Home
last modified time | relevance | path

Searched refs:verdict (Results 1 – 25 of 83) sorted by relevance

1234

/Linux-v5.10/tools/testing/selftests/bpf/progs/
Dtest_sockmap_listen.c44 int verdict; in prog_skb_verdict() local
47 verdict = bpf_sk_redirect_map(skb, &sock_map, zero, 0); in prog_skb_verdict()
49 verdict = bpf_sk_redirect_hash(skb, &sock_hash, &zero, 0); in prog_skb_verdict()
51 count = bpf_map_lookup_elem(&verdict_map, &verdict); in prog_skb_verdict()
55 return verdict; in prog_skb_verdict()
63 int verdict; in prog_msg_verdict() local
66 verdict = bpf_msg_redirect_map(msg, &sock_map, zero, 0); in prog_msg_verdict()
68 verdict = bpf_msg_redirect_hash(msg, &sock_hash, &zero, 0); in prog_msg_verdict()
70 count = bpf_map_lookup_elem(&verdict_map, &verdict); in prog_msg_verdict()
74 return verdict; in prog_msg_verdict()
[all …]
Dtest_skmsg_load_helpers.c31 int verdict = SK_PASS; in prog_msg_verdict() local
42 verdict = SK_DROP; in prog_msg_verdict()
44 return verdict; in prog_msg_verdict()
/Linux-v5.10/net/netfilter/
Dnf_queue.c221 unsigned int index, unsigned int verdict) in nf_queue() argument
225 ret = __nf_queue(skb, state, index, verdict >> NF_VERDICT_QBITS); in nf_queue()
228 (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS)) in nf_queue()
243 unsigned int verdict, i = *index; in nf_iterate() local
248 verdict = nf_hook_entry_hookfn(hook, skb, state); in nf_iterate()
249 if (verdict != NF_ACCEPT) { in nf_iterate()
251 if (verdict != NF_REPEAT) in nf_iterate()
252 return verdict; in nf_iterate()
282 void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) in nf_reinject() argument
307 if (verdict == NF_REPEAT) in nf_reinject()
[all …]
Dnft_fwd_netdev.c35 regs->verdict.code = NF_STOLEN; in nft_fwd_netdev_eval()
93 unsigned int verdict = NF_STOLEN; in nft_fwd_neigh_eval() local
103 verdict = NFT_BREAK; in nft_fwd_neigh_eval()
107 verdict = NF_DROP; in nft_fwd_neigh_eval()
119 verdict = NFT_BREAK; in nft_fwd_neigh_eval()
123 verdict = NF_DROP; in nft_fwd_neigh_eval()
132 verdict = NFT_BREAK; in nft_fwd_neigh_eval()
144 regs->verdict.code = verdict; in nft_fwd_neigh_eval()
Dnf_tables_core.c67 regs->verdict.code = NFT_BREAK; in nft_cmp_fast_eval()
173 nft_trace_init(&info, pkt, &regs.verdict, basechain); in nft_do_chain()
182 regs.verdict.code = NFT_CONTINUE; in nft_do_chain()
194 if (regs.verdict.code != NFT_CONTINUE) in nft_do_chain()
198 switch (regs.verdict.code) { in nft_do_chain()
200 regs.verdict.code = NFT_CONTINUE; in nft_do_chain()
210 switch (regs.verdict.code & NF_VERDICT_MASK) { in nft_do_chain()
217 return regs.verdict.code; in nft_do_chain()
220 switch (regs.verdict.code) { in nft_do_chain()
232 chain = regs.verdict.chain; in nft_do_chain()
Dnft_socket.c31 regs->verdict.code = NFT_BREAK; in nft_socket_wildcard()
60 regs->verdict.code = NFT_BREAK; in nft_socket_eval()
65 regs->verdict.code = NFT_BREAK; in nft_socket_eval()
77 regs->verdict.code = NFT_BREAK; in nft_socket_eval()
83 regs->verdict.code = NFT_BREAK; in nft_socket_eval()
90 regs->verdict.code = NFT_BREAK; in nft_socket_eval()
Dnft_immediate.c58 struct nft_chain *chain = priv->data.verdict.chain; in nft_immediate_init()
60 switch (priv->data.verdict.code) { in nft_immediate_init()
113 switch (data->verdict.code) { in nft_immediate_destroy()
116 chain = data->verdict.chain; in nft_immediate_destroy()
162 switch (data->verdict.code) { in nft_immediate_validate()
166 err = nft_chain_validate(ctx, data->verdict.chain); in nft_immediate_validate()
188 switch (data->verdict.code) { in nft_immediate_offload_verdict()
Dnft_synproxy.c61 regs->verdict.code = NF_STOLEN; in nft_synproxy_eval_v4()
67 regs->verdict.code = NF_STOLEN; in nft_synproxy_eval_v4()
69 regs->verdict.code = NF_DROP; in nft_synproxy_eval_v4()
92 regs->verdict.code = NF_STOLEN; in nft_synproxy_eval_v6()
98 regs->verdict.code = NF_STOLEN; in nft_synproxy_eval_v6()
