1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef _NF_QUEUE_H 3 #define _NF_QUEUE_H 4 5 #include <linux/ip.h> 6 #include <linux/ipv6.h> 7 #include <linux/jhash.h> 8 #include <linux/netfilter.h> 9 #include <linux/rhashtable-types.h> 10 #include <linux/skbuff.h> 11 12 /* Each queued (to userspace) skbuff has one of these. */ 13 struct nf_queue_entry { 14 struct list_head list; 15 struct rhash_head hash_node; 16 struct sk_buff *skb; 17 unsigned int id; 18 unsigned int hook_index; /* index in hook_entries->hook[] */ 19 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) 20 struct net_device *physin; 21 struct net_device *physout; 22 #endif 23 struct nf_hook_state state; 24 bool nf_ct_is_unconfirmed; 25 u16 size; /* sizeof(entry) + saved route keys */ 26 u16 queue_num; 27 28 /* extra space to store route keys */ 29 }; 30 31 #define nf_queue_entry_reroute(x) ((void *)x + sizeof(struct nf_queue_entry)) 32 33 /* Packet queuing */ 34 struct nf_queue_handler { 35 int (*outfn)(struct nf_queue_entry *entry, 36 unsigned int queuenum); 37 void (*nf_hook_drop)(struct net *net); 38 }; 39 40 void nf_register_queue_handler(const struct nf_queue_handler *qh); 41 void nf_unregister_queue_handler(void); 42 43 bool nf_queue_entry_get_refs(struct nf_queue_entry *entry); 44 void nf_queue_entry_free(struct nf_queue_entry *entry); 45 46 static inline void init_hashrandom(u32 *jhash_initval) 47 { 48 while (*jhash_initval == 0) 49 *jhash_initval = get_random_u32(); 50 } 51 52 static inline u32 hash_v4(const struct iphdr *iph, u32 initval) 53 { 54 /* packets in either direction go into same queue */ 55 if ((__force u32)iph->saddr < (__force u32)iph->daddr) 56 return jhash_3words((__force u32)iph->saddr, 57 (__force u32)iph->daddr, iph->protocol, initval); 58 59 return jhash_3words((__force u32)iph->daddr, 60 (__force u32)iph->saddr, iph->protocol, initval); 61 } 62 63 static inline u32 hash_v6(const struct ipv6hdr *ip6h, u32 initval) 64 { 65 u32 a, b, c; 66 67 if ((__force u32)ip6h->saddr.s6_addr32[3] < 68 (__force u32)ip6h->daddr.s6_addr32[3]) { 69 a = (__force u32) ip6h->saddr.s6_addr32[3]; 70 b = (__force u32) ip6h->daddr.s6_addr32[3]; 71 } else { 72 b = (__force u32) ip6h->saddr.s6_addr32[3]; 73 a = (__force u32) ip6h->daddr.s6_addr32[3]; 74 } 75 76 if ((__force u32)ip6h->saddr.s6_addr32[1] < 77 (__force u32)ip6h->daddr.s6_addr32[1]) 78 c = (__force u32) ip6h->saddr.s6_addr32[1]; 79 else 80 c = (__force u32) ip6h->daddr.s6_addr32[1]; 81 82 return jhash_3words(a, b, c, initval); 83 } 84 85 static inline u32 hash_bridge(const struct sk_buff *skb, u32 initval) 86 { 87 struct ipv6hdr *ip6h, _ip6h; 88 struct iphdr *iph, _iph; 89 90 switch (eth_hdr(skb)->h_proto) { 91 case htons(ETH_P_IP): 92 iph = skb_header_pointer(skb, skb_network_offset(skb), 93 sizeof(*iph), &_iph); 94 if (iph) 95 return hash_v4(iph, initval); 96 break; 97 case htons(ETH_P_IPV6): 98 ip6h = skb_header_pointer(skb, skb_network_offset(skb), 99 sizeof(*ip6h), &_ip6h); 100 if (ip6h) 101 return hash_v6(ip6h, initval); 102 break; 103 } 104 105 return 0; 106 } 107 108 static inline u32 109 nfqueue_hash(const struct sk_buff *skb, u16 queue, u16 queues_total, u8 family, 110 u32 initval) 111 { 112 switch (family) { 113 case NFPROTO_IPV4: 114 queue += reciprocal_scale(hash_v4(ip_hdr(skb), initval), 115 queues_total); 116 break; 117 case NFPROTO_IPV6: 118 queue += reciprocal_scale(hash_v6(ipv6_hdr(skb), initval), 119 queues_total); 120 break; 121 case NFPROTO_BRIDGE: 122 queue += reciprocal_scale(hash_bridge(skb, initval), 123 queues_total); 124 break; 125 } 126 127 return queue; 128 } 129 130 int nf_queue(struct sk_buff *skb, struct nf_hook_state *state, 131 unsigned int index, unsigned int verdict); 132 133 #endif /* _NF_QUEUE_H */ 134