Warning: This file is not a C or C++ file. It does not have highlighting.
| 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
|---|---|
| 2 | #ifndef _NET_NF_TABLES_CORE_H |
| 3 | #define _NET_NF_TABLES_CORE_H |
| 4 | |
| 5 | #include <net/netfilter/nf_tables.h> |
| 6 | #include <linux/indirect_call_wrapper.h> |
| 7 | |
| 8 | extern struct nft_expr_type nft_imm_type; |
| 9 | extern struct nft_expr_type nft_cmp_type; |
| 10 | extern struct nft_expr_type nft_counter_type; |
| 11 | extern struct nft_expr_type nft_lookup_type; |
| 12 | extern struct nft_expr_type nft_bitwise_type; |
| 13 | extern struct nft_expr_type nft_byteorder_type; |
| 14 | extern struct nft_expr_type nft_payload_type; |
| 15 | extern struct nft_expr_type nft_dynset_type; |
| 16 | extern struct nft_expr_type nft_range_type; |
| 17 | extern struct nft_expr_type nft_meta_type; |
| 18 | extern struct nft_expr_type nft_rt_type; |
| 19 | extern struct nft_expr_type nft_exthdr_type; |
| 20 | extern struct nft_expr_type nft_last_type; |
| 21 | extern struct nft_expr_type nft_objref_type; |
| 22 | extern struct nft_expr_type nft_inner_type; |
| 23 | |
| 24 | #ifdef CONFIG_NETWORK_SECMARK |
| 25 | extern struct nft_object_type nft_secmark_obj_type; |
| 26 | #endif |
| 27 | extern struct nft_object_type nft_counter_obj_type; |
| 28 | |
| 29 | int nf_tables_core_module_init(void); |
| 30 | void nf_tables_core_module_exit(void); |
| 31 | |
| 32 | struct nft_bitwise_fast_expr { |
| 33 | u32 mask; |
| 34 | u32 xor; |
| 35 | u8 sreg; |
| 36 | u8 dreg; |
| 37 | }; |
| 38 | |
| 39 | struct nft_cmp_fast_expr { |
| 40 | u32 data; |
| 41 | u32 mask; |
| 42 | u8 sreg; |
| 43 | u8 len; |
| 44 | bool inv; |
| 45 | }; |
| 46 | |
| 47 | struct nft_cmp16_fast_expr { |
| 48 | struct nft_data data; |
| 49 | struct nft_data mask; |
| 50 | u8 sreg; |
| 51 | u8 len; |
| 52 | bool inv; |
| 53 | }; |
| 54 | |
| 55 | struct nft_immediate_expr { |
| 56 | struct nft_data data; |
| 57 | u8 dreg; |
| 58 | u8 dlen; |
| 59 | }; |
| 60 | |
| 61 | extern const struct nft_expr_ops nft_cmp_fast_ops; |
| 62 | extern const struct nft_expr_ops nft_cmp16_fast_ops; |
| 63 | |
| 64 | struct nft_ct { |
| 65 | enum nft_ct_keys key:8; |
| 66 | enum ip_conntrack_dir dir:8; |
| 67 | u8 len; |
| 68 | union { |
| 69 | u8 dreg; |
| 70 | u8 sreg; |
| 71 | }; |
| 72 | }; |
| 73 | |
| 74 | struct nft_payload { |
| 75 | enum nft_payload_bases base:8; |
| 76 | u8 offset; |
| 77 | u8 len; |
| 78 | u8 dreg; |
| 79 | }; |
| 80 | |
| 81 | extern const struct nft_expr_ops nft_payload_fast_ops; |
| 82 | |
| 83 | extern const struct nft_expr_ops nft_bitwise_fast_ops; |
| 84 | |
| 85 | extern struct static_key_false nft_counters_enabled; |
| 86 | extern struct static_key_false nft_trace_enabled; |
| 87 | |
| 88 | extern const struct nft_set_type nft_set_rhash_type; |
| 89 | extern const struct nft_set_type nft_set_hash_type; |
| 90 | extern const struct nft_set_type nft_set_hash_fast_type; |
| 91 | extern const struct nft_set_type nft_set_rbtree_type; |
| 92 | extern const struct nft_set_type nft_set_bitmap_type; |
| 93 | extern const struct nft_set_type nft_set_pipapo_type; |
| 94 | extern const struct nft_set_type nft_set_pipapo_avx2_type; |
| 95 | |
| 96 | #ifdef CONFIG_MITIGATION_RETPOLINE |
| 97 | bool nft_rhash_lookup(const struct net *net, const struct nft_set *set, |
| 98 | const u32 *key, const struct nft_set_ext **ext); |
| 99 | bool nft_rbtree_lookup(const struct net *net, const struct nft_set *set, |
| 100 | const u32 *key, const struct nft_set_ext **ext); |
| 101 | bool nft_bitmap_lookup(const struct net *net, const struct nft_set *set, |
| 102 | const u32 *key, const struct nft_set_ext **ext); |
| 103 | bool nft_hash_lookup_fast(const struct net *net, |
| 104 | const struct nft_set *set, |