100 regs->verdict.code = NF_DROP; in nft_synproxy_eval_v6()
117 regs->verdict.code = NFT_BREAK; in nft_synproxy_do_eval()
122 regs->verdict.code = NF_DROP; in nft_synproxy_do_eval()
130 regs->verdict.code = NF_DROP; in nft_synproxy_do_eval()
135 regs->verdict.code = NF_DROP; in nft_synproxy_do_eval()
[all …]
Dnf_tables_trace.c154 info->verdict->code == NFT_CONTINUE) in nf_trace_fill_rule_info()
172 switch (info->verdict->code) { in nft_trace_have_verdict_chain()
215 size += nla_total_size(strlen(info->verdict->chain->name)); /* jump target */ in nft_trace_notify()
255 if (nft_verdict_dump(skb, NFTA_TRACE_VERDICT, info->verdict)) in nft_trace_notify()
288 const struct nft_verdict *verdict, in nft_trace_init() argument
295 info->verdict = verdict; in nft_trace_init()
Dnft_xfrm.c126 regs->verdict.code = NFT_BREAK; in nft_xfrm_state_get_key()
155 regs->verdict.code = NFT_BREAK; in nft_xfrm_state_get_key()
166 regs->verdict.code = NFT_BREAK; in nft_xfrm_get_eval_in()
190 regs->verdict.code = NFT_BREAK; in nft_xfrm_get_eval_out()
208 regs->verdict.code = NFT_BREAK; in nft_xfrm_get_eval()
Dnft_tproxy.c35 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v4()
74 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v4()
95 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v6()
102 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v6()
146 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v6()
175 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval()
Dnfnetlink_queue.c226 static void nfqnl_reinject(struct nf_queue_entry *entry, unsigned int verdict) in nfqnl_reinject() argument
231 if (verdict == NF_ACCEPT || in nfqnl_reinject()
232 verdict == NF_REPEAT || in nfqnl_reinject()
233 verdict == NF_STOP) { in nfqnl_reinject()
239 verdict = NF_DROP; in nfqnl_reinject()
243 nf_reinject(entry, verdict); in nfqnl_reinject()
1034 unsigned int verdict; in verdicthdr_get() local
1040 verdict = ntohl(vhdr->verdict) & NF_VERDICT_MASK; in verdicthdr_get()
1041 if (verdict > NF_MAX_VERDICT || verdict == NF_STOLEN) in verdicthdr_get()
1059 unsigned int verdict, maxid; in nfqnl_recv_verdict_batch() local
[all …]
Dnft_compat.c85 regs->verdict.code = NFT_CONTINUE; in nft_target_eval_xt()
88 regs->verdict.code = ret; in nft_target_eval_xt()
111 regs->verdict.code = NF_ACCEPT; in nft_target_eval_bridge()
114 regs->verdict.code = NF_DROP; in nft_target_eval_bridge()
117 regs->verdict.code = NFT_CONTINUE; in nft_target_eval_bridge()
120 regs->verdict.code = NFT_RETURN; in nft_target_eval_bridge()
123 regs->verdict.code = ret; in nft_target_eval_bridge()
360 regs->verdict.code = NF_DROP; in __nft_match_eval()
366 regs->verdict.code = NFT_CONTINUE; in __nft_match_eval()
369 regs->verdict.code = NFT_BREAK; in __nft_match_eval()
Dnft_limit.c136 regs->verdict.code = NFT_BREAK; in nft_limit_pkts_eval()
186 regs->verdict.code = NFT_BREAK; in nft_limit_bytes_eval()
246 regs->verdict.code = NFT_BREAK; in nft_limit_obj_pkts_eval()
290 regs->verdict.code = NFT_BREAK; in nft_limit_obj_bytes_eval()
/Linux-v5.10/samples/bpf/
Dtest_cgrp2_attach.c42 static int prog_load(int map_fd, int verdict) in prog_load() argument
69 BPF_MOV64_IMM(BPF_REG_0, verdict), /* r0 = verdict */ in prog_load()
87 static int attach_filter(int cg_fd, int type, int verdict) in attach_filter() argument
100 prog_fd = prog_load(map_fd, verdict); in attach_filter()
131 int detach_only = 0, verdict = 1; in main() local
138 verdict = 0; in main()
169 ret = attach_filter(cg_fd, type, verdict); in main()
/Linux-v5.10/tools/testing/selftests/netfilter/
Dnf-queue.c24 uint32_t verdict; member
171 .verdict = htonl(verd), in nfq_build_verdict()
316 nlh = nfq_build_verdict(buf, id, opts.queue_num, opts.verdict); in mainloop()
347 opts.verdict = atoi(optarg); in parse_opts()
348 if (opts.verdict > 0xffff) { in parse_opts()
353 opts.verdict <<= 16; in parse_opts()
354 opts.verdict |= NF_QUEUE; in parse_opts()
