Home
last modified time | relevance | path

Searched refs:par (Results 1 – 25 of 129) sorted by relevance

123456

/net/netfilter/
A Dxt_set.c30 const struct xt_action_param *par, in match_set() argument
33 if (ip_set_test(index, skb, par, opt)) in match_set()
97 ip_set_nfnl_put(par->net, info->match_set.index); in set_match_v0_checkentry()
112 ip_set_nfnl_put(par->net, info->match_set.index); in set_match_v0_destroy()
122 ADT_OPT(opt, xt_family(par), info->match_set.dim, in set_match_v1()
160 ip_set_nfnl_put(par->net, info->match_set.index); in set_match_v1_destroy()
170 ADT_OPT(opt, xt_family(par), info->match_set.dim, in set_match_v3()
441 index = ip_set_nfnl_get_byindex(par->net, in set_target_v3_checkentry()
451 index = ip_set_nfnl_get_byindex(par->net, in set_target_v3_checkentry()
462 if (strncmp(par->table, "mangle", 7)) { in set_target_v3_checkentry()
[all …]
A Dxt_CT.c56 if (par->family == NFPROTO_IPV4) { in xt_ct_find_proto()
80 proto = xt_ct_find_proto(par); in xt_ct_set_helper()
111 proto = xt_ct_find_proto(par); in xt_ct_set_timeout()
118 return nf_ct_set_timeout(par->net, ct, par->family, l4proto->l4proto, in xt_ct_set_timeout()
174 ret = nf_ct_netns_get(par->net, par->family); in xt_ct_tg_check()
229 nf_ct_netns_put(par->net, par->family); in xt_ct_tg_check()
266 return xt_ct_tg_check(par, par->targinfo); in xt_ct_tg_check_v1()
276 return xt_ct_tg_check(par, par->targinfo); in xt_ct_tg_check_v2()
289 nf_ct_netns_put(par->net, par->family); in xt_ct_tg_destroy()
308 xt_ct_tg_destroy(par, &info_v1); in xt_ct_tg_destroy_v0()
[all …]
A Dxt_socket.c59 sk = nf_sk_lookup_slow_v4(xt_net(par), skb, xt_in(par)); in socket_match()
99 return socket_match(skb, par, &xt_info_v0); in socket_mt4_v0()
105 return socket_match(skb, par, par->matchinfo); in socket_mt4_v1_v2_v3()
120 sk = nf_sk_lookup_slow_v6(xt_net(par), skb, xt_in(par)); in socket_mt6_v1_v2_v3()
173 err = socket_mt_enable_defrag(par->net, par->family); in socket_mt_v1_check()
190 err = socket_mt_enable_defrag(par->net, par->family); in socket_mt_v2_check()
208 err = socket_mt_enable_defrag(par->net, par->family); in socket_mt_v3_check()
221 if (par->family == NFPROTO_IPV4) in socket_mt_destroy()
222 nf_defrag_ipv4_disable(par->net); in socket_mt_destroy()
224 else if (par->family == NFPROTO_IPV6) in socket_mt_destroy()
[all …]
A Dxt_tcpudp.c75 if (par->fragoff != 0) { in tcp_mt()
84 par->hotdrop = true; in tcp_mt()
95 par->hotdrop = true; in tcp_mt()
112 par->hotdrop = true; in tcp_mt()
118 &par->hotdrop)) in tcp_mt()
139 if (par->fragoff != 0) in udp_mt()
147 par->hotdrop = true; in udp_mt()
196 if (par->fragoff != 0) in icmp_match()
204 par->hotdrop = true; in icmp_match()
223 if (par->fragoff != 0) in icmp6_match()
[all …]
A Dxt_NETMAP.c21 const struct nf_nat_range2 *range = par->targinfo; in netmap_tg6()
33 if (xt_hooknum(par) == NF_INET_PRE_ROUTING || in netmap_tg6()
34 xt_hooknum(par) == NF_INET_LOCAL_OUT) in netmap_tg6()
60 return nf_ct_netns_get(par->net, par->family); in netmap_tg6_checkentry()
