const struct nft_pktinfo *pkt); 128 void nft_cmp_eval(const struct nft_expr *expr, 129 struct nft_regs *regs, const struct nft_pktinfo *pkt); 130 void nft_lookup_eval(const struct nft_expr *expr, 131 struct nft_regs *regs, const struct nft_pktinfo *pkt); 132 void nft_payload_eval(const struct nft_expr *expr, 133 struct nft_regs *regs, const struct nft_pktinfo *pkt); 134 void nft_immediate_eval(const struct nft_expr *expr, 135 struct nft_regs *regs, const struct nft_pktinfo *pkt); 136 void nft_bitwise_eval(const struct nft_expr *expr, 137 struct nft_regs *regs, const struct nft_pktinfo *pkt); 138 void nft_range_eval(const struct nft_expr *expr, 139 struct nft_regs *regs, const struct nft_pktinfo *pkt); 140 void nft_byteorder_eval(const struct nft_expr *expr, 141 struct nft_regs *regs, const struct nft_pktinfo *pkt); 142 void nft_dynset_eval(const struct nft_expr *expr, 143 struct nft_regs *regs, const struct nft_pktinfo *pkt); 144 void nft_rt_get_eval(const struct nft_expr *expr, 145 struct nft_regs *regs, const struct nft_pktinfo *pkt); 146 #endif /* _NET_NF_TABLES_CORE_H */ 147