2007-12-05 02:24:48 -07:00
|
|
|
#ifndef _NF_QUEUE_H
|
|
|
|
|
#define _NF_QUEUE_H
|
|
|
|
|
|
2013-12-05 16:24:12 -07:00
|
|
|
#include <linux/ip.h>
|
|
|
|
|
#include <linux/ipv6.h>
|
|
|
|
|
#include <linux/jhash.h>
|
|
|
|
|
|
2007-12-05 02:24:48 -07:00
|
|
|
/* Each queued (to userspace) skbuff has one of these. */
|
2007-12-05 02:26:33 -07:00
|
|
|
struct nf_queue_entry {
|
|
|
|
|
struct list_head list;
|
|
|
|
|
struct sk_buff *skb;
|
|
|
|
|
unsigned int id;
|
|
|
|
|
|
2007-12-05 02:24:48 -07:00
|
|
|
struct nf_hook_ops *elem;
|
2015-04-03 14:31:01 -06:00
|
|
|
struct nf_hook_state state;
|
2013-04-18 22:58:25 -06:00
|
|
|
u16 size; /* sizeof(entry) + saved route keys */
|
|
|
|
|
|
|
|
|
|
/* extra space to store route keys */
|
2007-12-05 02:24:48 -07:00
|
|
|
};
|
|
|
|
|
|
2007-12-05 02:26:33 -07:00
|
|
|
#define nf_queue_entry_reroute(x) ((void *)x + sizeof(struct nf_queue_entry))
|
2007-12-05 02:24:48 -07:00
|
|
|
|
|
|
|
|
/* Packet queuing */
|
|
|
|
|
struct nf_queue_handler {
|
2007-12-05 02:26:33 -07:00
|
|
|
int (*outfn)(struct nf_queue_entry *entry,
|
2007-12-05 02:24:48 -07:00
|
|
|
unsigned int queuenum);
|
2015-06-19 13:03:39 -06:00
|
|
|
void (*nf_hook_drop)(struct net *net,
|
|
|
|
|
struct nf_hook_ops *ops);
|
2007-12-05 02:24:48 -07:00
|
|
|
};
|
|
|
|
|
|
2012-11-22 23:22:21 -07:00
|
|
|
void nf_register_queue_handler(const struct nf_queue_handler *qh);
|
|
|
|
|
void nf_unregister_queue_handler(void);
|
2013-09-23 12:37:48 -06:00
|
|
|
void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict);
|
2007-12-05 02:24:48 -07:00
|
|
|
|
2015-10-13 06:33:27 -06:00
|
|
|
void nf_queue_entry_get_refs(struct nf_queue_entry *entry);
|
2013-04-18 22:58:25 -06:00
|
|
|
void nf_queue_entry_release_refs(struct nf_queue_entry *entry);
|
|
|
|
|
|
2013-12-05 16:24:12 -07:00
|
|
|
static inline void init_hashrandom(u32 *jhash_initval)
|
|
|
|
|
{
|
|
|
|
|
while (*jhash_initval == 0)
|
|
|
|
|
*jhash_initval = prandom_u32();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline u32 hash_v4(const struct sk_buff *skb, u32 jhash_initval)
|
|
|
|
|
{
|
|
|
|
|
const struct iphdr *iph = ip_hdr(skb);
|
|
|
|
|
|
|
|
|
|
/* packets in either direction go into same queue */
|
|
|
|
|
if ((__force u32)iph->saddr < (__force u32)iph->daddr)
|
|
|
|
|
return jhash_3words((__force u32)iph->saddr,
|
|
|
|
|
(__force u32)iph->daddr, iph->protocol, jhash_initval);
|
|
|
|
|
|
|
|
|
|
return jhash_3words((__force u32)iph->daddr,
|
|
|
|
|
(__force u32)iph->saddr, iph->protocol, jhash_initval);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
|
|
|
|
|
static inline u32 hash_v6(const struct sk_buff *skb, u32 jhash_initval)
|
|
|
|
|
{
|
|
|
|
|
const struct ipv6hdr *ip6h = ipv6_hdr(skb);
|
|
|
|
|
u32 a, b, c;
|
|
|
|
|
|
|
|
|
|
if ((__force u32)ip6h->saddr.s6_addr32[3] <
|
|
|
|
|
(__force u32)ip6h->daddr.s6_addr32[3]) {
|
|
|
|
|
a = (__force u32) ip6h->saddr.s6_addr32[3];
|
|
|
|
|
b = (__force u32) ip6h->daddr.s6_addr32[3];
|
|
|
|
|
} else {
|
|
|
|
|
b = (__force u32) ip6h->saddr.s6_addr32[3];
|
|
|
|
|
a = (__force u32) ip6h->daddr.s6_addr32[3];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((__force u32)ip6h->saddr.s6_addr32[1] <
|
|
|
|
|
(__force u32)ip6h->daddr.s6_addr32[1])
|
|
|
|
|
c = (__force u32) ip6h->saddr.s6_addr32[1];
|
|
|
|
|
else
|
|
|
|
|
c = (__force u32) ip6h->daddr.s6_addr32[1];
|
|
|
|
|
|
|
|
|
|
return jhash_3words(a, b, c, jhash_initval);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
static inline u32
|
|
|
|
|
nfqueue_hash(const struct sk_buff *skb, u16 queue, u16 queues_total, u8 family,
|
|
|
|
|
u32 jhash_initval)
|
|
|
|
|
{
|
|
|
|
|
if (family == NFPROTO_IPV4)
|
|
|
|
|
queue += ((u64) hash_v4(skb, jhash_initval) * queues_total) >> 32;
|
|
|
|
|
#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
|
|
|
|
|
else if (family == NFPROTO_IPV6)
|
|
|
|
|
queue += ((u64) hash_v6(skb, jhash_initval) * queues_total) >> 32;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
return queue;
|
|
|
|
|
}
|
|
|
|
|
|
2007-12-05 02:24:48 -07:00
|
|
|
#endif /* _NF_QUEUE_H */
|