65 nf_ct_netns_put(par->net, par->family); in netmap_tg_destroy()
78 xt_hooknum(par) != NF_INET_POST_ROUTING && in netmap_tg4()
79 xt_hooknum(par) != NF_INET_LOCAL_OUT && in netmap_tg4()
80 xt_hooknum(par) != NF_INET_LOCAL_IN); in netmap_tg4()
85 if (xt_hooknum(par) == NF_INET_PRE_ROUTING || in netmap_tg4()
86 xt_hooknum(par) == NF_INET_LOCAL_OUT) in netmap_tg4()
[all …]
A Dxt_MASQUERADE.c19 static int masquerade_tg_check(const struct xt_tgchk_param *par) in masquerade_tg_check() argument
21 const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo; in masquerade_tg_check()
31 return nf_ct_netns_get(par->net, par->family); in masquerade_tg_check()
40 mr = par->targinfo; in masquerade_tg()
45 return nf_nat_masquerade_ipv4(skb, xt_hooknum(par), &range, in masquerade_tg()
46 xt_out(par)); in masquerade_tg()
49 static void masquerade_tg_destroy(const struct xt_tgdtor_param *par) in masquerade_tg_destroy() argument
51 nf_ct_netns_put(par->net, par->family); in masquerade_tg_destroy()
58 return nf_nat_masquerade_ipv6(skb, par->targinfo, xt_out(par)); in masquerade_tg6()
63 const struct nf_nat_range2 *range = par->targinfo; in masquerade_tg6_checkentry()
[all …]
A Dxt_REDIRECT.c29 redirect_tg6(struct sk_buff *skb, const struct xt_action_param *par) in redirect_tg6() argument
31 return nf_nat_redirect_ipv6(skb, par->targinfo, xt_hooknum(par)); in redirect_tg6()
36 const struct nf_nat_range2 *range = par->targinfo; in redirect_tg6_checkentry()
41 return nf_ct_netns_get(par->net, par->family); in redirect_tg6_checkentry()
44 static void redirect_tg_destroy(const struct xt_tgdtor_param *par) in redirect_tg_destroy() argument
46 nf_ct_netns_put(par->net, par->family); in redirect_tg_destroy()
49 static int redirect_tg4_check(const struct xt_tgchk_param *par) in redirect_tg4_check() argument
51 const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo; in redirect_tg4_check()
61 return nf_ct_netns_get(par->net, par->family); in redirect_tg4_check()
67 const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo; in redirect_tg4()
[all …]
A Dxt_connlimit.c32 struct net *net = xt_net(par); in connlimit_mt()
47 xt_family(par), net, &tuple)) { in connlimit_mt()
51 if (xt_family(par) == NFPROTO_IPV6) { in connlimit_mt()
81 par->hotdrop = true; in connlimit_mt()
87 struct xt_connlimit_info *info = par->matchinfo; in connlimit_mt_check()
92 if (par->family == NFPROTO_IPV6) in connlimit_mt_check()
97 ret = nf_ct_netns_get(par->net, par->family); in connlimit_mt_check()
100 par->family); in connlimit_mt_check()
107 nf_ct_netns_put(par->net, par->family); in connlimit_mt_check()
116 nf_conncount_destroy(par->net, info->data); in connlimit_mt_destroy()
[all …]
A Dxt_LOG.c31 const struct xt_log_info *loginfo = par->targinfo; in log_tg()
32 struct net *net = xt_net(par); in log_tg()
39 nf_log_packet(net, xt_family(par), xt_hooknum(par), skb, xt_in(par), in log_tg()
40 xt_out(par), &li, "%s", loginfo->prefix); in log_tg()
44 static int log_tg_check(const struct xt_tgchk_param *par) in log_tg_check() argument
