Home
last modified time | relevance | path

Searched refs:verdict (Results 1 – 25 of 88) sorted by relevance

1234

/linux-6.3-rc2/tools/testing/selftests/bpf/progs/
A Dtest_sockmap_listen.c45 int verdict; in prog_stream_verdict() local
52 count = bpf_map_lookup_elem(&verdict_map, &verdict); in prog_stream_verdict()
56 return verdict; in prog_stream_verdict()
64 int verdict; in prog_skb_verdict() local
67 verdict = bpf_sk_redirect_map(skb, &sock_map, zero, in prog_skb_verdict()
77 return verdict; in prog_skb_verdict()
85 int verdict; in prog_msg_verdict() local
96 return verdict; in prog_msg_verdict()
103 int err, verdict; in prog_reuseport() local
110 verdict = err ? SK_DROP : SK_PASS; in prog_reuseport()
[all …]
A Dtest_skmsg_load_helpers.c31 int verdict = SK_PASS; in prog_msg_verdict() local
42 verdict = SK_DROP; in prog_msg_verdict()
44 return verdict; in prog_msg_verdict()
/linux-6.3-rc2/net/netfilter/
A Dnf_queue.c238 unsigned int index, unsigned int verdict) in nf_queue() argument
245 (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS)) in nf_queue()
260 unsigned int verdict, i = *index; in nf_iterate() local
266 if (verdict != NF_ACCEPT) { in nf_iterate()
268 if (verdict != NF_REPEAT) in nf_iterate()
269 return verdict; in nf_iterate()
324 if (verdict == NF_REPEAT) in nf_reinject()
327 if (verdict == NF_ACCEPT) { in nf_reinject()
329 verdict = NF_DROP; in nf_reinject()
332 if (verdict == NF_ACCEPT) { in nf_reinject()
[all …]
A Dnft_fwd_netdev.c37 regs->verdict.code = NF_STOLEN; in nft_fwd_netdev_eval()
101 unsigned int verdict = NF_STOLEN; in nft_fwd_neigh_eval() local
111 verdict = NFT_BREAK; in nft_fwd_neigh_eval()
115 verdict = NF_DROP; in nft_fwd_neigh_eval()
127 verdict = NFT_BREAK; in nft_fwd_neigh_eval()
131 verdict = NF_DROP; in nft_fwd_neigh_eval()
140 verdict = NFT_BREAK; in nft_fwd_neigh_eval()
152 regs->verdict.code = verdict; in nft_fwd_neigh_eval()
A Dnf_tables_core.c96 regs->verdict.code = NFT_BREAK; in nft_cmp_fast_eval()
110 regs->verdict.code = NFT_BREAK; in nft_cmp16_fast_eval()
119 switch (regs->verdict.code) { in __nft_trace_verdict()
284 regs.verdict.code = NFT_CONTINUE; in nft_do_chain()
297 if (regs.verdict.code != NFT_CONTINUE) in nft_do_chain()
301 switch (regs.verdict.code) { in nft_do_chain()
303 regs.verdict.code = NFT_CONTINUE; in nft_do_chain()
316 switch (regs.verdict.code & NF_VERDICT_MASK) { in nft_do_chain()
321 return regs.verdict.code; in nft_do_chain()
324 switch (regs.verdict.code) { in nft_do_chain()
[all …]
A Dnft_synproxy.c61 regs->verdict.code = NF_STOLEN; in nft_synproxy_eval_v4()
67 regs->verdict.code = NF_STOLEN; in nft_synproxy_eval_v4()
69 regs->verdict.code = NF_DROP; in nft_synproxy_eval_v4()
92 regs->verdict.code = NF_STOLEN; in nft_synproxy_eval_v6()
98 regs->verdict.code = NF_STOLEN; in nft_synproxy_eval_v6()
100 regs->verdict.code = NF_DROP; in nft_synproxy_eval_v6()
117 regs->verdict.code = NFT_BREAK; in nft_synproxy_do_eval()
122 regs->verdict.code = NF_DROP; in nft_synproxy_do_eval()
130 regs->verdict.code = NF_DROP; in nft_synproxy_do_eval()
135 regs->verdict.code = NF_DROP; in nft_synproxy_do_eval()
[all …]
A Dnf_tables_trace.c138 info->verdict->code == NFT_CONTINUE) in nf_trace_fill_rule_info()
156 switch (info->verdict->code) { in nft_trace_have_verdict_chain()
199 size += nla_total_size(strlen(info->verdict->chain->name)); /* jump target */ in nft_trace_notify()
235 if (nft_verdict_dump(skb, NFTA_TRACE_VERDICT, info->verdict)) in nft_trace_notify()
239 if (info->verdict->code == NF_STOLEN) in nft_trace_notify()
