1 #ifndef _NET_NF_TABLES_OFFLOAD_H
2 #define _NET_NF_TABLES_OFFLOAD_H
3 
4 #include <net/flow_offload.h>
5 #include <net/netfilter/nf_tables.h>
6 
7 struct nft_offload_reg {
8 	u32		key;
9 	u32		len;
10 	u32		base_offset;
11 	u32		offset;
12 	struct nft_data data;
13 	struct nft_data	mask;
14 };
15 
16 enum nft_offload_dep_type {
17 	NFT_OFFLOAD_DEP_UNSPEC	= 0,
18 	NFT_OFFLOAD_DEP_NETWORK,
19 	NFT_OFFLOAD_DEP_TRANSPORT,
20 };
21 
22 struct nft_offload_ctx {
23 	struct {
24 		enum nft_offload_dep_type	type;
25 		__be16				l3num;
26 		u8				protonum;
27 	} dep;
28 	unsigned int				num_actions;
29 	struct net				*net;
30 	struct nft_offload_reg			regs[NFT_REG32_15 + 1];
31 };
32 
33 void nft_offload_set_dependency(struct nft_offload_ctx *ctx,
34 				enum nft_offload_dep_type type);
35 void nft_offload_update_dependency(struct nft_offload_ctx *ctx,
36 				   const void *data, u32 len);
37 
38 struct nft_flow_key {
39 	struct flow_dissector_key_basic			basic;
40 	struct flow_dissector_key_control		control;
41 	union {
42 		struct flow_dissector_key_ipv4_addrs	ipv4;
43 		struct flow_dissector_key_ipv6_addrs	ipv6;
44 	};
45 	struct flow_dissector_key_ports			tp;
46 	struct flow_dissector_key_ip			ip;
47 	struct flow_dissector_key_vlan			vlan;
48 	struct flow_dissector_key_eth_addrs		eth_addrs;
49 	struct flow_dissector_key_meta			meta;
50 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
51 
52 struct nft_flow_match {
53 	struct flow_dissector	dissector;
54 	struct nft_flow_key	key;
55 	struct nft_flow_key	mask;
56 };
57 
58 struct nft_flow_rule {
59 	__be16			proto;
60 	struct nft_flow_match	match;
61 	struct flow_rule	*rule;
62 };
63 
64 #define NFT_OFFLOAD_F_ACTION	(1 << 0)
65 
66 void nft_flow_rule_set_addr_type(struct nft_flow_rule *flow,
67 				 enum flow_dissector_key_id addr_type);
68 
69 struct nft_rule;
70 struct nft_flow_rule *nft_flow_rule_create(struct net *net, const struct nft_rule *rule);
71 void nft_flow_rule_destroy(struct nft_flow_rule *flow);
72 int nft_flow_rule_offload_commit(struct net *net);
73 
74 #define NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg)		\
75 	(__reg)->base_offset	=					\
76 		offsetof(struct nft_flow_key, __base);			\
77 	(__reg)->offset		=					\
78 		offsetof(struct nft_flow_key, __base.__field);		\
79 	(__reg)->len		= __len;				\
80 	(__reg)->key		= __key;				\
81 
82 #define NFT_OFFLOAD_MATCH_EXACT(__key, __base, __field, __len, __reg)	\
83 	NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg)		\
84 	memset(&(__reg)->mask, 0xff, (__reg)->len);
85 
86 int nft_chain_offload_priority(struct nft_base_chain *basechain);
87 
88 int nft_offload_init(void);
89 void nft_offload_exit(void);
90 
91 #endif
92