46 const struct xt_log_info *loginfo = par->targinfo; in log_tg_check()
49 if (par->family != NFPROTO_IPV4 && par->family != NFPROTO_IPV6) in log_tg_check()
62 ret = nf_logger_find_get(par->family, NF_LOG_TYPE_LOG); in log_tg_check()
63 if (ret != 0 && !par->nft_compat) { in log_tg_check()
66 ret = nf_logger_find_get(par->family, NF_LOG_TYPE_LOG); in log_tg_check()
[all …]
A Dxt_TPROXY.c87 const struct xt_tproxy_target_info *tgi = par->targinfo; in tproxy_tg4_v0()
131 xt_in(par), NF_TPROXY_LOOKUP_ESTABLISHED); in tproxy_tg6_v1()
141 xt_net(par), in tproxy_tg6_v1()
149 sk = nf_tproxy_get_sock_v6(xt_net(par), skb, thoff, in tproxy_tg6_v1()
152 xt_in(par), NF_TPROXY_LOOKUP_LISTENER); in tproxy_tg6_v1()
168 const struct ip6t_ip6 *i = par->entryinfo; in tproxy_tg6_check()
171 err = nf_defrag_ipv6_enable(par->net); in tproxy_tg6_check()
185 nf_defrag_ipv6_disable(par->net); in tproxy_tg6_destroy()
191 const struct ipt_ip *i = par->entryinfo; in tproxy_tg4_check()
194 err = nf_defrag_ipv4_enable(par->net); in tproxy_tg4_check()
[all …]
A Dxt_connmark.c85 const struct xt_connmark_tginfo1 *info = par->targinfo; in connmark_tg()
99 const struct xt_connmark_tginfo2 *info = par->targinfo; in connmark_tg_v2()
104 static int connmark_tg_check(const struct xt_tgchk_param *par) in connmark_tg_check() argument
108 ret = nf_ct_netns_get(par->net, par->family); in connmark_tg_check()
111 par->family); in connmark_tg_check()
117 nf_ct_netns_put(par->net, par->family); in connmark_tg_destroy()
123 const struct xt_connmark_mtinfo1 *info = par->matchinfo; in connmark_mt()
134 static int connmark_mt_check(const struct xt_mtchk_param *par) in connmark_mt_check() argument
138 ret = nf_ct_netns_get(par->net, par->family); in connmark_mt_check()
141 par->family); in connmark_mt_check()
[all …]
A Dxt_l2tp.c81 const struct xt_l2tp_info *info = par->matchinfo; in l2tp_udp_mt()
89 if (par->fragoff != 0) in l2tp_udp_mt()
141 const struct xt_l2tp_info *info = par->matchinfo; in l2tp_ip_mt()
178 return l2tp_udp_mt(skb, par, par->thoff); in l2tp_mt4()
180 return l2tp_ip_mt(skb, par, par->thoff); in l2tp_mt4()
200 return l2tp_udp_mt(skb, par, thoff); in l2tp_mt6()
202 return l2tp_ip_mt(skb, par, thoff); in l2tp_mt6()
262 const struct ipt_entry *e = par->entryinfo; in l2tp_mt_check4()
266 ret = l2tp_mt_check(par); in l2tp_mt_check4()
289 const struct ip6t_entry *e = par->entryinfo; in l2tp_mt_check6()
[all …]
A Dxt_nat.c16 static int xt_nat_checkentry_v0(const struct xt_tgchk_param *par) in xt_nat_checkentry_v0() argument
18 const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo; in xt_nat_checkentry_v0()
24 return nf_ct_netns_get(par->net, par->family); in xt_nat_checkentry_v0()
27 static int xt_nat_checkentry(const struct xt_tgchk_param *par) in xt_nat_checkentry() argument
29 return nf_ct_netns_get(par->net, par->family); in xt_nat_checkentry()
32 static void xt_nat_destroy(const struct xt_tgdtor_param *par) in xt_nat_destroy() argument
34 nf_ct_netns_put(par->net, par->family); in xt_nat_destroy()
