/net/netfilter/ |
D | nf_queue.c | 236 unsigned int index, unsigned int verdict) in nf_queue() argument 240 ret = __nf_queue(skb, state, index, verdict >> NF_VERDICT_QBITS); in nf_queue() 243 (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS)) in nf_queue() 258 unsigned int verdict, i = *index; in nf_iterate() local 263 verdict = nf_hook_entry_hookfn(hook, skb, state); in nf_iterate() 264 if (verdict != NF_ACCEPT) { in nf_iterate() 266 if (verdict != NF_REPEAT) in nf_iterate() 267 return verdict; in nf_iterate() 297 void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) in nf_reinject() argument 322 if (verdict == NF_REPEAT) in nf_reinject() [all …]
|
D | nf_tables_core.c | 45 const struct nft_verdict *verdict, in __nft_trace_packet() argument 55 nft_trace_notify(pkt, verdict, rule, info); in __nft_trace_packet() 59 struct nft_verdict *verdict, in nft_trace_packet() argument 66 __nft_trace_packet(pkt, verdict, rule, info, type); in nft_trace_packet() 94 regs->verdict.code = NFT_BREAK; in nft_cmp_fast_eval() 108 regs->verdict.code = NFT_BREAK; in nft_cmp16_fast_eval() 118 switch (regs->verdict.code) { in __nft_trace_verdict() 135 __nft_trace_packet(pkt, ®s->verdict, rule, info, type); in __nft_trace_verdict() 277 regs.verdict.code = NFT_CONTINUE; in nft_do_chain() 290 if (regs.verdict.code != NFT_CONTINUE) in nft_do_chain() [all …]
|
D | nft_fwd_netdev.c | 37 regs->verdict.code = NF_STOLEN; in nft_fwd_netdev_eval() 101 unsigned int verdict = NF_STOLEN; in nft_fwd_neigh_eval() local 111 verdict = NFT_BREAK; in nft_fwd_neigh_eval() 115 verdict = NF_DROP; in nft_fwd_neigh_eval() 127 verdict = NFT_BREAK; in nft_fwd_neigh_eval() 131 verdict = NF_DROP; in nft_fwd_neigh_eval() 140 verdict = NFT_BREAK; in nft_fwd_neigh_eval() 152 regs->verdict.code = verdict; in nft_fwd_neigh_eval()
|
D | nft_immediate.c | 74 struct nft_chain *chain = priv->data.verdict.chain; in nft_immediate_init() 76 switch (priv->data.verdict.code) { in nft_immediate_init() 105 switch (data->verdict.code) { in nft_immediate_activate() 108 chain = data->verdict.chain; in nft_immediate_activate() 151 switch (data->verdict.code) { in nft_immediate_deactivate() 154 chain = data->verdict.chain; in nft_immediate_deactivate() 198 switch (data->verdict.code) { in nft_immediate_destroy() 201 chain = data->verdict.chain; in nft_immediate_destroy() 260 switch (data->verdict.code) { in nft_immediate_validate() 264 err = nft_chain_validate(ctx, data->verdict.chain); in nft_immediate_validate() [all …]
|
D | nf_tables_trace.c | 127 const struct nft_verdict *verdict, in nf_trace_fill_rule_info() argument 140 verdict->code == NFT_CONTINUE) in nf_trace_fill_rule_info() 148 static bool nft_trace_have_verdict_chain(const struct nft_verdict *verdict, in nft_trace_have_verdict_chain() argument 159 switch (verdict->code) { in nft_trace_have_verdict_chain() 190 const struct nft_verdict *verdict, in nft_trace_notify() argument 225 if (nft_trace_have_verdict_chain(verdict, info)) in nft_trace_notify() 226 size += nla_total_size(strlen(verdict->chain->name)); /* jump target */ in nft_trace_notify() 253 if (nf_trace_fill_rule_info(skb, verdict, rule, info)) in nft_trace_notify() 262 if (nft_verdict_dump(skb, NFTA_TRACE_VERDICT, verdict)) in nft_trace_notify() 266 if (verdict->code == NF_STOLEN) in nft_trace_notify()
|
D | nft_synproxy.c | 61 regs->verdict.code = NF_STOLEN; in nft_synproxy_eval_v4() 67 regs->verdict.code = NF_STOLEN; in nft_synproxy_eval_v4() 69 regs->verdict.code = NF_DROP; in nft_synproxy_eval_v4() 92 regs->verdict.code = NF_STOLEN; in nft_synproxy_eval_v6() 98 regs->verdict.code = NF_STOLEN; in nft_synproxy_eval_v6() 100 regs->verdict.code = NF_DROP; in nft_synproxy_eval_v6() 117 regs->verdict.code = NFT_BREAK; in nft_synproxy_do_eval() 122 regs->verdict.code = NF_DROP; in nft_synproxy_do_eval() 130 regs->verdict.code = NF_DROP; in nft_synproxy_do_eval() 135 regs->verdict.code = NF_DROP; in nft_synproxy_do_eval() [all …]
