/linux-master/tools/testing/selftests/net/netfilter/ |
H A D | nft_nat.sh | 11 checktool "nft --version" "run test without nft tool" 69 ip netns exec "$ns" nft list counter inet filter "$counter" 1>&2 77 if ! ip netns exec "$ns" nft list counter inet filter ns0in | grep -q "packets 1 bytes 84";then 82 if ! ip netns exec "$ns" nft list counter inet filter ns0out | grep -q "packets 1 bytes 84";then 88 if ! ip netns exec "$ns" nft list counter inet filter ns0in6 | grep -q "$expect";then 92 if ! ip netns exec "$ns" nft list counter inet filter ns0out6 | grep -q "$expect";then 105 if ! ip netns exec "$ns0" nft list counter inet filter ns0in | grep -q "packets 0 bytes 0";then 110 if ! ip netns exec "$ns0" nft list counter inet filter ns0in6 | grep -q "packets 0 bytes 0";then 115 if ! ip netns exec "$ns0" nft lis [all...] |
H A D | nft_audit.sh | 4 # Check that audit logs generated for nft commands are as expected. 19 nft --version >/dev/null 2>&1 || { 20 echo "SKIP: missing nft tool" 24 # nft must be recent enough to support "reset" keyword. 25 nft --check -f /dev/stdin >/dev/null 2>&1 <<EOF 32 echo -n "SKIP: nft reset feature test failed: " 33 nft --version 63 nft flush ruleset 68 do_test "nft add table $table" \ 71 do_test "nft ad [all...] |
H A D | rpath.sh | 24 if nft --version >/dev/null 2>&1; then 25 nft='nft' 27 nft='' 30 if [ -z "$iptables$ip6tables$nft" ]; then 31 echo "SKIP: Test needs iptables, ip6tables or nft" 81 [ -n "$nft" ] && ip netns exec "$ns2" $nft -f - <<EOF 95 #ip netns exec "$ns2" nft list ruleset 110 [ -n "$nft" ] || retur [all...] |
H A D | nft_meta.sh | 10 if ! nft --version > /dev/null 2>&1; then 11 echo "SKIP: Could not run test without nft tool" 28 ip netns exec "$ns0" nft -f /dev/stdin <<EOF 94 if ! ip netns exec "$ns0" nft list counter inet filter "$cname" | grep -q "$want"; then 97 ip netns exec "$ns0" nft list counter inet filter "$cname" 134 ip netns exec "$ns0" nft reset counters > /dev/null
|
H A D | nft_fib.sh | 22 checktool "nft --version" "run test without nft" 38 ip netns exec "$netns" nft -f /dev/stdin <<EOF 51 ip netns exec "$netns" nft -f /dev/stdin <<EOF 65 ip netns exec "$netns" nft -f /dev/stdin <<EOF 91 if ! ip netns exec "$ns" nft list table inet filter | grep 'fib saddr . iif' | grep "$address" | grep -q "packets $want";then 93 ip netns exec "$ns" nft list table inet filter 168 ip netns exec "$nsrouter" nft flush table inet filter 201 ip netns exec "$ns1" nft flush ruleset 202 ip netns exec "$ns2" nft flus [all...] |
H A D | conntrack_vrf.sh | 46 checktool "nft --version" "run test without nft" 91 ip netns exec "$ns0" nft -f - <<EOF 126 ip netns exec "$ns0" nft list ruleset 144 ip netns exec "$ns0" nft -f - <<EOF 172 if ip netns exec "$ns0" nft list table ip nat |grep -q 'counter packets 1' && 173 ip netns exec "$ns0" nft list table ip nat |grep -q 'untracked counter packets [1-9]'; then 191 ip netns exec "$ns0" nft -f - <<EOF 207 if ip netns exec "$ns0" nft list table ip nat |grep -q 'counter packets 1'; then
|
H A D | nft_concat_range.sh | 480 eval "echo \"${set_template}\"" | nft -f - 941 nft reset counter inet filter test >/dev/null 2>&1 942 nft flush ruleset >/dev/null 2>&1 1008 # Format destination and source fields into nft concatenated type 1046 # Format destination and source fields into nft type, start element only 1062 # Format first destination field into nft type 1079 if ! nft add element inet filter test "${1}"; then 1081 err "$(nft -a list ruleset)" 1099 if ! nft add element netdev perf norange "${1}"; then 1101 err "$(nft [all...] |
