root/include/net/netfilter/nf_tables_offload.h

/* [<][>][^][v][top][bottom][index][help] */

INCLUDED FROM

   1 #ifndef _NET_NF_TABLES_OFFLOAD_H
   2 #define _NET_NF_TABLES_OFFLOAD_H
   3 
   4 #include <net/flow_offload.h>
   5 #include <net/netfilter/nf_tables.h>
   6 
   7 struct nft_offload_reg {
   8         u32             key;
   9         u32             len;
  10         u32             base_offset;
  11         u32             offset;
  12         struct nft_data data;
  13         struct nft_data mask;
  14 };
  15 
  16 enum nft_offload_dep_type {
  17         NFT_OFFLOAD_DEP_UNSPEC  = 0,
  18         NFT_OFFLOAD_DEP_NETWORK,
  19         NFT_OFFLOAD_DEP_TRANSPORT,
  20 };
  21 
  22 struct nft_offload_ctx {
  23         struct {
  24                 enum nft_offload_dep_type       type;
  25                 __be16                          l3num;
  26                 u8                              protonum;
  27         } dep;
  28         unsigned int                            num_actions;
  29         struct net                              *net;
  30         struct nft_offload_reg                  regs[NFT_REG32_15 + 1];
  31 };
  32 
  33 void nft_offload_set_dependency(struct nft_offload_ctx *ctx,
  34                                 enum nft_offload_dep_type type);
  35 void nft_offload_update_dependency(struct nft_offload_ctx *ctx,
  36                                    const void *data, u32 len);
  37 
  38 struct nft_flow_key {
  39         struct flow_dissector_key_basic                 basic;
  40         union {
  41                 struct flow_dissector_key_ipv4_addrs    ipv4;
  42                 struct flow_dissector_key_ipv6_addrs    ipv6;
  43         };
  44         struct flow_dissector_key_ports                 tp;
  45         struct flow_dissector_key_ip                    ip;
  46         struct flow_dissector_key_vlan                  vlan;
  47         struct flow_dissector_key_eth_addrs             eth_addrs;
  48 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
  49 
  50 struct nft_flow_match {
  51         struct flow_dissector   dissector;
  52         struct nft_flow_key     key;
  53         struct nft_flow_key     mask;
  54 };
  55 
  56 struct nft_flow_rule {
  57         __be16                  proto;
  58         struct nft_flow_match   match;
  59         struct flow_rule        *rule;
  60 };
  61 
  62 #define NFT_OFFLOAD_F_ACTION    (1 << 0)
  63 
  64 struct nft_rule;
  65 struct nft_flow_rule *nft_flow_rule_create(struct net *net, const struct nft_rule *rule);
  66 void nft_flow_rule_destroy(struct nft_flow_rule *flow);
  67 int nft_flow_rule_offload_commit(struct net *net);
  68 
  69 #define NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg)         \
  70         (__reg)->base_offset    =                                       \
  71                 offsetof(struct nft_flow_key, __base);                  \
  72         (__reg)->offset         =                                       \
  73                 offsetof(struct nft_flow_key, __base.__field);          \
  74         (__reg)->len            = __len;                                \
  75         (__reg)->key            = __key;                                \
  76         memset(&(__reg)->mask, 0xff, (__reg)->len);
  77 
  78 int nft_chain_offload_priority(struct nft_base_chain *basechain);
  79 
  80 int nft_offload_init(void);
  81 void nft_offload_exit(void);
  82 
  83 #endif
/* [<][>][^][v][top][bottom][index][help] */