1 #ifndef _NET_NF_TABLES_OFFLOAD_H
2 #define _NET_NF_TABLES_OFFLOAD_H
4 #include <net/flow_offload.h>
5 #include <net/netfilter/nf_tables.h>
7 enum nft_offload_reg_flags
{
8 NFT_OFFLOAD_F_NETWORK2HOST
= (1 << 0),
11 struct nft_offload_reg
{
21 enum nft_offload_dep_type
{
22 NFT_OFFLOAD_DEP_UNSPEC
= 0,
23 NFT_OFFLOAD_DEP_NETWORK
,
24 NFT_OFFLOAD_DEP_TRANSPORT
,
27 struct nft_offload_ctx
{
29 enum nft_offload_dep_type type
;
33 unsigned int num_actions
;
35 struct nft_offload_reg regs
[NFT_REG32_15
+ 1];
38 void nft_offload_set_dependency(struct nft_offload_ctx
*ctx
,
39 enum nft_offload_dep_type type
);
40 void nft_offload_update_dependency(struct nft_offload_ctx
*ctx
,
41 const void *data
, u32 len
);
44 struct flow_dissector_key_basic basic
;
45 struct flow_dissector_key_control control
;
47 struct flow_dissector_key_ipv4_addrs ipv4
;
48 struct flow_dissector_key_ipv6_addrs ipv6
;
50 struct flow_dissector_key_ports tp
;
51 struct flow_dissector_key_ip ip
;
52 struct flow_dissector_key_vlan vlan
;
53 struct flow_dissector_key_vlan cvlan
;
54 struct flow_dissector_key_eth_addrs eth_addrs
;
55 struct flow_dissector_key_meta meta
;
56 } __aligned(BITS_PER_LONG
/ 8); /* Ensure that we can do comparisons as longs. */
58 struct nft_flow_match
{
59 struct flow_dissector dissector
;
60 struct nft_flow_key key
;
61 struct nft_flow_key mask
;
64 struct nft_flow_rule
{
66 struct nft_flow_match match
;
67 struct flow_rule
*rule
;
70 void nft_flow_rule_set_addr_type(struct nft_flow_rule
*flow
,
71 enum flow_dissector_key_id addr_type
);
74 struct nft_flow_rule
*nft_flow_rule_create(struct net
*net
, const struct nft_rule
*rule
);
75 int nft_flow_rule_stats(const struct nft_chain
*chain
, const struct nft_rule
*rule
);
76 void nft_flow_rule_destroy(struct nft_flow_rule
*flow
);
77 int nft_flow_rule_offload_commit(struct net
*net
);
79 #define NFT_OFFLOAD_MATCH_FLAGS(__key, __base, __field, __len, __reg, __flags) \
80 (__reg)->base_offset = \
81 offsetof(struct nft_flow_key, __base); \
83 offsetof(struct nft_flow_key, __base.__field); \
84 (__reg)->len = __len; \
85 (__reg)->key = __key; \
86 (__reg)->flags = __flags;
88 #define NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg) \
89 NFT_OFFLOAD_MATCH_FLAGS(__key, __base, __field, __len, __reg, 0)
91 #define NFT_OFFLOAD_MATCH_EXACT(__key, __base, __field, __len, __reg) \
92 NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg) \
93 memset(&(__reg)->mask, 0xff, (__reg)->len);
95 int nft_chain_offload_priority(struct nft_base_chain
*basechain
);
97 int nft_offload_init(void);
98 void nft_offload_exit(void);