Home
last modified time | relevance | path

Searched refs:nft (Results 1 – 25 of 27) sorted by relevance

12

/Linux-v6.6/tools/testing/selftests/netfilter/
Dnft_nat.sh21 nft --version > /dev/null 2>&1
86 ip netns exec $ns nft list counter inet filter $counter 1>&2
94 cnt=$(ip netns exec $ns nft list counter inet filter ns0in | grep -q "packets 1 bytes 84")
99 cnt=$(ip netns exec $ns nft list counter inet filter ns0out | grep -q "packets 1 bytes 84")
106 cnt=$(ip netns exec $ns nft list counter inet filter ns0in6 | grep -q "$expect")
111 cnt=$(ip netns exec $ns nft list counter inet filter ns0out6 | grep -q "$expect")
125 cnt=$(ip netns exec "$ns0" nft list counter inet filter ns0in | grep -q "packets 0 bytes 0")
131 cnt=$(ip netns exec "$ns0" nft list counter inet filter ns0in6 | grep -q "packets 0 bytes 0")
137 cnt=$(ip netns exec "$ns0" nft list counter inet filter ns0out | grep -q "packets 0 bytes 0")
142 cnt=$(ip netns exec "$ns0" nft list counter inet filter ns0out6 | grep -q "packets 0 bytes 0")
[all …]
Drpath.sh24 if nft --version >/dev/null 2>&1; then
25 nft='nft'
27 nft=''
30 if [ -z "$iptables$ip6tables$nft" ]; then
75 [ -n "$nft" ] && ip netns exec "$ns2" $nft -f - <<EOF
104 [ -n "$nft" ] || return 0
105 ip netns exec "$ns2" "$nft" list chain inet t c | \
118 if [ -n "$nft" ]; then
121 ip netns exec "$ns2" $nft -s list table inet t;
122 ) | ip netns exec "$ns2" $nft -f -
Dnft_trans_stress.sh42 nft --version > /dev/null 2>&1
90 ip netns exec "$testns" nft -f "$tmp"
91 for i in $(seq 1 10) ; do ip netns exec "$testns" nft -f "$tmp" & done
96 ip netns exec "$testns" nft delete table inet $table
106 (echo "flush ruleset"; cat "$tmp") | ip netns exec "$testns" nft -f /dev/stdin
120 ) | ip netns exec "$testns" nft -f /dev/stdin
127 ) | ip netns exec "$testns" nft -f /dev/stdin
141 (echo "flush ruleset"; cat "$tmp") | ip netns exec "$testns" nft -f /dev/stdin
Dnft_concat_range.sh482 eval "echo \"${set_template}\"" | nft -f -
980 nft reset counter inet filter test >/dev/null 2>&1
981 nft flush ruleset >/dev/null 2>&1
1114 if ! nft add element inet filter test "${1}"; then
1134 if ! nft add element netdev perf norange "${1}"; then
1143 if ! nft add element netdev perf noconcat "${1}"; then
1152 if ! nft delete element inet filter test "${1}"; then
1162 for token in $(nft list counter inet filter test); do
1171 for token in $(nft list counter netdev perf test); do
1228 nft reset counter inet filter test >/dev/null
[all …]
Dnft_flowtable.sh159 ip netns exec $nsr1 nft -f - <<EOF
191 ip netns exec $ns2 nft -f - <<EOF
251 local orig=$(ip netns exec $nsr1 nft reset counter inet filter routed_orig | grep packets)
252 local repl=$(ip netns exec $nsr1 nft reset counter inet filter routed_repl | grep packets)
283 local counter=$(ip netns exec $ns2 nft reset counter inet filter ip4dscp3 | grep packets)
288 local counter=$(ip netns exec $ns2 nft reset counter inet filter ip4dscp0 | grep packets)
406 ip netns exec $nsr1 nft -f - <<EOF
418 ip netns exec $nsr1 nft delete table netdev dscpmangle