375 if (opts.verdict != NF_ACCEPT && (opts.verdict >> 16 == opts.queue_num)) { in parse_opts()
385 opts.verdict = NF_ACCEPT; in main()
/Linux-v5.10/net/ipv4/netfilter/
Darp_tables.c188 unsigned int verdict = NF_DROP; in arpt_do_table() local
238 v = ((struct xt_standard_target *)t)->verdict; in arpt_do_table()
242 verdict = (unsigned int)(-v) - 1; in arpt_do_table()
257 verdict = NF_DROP; in arpt_do_table()
269 verdict = t->u.kernel.target->target(skb, &acpar); in arpt_do_table()
271 if (verdict == XT_CONTINUE) { in arpt_do_table()
286 return verdict; in arpt_do_table()
335 t->verdict < 0) || visited) { in mark_source_chains()
362 int newpos = t->verdict; in mark_source_chains()
439 unsigned int verdict; in check_underflow() local
[all …]
Dip_tables.c174 t->verdict < 0) { in get_chainname_rulenum()
233 unsigned int verdict = NF_DROP; in ipt_do_table() local
314 v = ((struct xt_standard_target *)t)->verdict; in ipt_do_table()
318 verdict = (unsigned int)(-v) - 1; in ipt_do_table()
333 verdict = NF_DROP; in ipt_do_table()
346 verdict = t->u.kernel.target->target(skb, &acpar); in ipt_do_table()
347 if (verdict == XT_CONTINUE) { in ipt_do_table()
362 else return verdict; in ipt_do_table()
400 t->verdict < 0) || visited) { in mark_source_chains()
426 int newpos = t->verdict; in mark_source_chains()
[all …]
/Linux-v5.10/net/netfilter/ipvs/
Dip_vs_core.c875 unsigned int verdict = NF_DROP; in handle_response_icmp() local
913 verdict = NF_ACCEPT; in handle_response_icmp()
918 return verdict; in handle_response_icmp()
1379 int verdict = ip_vs_out_icmp_v6(ipvs, skb, &related, in ip_vs_out() local
1383 return verdict; in ip_vs_out()
1389 int verdict = ip_vs_out_icmp(ipvs, skb, &related, hooknum); in ip_vs_out() local
1392 return verdict; in ip_vs_out()
1536 int *verdict, struct ip_vs_conn **cpp, in ip_vs_try_to_schedule() argument
1547 if (!pp->conn_schedule(ipvs, af, skb, pd, verdict, cpp, iph)) in ip_vs_try_to_schedule()
1561 *verdict = NF_ACCEPT; in ip_vs_try_to_schedule()
[all …]
Dip_vs_proto_udp.c33 int *verdict, struct ip_vs_conn **cpp, in udp_conn_schedule() argument
51 *verdict = NF_DROP; in udp_conn_schedule()
70 *verdict = NF_DROP; in udp_conn_schedule()
81 *verdict = ip_vs_leave(svc, skb, pd, iph); in udp_conn_schedule()
83 *verdict = NF_DROP; in udp_conn_schedule()
Dip_vs_proto_ah_esp.c105 int *verdict, struct ip_vs_conn **cpp, in ah_esp_conn_schedule() argument
111 *verdict = NF_ACCEPT; in ah_esp_conn_schedule()
/Linux-v5.10/tools/testing/selftests/bpf/prog_tests/
Dsockmap_basic.c112 int err, map, verdict; in test_skmsg_helpers() local
120 verdict = bpf_program__fd(skel->progs.prog_msg_verdict); in test_skmsg_helpers()
123 err = bpf_prog_attach(verdict, map, BPF_SK_MSG_VERDICT, 0); in test_skmsg_helpers()
129 err = bpf_prog_detach2(verdict, map, BPF_SK_MSG_VERDICT); in test_skmsg_helpers()
Dcgroup_attach_override.c13 static int prog_load(int verdict) in prog_load() argument
16 BPF_MOV64_IMM(BPF_REG_0, verdict), /* r0 = verdict */ in prog_load()
/Linux-v5.10/net/bridge/
Dbr_input.c209 unsigned int verdict, i; in nf_hook_bridge_pre() local
228 verdict = nf_hook_entry_hookfn(&e->hooks[i], skb, &state); in nf_hook_bridge_pre()
229 switch (verdict & NF_VERDICT_MASK) { in nf_hook_bridge_pre()
240 ret = nf_queue(skb, &state, i, verdict); in nf_hook_bridge_pre()
/Linux-v5.10/net/ipv6/netfilter/
Dip6_tables.c199 t->verdict < 0) { in get_chainname_rulenum()
257 unsigned int verdict = NF_DROP; in ip6t_do_table() local
337 v = ((struct xt_standard_target *)t)->verdict; in ip6t_do_table()
341 verdict = (unsigned int)(-v) - 1; in ip6t_do_table()
354 verdict = NF_DROP; in ip6t_do_table()
367 verdict = t->u.kernel.target->target(skb, &acpar); in ip6t_do_table()
368 if (verdict == XT_CONTINUE) in ip6t_do_table()
380 else return verdict; in ip6t_do_table()
418 t->verdict < 0) || visited) { in mark_source_chains()
444 int newpos = t->verdict; in mark_source_chains()
[all …]

1234