|
D | nft_tproxy.c | 35 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v4() 41 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v4() 80 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v4() 102 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v6() 109 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v6() 153 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v6() 182 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval()
|
D | nft_socket.c | 33 regs->verdict.code = NFT_BREAK; in nft_socket_wildcard() 100 regs->verdict.code = NFT_BREAK; in nft_socket_eval() 112 regs->verdict.code = NFT_BREAK; in nft_socket_eval() 118 regs->verdict.code = NFT_BREAK; in nft_socket_eval() 126 regs->verdict.code = NFT_BREAK; in nft_socket_eval() 133 regs->verdict.code = NFT_BREAK; in nft_socket_eval()
|
D | nfnetlink_queue.c | 230 static void nfqnl_reinject(struct nf_queue_entry *entry, unsigned int verdict) in nfqnl_reinject() argument 235 if (verdict == NF_ACCEPT || in nfqnl_reinject() 236 verdict == NF_REPEAT || in nfqnl_reinject() 237 verdict == NF_STOP) { in nfqnl_reinject() 243 verdict = NF_DROP; in nfqnl_reinject() 247 nf_reinject(entry, verdict); in nfqnl_reinject() 1117 unsigned int verdict; in verdicthdr_get() local 1123 verdict = ntohl(vhdr->verdict) & NF_VERDICT_MASK; in verdicthdr_get() 1124 if (verdict > NF_MAX_VERDICT || verdict == NF_STOLEN) in verdicthdr_get() 1143 unsigned int verdict, maxid; in nfqnl_recv_verdict_batch() local [all …]
|
D | nft_xfrm.c | 127 regs->verdict.code = NFT_BREAK; in nft_xfrm_state_get_key() 156 regs->verdict.code = NFT_BREAK; in nft_xfrm_state_get_key() 167 regs->verdict.code = NFT_BREAK; in nft_xfrm_get_eval_in() 191 regs->verdict.code = NFT_BREAK; in nft_xfrm_get_eval_out() 209 regs->verdict.code = NFT_BREAK; in nft_xfrm_get_eval()
|
D | nft_compat.c | 92 regs->verdict.code = NFT_CONTINUE; in nft_target_eval_xt() 95 regs->verdict.code = ret; in nft_target_eval_xt() 119 regs->verdict.code = NF_ACCEPT; in nft_target_eval_bridge() 122 regs->verdict.code = NF_DROP; in nft_target_eval_bridge() 125 regs->verdict.code = NFT_CONTINUE; in nft_target_eval_bridge() 128 regs->verdict.code = NFT_RETURN; in nft_target_eval_bridge() 131 regs->verdict.code = ret; in nft_target_eval_bridge() 407 regs->verdict.code = NF_DROP; in __nft_match_eval() 413 regs->verdict.code = NFT_CONTINUE; in __nft_match_eval() 416 regs->verdict.code = NFT_BREAK; in __nft_match_eval()
|
D | nft_osf.c | 32 regs->verdict.code = NFT_BREAK; in nft_osf_eval() 39 regs->verdict.code = NFT_BREAK; in nft_osf_eval() 43 regs->verdict.code = NFT_BREAK; in nft_osf_eval()
|
D | nft_ct_fast.c | 34 regs->verdict.code = NFT_BREAK; in nft_ct_get_fast_eval() 57 regs->verdict.code = NFT_BREAK; in nft_ct_get_fast_eval()
|
D | nft_exthdr.c | 71 regs->verdict.code = NFT_BREAK; in nft_exthdr_ipv6_eval() 167 regs->verdict.code = NFT_BREAK; in nft_exthdr_ipv4_eval() 231 regs->verdict.code = NFT_BREAK; in nft_exthdr_tcp_eval() 311 regs->verdict.code = NFT_BREAK; in nft_exthdr_tcp_set_eval() 364 regs->verdict.code = NFT_BREAK; in nft_exthdr_tcp_strip_eval() 368 regs->verdict.code = NF_DROP; in nft_exthdr_tcp_strip_eval() 409 regs->verdict.code = NFT_BREAK; in nft_exthdr_sctp_eval()
|
D | nft_connlimit.c | 42 regs->verdict.code = NF_DROP; in nft_connlimit_do_eval() 47 regs->verdict.code = NF_DROP; in nft_connlimit_do_eval() 54 regs->verdict.code = NFT_BREAK; in nft_connlimit_do_eval()
