Home
last modified time | relevance | path

Searched refs:verdict (Results 1 – 25 of 60) sorted by relevance

123

/net/netfilter/
Dnf_queue.c236 unsigned int index, unsigned int verdict) in nf_queue() argument
240 ret = __nf_queue(skb, state, index, verdict >> NF_VERDICT_QBITS); in nf_queue()
243 (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS)) in nf_queue()
258 unsigned int verdict, i = *index; in nf_iterate() local
263 verdict = nf_hook_entry_hookfn(hook, skb, state); in nf_iterate()
264 if (verdict != NF_ACCEPT) { in nf_iterate()
266 if (verdict != NF_REPEAT) in nf_iterate()
267 return verdict; in nf_iterate()
297 void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) in nf_reinject() argument
322 if (verdict == NF_REPEAT) in nf_reinject()
[all …]
Dnf_tables_core.c45 const struct nft_verdict *verdict, in __nft_trace_packet() argument
55 nft_trace_notify(pkt, verdict, rule, info); in __nft_trace_packet()
59 struct nft_verdict *verdict, in nft_trace_packet() argument
66 __nft_trace_packet(pkt, verdict, rule, info, type); in nft_trace_packet()
94 regs->verdict.code = NFT_BREAK; in nft_cmp_fast_eval()
108 regs->verdict.code = NFT_BREAK; in nft_cmp16_fast_eval()
118 switch (regs->verdict.code) { in __nft_trace_verdict()
135 __nft_trace_packet(pkt, &regs->verdict, rule, info, type); in __nft_trace_verdict()
277 regs.verdict.code = NFT_CONTINUE; in nft_do_chain()
290 if (regs.verdict.code != NFT_CONTINUE) in nft_do_chain()
[all …]
Dnft_fwd_netdev.c37 regs->verdict.code = NF_STOLEN; in nft_fwd_netdev_eval()
101 unsigned int verdict = NF_STOLEN; in nft_fwd_neigh_eval() local
111 verdict = NFT_BREAK; in nft_fwd_neigh_eval()
115 verdict = NF_DROP; in nft_fwd_neigh_eval()
127 verdict = NFT_BREAK; in nft_fwd_neigh_eval()
131 verdict = NF_DROP; in nft_fwd_neigh_eval()
140 verdict = NFT_BREAK; in nft_fwd_neigh_eval()
152 regs->verdict.code = verdict; in nft_fwd_neigh_eval()
Dnft_immediate.c74 struct nft_chain *chain = priv->data.verdict.chain; in nft_immediate_init()
76 switch (priv->data.verdict.code) { in nft_immediate_init()
105 switch (data->verdict.code) { in nft_immediate_activate()
108 chain = data->verdict.chain; in nft_immediate_activate()
151 switch (data->verdict.code) { in nft_immediate_deactivate()
154 chain = data->verdict.chain; in nft_immediate_deactivate()
198 switch (data->verdict.code) { in nft_immediate_destroy()
201 chain = data->verdict.chain; in nft_immediate_destroy()
260 switch (data->verdict.code) { in nft_immediate_validate()
264 err = nft_chain_validate(ctx, data->verdict.chain); in nft_immediate_validate()
[all …]
Dnf_tables_trace.c127 const struct nft_verdict *verdict, in nf_trace_fill_rule_info() argument
140 verdict->code == NFT_CONTINUE) in nf_trace_fill_rule_info()
148 static bool nft_trace_have_verdict_chain(const struct nft_verdict *verdict, in nft_trace_have_verdict_chain() argument
159 switch (verdict->code) { in nft_trace_have_verdict_chain()
190 const struct nft_verdict *verdict, in nft_trace_notify() argument
225 if (nft_trace_have_verdict_chain(verdict, info)) in nft_trace_notify()
226 size += nla_total_size(strlen(verdict->chain->name)); /* jump target */ in nft_trace_notify()
253 if (nf_trace_fill_rule_info(skb, verdict, rule, info)) in nft_trace_notify()
262 if (nft_verdict_dump(skb, NFTA_TRACE_VERDICT, verdict)) in nft_trace_notify()
266 if (verdict->code == NF_STOLEN) in nft_trace_notify()
Dnft_synproxy.c61 regs->verdict.code = NF_STOLEN; in nft_synproxy_eval_v4()
67 regs->verdict.code = NF_STOLEN; in nft_synproxy_eval_v4()
69 regs->verdict.code = NF_DROP; in nft_synproxy_eval_v4()
92 regs->verdict.code = NF_STOLEN; in nft_synproxy_eval_v6()
98 regs->verdict.code = NF_STOLEN; in nft_synproxy_eval_v6()
100 regs->verdict.code = NF_DROP; in nft_synproxy_eval_v6()
117 regs->verdict.code = NFT_BREAK; in nft_synproxy_do_eval()
122 regs->verdict.code = NF_DROP; in nft_synproxy_do_eval()
