summaryrefslogblamecommitdiffstats
path: root/include/net/netfilter/nf_flow_table.h
blob: d8c187936beca35298143ae8a942d4f7c4eb4061 (plain) (tree) 
3b49e2e94e6e ^



ac2a66665e23 ^



0eb71a9da579 ^

ac2a66665e23 ^

af81f9e75e54 ^

ac2a66665e23 ^

3b49e2e94e6e ^






a268de77faf6 ^

b408c5b04f82 ^

3b49e2e94e6e ^





84453a90252c ^

3b49e2e94e6e ^





ac2a66665e23 ^

af81f9e75e54 ^



ac2a66665e23 ^

ac2a66665e23 ^





















4f3780c004ef ^


ac2a66665e23 ^











59c466dd68e7 ^

ac2a66665e23 ^















ac2a66665e23 ^








ac2a66665e23 ^


5f1be84aad4b ^

c0ea1bcb3935 ^

a268de77faf6 ^

b408c5b04f82 ^

ac2a66665e23 ^

59c466dd68e7 ^

6bdc3c68d94c ^




ac2a66665e23 ^












7c23b629a808 ^





ac2a66665e23 ^



3b49e2e94e6e ^

1
2
3

4
5
6

7

8

9

10

11
12
13
14
15
16

17

18

19
20
21
22
23

24

25
26
27
28
29

30

31
32
33

34

35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

56
57

58
59
60
61
62
63
64
65
66
67
68

69

70
71
72
73
74
75
76
77
78
79
80
81
82
83
84

85
86
87
88
89
90
91
92

93
94

95

96

97

98

99

100

101
102
103
104

105
106
107
108
109
110
111
112
113
114
115
116

117
118
119
120
121

122
123
124

125



                        


                            
                                   
                           
                                                      
                    





                                               
                                                                         
                                                                         




                                               
                                             




                                                   
                             


                                                       
  




















                                                 

                                            










                                                   
                                   














                                                                                







                                                                                 

                                                                                       
                                                   
 
                                                        
                                                         
 
                                                      



                                                               











                                                                    




                                                                          


                                                         
                            
#ifndef _NF_FLOW_TABLE_H
#define _NF_FLOW_TABLE_H

#include <linux/in.h>
#include <linux/in6.h>
#include <linux/netdevice.h>
#include <linux/rhashtable-types.h>
#include <linux/rcupdate.h>
#include <linux/netfilter/nf_conntrack_tuple_common.h>
#include <net/dst.h>

struct nf_flowtable;

struct nf_flowtable_type {
	struct list_head		list;
	int				family;
	int				(*init)(struct nf_flowtable *ft);
	void				(*free)(struct nf_flowtable *ft);
	nf_hookfn			*hook;
	struct module			*owner;
};

struct nf_flowtable {
	struct list_head		list;
	struct rhashtable		rhashtable;
	const struct nf_flowtable_type	*type;
	struct delayed_work		gc_work;
};

enum flow_offload_tuple_dir {
	FLOW_OFFLOAD_DIR_ORIGINAL = IP_CT_DIR_ORIGINAL,
	FLOW_OFFLOAD_DIR_REPLY = IP_CT_DIR_REPLY,
	FLOW_OFFLOAD_DIR_MAX = IP_CT_DIR_MAX
};

struct flow_offload_tuple {
	union {
		struct in_addr		src_v4;
		struct in6_addr		src_v6;
	};
	union {
		struct in_addr		dst_v4;
		struct in6_addr		dst_v6;
	};
	struct {
		__be16			src_port;
		__be16			dst_port;
	};

	int				iifidx;

	u8				l3proto;
	u8				l4proto;
	u8				dir;

	u16				mtu;

	struct dst_entry		*dst_cache;
};

struct flow_offload_tuple_rhash {
	struct rhash_head		node;
	struct flow_offload_tuple	tuple;
};

#define FLOW_OFFLOAD_SNAT	0x1
#define FLOW_OFFLOAD_DNAT	0x2
#define FLOW_OFFLOAD_DYING	0x4
#define FLOW_OFFLOAD_TEARDOWN	0x8

struct flow_offload {
	struct flow_offload_tuple_rhash		tuplehash[FLOW_OFFLOAD_DIR_MAX];
	u32					flags;
	union {
		/* Your private driver data here. */
		u32		timeout;
	};
};

#define NF_FLOW_TIMEOUT (30 * HZ)

struct nf_flow_route {
	struct {
		struct dst_entry	*dst;
	} tuple[FLOW_OFFLOAD_DIR_MAX];
};

struct flow_offload *flow_offload_alloc(struct nf_conn *ct,
					struct nf_flow_route *route);
void flow_offload_free(struct flow_offload *flow);

int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow);
struct flow_offload_tuple_rhash *flow_offload_lookup(struct nf_flowtable *flow_table,
						     struct flow_offload_tuple *tuple);
void nf_flow_table_cleanup(struct net_device *dev);

int nf_flow_table_init(struct nf_flowtable *flow_table);
void nf_flow_table_free(struct nf_flowtable *flow_table);

void flow_offload_teardown(struct flow_offload *flow);
static inline void flow_offload_dead(struct flow_offload *flow)
{
	flow->flags |= FLOW_OFFLOAD_DYING;
}

int nf_flow_snat_port(const struct flow_offload *flow,
		      struct sk_buff *skb, unsigned int thoff,
		      u8 protocol, enum flow_offload_tuple_dir dir);
int nf_flow_dnat_port(const struct flow_offload *flow,
		      struct sk_buff *skb, unsigned int thoff,
		      u8 protocol, enum flow_offload_tuple_dir dir);

struct flow_ports {
	__be16 source, dest;
};

unsigned int nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
				     const struct nf_hook_state *state);
unsigned int nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb,
				       const struct nf_hook_state *state);

#define MODULE_ALIAS_NF_FLOWTABLE(family)	\
	MODULE_ALIAS("nf-flowtable-" __stringify(family))

#endif /* _FLOW_OFFLOAD_H */
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-06-01 20:23:08 +0200