include/net/netfilter/nf_tables_offload.h - third_party/kernel - Git at Google

 #ifndef _NET_NF_TABLES_OFFLOAD_H
 #define _NET_NF_TABLES_OFFLOAD_H

 #include <net/flow_offload.h>
 #include <net/netfilter/nf_tables.h>

 struct nft_offload_reg {
 	u32		key;
 	u32		len;
 	u32		base_offset;
 	u32		offset;
 	struct nft_data data;
 	struct nft_data	mask;
 };

 enum nft_offload_dep_type {
 	NFT_OFFLOAD_DEP_UNSPEC	= 0,
 	NFT_OFFLOAD_DEP_NETWORK,
 	NFT_OFFLOAD_DEP_TRANSPORT,
 };

 struct nft_offload_ctx {
 	struct {
 		enum nft_offload_dep_type	type;
 		__be16				l3num;
 		u8				protonum;
 	} dep;
 	unsigned int				num_actions;
 	struct net				*net;
 	struct nft_offload_reg			regs[NFT_REG32_15 + 1];
 };

 void nft_offload_set_dependency(struct nft_offload_ctx *ctx,
 				enum nft_offload_dep_type type);
 void nft_offload_update_dependency(struct nft_offload_ctx *ctx,
 				   const void *data, u32 len);

 struct nft_flow_key {
 	struct flow_dissector_key_basic			basic;
 	struct flow_dissector_key_control		control;
 	union {
 		struct flow_dissector_key_ipv4_addrs	ipv4;
 		struct flow_dissector_key_ipv6_addrs	ipv6;
 	};
 	struct flow_dissector_key_ports			tp;
 	struct flow_dissector_key_ip			ip;
 	struct flow_dissector_key_vlan			vlan;
 	struct flow_dissector_key_eth_addrs		eth_addrs;
 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */

 struct nft_flow_match {
 	struct flow_dissector	dissector;
 	struct nft_flow_key	key;
 	struct nft_flow_key	mask;
 };

 struct nft_flow_rule {
 	__be16			proto;
 	struct nft_flow_match	match;
 	struct flow_rule	*rule;
 };

 void nft_flow_rule_set_addr_type(struct nft_flow_rule *flow,
 				 enum flow_dissector_key_id addr_type);

 struct nft_rule;
 struct nft_flow_rule *nft_flow_rule_create(struct net *net, const struct nft_rule *rule);
 void nft_flow_rule_destroy(struct nft_flow_rule *flow);
 int nft_flow_rule_offload_commit(struct net *net);

 #define NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg)		\
 	(__reg)->base_offset	=					\
 		offsetof(struct nft_flow_key, __base);			\
 	(__reg)->offset		=					\
 		offsetof(struct nft_flow_key, __base.__field);		\
 	(__reg)->len		= __len;				\
 	(__reg)->key		= __key;				\
 	memset(&(__reg)->mask, 0xff, (__reg)->len);

 int nft_chain_offload_priority(struct nft_base_chain *basechain);

 int nft_offload_init(void);
 void nft_offload_exit(void);

 #endif
	#ifndef _NET_NF_TABLES_OFFLOAD_H
	#define _NET_NF_TABLES_OFFLOAD_H

	#include <net/flow_offload.h>
	#include <net/netfilter/nf_tables.h>

	struct nft_offload_reg {
	u32 key;
	u32 len;
	u32 base_offset;
	u32 offset;
	struct nft_data data;
	struct nft_data mask;
	};

	enum nft_offload_dep_type {
	NFT_OFFLOAD_DEP_UNSPEC = 0,
	NFT_OFFLOAD_DEP_NETWORK,
	NFT_OFFLOAD_DEP_TRANSPORT,
	};

	struct nft_offload_ctx {
	struct {
	enum nft_offload_dep_type type;
	__be16 l3num;
	u8 protonum;
	} dep;
	unsigned int num_actions;
	struct net *net;
	struct nft_offload_reg regs[NFT_REG32_15 + 1];
	};

	void nft_offload_set_dependency(struct nft_offload_ctx *ctx,
	enum nft_offload_dep_type type);
	void nft_offload_update_dependency(struct nft_offload_ctx *ctx,
	const void *data, u32 len);

	struct nft_flow_key {
	struct flow_dissector_key_basic basic;
	struct flow_dissector_key_control control;
	union {
	struct flow_dissector_key_ipv4_addrs ipv4;
	struct flow_dissector_key_ipv6_addrs ipv6;
	};
	struct flow_dissector_key_ports tp;
	struct flow_dissector_key_ip ip;
	struct flow_dissector_key_vlan vlan;
	struct flow_dissector_key_eth_addrs eth_addrs;
	} __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */

	struct nft_flow_match {
	struct flow_dissector dissector;
	struct nft_flow_key key;
	struct nft_flow_key mask;
	};

	struct nft_flow_rule {
	__be16 proto;
	struct nft_flow_match match;
	struct flow_rule *rule;
	};

	void nft_flow_rule_set_addr_type(struct nft_flow_rule *flow,
	enum flow_dissector_key_id addr_type);

	struct nft_rule;
	struct nft_flow_rule nft_flow_rule_create(struct net net, const struct nft_rule *rule);
	void nft_flow_rule_destroy(struct nft_flow_rule *flow);
	int nft_flow_rule_offload_commit(struct net *net);

	#define NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg) \
	(__reg)->base_offset = \
	offsetof(struct nft_flow_key, __base); \
	(__reg)->offset = \
	offsetof(struct nft_flow_key, __base.__field); \
	(__reg)->len = __len; \
	(__reg)->key = __key; \
	memset(&(__reg)->mask, 0xff, (__reg)->len);

	int nft_chain_offload_priority(struct nft_base_chain *basechain);

	int nft_offload_init(void);
	void nft_offload_exit(void);

	#endif