87 const struct nf_nat_range *range_v1 = par->targinfo; in xt_snat_target_v1()
106 const struct nf_nat_range *range_v1 = par->targinfo; in xt_dnat_target_v1()
124 const struct nf_nat_range2 *range = par->targinfo; in xt_snat_target_v2()
[all …]
A Dxt_connlabel.c20 connlabel_mt(const struct sk_buff *skb, struct xt_action_param *par) in connlabel_mt() argument
22 const struct xt_connlabel_mtinfo *info = par->matchinfo; in connlabel_mt()
49 static int connlabel_mt_check(const struct xt_mtchk_param *par) in connlabel_mt_check() argument
53 struct xt_connlabel_mtinfo *info = par->matchinfo; in connlabel_mt_check()
62 ret = nf_ct_netns_get(par->net, par->family); in connlabel_mt_check()
65 par->family); in connlabel_mt_check()
69 ret = nf_connlabels_get(par->net, info->bit); in connlabel_mt_check()
71 nf_ct_netns_put(par->net, par->family); in connlabel_mt_check()
75 static void connlabel_mt_destroy(const struct xt_mtdtor_param *par) in connlabel_mt_destroy() argument
77 nf_connlabels_put(par->net); in connlabel_mt_destroy()
[all …]
A Dxt_NFLOG.c21 nflog_tg(struct sk_buff *skb, const struct xt_action_param *par) in nflog_tg() argument
23 const struct xt_nflog_info *info = par->targinfo; in nflog_tg()
24 struct net *net = xt_net(par); in nflog_tg()
36 nf_log_packet(net, xt_family(par), xt_hooknum(par), skb, xt_in(par), in nflog_tg()
37 xt_out(par), &li, "%s", info->prefix); in nflog_tg()
42 static int nflog_tg_check(const struct xt_tgchk_param *par) in nflog_tg_check() argument
44 const struct xt_nflog_info *info = par->targinfo; in nflog_tg_check()
52 ret = nf_logger_find_get(par->family, NF_LOG_TYPE_ULOG); in nflog_tg_check()
53 if (ret != 0 && !par->nft_compat) { in nflog_tg_check()
56 ret = nf_logger_find_get(par->family, NF_LOG_TYPE_ULOG); in nflog_tg_check()
[all …]
A Dxt_cgroup.c28 static int cgroup_mt_check_v0(const struct xt_mtchk_param *par) in cgroup_mt_check_v0() argument
30 struct xt_cgroup_info_v0 *info = par->matchinfo; in cgroup_mt_check_v0()
43 static int cgroup_mt_check_v1(const struct xt_mtchk_param *par) in cgroup_mt_check_v1() argument
45 struct xt_cgroup_info_v1 *info = par->matchinfo; in cgroup_mt_check_v1()
80 static int cgroup_mt_check_v2(const struct xt_mtchk_param *par) in cgroup_mt_check_v2() argument
82 struct xt_cgroup_info_v2 *info = par->matchinfo; in cgroup_mt_check_v2()
121 const struct xt_cgroup_info_v0 *info = par->matchinfo; in cgroup_mt_v0()
135 const struct xt_cgroup_info_v1 *info = par->matchinfo; in cgroup_mt_v1()
156 const struct xt_cgroup_info_v2 *info = par->matchinfo; in cgroup_mt_v2()
177 struct xt_cgroup_info_v1 *info = par->matchinfo; in cgroup_mt_destroy_v1()
[all …]
A Dxt_conntrack.c165 const struct xt_conntrack_mtinfo2 *info = par->matchinfo; in conntrack_mt()
199 if (conntrack_mt_origsrc(ct, info, xt_family(par)) ^ in conntrack_mt()
204 if (conntrack_mt_origdst(ct, info, xt_family(par)) ^ in conntrack_mt()
209 if (conntrack_mt_replsrc(ct, info, xt_family(par)) ^ in conntrack_mt()
214 if (conntrack_mt_repldst(ct, info, xt_family(par)) ^ in conntrack_mt()
