netfilter: nf_tables: add flow table netlink frontend

This patch introduces a netlink control plane to create, delete and dump flow tables. Flow tables are identified by name, this name is used from rules to refer to an specific flow table. Flow tables use the rhashtable class and a generic garbage collector to remove expired entries. This also adds the infrastructure to add different flow table types, so we can add one for each layer 3 protocol family. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2018-01-07 01:04:07 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-01-08 18:11:06 +0100
commit: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 (patch)
tree: 4813ba6f535ed50d5e4472fcc15d09c755726ac2 /include/net/netfilter/nf_flow_table.h
parent: 90964016e5d34758033e75884e41d68ccb93212e (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h
new file mode 100644
index 000000000000..3a0779589281
--- /dev/null
+++ b/include/net/netfilter/nf_flow_table.h
@@ -0,0 +1,23 @@
+#ifndef _NF_FLOW_TABLE_H
+#define _NF_FLOW_TABLE_H
+
+#include <linux/rhashtable.h>
+
+struct nf_flowtable;
+
+struct nf_flowtable_type {
+	struct list_head		list;
+	int				family;
+	void				(*gc)(struct work_struct *work);
+	const struct rhashtable_params	*params;
+	nf_hookfn			*hook;
+	struct module			*owner;
+};
+
+struct nf_flowtable {
+	struct rhashtable		rhashtable;
+	const struct nf_flowtable_type	*type;
+	struct delayed_work		gc_work;
+};
+
+#endif /* _FLOW_OFFLOAD_H */
author	Pablo Neira Ayuso <pablo@netfilter.org>	2018-01-07 01:04:07 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-01-08 18:11:06 +0100
commit	3b49e2e94e6ebb8b23d0955d9e898254455734f8 (patch)
tree	4813ba6f535ed50d5e4472fcc15d09c755726ac2 /include/net/netfilter/nf_flow_table.h
parent	90964016e5d34758033e75884e41d68ccb93212e (diff)