linux/include/net/netfilter/nf_tables_core.h
<<
>>
Prefs 
   1/* SPDX-License-Identifier: GPL-2.0 */
   2#ifndef _NET_NF_TABLES_CORE_H
   3#define _NET_NF_TABLES_CORE_H
   4
   5#include <net/netfilter/nf_tables.h>
   6#include <linux/indirect_call_wrapper.h>
   7
   8extern struct nft_expr_type nft_imm_type;
   9extern struct nft_expr_type nft_cmp_type;
  10extern struct nft_expr_type nft_counter_type;
  11extern struct nft_expr_type nft_lookup_type;
  12extern struct nft_expr_type nft_bitwise_type;
  13extern struct nft_expr_type nft_byteorder_type;
  14extern struct nft_expr_type nft_payload_type;
  15extern struct nft_expr_type nft_dynset_type;
  16extern struct nft_expr_type nft_range_type;
  17extern struct nft_expr_type nft_meta_type;
  18extern struct nft_expr_type nft_rt_type;
  19extern struct nft_expr_type nft_exthdr_type;
  20extern struct nft_expr_type nft_last_type;
  21
  22#ifdef CONFIG_NETWORK_SECMARK
  23extern struct nft_object_type nft_secmark_obj_type;
  24#endif
  25extern struct nft_object_type nft_counter_obj_type;
  26
  27int nf_tables_core_module_init(void);
  28void nf_tables_core_module_exit(void);
  29
  30struct nft_bitwise_fast_expr {
  31        u32                     mask;
  32        u32                     xor;
  33        u8                      sreg;
  34        u8                      dreg;
  35};
  36
  37struct nft_cmp_fast_expr {
  38        u32                     data;
  39        u32                     mask;
  40        u8                      sreg;
  41        u8                      len;
  42        bool                    inv;
  43};
  44
  45struct nft_cmp16_fast_expr {
  46        struct nft_data         data;
  47        struct nft_data         mask;
  48        u8                      sreg;
  49        u8                      len;
  50        bool                    inv;
  51};
  52
  53struct nft_immediate_expr {
  54        struct nft_data         data;
  55        u8                      dreg;
  56        u8                      dlen;
  57};
  58
  59/* Calculate the mask for the nft_cmp_fast expression. On big endian the
  60 * mask needs to include the *upper* bytes when interpreting that data as
  61 * something smaller than the full u32, therefore a cpu_to_le32 is done.
  62 */
  63static inline u32 nft_cmp_fast_mask(unsigned int len)
  64{
  65        return cpu_to_le32(~0U >> (sizeof_field(struct nft_cmp_fast_expr,
  66                                                data) * BITS_PER_BYTE - len));
  67}
  68
  69extern const struct nft_expr_ops nft_cmp_fast_ops;
  70extern const struct nft_expr_ops nft_cmp16_fast_ops;
  71
  72struct nft_payload {
  73        enum nft_payload_bases  base:8;
  74        u8                      offset;
  75        u8                      len;
  76        u8                      dreg;
  77};
  78
  79struct nft_payload_set {
  80        enum nft_payload_bases  base:8;
  81        u8                      offset;
  82        u8                      len;
  83        u8                      sreg;
  84        u8                      csum_type;
  85        u8                      csum_offset;
  86        u8                      csum_flags;
  87};
  88
  89extern const struct nft_expr_ops nft_payload_fast_ops;
  90
  91extern const struct nft_expr_ops nft_bitwise_fast_ops;
  92
  93extern struct static_key_false nft_counters_enabled;
  94extern struct static_key_false nft_trace_enabled;
  95
  96extern const struct nft_set_type nft_set_rhash_type;
  97extern const struct nft_set_type nft_set_hash_type;
  98extern const struct nft_set_type nft_set_hash_fast_type;
  99extern const struct nft_set_type nft_set_rbtree_type;
 100extern const struct nft_set_type nft_set_bitmap_type;
 101extern const struct nft_set_type nft_set_pipapo_type;
 102extern const struct nft_set_type nft_set_pipapo_avx2_type;
 103
 104#ifdef CONFIG_RETPOLINE
 105bool nft_rhash_lookup(const struct net *net, const struct nft_set *set,
 106                      const u32 *key, const struct nft_set_ext **ext);
 107bool nft_rbtree_lookup(const struct net *net, const struct nft_set *set,
 108                       const u32 *key, const struct nft_set_ext **ext);
 109bool nft_bitmap_lookup(const struct net *net, const struct nft_set *set,
 110                       const u32 *key, const struct nft_set_ext **ext);
 111bool nft_hash_lookup_fast(const struct net *net,
 112                          const struct nft_set *set,
 113                          const u32 *key, const struct nft_set_ext **ext);
 114bool nft_hash_lookup(const struct net *net, const struct nft_set *set,
 115                     const u32 *key, const struct nft_set_ext **ext);
 116bool nft_set_do_lookup(const struct net *net, const struct nft_set *set,
 117                       const u32 *key, const struct nft_set_ext **ext);
 118#else
 119static inline bool
 120nft_set_do_lookup(const struct net *net, const struct nft_set *set,
 121                  const u32 *key, const struct nft_set_ext **ext)
 122{
 123        return set->ops->lookup(net, set, key, ext);
 124}
 125#endif
 126
 127/* called from nft_pipapo_avx2.c */
 128bool nft_pipapo_lookup(const struct net *net, const struct nft_set *set,
 129                       const u32 *key, const struct nft_set_ext **ext);
 130/* called from nft_set_pipapo.c */
 131bool nft_pipapo_avx2_lookup(const struct net *net, const struct nft_set *set,
 132                            const u32 *key, const struct nft_set_ext **ext);
 133
 134void nft_counter_init_seqcount(void);
 135
 136struct nft_expr;
 137struct nft_regs;
 138struct nft_pktinfo;
 139void nft_meta_get_eval(const struct nft_expr *expr,
 140                       struct nft_regs *regs, const struct nft_pktinfo *pkt);
 141void nft_cmp_eval(const struct nft_expr *expr,
 142                  struct nft_regs *regs, const struct nft_pktinfo *pkt);
 143void nft_lookup_eval(const struct nft_expr *expr,
 144                     struct nft_regs *regs, const struct nft_pktinfo *pkt);
 145void nft_payload_eval(const struct nft_expr *expr,
 146                      struct nft_regs *regs, const struct nft_pktinfo *pkt);
 147void nft_immediate_eval(const struct nft_expr *expr,
 148                        struct nft_regs *regs, const struct nft_pktinfo *pkt);
 149void nft_bitwise_eval(const struct nft_expr *expr,
 150                      struct nft_regs *regs, const struct nft_pktinfo *pkt);
 151void nft_range_eval(const struct nft_expr *expr,
 152                    struct nft_regs *regs, const struct nft_pktinfo *pkt);
 153void nft_byteorder_eval(const struct nft_expr *expr,
 154                        struct nft_regs *regs, const struct nft_pktinfo *pkt);
 155void nft_dynset_eval(const struct nft_expr *expr,
 156                     struct nft_regs *regs, const struct nft_pktinfo *pkt);
 157void nft_rt_get_eval(const struct nft_expr *expr,
 158                     struct nft_regs *regs, const struct nft_pktinfo *pkt);
 159void nft_counter_eval(const struct nft_expr *expr, struct nft_regs *regs,
 160                      const struct nft_pktinfo *pkt);
 161#endif /* _NET_NF_TABLES_CORE_H */
 162
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.