276 const struct nft_verdict *verdict, in nft_trace_init() argument
287 info->verdict = verdict; in nft_trace_init()
A Dnft_immediate.c74 struct nft_chain *chain = priv->data.verdict.chain; in nft_immediate_init()
76 switch (priv->data.verdict.code) { in nft_immediate_init()
129 switch (data->verdict.code) { in nft_immediate_destroy()
132 chain = data->verdict.chain; in nft_immediate_destroy()
179 switch (data->verdict.code) { in nft_immediate_validate()
183 err = nft_chain_validate(ctx, data->verdict.chain); in nft_immediate_validate()
205 switch (data->verdict.code) { in nft_immediate_offload_verdict()
A Dnft_socket.c33 regs->verdict.code = NFT_BREAK; in nft_socket_wildcard()
100 regs->verdict.code = NFT_BREAK; in nft_socket_eval()
112 regs->verdict.code = NFT_BREAK; in nft_socket_eval()
118 regs->verdict.code = NFT_BREAK; in nft_socket_eval()
126 regs->verdict.code = NFT_BREAK; in nft_socket_eval()
133 regs->verdict.code = NFT_BREAK; in nft_socket_eval()
A Dnft_tproxy.c35 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v4()
41 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v4()
80 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v4()
102 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v6()
109 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v6()
153 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v6()
182 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval()
A Dnfnetlink_queue.c231 if (verdict == NF_ACCEPT || in nfqnl_reinject()
232 verdict == NF_REPEAT || in nfqnl_reinject()
233 verdict == NF_STOP) { in nfqnl_reinject()
239 verdict = NF_DROP; in nfqnl_reinject()
1063 unsigned int verdict; in verdicthdr_get() local
1069 verdict = ntohl(vhdr->verdict) & NF_VERDICT_MASK; in verdicthdr_get()
1070 if (verdict > NF_MAX_VERDICT || verdict == NF_STOLEN) in verdicthdr_get()
1101 verdict = ntohl(vhdr->verdict); in nfqnl_recv_verdict_batch()
1203 unsigned int verdict; in nfqnl_recv_verdict() local
1215 verdict = ntohl(vhdr->verdict); in nfqnl_recv_verdict()
[all …]
A Dnft_xfrm.c127 regs->verdict.code = NFT_BREAK; in nft_xfrm_state_get_key()
156 regs->verdict.code = NFT_BREAK; in nft_xfrm_state_get_key()
167 regs->verdict.code = NFT_BREAK; in nft_xfrm_get_eval_in()
191 regs->verdict.code = NFT_BREAK; in nft_xfrm_get_eval_out()
209 regs->verdict.code = NFT_BREAK; in nft_xfrm_get_eval()
A Dnft_ct_fast.c19 regs->verdict.code = NFT_BREAK; in nft_ct_get_fast_eval()
51 regs->verdict.code = NFT_BREAK; in nft_ct_get_fast_eval()
A Dnft_osf.c32 regs->verdict.code = NFT_BREAK; in nft_osf_eval()
39 regs->verdict.code = NFT_BREAK; in nft_osf_eval()
43 regs->verdict.code = NFT_BREAK; in nft_osf_eval()
A Dnft_compat.c92 regs->verdict.code = NFT_CONTINUE; in nft_target_eval_xt()
95 regs->verdict.code = ret; in nft_target_eval_xt()
119 regs->verdict.code = NF_ACCEPT; in nft_target_eval_bridge()
122 regs->verdict.code = NF_DROP; in nft_target_eval_bridge()
125 regs->verdict.code = NFT_CONTINUE; in nft_target_eval_bridge()
128 regs->verdict.code = NFT_RETURN; in nft_target_eval_bridge()
131 regs->verdict.code = ret; in nft_target_eval_bridge()
384 regs->verdict.code = NF_DROP; in __nft_match_eval()
390 regs->verdict.code = NFT_CONTINUE; in __nft_match_eval()
393 regs->verdict.code = NFT_BREAK; in __nft_match_eval()
/linux-6.3-rc2/samples/bpf/
A Dtest_cgrp2_attach.c43 static int prog_load(int map_fd, int verdict) in prog_load() argument
71 BPF_MOV64_IMM(BPF_REG_0, verdict), /* r0 = verdict */ in prog_load()
92 static int attach_filter(int cg_fd, int type, int verdict) in attach_filter() argument
