]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blob - include/net/netfilter/nf_tables_offload.h
projects / mirror_ubuntu-jammy-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
netfilter: nftables: counter hardware offload support
[mirror_ubuntu-jammy-kernel.git] / include / net / netfilter / nf_tables_offload.h
1 #ifndef _NET_NF_TABLES_OFFLOAD_H
2 #define _NET_NF_TABLES_OFFLOAD_H
3
4 #include <net/flow_offload.h>
5 #include <net/netfilter/nf_tables.h>
6
7 enum nft_offload_reg_flags {
8 NFT_OFFLOAD_F_NETWORK2HOST = (1 << 0),
9 };
10
11 struct nft_offload_reg {
12 u32 key;
13 u32 len;
14 u32 base_offset;
15 u32 offset;
16 u32 flags;
17 struct nft_data data;
18 struct nft_data mask;
19 };
20
21 enum nft_offload_dep_type {
22 NFT_OFFLOAD_DEP_UNSPEC = 0,
23 NFT_OFFLOAD_DEP_NETWORK,
24 NFT_OFFLOAD_DEP_TRANSPORT,
25 };
26
27 struct nft_offload_ctx {
28 struct {
29 enum nft_offload_dep_type type;
30 __be16 l3num;
31 u8 protonum;
32 } dep;
33 unsigned int num_actions;
34 struct net *net;
35 struct nft_offload_reg regs[NFT_REG32_15 + 1];
36 };
37
38 void nft_offload_set_dependency(struct nft_offload_ctx *ctx,
39 enum nft_offload_dep_type type);
40 void nft_offload_update_dependency(struct nft_offload_ctx *ctx,
41 const void *data, u32 len);
42
43 struct nft_flow_key {
44 struct flow_dissector_key_basic basic;
45 struct flow_dissector_key_control control;
46 union {
47 struct flow_dissector_key_ipv4_addrs ipv4;
48 struct flow_dissector_key_ipv6_addrs ipv6;
49 };
50 struct flow_dissector_key_ports tp;
51 struct flow_dissector_key_ip ip;
52 struct flow_dissector_key_vlan vlan;
53 struct flow_dissector_key_vlan cvlan;
54 struct flow_dissector_key_eth_addrs eth_addrs;
55 struct flow_dissector_key_meta meta;
56 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */
57
58 struct nft_flow_match {
59 struct flow_dissector dissector;
60 struct nft_flow_key key;
61 struct nft_flow_key mask;
62 };
63
64 struct nft_flow_rule {
65 __be16 proto;
66 struct nft_flow_match match;
67 struct flow_rule *rule;
68 };
69
70 #define NFT_OFFLOAD_F_ACTION (1 << 0)
71
72 void nft_flow_rule_set_addr_type(struct nft_flow_rule *flow,
73 enum flow_dissector_key_id addr_type);
74
75 struct nft_rule;
76 struct nft_flow_rule *nft_flow_rule_create(struct net *net, const struct nft_rule *rule);
77 int nft_flow_rule_stats(const struct nft_chain *chain, const struct nft_rule *rule);
78 void nft_flow_rule_destroy(struct nft_flow_rule *flow);
79 int nft_flow_rule_offload_commit(struct net *net);
80
81 #define NFT_OFFLOAD_MATCH_FLAGS(__key, __base, __field, __len, __reg, __flags) \
82 (__reg)->base_offset = \
83 offsetof(struct nft_flow_key, __base); \
84 (__reg)->offset = \
85 offsetof(struct nft_flow_key, __base.__field); \
86 (__reg)->len = __len; \
87 (__reg)->key = __key; \
88 (__reg)->flags = __flags;
89
90 #define NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg) \
91 NFT_OFFLOAD_MATCH_FLAGS(__key, __base, __field, __len, __reg, 0)
92
93 #define NFT_OFFLOAD_MATCH_EXACT(__key, __base, __field, __len, __reg) \
94 NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg) \
95 memset(&(__reg)->mask, 0xff, (__reg)->len);
96
97 int nft_chain_offload_priority(struct nft_base_chain *basechain);
98
99 int nft_offload_init(void);
100 void nft_offload_exit(void);
101
102 #endif
Ubuntu Jammy Linux kernel mirror