1#ifndef _NF_FLOW_TABLE_H
2#define _NF_FLOW_TABLE_H
3
4#include <linux/in.h>
5#include <linux/in6.h>
6#include <linux/netdevice.h>
7#include <linux/rhashtable-types.h>
8#include <linux/rcupdate.h>
9#include <linux/netfilter/nf_conntrack_tuple_common.h>
10#include <net/dst.h>
11
12struct nf_flowtable;
13
14struct nf_flowtable_type {
15 struct list_head list;
16 int family;
17 int (*init)(struct nf_flowtable *ft);
18 void (*free)(struct nf_flowtable *ft);
19 nf_hookfn *hook;
20 struct module *owner;
21};
22
23struct nf_flowtable {
24 struct list_head list;
25 struct rhashtable rhashtable;
26 const struct nf_flowtable_type *type;
27 struct delayed_work gc_work;
28};
29
30enum flow_offload_tuple_dir {
31 FLOW_OFFLOAD_DIR_ORIGINAL = IP_CT_DIR_ORIGINAL,
32 FLOW_OFFLOAD_DIR_REPLY = IP_CT_DIR_REPLY,
33 FLOW_OFFLOAD_DIR_MAX = IP_CT_DIR_MAX
34};
35
36struct flow_offload_tuple {
37 union {
38 struct in_addr src_v4;
39 struct in6_addr src_v6;
40 };
41 union {
42 struct in_addr dst_v4;
43 struct in6_addr dst_v6;
44 };
45 struct {
46 __be16 src_port;
47 __be16 dst_port;
48 };
49
50 int iifidx;
51
52 u8 l3proto;
53 u8 l4proto;
54 u8 dir;
55
56 int oifidx;
57
58 u16 mtu;
59
60 struct dst_entry *dst_cache;
61};
62
63struct flow_offload_tuple_rhash {
64 struct rhash_head node;
65 struct flow_offload_tuple tuple;
66};
67
68#define FLOW_OFFLOAD_SNAT 0x1
69#define FLOW_OFFLOAD_DNAT 0x2
70#define FLOW_OFFLOAD_DYING 0x4
71#define FLOW_OFFLOAD_TEARDOWN 0x8
72
73struct flow_offload {
74 struct flow_offload_tuple_rhash tuplehash[FLOW_OFFLOAD_DIR_MAX];
75 u32 flags;
76 union {
77
78 u32 timeout;
79 };
80};
81
82#define NF_FLOW_TIMEOUT (30 * HZ)
83
84struct nf_flow_route {
85 struct {
86 struct dst_entry *dst;
87 int ifindex;
88 } tuple[FLOW_OFFLOAD_DIR_MAX];
89};
90
91struct flow_offload *flow_offload_alloc(struct nf_conn *ct,
92 struct nf_flow_route *route);
93void flow_offload_free(struct flow_offload *flow);
94
95int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow);
96struct flow_offload_tuple_rhash *flow_offload_lookup(struct nf_flowtable *flow_table,
97 struct flow_offload_tuple *tuple);
98int nf_flow_table_iterate(struct nf_flowtable *flow_table,
99 void (*iter)(struct flow_offload *flow, void *data),
100 void *data);
101
102void nf_flow_table_cleanup(struct net *net, struct net_device *dev);
103
104int nf_flow_table_init(struct nf_flowtable *flow_table);
105void nf_flow_table_free(struct nf_flowtable *flow_table);
106
107void flow_offload_teardown(struct flow_offload *flow);
108static inline void flow_offload_dead(struct flow_offload *flow)
109{
110 flow->flags |= FLOW_OFFLOAD_DYING;
111}
112
113int nf_flow_snat_port(const struct flow_offload *flow,
114 struct sk_buff *skb, unsigned int thoff,
115 u8 protocol, enum flow_offload_tuple_dir dir);
116int nf_flow_dnat_port(const struct flow_offload *flow,
117 struct sk_buff *skb, unsigned int thoff,
118 u8 protocol, enum flow_offload_tuple_dir dir);
119
120struct flow_ports {
121 __be16 source, dest;
122};
123
124unsigned int nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
125 const struct nf_hook_state *state);
126unsigned int nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb,
127 const struct nf_hook_state *state);
128
129#define MODULE_ALIAS_NF_FLOWTABLE(family) \
130 MODULE_ALIAS("nf-flowtable-" __stringify(family))
131
132#endif
133
