1 #ifndef _NET_NF_TABLES_OFFLOAD_H 2 #define _NET_NF_TABLES_OFFLOAD_H 3 4 #include <net/flow_offload.h> 5 #include <net/netfilter/nf_tables.h> 6 7 enum nft_offload_reg_flags { 8 NFT_OFFLOAD_F_NETWORK2HOST = (1 << 0), 9 }; 10 11 struct nft_offload_reg { 12 u32 key; 13 u32 len; 14 u32 base_offset; 15 u32 offset; 16 u32 flags; 17 struct nft_data data; 18 struct nft_data mask; 19 }; 20 21 enum nft_offload_dep_type { 22 NFT_OFFLOAD_DEP_UNSPEC = 0, 23 NFT_OFFLOAD_DEP_NETWORK, 24 NFT_OFFLOAD_DEP_TRANSPORT, 25 }; 26 27 struct nft_offload_ctx { 28 struct { 29 enum nft_offload_dep_type type; 30 __be16 l3num; 31 u8 protonum; 32 } dep; 33 unsigned int num_actions; 34 struct net *net; 35 struct nft_offload_reg regs[NFT_REG32_15 + 1]; 36 }; 37 38 void nft_offload_set_dependency(struct nft_offload_ctx *ctx, 39 enum nft_offload_dep_type type); 40 void nft_offload_update_dependency(struct nft_offload_ctx *ctx, 41 const void *data, u32 len); 42 43 struct nft_flow_key { 44 struct flow_dissector_key_basic basic; 45 struct flow_dissector_key_control control; 46 union { 47 struct flow_dissector_key_ipv4_addrs ipv4; 48 struct flow_dissector_key_ipv6_addrs ipv6; 49 }; 50 struct flow_dissector_key_ports tp; 51 struct flow_dissector_key_ip ip; 52 struct flow_dissector_key_vlan vlan; 53 struct flow_dissector_key_vlan cvlan; 54 struct flow_dissector_key_eth_addrs eth_addrs; 55 struct flow_dissector_key_meta meta; 56 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */ 57 58 struct nft_flow_match { 59 struct flow_dissector dissector; 60 struct nft_flow_key key; 61 struct nft_flow_key mask; 62 }; 63 64 struct nft_flow_rule { 65 __be16 proto; 66 struct nft_flow_match match; 67 struct flow_rule *rule; 68 }; 69 70 #define NFT_OFFLOAD_F_ACTION (1 << 0) 71 72 void nft_flow_rule_set_addr_type(struct nft_flow_rule *flow, 73 enum flow_dissector_key_id addr_type); 74 75 struct nft_rule; 76 struct nft_flow_rule *nft_flow_rule_create(struct net *net, const struct nft_rule *rule); 77 int nft_flow_rule_stats(const struct nft_chain *chain, const struct nft_rule *rule); 78 void nft_flow_rule_destroy(struct nft_flow_rule *flow); 79 int nft_flow_rule_offload_commit(struct net *net); 80 81 #define NFT_OFFLOAD_MATCH_FLAGS(__key, __base, __field, __len, __reg, __flags) \ 82 (__reg)->base_offset = \ 83 offsetof(struct nft_flow_key, __base); \ 84 (__reg)->offset = \ 85 offsetof(struct nft_flow_key, __base.__field); \ 86 (__reg)->len = __len; \ 87 (__reg)->key = __key; \ 88 (__reg)->flags = __flags; 89 90 #define NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg) \ 91 NFT_OFFLOAD_MATCH_FLAGS(__key, __base, __field, __len, __reg, 0) 92 93 #define NFT_OFFLOAD_MATCH_EXACT(__key, __base, __field, __len, __reg) \ 94 NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg) \ 95 memset(&(__reg)->mask, 0xff, (__reg)->len); 96 97 int nft_chain_offload_priority(struct nft_base_chain *basechain); 98 99 int nft_offload_init(void); 100 void nft_offload_exit(void); 101 102 #endif 103