linux/include/net/netfilter/nf_tables_offload.h
<<
>>
Prefs 
   1#ifndef _NET_NF_TABLES_OFFLOAD_H
   2#define _NET_NF_TABLES_OFFLOAD_H
   3
   4#include <net/flow_offload.h>
   5#include <net/netfilter/nf_tables.h>
   6
   7struct nft_offload_reg {
   8        u32             key;
   9        u32             len;
  10        u32             base_offset;
  11        u32             offset;
  12        struct nft_data data;
  13        struct nft_data mask;
  14};
  15
  16enum nft_offload_dep_type {
  17        NFT_OFFLOAD_DEP_UNSPEC  = 0,
  18        NFT_OFFLOAD_DEP_NETWORK,
  19        NFT_OFFLOAD_DEP_TRANSPORT,
  20};
  21
  22struct nft_offload_ctx {
  23        struct {
  24                enum nft_offload_dep_type       type;
  25                __be16                          l3num;
  26                u8                              protonum;
  27        } dep;
  28        unsigned int                            num_actions;
  29        struct net                              *net;
  30        struct nft_offload_reg                  regs[NFT_REG32_15 + 1];
  31};
  32
  33void nft_offload_set_dependency(struct nft_offload_ctx *ctx,
  34                                enum nft_offload_dep_type type);
  35void nft_offload_update_dependency(struct nft_offload_ctx *ctx,
  36                                   const void *data, u32 len);
  37
  38struct nft_flow_key {
  39        struct flow_dissector_key_basic                 basic;
  40        union {
  41                struct flow_dissector_key_ipv4_addrs    ipv4;
  42                struct flow_dissector_key_ipv6_addrs    ipv6;
  43        };
  44        struct flow_dissector_key_ports                 tp;
  45        struct flow_dissector_key_ip                    ip;
  46        struct flow_dissector_key_vlan                  vlan;
  47        struct flow_dissector_key_eth_addrs             eth_addrs;
  48} __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
  49
  50struct nft_flow_match {
  51        struct flow_dissector   dissector;
  52        struct nft_flow_key     key;
  53        struct nft_flow_key     mask;
  54};
  55
  56struct nft_flow_rule {
  57        __be16                  proto;
  58        struct nft_flow_match   match;
  59        struct flow_rule        *rule;
  60};
  61
  62#define NFT_OFFLOAD_F_ACTION    (1 << 0)
  63
  64struct nft_rule;
  65struct nft_flow_rule *nft_flow_rule_create(struct net *net, const struct nft_rule *rule);
  66void nft_flow_rule_destroy(struct nft_flow_rule *flow);
  67int nft_flow_rule_offload_commit(struct net *net);
  68
  69#define NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg)         \
  70        (__reg)->base_offset    =                                       \
  71                offsetof(struct nft_flow_key, __base);                  \
  72        (__reg)->offset         =                                       \
  73                offsetof(struct nft_flow_key, __base.__field);          \
  74        (__reg)->len            = __len;                                \
  75        (__reg)->key            = __key;                                \
  76        memset(&(__reg)->mask, 0xff, (__reg)->len);
  77
  78int nft_chain_offload_priority(struct nft_base_chain *basechain);
  79
  80int nft_offload_init(void);
  81void nft_offload_exit(void);
  82
  83#endif
  84
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.