0001
0002 #ifndef _NF_QUEUE_H
0003 #define _NF_QUEUE_H
0004
0005 #include <linux/ip.h>
0006 #include <linux/ipv6.h>
0007 #include <linux/jhash.h>
0008 #include <linux/netfilter.h>
0009 #include <linux/skbuff.h>
0010
0011
0012 struct nf_queue_entry {
0013 struct list_head list;
0014 struct sk_buff *skb;
0015 unsigned int id;
0016 unsigned int hook_index;
0017 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
0018 struct net_device *physin;
0019 struct net_device *physout;
0020 #endif
0021 struct nf_hook_state state;
0022 u16 size;
0023
0024
0025 };
0026
0027 #define nf_queue_entry_reroute(x) ((void *)x + sizeof(struct nf_queue_entry))
0028
0029
0030 struct nf_queue_handler {
0031 int (*outfn)(struct nf_queue_entry *entry,
0032 unsigned int queuenum);
0033 void (*nf_hook_drop)(struct net *net);
0034 };
0035
0036 void nf_register_queue_handler(const struct nf_queue_handler *qh);
0037 void nf_unregister_queue_handler(void);
0038 void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict);
0039
0040 bool nf_queue_entry_get_refs(struct nf_queue_entry *entry);
0041 void nf_queue_entry_free(struct nf_queue_entry *entry);
0042
0043 static inline void init_hashrandom(u32 *jhash_initval)
0044 {
0045 while (*jhash_initval == 0)
0046 *jhash_initval = prandom_u32();
0047 }
0048
0049 static inline u32 hash_v4(const struct iphdr *iph, u32 initval)
0050 {
0051
0052 if ((__force u32)iph->saddr < (__force u32)iph->daddr)
0053 return jhash_3words((__force u32)iph->saddr,
0054 (__force u32)iph->daddr, iph->protocol, initval);
0055
0056 return jhash_3words((__force u32)iph->daddr,
0057 (__force u32)iph->saddr, iph->protocol, initval);
0058 }
0059
0060 static inline u32 hash_v6(const struct ipv6hdr *ip6h, u32 initval)
0061 {
0062 u32 a, b, c;
0063
0064 if ((__force u32)ip6h->saddr.s6_addr32[3] <
0065 (__force u32)ip6h->daddr.s6_addr32[3]) {
0066 a = (__force u32) ip6h->saddr.s6_addr32[3];
0067 b = (__force u32) ip6h->daddr.s6_addr32[3];
0068 } else {
0069 b = (__force u32) ip6h->saddr.s6_addr32[3];
0070 a = (__force u32) ip6h->daddr.s6_addr32[3];
0071 }
0072
0073 if ((__force u32)ip6h->saddr.s6_addr32[1] <
0074 (__force u32)ip6h->daddr.s6_addr32[1])
0075 c = (__force u32) ip6h->saddr.s6_addr32[1];
0076 else
0077 c = (__force u32) ip6h->daddr.s6_addr32[1];
0078
0079 return jhash_3words(a, b, c, initval);
0080 }
0081
0082 static inline u32 hash_bridge(const struct sk_buff *skb, u32 initval)
0083 {
0084 struct ipv6hdr *ip6h, _ip6h;
0085 struct iphdr *iph, _iph;
0086
0087 switch (eth_hdr(skb)->h_proto) {
0088 case htons(ETH_P_IP):
0089 iph = skb_header_pointer(skb, skb_network_offset(skb),
0090 sizeof(*iph), &_iph);
0091 if (iph)
0092 return hash_v4(iph, initval);
0093 break;
0094 case htons(ETH_P_IPV6):
0095 ip6h = skb_header_pointer(skb, skb_network_offset(skb),
0096 sizeof(*ip6h), &_ip6h);
0097 if (ip6h)
0098 return hash_v6(ip6h, initval);
0099 break;
0100 }
0101
0102 return 0;
0103 }
0104
0105 static inline u32
0106 nfqueue_hash(const struct sk_buff *skb, u16 queue, u16 queues_total, u8 family,
0107 u32 initval)
0108 {
0109 switch (family) {
0110 case NFPROTO_IPV4:
0111 queue += reciprocal_scale(hash_v4(ip_hdr(skb), initval),
0112 queues_total);
0113 break;
0114 case NFPROTO_IPV6:
0115 queue += reciprocal_scale(hash_v6(ipv6_hdr(skb), initval),
0116 queues_total);
0117 break;
0118 case NFPROTO_BRIDGE:
0119 queue += reciprocal_scale(hash_bridge(skb, initval),
0120 queues_total);
0121 break;
0122 }
0123
0124 return queue;
0125 }
0126
0127 int nf_queue(struct sk_buff *skb, struct nf_hook_state *state,
0128 unsigned int index, unsigned int verdict);
0129
0130 #endif
