| /OK3568_Linux_fs/kernel/tools/testing/selftests/netfilter/ |
| H A D | nft_nat.sh | 21 nft --version > /dev/null 2>&1
86 ip netns exec $ns nft list counter inet filter $counter 1>&2
94 cnt=$(ip netns exec $ns nft list counter inet filter ns0in | grep -q "packets 1 bytes 84")
99 cnt=$(ip netns exec $ns nft list counter inet filter ns0out | grep -q "packets 1 bytes 84")
106 cnt=$(ip netns exec $ns nft list counter inet filter ns0in6 | grep -q "$expect")
111 cnt=$(ip netns exec $ns nft list counter inet filter ns0out6 | grep -q "$expect")
125 cnt=$(ip netns exec "$ns0" nft list counter inet filter ns0in | grep -q "packets 0 bytes 0")
131 cnt=$(ip netns exec "$ns0" nft list counter inet filter ns0in6 | grep -q "packets 0 bytes 0")
137 cnt=$(ip netns exec "$ns0" nft list counter inet filter ns0out | grep -q "packets 0 bytes 0")
142 cnt=$(ip netns exec "$ns0" nft list counter inet filter ns0out6 | grep -q "packets 0 bytes 0")
[all …]
|
| H A D | nft_concat_range.sh | 465 eval "echo \"${set_template}\"" | nft -f -
922 nft reset counter inet filter test >/dev/null 2>&1
923 nft flush ruleset >/dev/null 2>&1
1055 if ! nft add element inet filter test "${1}"; then
1075 if ! nft add element netdev perf norange "${1}"; then
1084 if ! nft add element netdev perf noconcat "${1}"; then
1093 if ! nft delete element inet filter test "${1}"; then
1103 for token in $(nft list counter inet filter test); do
1112 for token in $(nft list counter netdev perf test); do
1169 nft reset counter inet filter test >/dev/null
[all …]
|
| H A D | conntrack_vrf.sh | 50 nft --version > /dev/null 2>&1
108 ip netns exec $ns0 nft -f - <<EOF
143 ip netns exec $ns0 nft list ruleset
161 ip netns exec $ns0 nft -f - <<EOF
190 ip netns exec $ns0 nft list table ip nat |grep -q 'counter packets 2' &&
191 ip netns exec $ns0 nft list table ip nat |grep -q 'untracked counter packets [1-9]'
210 ip netns exec $ns0 nft -f - <<EOF
227 ip netns exec $ns0 nft list table ip nat |grep -q 'counter packets 2'
|
| H A D | nft_meta.sh | 10 if ! nft --version > /dev/null 2>&1; then
28 ip netns exec "$ns0" nft -f /dev/stdin <<EOF
94 if ! ip netns exec "$ns0" nft list counter inet filter $cname | grep -q "$want"; then
97 ip netns exec "$ns0" nft list counter inet filter $cname
134 ip netns exec "$ns0" nft reset counters > /dev/null
|
| H A D | nft_flowtable.sh | 151 ip netns exec nsr1 nft -f - <<EOF
319 ip netns exec nsr1 nft list ruleset
332 ip netns exec nsr1 nft -f - <<EOF
350 ip netns exec nsr1 nft list ruleset
356 handle=$(ip netns exec nsr1 nft -a list table inet filter | grep something-to-grep-for | cut -d \# …
358 if ! ip netns exec nsr1 nft delete rule inet filter forward $handle; then
370 ip netns exec nsr1 nft list ruleset
405 ip netns exec nsr1 nft delete table ip nat
416 ip netns exec nsr1 nft list ruleset 1>&2
|
| H A D | conntrack_icmp_related.sh | 21 nft --version > /dev/null 2>&1
53 cnt=$(ip netns exec $ns nft list counter inet filter "$name" | grep -q "$expect")
56 ip netns exec $ns nft list counter inet filter "$name" 1>&2
130 ip netns exec $netns nft -f - <<EOF
145 ip netns exec nsclient1 nft -f - <<EOF
159 ip netns exec nsclient2 nft -f - <<EOF
188 ip netns exec nsrouter1 nft -f - <<EOF
|
| H A D | nft_trans_stress.sh | 15 nft --version > /dev/null 2>&1
62 for i in $(seq 1 10) ; do ip netns exec "$testns" nft -f "$tmp" & done
67 ip netns exec "$testns" nft delete table inet $table 2>/dev/null
|
| H A D | nft_queue.sh | 27 nft --version > /dev/null 2>&1
90 ip netns exec ${nsrouter} nft -f /dev/stdin <<EOF
125 ip netns exec ${nsrouter} nft -f /dev/stdin <<EOF
182 ip netns exec ${nsrouter} nft -f /dev/stdin <<EOF
206 ip netns exec ${nsrouter} nft delete table $proto blackh
247 ip netns exec ${nsrouter} nft list ruleset
297 ip netns exec ${nsrouter} nft -f /dev/stdin <<EOF
|
| H A D | nft_conntrack_helper.sh | 22 nft --version > /dev/null 2>&1
73 ip netns exec ${ns} nft -f - <<EOF
|
| /OK3568_Linux_fs/yocto/meta-rockchip/recipes-kernel/linux-libc-headers/linux-libc-headers_4.4-custom/ |
| H A D | 0008-netfilter-nft_log-restrict-the-log-prefix-length-to-.patch | 10 fail to dump the nft rules after this _special_ one, but acctually,
13 # nft add rule filter output log prefix "$name_65000"
14 # nft add rule filter output counter
15 # nft add rule filter output counter
16 # nft list chain filter output
|