105 prog_fd = prog_load(map_fd, verdict); in attach_filter()
136 int detach_only = 0, verdict = 1; in main() local
143 verdict = 0; in main()
174 ret = attach_filter(cg_fd, type, verdict); in main()
/linux-6.3-rc2/tools/testing/selftests/netfilter/
A Dnf-queue.c24 uint32_t verdict; member
171 .verdict = htonl(verd), in nfq_build_verdict()
316 nlh = nfq_build_verdict(buf, id, opts.queue_num, opts.verdict); in mainloop()
347 opts.verdict = atoi(optarg); in parse_opts()
348 if (opts.verdict > 0xffff) { in parse_opts()
353 opts.verdict <<= 16; in parse_opts()
354 opts.verdict |= NF_QUEUE; in parse_opts()
375 if (opts.verdict != NF_ACCEPT && (opts.verdict >> 16 == opts.queue_num)) { in parse_opts()
385 opts.verdict = NF_ACCEPT; in main()
/linux-6.3-rc2/tools/testing/selftests/bpf/prog_tests/
A Dsockmap_basic.c109 int err, map, verdict; in test_skmsg_helpers() local
115 verdict = bpf_program__fd(skel->progs.prog_msg_verdict); in test_skmsg_helpers()
118 err = bpf_prog_attach(verdict, map, BPF_SK_MSG_VERDICT, 0); in test_skmsg_helpers()
122 err = bpf_prog_detach2(verdict, map, BPF_SK_MSG_VERDICT); in test_skmsg_helpers()
273 int err, map, verdict; in test_sockmap_skb_verdict_attach() local
279 verdict = bpf_program__fd(skel->progs.prog_skb_verdict); in test_sockmap_skb_verdict_attach()
282 err = bpf_prog_attach(verdict, map, first, 0); in test_sockmap_skb_verdict_attach()
286 err = bpf_prog_attach(verdict, map, second, 0); in test_sockmap_skb_verdict_attach()
289 err = bpf_prog_detach2(verdict, map, first); in test_sockmap_skb_verdict_attach()
A Dnetns_cookie.c16 int err, val, ret, map, verdict; in test_netns_cookie() local
35 verdict = bpf_program__fd(skel->progs.get_netns_cookie_sk_msg); in test_netns_cookie()
37 err = bpf_prog_attach(verdict, map, BPF_SK_MSG_VERDICT, 0); in test_netns_cookie()
A Dsockmap_listen.c1095 int verdict = bpf_program__fd(skel->progs.prog_msg_verdict); in test_msg_redir_to_connected() local
1106 xbpf_prog_detach2(verdict, sock_map, BPF_SK_MSG_VERDICT); in test_msg_redir_to_connected()
1197 int verdict = bpf_program__fd(skel->progs.prog_msg_verdict); in test_msg_redir_to_listening() local
1208 xbpf_prog_detach2(verdict, sock_map, BPF_SK_MSG_VERDICT); in test_msg_redir_to_listening()
1661 int verdict = bpf_program__fd(skel->progs.prog_skb_verdict); in unix_skb_redir_to_connected() local
1675 xbpf_prog_detach2(verdict, sock_map, BPF_SK_SKB_VERDICT); in unix_skb_redir_to_connected()
1829 int verdict = bpf_program__fd(skel->progs.prog_skb_verdict); in udp_skb_redir_to_connected() local
1843 xbpf_prog_detach2(verdict, sock_map, BPF_SK_SKB_VERDICT); in udp_skb_redir_to_connected()
1917 int verdict = bpf_program__fd(skel->progs.prog_skb_verdict); in inet_unix_skb_redir_to_connected() local
1937 xbpf_prog_detach2(verdict, sock_map, BPF_SK_SKB_VERDICT); in inet_unix_skb_redir_to_connected()
[all …]
/linux-6.3-rc2/Documentation/bpf/
A Dmap_sockmap.rst14 the result of a BPF (verdict) program with the help of the BPF helpers
29 and a verdict program. The parser program determines how much data has been
31 verdict program is essentially the redirect program and can return a verdict
39 parse or verdict program. If adding a sock object to a map would result
64 There are additional helpers available to use with the parser and verdict
67 bytes the given verdict should apply to. The helper ``bpf_msg_cork_bytes()``
68 handles a different case where a BPF program cannot reach a verdict on a msg
90 the message ``msg`` is allowed to pass (i.e., if the verdict BPF program
207 should apply a verdict.