130 regs->verdict.code = NF_DROP; in nft_synproxy_do_eval()
135 regs->verdict.code = NF_DROP; in nft_synproxy_do_eval()
[all …]
Dnft_tproxy.c35 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v4()
41 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v4()
80 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v4()
102 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v6()
109 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v6()
153 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v6()
182 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval()
Dnft_socket.c33 regs->verdict.code = NFT_BREAK; in nft_socket_wildcard()
100 regs->verdict.code = NFT_BREAK; in nft_socket_eval()
112 regs->verdict.code = NFT_BREAK; in nft_socket_eval()
118 regs->verdict.code = NFT_BREAK; in nft_socket_eval()
126 regs->verdict.code = NFT_BREAK; in nft_socket_eval()
133 regs->verdict.code = NFT_BREAK; in nft_socket_eval()
Dnfnetlink_queue.c230 static void nfqnl_reinject(struct nf_queue_entry *entry, unsigned int verdict) in nfqnl_reinject() argument
235 if (verdict == NF_ACCEPT || in nfqnl_reinject()
236 verdict == NF_REPEAT || in nfqnl_reinject()
237 verdict == NF_STOP) { in nfqnl_reinject()
243 verdict = NF_DROP; in nfqnl_reinject()
247 nf_reinject(entry, verdict); in nfqnl_reinject()
1117 unsigned int verdict; in verdicthdr_get() local
1123 verdict = ntohl(vhdr->verdict) & NF_VERDICT_MASK; in verdicthdr_get()
1124 if (verdict > NF_MAX_VERDICT || verdict == NF_STOLEN) in verdicthdr_get()
1143 unsigned int verdict, maxid; in nfqnl_recv_verdict_batch() local
[all …]
Dnft_xfrm.c127 regs->verdict.code = NFT_BREAK; in nft_xfrm_state_get_key()
156 regs->verdict.code = NFT_BREAK; in nft_xfrm_state_get_key()
167 regs->verdict.code = NFT_BREAK; in nft_xfrm_get_eval_in()
191 regs->verdict.code = NFT_BREAK; in nft_xfrm_get_eval_out()
209 regs->verdict.code = NFT_BREAK; in nft_xfrm_get_eval()
Dnft_compat.c92 regs->verdict.code = NFT_CONTINUE; in nft_target_eval_xt()
95 regs->verdict.code = ret; in nft_target_eval_xt()
119 regs->verdict.code = NF_ACCEPT; in nft_target_eval_bridge()
122 regs->verdict.code = NF_DROP; in nft_target_eval_bridge()
125 regs->verdict.code = NFT_CONTINUE; in nft_target_eval_bridge()
128 regs->verdict.code = NFT_RETURN; in nft_target_eval_bridge()
131 regs->verdict.code = ret; in nft_target_eval_bridge()
407 regs->verdict.code = NF_DROP; in __nft_match_eval()
413 regs->verdict.code = NFT_CONTINUE; in __nft_match_eval()
416 regs->verdict.code = NFT_BREAK; in __nft_match_eval()
Dnft_osf.c32 regs->verdict.code = NFT_BREAK; in nft_osf_eval()
39 regs->verdict.code = NFT_BREAK; in nft_osf_eval()
43 regs->verdict.code = NFT_BREAK; in nft_osf_eval()
Dnft_ct_fast.c34 regs->verdict.code = NFT_BREAK; in nft_ct_get_fast_eval()
57 regs->verdict.code = NFT_BREAK; in nft_ct_get_fast_eval()
Dnft_exthdr.c71 regs->verdict.code = NFT_BREAK; in nft_exthdr_ipv6_eval()
167 regs->verdict.code = NFT_BREAK; in nft_exthdr_ipv4_eval()
231 regs->verdict.code = NFT_BREAK; in nft_exthdr_tcp_eval()
311 regs->verdict.code = NFT_BREAK; in nft_exthdr_tcp_set_eval()
364 regs->verdict.code = NFT_BREAK; in nft_exthdr_tcp_strip_eval()
368 regs->verdict.code = NF_DROP; in nft_exthdr_tcp_strip_eval()
409 regs->verdict.code = NFT_BREAK; in nft_exthdr_sctp_eval()
Dnft_connlimit.c42 regs->verdict.code = NF_DROP; in nft_connlimit_do_eval()
47 regs->verdict.code = NF_DROP; in nft_connlimit_do_eval()
54 regs->verdict.code = NFT_BREAK; in nft_connlimit_do_eval()
Dnft_limit.c184 regs->verdict.code = NFT_BREAK; in nft_limit_pkts_eval()
256 regs->verdict.code = NFT_BREAK; in nft_limit_bytes_eval()
335 regs->verdict.code = NFT_BREAK; in nft_limit_obj_pkts_eval()
388 regs->verdict.code = NFT_BREAK; in nft_limit_obj_bytes_eval()
Dnft_range.c34 regs->verdict.code = NFT_BREAK; in nft_range_eval()
38 regs->verdict.code = NFT_BREAK; in nft_range_eval()