| 105 | const u32 *key, const struct nft_set_ext **ext); |
| 106 | bool nft_hash_lookup(const struct net *net, const struct nft_set *set, |
| 107 | const u32 *key, const struct nft_set_ext **ext); |
| 108 | bool nft_set_do_lookup(const struct net *net, const struct nft_set *set, |
| 109 | const u32 *key, const struct nft_set_ext **ext); |
| 110 | #else |
| 111 | static inline bool |
| 112 | nft_set_do_lookup(const struct net *net, const struct nft_set *set, |
| 113 | const u32 *key, const struct nft_set_ext **ext) |
| 114 | { |
| 115 | return set->ops->lookup(net, set, key, ext); |
| 116 | } |
| 117 | #endif |
| 118 | |
| 119 | /* called from nft_pipapo_avx2.c */ |
| 120 | bool nft_pipapo_lookup(const struct net *net, const struct nft_set *set, |
| 121 | const u32 *key, const struct nft_set_ext **ext); |
| 122 | /* called from nft_set_pipapo.c */ |
| 123 | bool nft_pipapo_avx2_lookup(const struct net *net, const struct nft_set *set, |
| 124 | const u32 *key, const struct nft_set_ext **ext); |
| 125 | |
| 126 | void nft_counter_init_seqcount(void); |
| 127 | |
| 128 | struct nft_expr; |
| 129 | struct nft_regs; |
| 130 | struct nft_pktinfo; |
| 131 | void nft_meta_get_eval(const struct nft_expr *expr, |
| 132 | struct nft_regs *regs, const struct nft_pktinfo *pkt); |
| 133 | void nft_cmp_eval(const struct nft_expr *expr, |
| 134 | struct nft_regs *regs, const struct nft_pktinfo *pkt); |
| 135 | void nft_lookup_eval(const struct nft_expr *expr, |
| 136 | struct nft_regs *regs, const struct nft_pktinfo *pkt); |
| 137 | void nft_payload_eval(const struct nft_expr *expr, |
| 138 | struct nft_regs *regs, const struct nft_pktinfo *pkt); |
| 139 | void nft_immediate_eval(const struct nft_expr *expr, |
| 140 | struct nft_regs *regs, const struct nft_pktinfo *pkt); |
| 141 | void nft_bitwise_eval(const struct nft_expr *expr, |
| 142 | struct nft_regs *regs, const struct nft_pktinfo *pkt); |
| 143 | void nft_range_eval(const struct nft_expr *expr, |
| 144 | struct nft_regs *regs, const struct nft_pktinfo *pkt); |
| 145 | void nft_byteorder_eval(const struct nft_expr *expr, |
| 146 | struct nft_regs *regs, const struct nft_pktinfo *pkt); |
| 147 | void nft_dynset_eval(const struct nft_expr *expr, |
| 148 | struct nft_regs *regs, const struct nft_pktinfo *pkt); |
| 149 | void nft_rt_get_eval(const struct nft_expr *expr, |
| 150 | struct nft_regs *regs, const struct nft_pktinfo *pkt); |
| 151 | void nft_counter_eval(const struct nft_expr *expr, struct nft_regs *regs, |
| 152 | const struct nft_pktinfo *pkt); |
| 153 | void nft_ct_get_fast_eval(const struct nft_expr *expr, |
| 154 | struct nft_regs *regs, const struct nft_pktinfo *pkt); |
| 155 | |
| 156 | enum { |
| 157 | NFT_PAYLOAD_CTX_INNER_TUN = (1 << 0), |
| 158 | NFT_PAYLOAD_CTX_INNER_LL = (1 << 1), |
| 159 | NFT_PAYLOAD_CTX_INNER_NH = (1 << 2), |
| 160 | NFT_PAYLOAD_CTX_INNER_TH = (1 << 3), |
| 161 | }; |
| 162 | |
| 163 | struct nft_inner_tun_ctx { |
| 164 | u16 type; |
| 165 | u16 inner_tunoff; |
| 166 | u16 inner_lloff; |
| 167 | u16 inner_nhoff; |
| 168 | u16 inner_thoff; |
| 169 | __be16 llproto; |
| 170 | u8 l4proto; |
| 171 | u8 flags; |
| 172 | }; |
| 173 | |
| 174 | int nft_payload_inner_offset(const struct nft_pktinfo *pkt); |
| 175 | void nft_payload_inner_eval(const struct nft_expr *expr, struct nft_regs *regs, |
| 176 | const struct nft_pktinfo *pkt, |
| 177 | struct nft_inner_tun_ctx *ctx); |
| 178 | |
| 179 | void nft_objref_eval(const struct nft_expr *expr, struct nft_regs *regs, |
| 180 | const struct nft_pktinfo *pkt); |
| 181 | void nft_objref_map_eval(const struct nft_expr *expr, struct nft_regs *regs, |
| 182 | const struct nft_pktinfo *pkt); |
| 183 | #endif /* _NET_NF_TABLES_CORE_H */ |
| 184 |
Warning: This file is not a C or C++ file. It does not have highlighting.