1#ifndef _NF_FLOW_TABLE_H
2#define _NF_FLOW_TABLE_H
3
4#include <linux/in.h>
5#include <linux/in6.h>
6#include <linux/netdevice.h>
7#include <linux/rhashtable.h>
8#include <linux/rcupdate.h>
9#include <net/dst.h>
10
11struct nf_flowtable;
12
13struct nf_flowtable_type {
14 struct list_head list;
15 int family;
16 void (*gc)(struct work_struct *work);
17 void (*free)(struct nf_flowtable *ft);
18 const struct rhashtable_params *params;
19 nf_hookfn *hook;
20 struct module *owner;
21};
22
23struct nf_flowtable {
24 struct rhashtable rhashtable;
25 const struct nf_flowtable_type *type;
26 struct delayed_work gc_work;
27};
28
29enum flow_offload_tuple_dir {
30 FLOW_OFFLOAD_DIR_ORIGINAL,
31 FLOW_OFFLOAD_DIR_REPLY,
32 __FLOW_OFFLOAD_DIR_MAX = FLOW_OFFLOAD_DIR_REPLY,
33};
34#define FLOW_OFFLOAD_DIR_MAX (__FLOW_OFFLOAD_DIR_MAX + 1)
35
36struct flow_offload_tuple {
37 union {
38 struct in_addr src_v4;
39 struct in6_addr src_v6;
40 };
41 union {
42 struct in_addr dst_v4;
43 struct in6_addr dst_v6;
44 };
45 struct {
46 __be16 src_port;
47 __be16 dst_port;
48 };
49
50 int iifidx;
51
52 u8 l3proto;
53 u8 l4proto;
54 u8 dir;
55
56 int oifidx;
57
58 struct dst_entry *dst_cache;
59};
60
61struct flow_offload_tuple_rhash {
62 struct rhash_head node;
63 struct flow_offload_tuple tuple;
64};
65
66#define FLOW_OFFLOAD_SNAT 0x1
67#define FLOW_OFFLOAD_DNAT 0x2
68#define FLOW_OFFLOAD_DYING 0x4
69
70struct flow_offload {
71 struct flow_offload_tuple_rhash tuplehash[FLOW_OFFLOAD_DIR_MAX];
72 u32 flags;
73 union {
74
75 u32 timeout;
76 };
77};
78
79#define NF_FLOW_TIMEOUT (30 * HZ)
80
81struct nf_flow_route {
82 struct {
83 struct dst_entry *dst;
84 int ifindex;
85 } tuple[FLOW_OFFLOAD_DIR_MAX];
86};
87
88struct flow_offload *flow_offload_alloc(struct nf_conn *ct,
89 struct nf_flow_route *route);
90void flow_offload_free(struct flow_offload *flow);
91
92int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow);
93struct flow_offload_tuple_rhash *flow_offload_lookup(struct nf_flowtable *flow_table,
94 struct flow_offload_tuple *tuple);
95int nf_flow_table_iterate(struct nf_flowtable *flow_table,
96 void (*iter)(struct flow_offload *flow, void *data),
97 void *data);
98
99void nf_flow_table_cleanup(struct net *net, struct net_device *dev);
100
101void nf_flow_table_free(struct nf_flowtable *flow_table);
102void nf_flow_offload_work_gc(struct work_struct *work);
103extern const struct rhashtable_params nf_flow_offload_rhash_params;
104
105void flow_offload_dead(struct flow_offload *flow);
106
107int nf_flow_snat_port(const struct flow_offload *flow,
108 struct sk_buff *skb, unsigned int thoff,
109 u8 protocol, enum flow_offload_tuple_dir dir);
110int nf_flow_dnat_port(const struct flow_offload *flow,
111 struct sk_buff *skb, unsigned int thoff,
112 u8 protocol, enum flow_offload_tuple_dir dir);
113
114struct flow_ports {
115 __be16 source, dest;
116};
117
118unsigned int nf_flow_offload_ip_hook(void *priv, struct sk_buff *skb,
119 const struct nf_hook_state *state);
120unsigned int nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb,
121 const struct nf_hook_state *state);
122
123#define MODULE_ALIAS_NF_FLOWTABLE(family) \
124 MODULE_ALIAS("nf-flowtable-" __stringify(family))
125
126#endif
127