423 ip netns exec $nsr1 nft -f - <<EOF
435 ip netns exec $nsr1 nft flush table netdev dscpmangle
[all …]
Dconntrack_vrf.sh50 nft --version > /dev/null 2>&1
108 ip netns exec $ns0 nft -f - <<EOF
143 ip netns exec $ns0 nft list ruleset
161 ip netns exec $ns0 nft -f - <<EOF
190 ip netns exec $ns0 nft list table ip nat |grep -q 'counter packets 2' &&
191 ip netns exec $ns0 nft list table ip nat |grep -q 'untracked counter packets [1-9]'
210 ip netns exec $ns0 nft -f - <<EOF
227 ip netns exec $ns0 nft list table ip nat |grep -q 'counter packets 2'
Dnft_fib.sh26 nft --version > /dev/null 2>&1
59 ip netns exec ${netns} nft -f /dev/stdin <<EOF
72 ip netns exec ${netns} nft -f /dev/stdin <<EOF
86 ip netns exec ${netns} nft -f /dev/stdin <<EOF
113 …line=$(ip netns exec ${ns} nft list table inet filter | grep 'fib saddr . iif' | grep $address | g…
118 ip netns exec ${ns} nft list table inet filter
204 ip netns exec ${nsrouter} nft flush table inet filter
238 ip netns exec ${ns1} nft flush ruleset
239 ip netns exec ${ns2} nft flush ruleset
240 ip netns exec ${nsrouter} nft flush ruleset
[all …]
Dnft_meta.sh10 if ! nft --version > /dev/null 2>&1; then
28 ip netns exec "$ns0" nft -f /dev/stdin <<EOF
94 if ! ip netns exec "$ns0" nft list counter inet filter $cname | grep -q "$want"; then
97 ip netns exec "$ns0" nft list counter inet filter $cname
134 ip netns exec "$ns0" nft reset counters > /dev/null
Dconntrack_tcp_unreplied.sh16 nft --version > /dev/null 2>&1
47 cnt=$(ip netns exec $ns2 nft list counter inet filter "$name" | grep -q "$expect")
50 ip netns exec $ns2 nft list counter inet filter "$name" 1>&2
91 ip netns exec $ns2 nft -f - <<EOF
117 ip netns exec $ns2 nft -f - <<EOF
Dnft_queue.sh31 nft --version > /dev/null 2>&1
94 ip netns exec ${nsrouter} nft -f /dev/stdin <<EOF
130 ip netns exec ${nsrouter} nft -f /dev/stdin <<EOF
187 ip netns exec ${nsrouter} nft -f /dev/stdin <<EOF
211 ip netns exec ${nsrouter} nft delete table $proto blackh
252 ip netns exec ${nsrouter} nft list ruleset
319 ip netns exec ${nsrouter} nft -f /dev/stdin <<EOF
368 ip netns exec ${ns1} nft -f /dev/stdin <<EOF
391 …ip netns exec ${ns1} nft list chain inet filter $n | grep -q "oifname \"$d\" icmp type echo-reques…
394 ip netns exec ${ns1} nft list ruleset
Dnft_audit.sh9 nft --version >/dev/null 2>&1 || {
40 nft flush ruleset
207 readarray -t handles < <(nft -a list chain t1 c1 | \
Dconntrack_icmp_related.sh21 nft --version > /dev/null 2>&1
55 cnt=$(ip netns exec $ns nft list counter inet filter "$name" | grep -q "$expect")
58 ip netns exec $ns nft list counter inet filter "$name" 1>&2
132 ip netns exec $netns nft -f - <<EOF
147 ip netns exec nsclient1 nft -f - <<EOF
167 ip netns exec nsclient2 nft -f - <<EOF
196 ip netns exec nsrouter1 nft -f - <<EOF
Dnft_nat_zones.sh63 nft --version > /dev/null 2>&1
161 ip netns exec $gw nft -f /dev/stdin<<EOF
244 ip netns exec $gw nft get element inet raw inicmp "{ 10.1.0.3 . \"veth$i\" . 10.3.0.99 }" 1>&2
