xref: /linux/include/net/netfilter/nf_flow_table.h (revision 52338415) 
1 #ifndef _NF_FLOW_TABLE_H
2 #define _NF_FLOW_TABLE_H
3 
4 #include <linux/in.h>
5 #include <linux/in6.h>
6 #include <linux/netdevice.h>
7 #include <linux/rhashtable-types.h>
8 #include <linux/rcupdate.h>
9 #include <linux/netfilter.h>
10 #include <linux/netfilter/nf_conntrack_tuple_common.h>
11 #include <net/dst.h>
12 
13 struct nf_flowtable;
14 
15 struct nf_flowtable_type {
16 	struct list_head		list;
17 	int				family;
18 	int				(*init)(struct nf_flowtable *ft);
19 	void				(*free)(struct nf_flowtable *ft);
20 	nf_hookfn			*hook;
21 	struct module			*owner;
22 };
23 
24 struct nf_flowtable {
25 	struct list_head		list;
26 	struct rhashtable		rhashtable;
27 	const struct nf_flowtable_type	*type;
28 	struct delayed_work		gc_work;
29 };
30 
31 enum flow_offload_tuple_dir {
32 	FLOW_OFFLOAD_DIR_ORIGINAL = IP_CT_DIR_ORIGINAL,
33 	FLOW_OFFLOAD_DIR_REPLY = IP_CT_DIR_REPLY,
34 	FLOW_OFFLOAD_DIR_MAX = IP_CT_DIR_MAX
35 };
36 
37 struct flow_offload_tuple {
38 	union {
39 		struct in_addr		src_v4;
40 		struct in6_addr		src_v6;
41 	};
42 	union {
43 		struct in_addr		dst_v4;
44 		struct in6_addr		dst_v6;
45 	};
46 	struct {
47 		__be16			src_port;
48 		__be16			dst_port;
49 	};
50 
51 	int				iifidx;
52 
53 	u8				l3proto;
54 	u8				l4proto;
55 	u8				dir;
56 
57 	u16				mtu;
58 
59 	struct dst_entry		*dst_cache;
60 };
61 
62 struct flow_offload_tuple_rhash {
63 	struct rhash_head		node;
64 	struct flow_offload_tuple	tuple;
65 };
66 
67 #define FLOW_OFFLOAD_SNAT	0x1
68 #define FLOW_OFFLOAD_DNAT	0x2
69 #define FLOW_OFFLOAD_DYING	0x4
70 #define FLOW_OFFLOAD_TEARDOWN	0x8
71 
72 struct flow_offload {
73 	struct flow_offload_tuple_rhash		tuplehash[FLOW_OFFLOAD_DIR_MAX];
74 	u32					flags;
75 	union {
76 		/* Your private driver data here. */
77 		u32		timeout;
78 	};
79 };
80 
81 #define NF_FLOW_TIMEOUT (30 * HZ)
82 
83 struct nf_flow_route {
84 	struct {
85 		struct dst_entry	*dst;
86 	} tuple[FLOW_OFFLOAD_DIR_MAX];
87 };
88 
89 struct flow_offload *flow_offload_alloc(struct nf_conn *ct,
90 					struct nf_flow_route *route);
91 void flow_offload_free(struct flow_offload *flow);
92 
93 int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow);
94 struct flow_offload_tuple_rhash *flow_offload_lookup(struct nf_flowtable *flow_table,
95 						     struct flow_offload_tuple *tuple);
96 void nf_flow_table_cleanup(struct net_device *dev);
97 
98 int nf_flow_table_init(struct nf_flowtable *flow_table);
99 void nf_flow_table_free(struct nf_flowtable *flow_table);
100 
101 void flow_offload_teardown(struct flow_offload *flow);
102 static inline void flow_offload_dead(struct flow_offload *flow)
103 {
104 	flow->flags |= FLOW_OFFLOAD_DYING;
105 }
106 
107 int nf_flow_snat_port(const struct flow_offload *flow,
108 		      struct sk_buff *skb, unsigned int thoff,
109 		      u8 protocol, enum flow_offload_tuple_dir dir);
110 int nf_flow_dnat_port(const struct flow_offload *flow,
111 		      struct sk_buff *skb, unsigned int thoff,
112 		      u8 protocol, enum flow_offload_tuple_dir dir);
113 
114 struct flow_ports {
115 	__be16 source, dest;
116 };
117 
118 unsigned int nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
119 				     const struct nf_hook_state *state);
120 unsigned int nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb,
121 				       const struct nf_hook_state *state);
122 
123 #define MODULE_ALIAS_NF_FLOWTABLE(family)	\
124 	MODULE_ALIAS("nf-flowtable-" __stringify(family))
125 
126 #endif /* _NF_FLOW_TABLE_H */
127