218 if (par->match->revision != 3) { in conntrack_mt()
222 if (!ct_proto_port_check_v3(par->matchinfo, ct)) in conntrack_mt()
245 const struct xt_conntrack_mtinfo1 *info = par->matchinfo; in conntrack_mt_v1()
270 ret = nf_ct_netns_get(par->net, par->family); in conntrack_mt_check()
273 par->family); in conntrack_mt_check()
[all …]
A Dxt_ecn.c29 const struct xt_ecn_info *einfo = par->matchinfo; in match_tcp()
72 const struct xt_ecn_info *info = par->matchinfo; in ecn_mt4()
78 !match_tcp(skb, par)) in ecn_mt4()
84 static int ecn_mt_check4(const struct xt_mtchk_param *par) in ecn_mt_check4() argument
86 const struct xt_ecn_info *info = par->matchinfo; in ecn_mt_check4()
87 const struct ipt_ip *ip = par->entryinfo; in ecn_mt_check4()
114 const struct xt_ecn_info *info = par->matchinfo; in ecn_mt6()
120 !match_tcp(skb, par)) in ecn_mt6()
126 static int ecn_mt_check6(const struct xt_mtchk_param *par) in ecn_mt_check6() argument
128 const struct xt_ecn_info *info = par->matchinfo; in ecn_mt_check6()
[all …]
A Dxt_NFQUEUE.c29 nfqueue_tg(struct sk_buff *skb, const struct xt_action_param *par) in nfqueue_tg() argument
31 const struct xt_NFQ_info *tinfo = par->targinfo; in nfqueue_tg()
39 const struct xt_NFQ_info_v1 *info = par->targinfo; in nfqueue_tg_v1()
44 xt_family(par), jhash_initval); in nfqueue_tg_v1()
52 const struct xt_NFQ_info_v2 *info = par->targinfo; in nfqueue_tg_v2()
53 unsigned int ret = nfqueue_tg_v1(skb, par); in nfqueue_tg_v2()
60 static int nfqueue_tg_check(const struct xt_tgchk_param *par) in nfqueue_tg_check() argument
62 const struct xt_NFQ_info_v3 *info = par->targinfo; in nfqueue_tg_check()
77 if (par->target->revision == 2 && info->flags > 1) in nfqueue_tg_check()
88 const struct xt_NFQ_info_v3 *info = par->targinfo; in nfqueue_tg_v3()
[all …]
A Dxt_CONNSECMARK.c63 connsecmark_tg(struct sk_buff *skb, const struct xt_action_param *par) in connsecmark_tg() argument
65 const struct xt_connsecmark_target_info *info = par->targinfo; in connsecmark_tg()
83 static int connsecmark_tg_check(const struct xt_tgchk_param *par) in connsecmark_tg_check() argument
85 const struct xt_connsecmark_target_info *info = par->targinfo; in connsecmark_tg_check()
88 if (strcmp(par->table, "mangle") != 0 && in connsecmark_tg_check()
89 strcmp(par->table, "security") != 0) { in connsecmark_tg_check()
91 par->table); in connsecmark_tg_check()
105 ret = nf_ct_netns_get(par->net, par->family); in connsecmark_tg_check()
108 par->family); in connsecmark_tg_check()
112 static void connsecmark_tg_destroy(const struct xt_tgdtor_param *par) in connsecmark_tg_destroy() argument
[all …]
A Dnft_compat.c68 par->target = xt; in nft_compat_set_par()
70 par->hotdrop = false; in nft_compat_set_par()
148 par->net = ctx->net; in nft_target_set_tgchk_param()
170 par->target = target; in nft_target_set_tgchk_param()
171 par->targinfo = info; in nft_target_set_tgchk_param()
179 par->hook_mask = 0; in nft_target_set_tgchk_param()
306 par.net = ctx->net; in nft_target_destroy()
311 par.target->destroy(&par); in nft_target_destroy()