249 ip netns exec $gw nft get element inet raw inicmp "{ 10.3.0.99 . \"veth0\" . 10.3.0.1 }" | grep -q …
253 ip netns exec $gw nft get element inet raw inicmp "{ 10.3.99 . \"veth0\" . 10.3.0.1 }" 1>&2
292 …ip netns exec $gw nft get element inet raw inflows "{ 10.1.0.3 . 10000 . \"veth$i\" . 10.3.0.99 . …
303 ip netns exec $gw nft get element inet raw inflows "{ 10.3.0.99 . 5201 . \"veth0\" . 10.3.0.1 . 100…
Dnft_zones_many.sh46 ip netns exec $ns nft -f /dev/stdin<<EOF
69 ) | ip netns exec $ns nft -f /dev/stdin
Dnft_synproxy.sh81 ip netns exec $nsr nft -f - <<EOF
112 ip netns exec $nsr nft list ruleset
Dnft_conntrack_helper.sh22 nft --version > /dev/null 2>&1
73 ip netns exec ${ns} nft -f - <<EOF
/Linux-v6.6/Documentation/networking/
Dtproxy.rst24 Alternatively you can do this in nft with the following commands::
26 # nft add table filter
27 # nft add chain filter divert "{ type filter hook prerouting priority -150; }"
28 # nft add rule filter divert meta l4proto tcp socket transparent 1 meta mark set 1 accept
72 Or the following rule to nft:
74 # nft add rule filter divert tcp dport 80 tproxy to :50080 meta mark set 1 accept
/Linux-v6.6/drivers/net/wireless/ath/ath9k/
Dcalib.c155 int16_t *nft) in ath9k_hw_get_nf_thresh() argument
159 *nft = (int8_t)ah->eep_ops->get_eeprom(ah, EEP_NFTHRESH_5); in ath9k_hw_get_nf_thresh()
162 *nft = (int8_t)ah->eep_ops->get_eeprom(ah, EEP_NFTHRESH_2); in ath9k_hw_get_nf_thresh()
/Linux-v6.6/drivers/net/ethernet/netronome/nfp/flower/
Dconntrack.c1365 zt->nft = NULL; in get_nfp_zone_entry()
1817 if (!zt->nft) { in nfp_fl_ct_handle_pre_ct()
1818 zt->nft = ct_act->ct.flow_table; in nfp_fl_ct_handle_pre_ct()
1819 err = nf_flow_table_offload_add_cb(zt->nft, nfp_fl_ct_handle_nft_flow, zt); in nfp_fl_ct_handle_pre_ct()
2180 if (!zt->nft) /* avoid deadlock */ in nfp_fl_ct_handle_nft_flow()
2213 struct nf_flowtable *nft; in nfp_fl_ct_del_flow() local
2232 if (!zt->pre_ct_count && zt->nft) { in nfp_fl_ct_del_flow()
2233 nft = zt->nft; in nfp_fl_ct_del_flow()
2234 zt->nft = NULL; /* avoid deadlock */ in nfp_fl_ct_del_flow()
2235 nf_flow_table_offload_del_cb(nft, in nfp_fl_ct_del_flow()
Dconntrack.h64 struct nf_flowtable *nft; member
Dmetadata.c650 if (zt->nft) { in nfp_zone_table_entry_destroy()
651 nf_flow_table_offload_del_cb(zt->nft, in nfp_zone_table_entry_destroy()
654 zt->nft = NULL; in nfp_zone_table_entry_destroy()
/Linux-v6.6/tools/testing/selftests/net/mptcp/
Dmptcp_connect.sh725 ip netns exec "$listener_ns" nft -f /dev/stdin <<"EOF"
753 ip netns exec "$listener_ns" nft flush ruleset
762 ip netns exec "$listener_ns" nft flush ruleset
778 ip netns exec "$listener_ns" nft flush ruleset
/Linux-v6.6/include/net/
Dnet_namespace.h150 struct netns_nftables nft; member
/Linux-v6.6/net/netfilter/
Dnf_tables_core.c262 bool genbit = READ_ONCE(net->nft.gencursor); in nft_do_chain()
/Linux-v6.6/include/net/netfilter/
Dnf_tables.h1451 return net->nft.gencursor + 1 == 1 ? 1 : 0; in nft_gencursor_next()
1462 return 1 << READ_ONCE(net->nft.gencursor); in nft_genmask_cur()

12