221 For socket policies, prevent the execution of the verdict BPF program for
[all …]
/linux-6.3-rc2/net/netfilter/ipvs/
A Dip_vs_core.c901 verdict = NF_ACCEPT; in handle_response_icmp()
906 return verdict; in handle_response_icmp()
1374 return verdict; in ip_vs_out_hook()
1383 return verdict; in ip_vs_out_hook()
1724 verdict = NF_DROP; in ip_vs_in_icmp()
1785 verdict = NF_STOLEN; in ip_vs_in_icmp()
1802 return verdict; in ip_vs_in_icmp()
1882 verdict = NF_ACCEPT; in ip_vs_in_icmp_v6()
1903 return verdict; in ip_vs_in_icmp_v6()
1967 return verdict; in ip_vs_in_hook()
[all …]
/linux-6.3-rc2/net/ipv4/netfilter/
A Darp_tables.c189 unsigned int verdict = NF_DROP; in arpt_do_table() local
243 verdict = (unsigned int)(-v) - 1; in arpt_do_table()
258 verdict = NF_DROP; in arpt_do_table()
272 if (verdict == XT_CONTINUE) { in arpt_do_table()
287 return verdict; in arpt_do_table()
336 t->verdict < 0) || visited) { in mark_source_chains()
363 int newpos = t->verdict; in mark_source_chains()
440 unsigned int verdict; in check_underflow() local
447 verdict = ((struct xt_standard_target *)t)->verdict; in check_underflow()
448 verdict = -verdict - 1; in check_underflow()
[all …]
A Dip_tables.c174 t->verdict < 0) { in get_chainname_rulenum()
234 unsigned int verdict = NF_DROP; in ipt_do_table() local
334 verdict = NF_DROP; in ipt_do_table()
348 if (verdict == XT_CONTINUE) { in ipt_do_table()
363 else return verdict; in ipt_do_table()
401 t->verdict < 0) || visited) { in mark_source_chains()
427 int newpos = t->verdict; in mark_source_chains()
576 unsigned int verdict; in check_underflow() local
583 verdict = ((struct xt_standard_target *)t)->verdict; in check_underflow()
584 verdict = -verdict - 1; in check_underflow()
[all …]
/linux-6.3-rc2/net/ipv6/netfilter/
A Dip6_tables.c199 t->verdict < 0) { in get_chainname_rulenum()
257 unsigned int verdict = NF_DROP; in ip6t_do_table() local
355 verdict = NF_DROP; in ip6t_do_table()
369 if (verdict == XT_CONTINUE) in ip6t_do_table()
381 else return verdict; in ip6t_do_table()
419 t->verdict < 0) || visited) { in mark_source_chains()
445 int newpos = t->verdict; in mark_source_chains()
594 unsigned int verdict; in check_underflow() local
601 verdict = ((struct xt_standard_target *)t)->verdict; in check_underflow()
602 verdict = -verdict - 1; in check_underflow()
[all …]

Completed in 59 milliseconds

1234