| H A D | 0007-netfilter-nft_log-complete-NFTA_LOG_FLAGS-attr-suppo.patch | 9 and so on, i.e. such rule "nft add rule filter output log uid"
|
| /OK3568_Linux_fs/kernel/Documentation/networking/ |
| H A D | tproxy.rst | 24 Alternatively you can do this in nft with the following commands::
26 # nft add table filter
27 # nft add chain filter divert "{ type filter hook prerouting priority -150; }"
28 # nft add rule filter divert meta l4proto tcp socket transparent 1 meta mark set 1 accept
72 Or the following rule to nft:
74 # nft add rule filter divert tcp dport 80 tproxy to :50080 meta mark set 1 accept
|
| /OK3568_Linux_fs/kernel/net/netfilter/ |
| H A D | nf_tables_api.c | 106 switch (net->nft.validate_state) { in nft_validate_state_update()
117 net->nft.validate_state = new_validate_state; in nft_validate_state_update()
179 list_for_each_entry_reverse(trans, &net->nft.commit_list, list) { in nft_set_trans_bind()
284 list_add_tail(&trans->list, &ctx->net->nft.commit_list); in nft_trans_table_add()
317 list_add_tail(&trans->list, &ctx->net->nft.commit_list); in nft_trans_chain_add()
390 list_add_tail(&trans->list, &ctx->net->nft.commit_list); in nft_trans_rule_add()
456 list_add_tail(&trans->list, &ctx->net->nft.commit_list); in nft_trans_set_add()
488 list_add_tail(&trans->list, &ctx->net->nft.commit_list); in nft_trans_obj_add()
522 list_add_tail(&trans->list, &ctx->net->nft.commit_list); in nft_trans_flowtable_add()
555 list_for_each_entry_rcu(table, &net->nft.tables, list, in nft_table_lookup()
[all …]
|
| H A D | nf_tables_offload.c | 379 mutex_lock(&net->nft.commit_mutex); in nft_indr_block_cleanup()
383 mutex_unlock(&net->nft.commit_mutex); in nft_indr_block_cleanup()
481 list_for_each_entry_continue_reverse(trans, &net->nft.commit_list, list) { in nft_flow_rule_offload_abort()
531 list_for_each_entry(trans, &net->nft.commit_list, list) { in nft_flow_rule_offload_commit()
583 list_for_each_entry(trans, &net->nft.commit_list, list) { in nft_flow_rule_offload_commit()
611 list_for_each_entry(table, &net->nft.tables, list) { in __nft_offload_get_chain()
649 mutex_lock(&net->nft.commit_mutex); in nft_offload_netdev_event()
655 mutex_unlock(&net->nft.commit_mutex); in nft_offload_netdev_event()
|
| H A D | nft_chain_filter.c | 368 mutex_lock(&ctx.net->nft.commit_mutex); in nf_tables_netdev_event()
369 list_for_each_entry(table, &ctx.net->nft.tables, list) { in nf_tables_netdev_event()
383 mutex_unlock(&ctx.net->nft.commit_mutex); in nf_tables_netdev_event()
|
| H A D | nf_tables_core.c | 212 bool genbit = READ_ONCE(net->nft.gencursor); in nft_do_chain()
|
| H A D | nft_dynset.c | 115 lockdep_assert_held(&ctx->net->nft.commit_mutex); in nft_dynset_init()
|
| H A D | Kconfig | 403 controlled by iptables, ip6tables or nft.
449 (also known as expressions) that the userspace 'nft' utility
|
| /OK3568_Linux_fs/yocto/meta-openembedded/meta-networking/recipes-filter/nftables/nftables/ |
| H A D | 0001-examples-compile-with-make-check-and-add-AM_CPPFLAGS.patch | 30 -noinst_PROGRAMS = nft-buffer \
31 +check_PROGRAMS = nft-buffer \
32 nft-json-file
|
| /OK3568_Linux_fs/yocto/meta-openembedded/meta-networking/recipes-filter/nftables/ |
| H A D | nftables_1.0.2.bb | 48 cp -rf ${B}/src/.libs/nft ${D}${PTEST_PATH}/src/
52 sed -i 's#/usr/bin/env python#/usr/bin/env python3#' ${D}${PTEST_PATH}/${TESTDIR}/py/nft-test.py
|
| /OK3568_Linux_fs/kernel/drivers/net/wireless/ath/ath9k/ |
| H A D | calib.c | 155 int16_t *nft) in ath9k_hw_get_nf_thresh() argument
159 *nft = (int8_t)ah->eep_ops->get_eeprom(ah, EEP_NFTHRESH_5); in ath9k_hw_get_nf_thresh()
162 *nft = (int8_t)ah->eep_ops->get_eeprom(ah, EEP_NFTHRESH_2); in ath9k_hw_get_nf_thresh()
|
| /OK3568_Linux_fs/yocto/poky/meta/recipes-connectivity/connman/ |
| H A D | connman.inc | 52 …le-nf-tables kernel-module-nft-chain-nat-ipv4 kernel-module-nft-chain-route-ipv4 kernel-module-nft…
|
| /OK3568_Linux_fs/yocto/poky/meta/recipes-extended/iptables/ |
| H A D | iptables_1.8.7.bb | 70 # if libnftnl is included, make the iptables symlink point to the nft-based binary by default
72 ln -sf ${sbindir}/xtables-nft-multi ${D}${sbindir}/iptables
|
| /OK3568_Linux_fs/kernel/include/net/ |
| H A D | net_namespace.h | 146 struct netns_nftables nft; member
|
| /OK3568_Linux_fs/kernel/include/net/netfilter/ |
| H A D | nf_tables.h | 1317 return net->nft.gencursor + 1 == 1 ? 1 : 0; in nft_gencursor_next()
1328 return 1 << READ_ONCE(net->nft.gencursor); in nft_genmask_cur()
|