H A D | conntrack_tcp_unreplied.sh | 9 if ! nft --version > /dev/null 2>&1;then 10 echo "SKIP: Could not run test without nft tool" 39 if ! ip netns exec "$ns2" nft list counter inet filter "$name" | grep -q "$expect"; then 41 ip netns exec "$ns2" nft list counter inet filter "$name" 1>&2 68 ip netns exec "$ns1" nft -f - <<EOF 85 ip netns exec "$ns2" nft -f - <<EOF 97 echo "ERROR: Could not load nft rules" 126 ip netns exec "$ns2" nft -f - <<EOF
|
H A D | nft_flowtable.sh | 28 checktool "nft --version" "run test without nft tool" 150 ip netns exec "$nsr1" nft -f - <<EOF 178 echo "SKIP: Could not load nft ruleset" 182 ip netns exec "$ns2" nft -f - <<EOF 199 nft --version 240 orig=$(ip netns exec "$nsr1" nft reset counter inet filter routed_orig | grep packets) 241 repl=$(ip netns exec "$nsr1" nft reset counter inet filter routed_repl | grep packets) 276 counter=$(ip netns exec "$ns2" nft reset counter inet filter ip4dscp3 | grep packets) 281 counter=$(ip netns exec "$ns2" nft rese [all...] |
H A D | conntrack_icmp_related.sh | 19 if ! nft --version > /dev/null 2>&1;then 20 echo "SKIP: Could not run test without nft tool" 52 if ! ip netns exec "$ns" nft list counter inet filter "$name" | grep -q "$expect"; then 54 ip netns exec "$ns" nft list counter inet filter "$name" 1>&2 114 ip netns exec "$netns" nft -f - <<EOF 129 ip netns exec "$nsclient1" nft -f - <<EOF 149 ip netns exec "$nsclient2" nft -f - <<EOF 177 ip netns exec "$nsrouter1" nft -f - <<EOF
|
H A D | nft_queue.sh | 27 checktool "nft --version" "test without nft tool" 72 ip netns exec "$nsrouter" nft -f /dev/stdin <<EOF 108 ip netns exec "$nsrouter" nft -f /dev/stdin <<EOF 161 ip netns exec "$nsrouter" nft -f /dev/stdin <<EOF 185 if ! ip netns exec "$nsrouter" nft delete table "$proto" blackh; then 238 ip netns exec "$nsrouter" nft list ruleset 296 ip netns exec "$nsrouter" nft -f /dev/stdin <<EOF 341 ip netns exec "$ns1" nft -f /dev/stdin <<EOF 365 if ! ip netns exec "$ns1" nft lis [all...] |
H A D | nft_nat_zones.sh | 53 checktool "nft --version" echo "run test without nft tool" 117 ip netns exec "$gw" nft -f /dev/stdin<<EOF 177 ) | ip netns exec "$gw" nft -f /dev/stdin 197 if ! ip netns exec "$gw" nft get element inet raw inicmp "{ 10.1.0.3 . \"veth$i\" . 10.3.0.99 }" | grep -q "{ 10.1.0.3 . \"veth$i\" . 10.3.0.99 counter packets 3 bytes 252 }"; then 200 ip netns exec "$gw" nft get element inet raw inicmp "{ 10.1.0.3 . \"veth$i\" . 10.3.0.99 }" 1>&2 205 if ! ip netns exec "$gw" nft get element inet raw inicmp "{ 10.3.0.99 . \"veth0\" . 10.3.0.1 }" | grep -q "{ 10.3.0.99 . \"veth0\" . 10.3.0.1 counter packets $((3 * maxclients)) bytes $((252 * maxclients)) }"; then 208 ip netns exec "$gw" nft get element inet raw inicmp "{ 10.3.99 . \"veth0\" . 10.3.0.1 }" 1>&2 252 if ! ip netns exec "$gw" nft get element inet raw inflows "{ 10.1.0.3 . 10000 . \"veth$i\" . 10.3.0.99 . 5201 }" > /dev/null;then 262 if ! ip netns exec "$gw" nft ge [all...] |
H A D | nft_synproxy.sh | 8 checktool "nft --version" "run test without nft tool" 62 ip netns exec "$nsr" nft -f - <<EOF 84 echo "SKIP: Cannot add nft synproxy" 91 ip netns exec "$nsr" nft list ruleset
|
H A D | nft_zones_many.sh | 19 checktool "nft --version" "run test without nft tool" 33 ip netns exec "$ns1" nft -f /dev/stdin<<EOF 63 ) | ip netns exec "$ns1" nft -f /dev/stdin 77 # nft rule in output places each packet in a different zone.