470 par->match = match; in nft_match_set_mtchk_param()
557 par.match = match; in __nft_match_destroy()
[all …]
/net/ipv4/netfilter/
A Dipt_SYNPROXY.c15 const struct xt_synproxy_info *info = par->targinfo; in synproxy_tg4()
16 struct net *net = xt_net(par); in synproxy_tg4()
21 if (nf_ip_checksum(skb, xt_hooknum(par), par->thoff, IPPROTO_TCP)) in synproxy_tg4()
28 if (!synproxy_parse_options(skb, par->thoff, th, &opts)) in synproxy_tg4()
66 struct synproxy_net *snet = synproxy_pernet(par->net); in synproxy_tg4_check()
67 const struct ipt_entry *e = par->entryinfo; in synproxy_tg4_check()
74 err = nf_ct_netns_get(par->net, par->family); in synproxy_tg4_check()
78 err = nf_synproxy_ipv4_init(snet, par->net); in synproxy_tg4_check()
80 nf_ct_netns_put(par->net, par->family); in synproxy_tg4_check()
91 nf_synproxy_ipv4_fini(snet, par->net); in synproxy_tg4_destroy()
[all …]
A Dipt_rpfilter.c54 static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par) in rpfilter_mt() argument
61 info = par->matchinfo; in rpfilter_mt()
64 if (rpfilter_is_loopback(skb, xt_in(par))) in rpfilter_mt()
81 flow.flowi4_l3mdev = l3mdev_master_ifindex_rcu(xt_in(par)); in rpfilter_mt()
82 flow.flowi4_uid = sock_net_uid(xt_net(par), NULL); in rpfilter_mt()
84 return rpfilter_lookup_reverse(xt_net(par), &flow, xt_in(par), info->flags) ^ invert; in rpfilter_mt()
87 static int rpfilter_check(const struct xt_mtchk_param *par) in rpfilter_check() argument
89 const struct xt_rpfilter_info *info = par->matchinfo; in rpfilter_check()
96 if (strcmp(par->table, "mangle") != 0 && in rpfilter_check()
97 strcmp(par->table, "raw") != 0) { in rpfilter_check()
[all …]
/net/ipv6/netfilter/
A Dip6t_SYNPROXY.c15 const struct xt_synproxy_info *info = par->targinfo; in synproxy_tg6()
16 struct net *net = xt_net(par); in synproxy_tg6()
21 if (nf_ip6_checksum(skb, xt_hooknum(par), par->thoff, IPPROTO_TCP)) in synproxy_tg6()
28 if (!synproxy_parse_options(skb, par->thoff, th, &opts)) in synproxy_tg6()
68 struct synproxy_net *snet = synproxy_pernet(par->net); in synproxy_tg6_check()
69 const struct ip6t_entry *e = par->entryinfo; in synproxy_tg6_check()
77 err = nf_ct_netns_get(par->net, par->family); in synproxy_tg6_check()
81 err = nf_synproxy_ipv6_init(snet, par->net); in synproxy_tg6_check()
83 nf_ct_netns_put(par->net, par->family); in synproxy_tg6_check()
94 nf_synproxy_ipv6_fini(snet, par->net); in synproxy_tg6_destroy()
[all …]
A Dip6t_REJECT.c37 const struct ip6t_reject_info *reject = par->targinfo; in reject_tg6()
38 struct net *net = xt_net(par); in reject_tg6()
42 nf_send_unreach6(net, skb, ICMPV6_NOROUTE, xt_hooknum(par)); in reject_tg6()
46 xt_hooknum(par)); in reject_tg6()
50 xt_hooknum(par)); in reject_tg6()
54 xt_hooknum(par)); in reject_tg6()
58 xt_hooknum(par)); in reject_tg6()
64 nf_send_reset6(net, par->state->sk, skb, xt_hooknum(par)); in reject_tg6()
71 xt_hooknum(par)); in reject_tg6()
80 const struct ip6t_reject_info *rejinfo = par->targinfo; in reject_tg6_check()
[all …]

Completed in 43 milliseconds

123456