[mirror_ubuntu-jammy-kernel.git] / include / net / netfilter / nf_tables_offload.h

#ifndef _NET_NF_TABLES_OFFLOAD_H
#define _NET_NF_TABLES_OFFLOAD_H

#include <net/flow_offload.h>
#include <net/netfilter/nf_tables.h>

struct nft_offload_reg {
	u32		key;
	u32		len;
	u32		base_offset;
	u32		offset;
	struct nft_data data;
	struct nft_data	mask;
};

enum nft_offload_dep_type {
	NFT_OFFLOAD_DEP_UNSPEC	= 0,
	NFT_OFFLOAD_DEP_NETWORK,
	NFT_OFFLOAD_DEP_TRANSPORT,
};

struct nft_offload_ctx {
	struct {
		enum nft_offload_dep_type	type;
		__be16				l3num;
		u8				protonum;
	} dep;
	unsigned int				num_actions;
	struct net				*net;
	struct nft_offload_reg			regs[NFT_REG32_15 + 1];
};

void nft_offload_set_dependency(struct nft_offload_ctx *ctx,
				enum nft_offload_dep_type type);
void nft_offload_update_dependency(struct nft_offload_ctx *ctx,
				   const void *data, u32 len);

struct nft_flow_key {
	struct flow_dissector_key_basic			basic;
	struct flow_dissector_key_control		control;
	union {
		struct flow_dissector_key_ipv4_addrs	ipv4;
		struct flow_dissector_key_ipv6_addrs	ipv6;
	};
	struct flow_dissector_key_ports			tp;
	struct flow_dissector_key_ip			ip;
	struct flow_dissector_key_vlan			vlan;
	struct flow_dissector_key_vlan			cvlan;
	struct flow_dissector_key_eth_addrs		eth_addrs;
	struct flow_dissector_key_meta			meta;
} __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */

struct nft_flow_match {
	struct flow_dissector	dissector;
	struct nft_flow_key	key;
	struct nft_flow_key	mask;
};

struct nft_flow_rule {
	__be16			proto;
	struct nft_flow_match	match;
	struct flow_rule	*rule;
};

#define NFT_OFFLOAD_F_ACTION	(1 << 0)

void nft_flow_rule_set_addr_type(struct nft_flow_rule *flow,
				 enum flow_dissector_key_id addr_type);

struct nft_rule;
struct nft_flow_rule *nft_flow_rule_create(struct net *net, const struct nft_rule *rule);
void nft_flow_rule_destroy(struct nft_flow_rule *flow);
int nft_flow_rule_offload_commit(struct net *net);

#define NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg)		\
	(__reg)->base_offset	=					\
		offsetof(struct nft_flow_key, __base);			\
	(__reg)->offset		=					\
		offsetof(struct nft_flow_key, __base.__field);		\
	(__reg)->len		= __len;				\
	(__reg)->key		= __key;				\

#define NFT_OFFLOAD_MATCH_EXACT(__key, __base, __field, __len, __reg)	\
	NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg)		\
	memset(&(__reg)->mask, 0xff, (__reg)->len);

int nft_chain_offload_priority(struct nft_base_chain *basechain);

int nft_offload_init(void);
void nft_offload_exit(void);

#endif
Commit	Line	Data
c9626a2c PNA	1	#ifndef _NET_NF_TABLES_OFFLOAD_H
	2	#define _NET_NF_TABLES_OFFLOAD_H
	3
	4	#include <net/flow_offload.h>
	5	#include <net/netfilter/nf_tables.h>
	6
	7	struct nft_offload_reg {
	8	u32 key;
	9	u32 len;
	10	u32 base_offset;
	11	u32 offset;
43dd16ef	12	struct nft_data data;
c9626a2c PNA	13	struct nft_data mask;
	14	};
	15
	16	enum nft_offload_dep_type {
	17	NFT_OFFLOAD_DEP_UNSPEC = 0,
	18	NFT_OFFLOAD_DEP_NETWORK,
	19	NFT_OFFLOAD_DEP_TRANSPORT,
	20	};
	21
	22	struct nft_offload_ctx {
	23	struct {
	24	enum nft_offload_dep_type type;
	25	__be16 l3num;
	26	u8 protonum;
	27	} dep;
	28	unsigned int num_actions;
be2861dc	29	struct net *net;
c9626a2c PNA	30	struct nft_offload_reg regs[NFT_REG32_15 + 1];
	31	};
	32
	33	void nft_offload_set_dependency(struct nft_offload_ctx *ctx,
	34	enum nft_offload_dep_type type);
	35	void nft_offload_update_dependency(struct nft_offload_ctx *ctx,
	36	const void *data, u32 len);
	37
	38	struct nft_flow_key {
	39	struct flow_dissector_key_basic basic;
3c78e9e0	40	struct flow_dissector_key_control control;
c9626a2c PNA	41	union {
	42	struct flow_dissector_key_ipv4_addrs ipv4;
	43	struct flow_dissector_key_ipv6_addrs ipv6;
	44	};
	45	struct flow_dissector_key_ports tp;
	46	struct flow_dissector_key_ip ip;
	47	struct flow_dissector_key_vlan vlan;
14c20643	48	struct flow_dissector_key_vlan cvlan;
c9626a2c	49	struct flow_dissector_key_eth_addrs eth_addrs;
25da5eb3	50	struct flow_dissector_key_meta meta;
c9626a2c PNA	51	} __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
	52
	53	struct nft_flow_match {
	54	struct flow_dissector dissector;
	55	struct nft_flow_key key;
	56	struct nft_flow_key mask;
	57	};
	58
	59	struct nft_flow_rule {
	60	__be16 proto;
	61	struct nft_flow_match match;
	62	struct flow_rule *rule;
	63	};
	64
	65	#define NFT_OFFLOAD_F_ACTION (1 << 0)
	66
3c78e9e0 PNA	67	void nft_flow_rule_set_addr_type(struct nft_flow_rule *flow,
	68	enum flow_dissector_key_id addr_type);
	69
c9626a2c	70	struct nft_rule;
be2861dc	71	struct nft_flow_rule nft_flow_rule_create(struct net net, const struct nft_rule *rule);
c9626a2c PNA	72	void nft_flow_rule_destroy(struct nft_flow_rule *flow);
	73	int nft_flow_rule_offload_commit(struct net *net);
	74
	75	#define NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg) \
	76	(__reg)->base_offset = \
	77	offsetof(struct nft_flow_key, __base); \
	78	(__reg)->offset = \
	79	offsetof(struct nft_flow_key, __base.__field); \
	80	(__reg)->len = __len; \
	81	(__reg)->key = __key; \
a5d45bc0 PNA	82
	83	#define NFT_OFFLOAD_MATCH_EXACT(__key, __base, __field, __len, __reg) \
	84	NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg) \
c9626a2c PNA	85	memset(&(__reg)->mask, 0xff, (__reg)->len);
c9626a2c PNA	86
3bc158f8 PNA	87	int nft_chain_offload_priority(struct nft_base_chain *basechain);
3bc158f8 PNA	88
06d392cb	89	int nft_offload_init(void);
3474a2c6 PNA	90	void nft_offload_exit(void);
3474a2c6 PNA	91
c9626a2c	92	#endif