/net/netfilter/ipvs/
Dip_vs_core.c863 unsigned int verdict = NF_DROP; in handle_response_icmp() local
901 verdict = NF_ACCEPT; in handle_response_icmp()
906 return verdict; in handle_response_icmp()
1364 int verdict = ip_vs_out_icmp_v6(ipvs, skb, &related, in ip_vs_out_hook() local
1368 return verdict; in ip_vs_out_hook()
1374 int verdict = ip_vs_out_icmp(ipvs, skb, &related, hooknum); in ip_vs_out_hook() local
1377 return verdict; in ip_vs_out_hook()
1471 int *verdict, struct ip_vs_conn **cpp, in ip_vs_try_to_schedule() argument
1482 if (!pp->conn_schedule(ipvs, af, skb, pd, verdict, cpp, iph)) in ip_vs_try_to_schedule()
1496 *verdict = NF_ACCEPT; in ip_vs_try_to_schedule()
[all …]
Dip_vs_proto_udp.c33 int *verdict, struct ip_vs_conn **cpp, in udp_conn_schedule() argument
51 *verdict = NF_DROP; in udp_conn_schedule()
70 *verdict = NF_DROP; in udp_conn_schedule()
81 *verdict = ip_vs_leave(svc, skb, pd, iph); in udp_conn_schedule()
83 *verdict = NF_DROP; in udp_conn_schedule()
Dip_vs_proto_ah_esp.c105 int *verdict, struct ip_vs_conn **cpp, in ah_esp_conn_schedule() argument
111 *verdict = NF_ACCEPT; in ah_esp_conn_schedule()
/net/ipv4/netfilter/
Darp_tables.c189 unsigned int verdict = NF_DROP; in arpt_do_table() local
239 v = ((struct xt_standard_target *)t)->verdict; in arpt_do_table()
243 verdict = (unsigned int)(-v) - 1; in arpt_do_table()
258 verdict = NF_DROP; in arpt_do_table()
270 verdict = t->u.kernel.target->target(skb, &acpar); in arpt_do_table()
272 if (verdict == XT_CONTINUE) { in arpt_do_table()
287 return verdict; in arpt_do_table()
336 t->verdict < 0) || visited) { in mark_source_chains()
363 int newpos = t->verdict; in mark_source_chains()
440 unsigned int verdict; in check_underflow() local
[all …]
Dip_tables.c172 t->verdict < 0) { in get_chainname_rulenum()
232 unsigned int verdict = NF_DROP; in ipt_do_table() local
313 v = ((struct xt_standard_target *)t)->verdict; in ipt_do_table()
317 verdict = (unsigned int)(-v) - 1; in ipt_do_table()
332 verdict = NF_DROP; in ipt_do_table()
345 verdict = t->u.kernel.target->target(skb, &acpar); in ipt_do_table()
346 if (verdict == XT_CONTINUE) { in ipt_do_table()
361 else return verdict; in ipt_do_table()
399 t->verdict < 0) || visited) { in mark_source_chains()
425 int newpos = t->verdict; in mark_source_chains()
[all …]
/net/ipv6/netfilter/
Dip6_tables.c197 t->verdict < 0) { in get_chainname_rulenum()
255 unsigned int verdict = NF_DROP; in ip6t_do_table() local
336 v = ((struct xt_standard_target *)t)->verdict; in ip6t_do_table()
340 verdict = (unsigned int)(-v) - 1; in ip6t_do_table()
353 verdict = NF_DROP; in ip6t_do_table()
366 verdict = t->u.kernel.target->target(skb, &acpar); in ip6t_do_table()
367 if (verdict == XT_CONTINUE) in ip6t_do_table()
379 else return verdict; in ip6t_do_table()
417 t->verdict < 0) || visited) { in mark_source_chains()
443 int newpos = t->verdict; in mark_source_chains()
[all …]
/net/bridge/
Dbr_input.c258 unsigned int verdict, i; in nf_hook_bridge_pre() local
277 verdict = nf_hook_entry_hookfn(&e->hooks[i], skb, &state); in nf_hook_bridge_pre()
278 switch (verdict & NF_VERDICT_MASK) { in nf_hook_bridge_pre()
289 ret = nf_queue(skb, &state, i, verdict); in nf_hook_bridge_pre()
/net/bridge/netfilter/
Debtables.c201 int verdict, sp = 0; in ebt_do_table() local
247 verdict = ((struct ebt_standard_target *)t)->verdict; in ebt_do_table()
251 verdict = t->u.target->target(skb, &acpar); in ebt_do_table()
253 if (verdict == EBT_ACCEPT) { in ebt_do_table()
257 if (verdict == EBT_DROP) { in ebt_do_table()
261 if (verdict == EBT_RETURN) { in ebt_do_table()
278 if (verdict == EBT_CONTINUE) in ebt_do_table()
281 if (WARN(verdict < 0, "bogus standard verdict\n")) { in ebt_do_table()
291 chaininfo = (struct ebt_entries *) (base + verdict); in ebt_do_table()
768 if (((struct ebt_standard_target *)t)->verdict < in ebt_check_entry()
[all …]

123