include/net/netfilter/nf_tables_offload.h

   1 #ifndef _NET_NF_TABLES_OFFLOAD_H
   2 #define _NET_NF_TABLES_OFFLOAD_H
   3
   4 #include <net/flow_offload.h>
   5 #include <net/netfilter/nf_tables.h>
   6
   7 struct nft_offload_reg {
   8         u32             key;
   9         u32             len;
  10         u32             base_offset;
  11         u32             offset;
  12         struct nft_data data;
  13         struct nft_data mask;
  14 };
  15
  16 enum nft_offload_dep_type {
  17         NFT_OFFLOAD_DEP_UNSPEC  = 0,
  18         NFT_OFFLOAD_DEP_NETWORK,
  19         NFT_OFFLOAD_DEP_TRANSPORT,
  20 };
  21
  22 struct nft_offload_ctx {
  23         struct {
  24                 enum nft_offload_dep_type       type;
  25                 __be16                          l3num;
  26                 u8                              protonum;
  27         } dep;
  28         unsigned int                            num_actions;
  29         struct nft_offload_reg                  regs[NFT_REG32_15 + 1];
  30 };
  31
  32 void nft_offload_set_dependency(struct nft_offload_ctx *ctx,
  33                                 enum nft_offload_dep_type type);
  34 void nft_offload_update_dependency(struct nft_offload_ctx *ctx,
  35                                    const void *data, u32 len);
  36
  37 struct nft_flow_key {
  38         struct flow_dissector_key_basic                 basic;
  39         union {
  40                 struct flow_dissector_key_ipv4_addrs    ipv4;
  41                 struct flow_dissector_key_ipv6_addrs    ipv6;
  42         };
  43         struct flow_dissector_key_ports                 tp;
  44         struct flow_dissector_key_ip                    ip;
  45         struct flow_dissector_key_vlan                  vlan;
  46         struct flow_dissector_key_eth_addrs             eth_addrs;
  47 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
  48
  49 struct nft_flow_match {
  50         struct flow_dissector   dissector;
  51         struct nft_flow_key     key;
  52         struct nft_flow_key     mask;
  53 };
  54
  55 struct nft_flow_rule {
  56         __be16                  proto;
  57         struct nft_flow_match   match;
  58         struct flow_rule        *rule;
  59 };
  60
  61 #define NFT_OFFLOAD_F_ACTION    (1 << 0)
  62
  63 struct nft_rule;
  64 struct nft_flow_rule *nft_flow_rule_create(const struct nft_rule *rule);
  65 void nft_flow_rule_destroy(struct nft_flow_rule *flow);
  66 int nft_flow_rule_offload_commit(struct net *net);
  67 void nft_indr_block_get_and_ing_cmd(struct net_device *dev,
  68                                     flow_indr_block_bind_cb_t *cb,
  69                                     void *cb_priv,
  70                                     enum flow_block_command command);
  71
  72 #define NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg)         \
  73         (__reg)->base_offset    =                                       \
  74                 offsetof(struct nft_flow_key, __base);                  \
  75         (__reg)->offset         =                                       \
  76                 offsetof(struct nft_flow_key, __base.__field);          \
  77         (__reg)->len            = __len;                                \
  78         (__reg)->key            = __key;                                \
  79         memset(&(__reg)->mask, 0xff, (__reg)->len);
  80
  81 int nft_chain_offload_priority(struct nft_base_chain *basechain);
  82
  83 #endif