|
H A D | br_netfilter.sh | 14 checktool "nft --version" "run test without nft tool" 33 ip netns exec "$ns0" nft list ruleset 50 ip netns exec "$ns0" nft list ruleset 115 ip netns exec "$ns0" nft -f - <<EOF
|
H A D | nft_conntrack_helper.sh | 4 # 1. can attach ftp helper to a connection from nft ruleset. 17 checktool "nft --version" "run test without nft" 49 ip netns exec "$ns" nft -f - <<EOF
|
/linux-master/drivers/net/wireless/ath/ath9k/ |
H A D | calib.c | 155 int16_t *nft) 159 *nft = (int8_t)ah->eep_ops->get_eeprom(ah, EEP_NFTHRESH_5); 162 *nft = (int8_t)ah->eep_ops->get_eeprom(ah, EEP_NFTHRESH_2); 153 ath9k_hw_get_nf_thresh(struct ath_hw *ah, enum nl80211_band band, int16_t *nft) argument
|
/linux-master/drivers/net/ethernet/netronome/nfp/flower/ |
H A D | conntrack.h | 42 * @nft: Pointer to nf_flowtable for this zone 53 * @nft_flows_list: The list of nft relatednfp_fl_ct_flow_entry entries 56 * @nft_merge_tb: The table of merged tc+nft flows 57 * @nft_merge_count: Keep count of the number of merged tc+nft entries 64 struct nf_flowtable *nft; member in struct:nfp_fl_ct_zone_entry 156 * @children: List of nft merged entries 170 * struct nfp_fl_nft_tc_merge - Merge of tc_merge flows with nft flow 172 * @cookie: Flow cookie, combination of tc_merge and nft cookies 273 * nfp_fl_ct_handle_nft_flow() - Handle flower flow callbacks for nft table
|
H A D | metadata.c | 650 if (zt->nft) { 651 nf_flow_table_offload_del_cb(zt->nft, 654 zt->nft = NULL;
|
H A D | conntrack.c | 289 /* if pre ct entry do nat, the nat ip exists in nft entry, 290 * will be do merge check when do nft and post ct merge, 311 /* if pre ct entry do nat, the nat ip exists in nft entry, 312 * will be do merge check when do nft and post ct merge, 333 /* if pre ct entry do nat, the nat tport exists in nft entry, 334 * will be do merge check when do nft and post ct merge, 527 * currently surpport nft entries merge check in different zones 567 /* Check for nft->action conflicts */ 611 * ct status when nft is nat entry. 774 /* nft entr 2253 struct nf_flowtable *nft; local [all...] |
/linux-master/tools/testing/selftests/net/mptcp/ |
H A D | mptcp_connect.sh | 685 if ! ip netns exec "$listener_ns" nft -f /dev/stdin <<"EOF" 697 mptcp_lib_pr_skip "$msg, could not load nft ruleset" 698 mptcp_lib_fail_if_expected_feature "nft rules" 712 ip netns exec "$listener_ns" nft flush ruleset 720 ip netns exec "$listener_ns" nft flush ruleset 736 ip netns exec "$listener_ns" nft flush ruleset
|
/linux-master/net/netfilter/ |
H A D | nf_tables_core.c | 262 bool genbit = READ_ONCE(net->nft.gencursor);
|
H A D | nf_tables_api.c | 26 #define NFT_MODULE_AUTOLOAD_LIMIT (MODULE_NAME_LEN - sizeof("nft-expr-255-")) 937 if (nft_request_module(net, "nft-chain-%u-%.*s", family, 1471 struct nft_flowtable *flowtable, *nft; local 1503 list_for_each_entry_safe(flowtable, nft, &ctx->table->flowtables, list) { 3086 if (nft_request_module(net, "nft-expr-%u-%.*s", family, 3117 if (nft_request_module(net, "nft-expr-%.*s", 7689 if (nft_request_module(net, "nft-obj-%u", objtype) == -EAGAIN) 10237 net->nft.gencursor = nft_gencursor_next(net);
|
/linux-master/include/net/ |
H A D | net_namespace.h | 148 struct netns_nftables nft; member in struct:net
|
/linux-master/include/net/netfilter/ |
H A D | nf_tables.h | 1469 * struct nft_traceinfo - nft tracing information and state 1496 MODULE_ALIAS("nft-chain-" __stringify(family) "-" name) 1499 MODULE_ALIAS("nft-expr-" __stringify(family) "-" name) 1502 MODULE_ALIAS("nft-expr-" name) 1505 MODULE_ALIAS("nft-obj-" __stringify(type)) 1523 return net->nft.gencursor + 1 == 1 ? 1 : 0; 1534 return 1 << READ_ONCE(net->nft.gencursor);
|