|
D | nft_limit.c | 184 regs->verdict.code = NFT_BREAK; in nft_limit_pkts_eval() 256 regs->verdict.code = NFT_BREAK; in nft_limit_bytes_eval() 335 regs->verdict.code = NFT_BREAK; in nft_limit_obj_pkts_eval() 388 regs->verdict.code = NFT_BREAK; in nft_limit_obj_bytes_eval()
|
D | nft_range.c | 34 regs->verdict.code = NFT_BREAK; in nft_range_eval() 38 regs->verdict.code = NFT_BREAK; in nft_range_eval()
|
/net/netfilter/ipvs/ |
D | ip_vs_core.c | 863 unsigned int verdict = NF_DROP; in handle_response_icmp() local 901 verdict = NF_ACCEPT; in handle_response_icmp() 906 return verdict; in handle_response_icmp() 1364 int verdict = ip_vs_out_icmp_v6(ipvs, skb, &related, in ip_vs_out_hook() local 1368 return verdict; in ip_vs_out_hook() 1374 int verdict = ip_vs_out_icmp(ipvs, skb, &related, hooknum); in ip_vs_out_hook() local 1377 return verdict; in ip_vs_out_hook() 1471 int *verdict, struct ip_vs_conn **cpp, in ip_vs_try_to_schedule() argument 1482 if (!pp->conn_schedule(ipvs, af, skb, pd, verdict, cpp, iph)) in ip_vs_try_to_schedule() 1496 *verdict = NF_ACCEPT; in ip_vs_try_to_schedule() [all …]
|
D | ip_vs_proto_udp.c | 33 int *verdict, struct ip_vs_conn **cpp, in udp_conn_schedule() argument 51 *verdict = NF_DROP; in udp_conn_schedule() 70 *verdict = NF_DROP; in udp_conn_schedule() 81 *verdict = ip_vs_leave(svc, skb, pd, iph); in udp_conn_schedule() 83 *verdict = NF_DROP; in udp_conn_schedule()
|
D | ip_vs_proto_ah_esp.c | 105 int *verdict, struct ip_vs_conn **cpp, in ah_esp_conn_schedule() argument 111 *verdict = NF_ACCEPT; in ah_esp_conn_schedule()
|
/net/ipv4/netfilter/ |
D | arp_tables.c | 189 unsigned int verdict = NF_DROP; in arpt_do_table() local 239 v = ((struct xt_standard_target *)t)->verdict; in arpt_do_table() 243 verdict = (unsigned int)(-v) - 1; in arpt_do_table() 258 verdict = NF_DROP; in arpt_do_table() 270 verdict = t->u.kernel.target->target(skb, &acpar); in arpt_do_table() 272 if (verdict == XT_CONTINUE) { in arpt_do_table() 287 return verdict; in arpt_do_table() 336 t->verdict < 0) || visited) { in mark_source_chains() 363 int newpos = t->verdict; in mark_source_chains() 440 unsigned int verdict; in check_underflow() local [all …]
|
D | ip_tables.c | 172 t->verdict < 0) { in get_chainname_rulenum() 232 unsigned int verdict = NF_DROP; in ipt_do_table() local 313 v = ((struct xt_standard_target *)t)->verdict; in ipt_do_table() 317 verdict = (unsigned int)(-v) - 1; in ipt_do_table() 332 verdict = NF_DROP; in ipt_do_table() 345 verdict = t->u.kernel.target->target(skb, &acpar); in ipt_do_table() 346 if (verdict == XT_CONTINUE) { in ipt_do_table() 361 else return verdict; in ipt_do_table() 399 t->verdict < 0) || visited) { in mark_source_chains() 425 int newpos = t->verdict; in mark_source_chains() [all …]
|
/net/ipv6/netfilter/ |
D | ip6_tables.c | 197 t->verdict < 0) { in get_chainname_rulenum() 255 unsigned int verdict = NF_DROP; in ip6t_do_table() local 336 v = ((struct xt_standard_target *)t)->verdict; in ip6t_do_table() 340 verdict = (unsigned int)(-v) - 1; in ip6t_do_table() 353 verdict = NF_DROP; in ip6t_do_table() 366 verdict = t->u.kernel.target->target(skb, &acpar); in ip6t_do_table() 367 if (verdict == XT_CONTINUE) in ip6t_do_table() 379 else return verdict; in ip6t_do_table() 417 t->verdict < 0) || visited) { in mark_source_chains() 443 int newpos = t->verdict; in mark_source_chains() [all …]
|
/net/bridge/ |
D | br_input.c | 258 unsigned int verdict, i; in nf_hook_bridge_pre() local 277 verdict = nf_hook_entry_hookfn(&e->hooks[i], skb, &state); in nf_hook_bridge_pre() 278 switch (verdict & NF_VERDICT_MASK) { in nf_hook_bridge_pre() 289 ret = nf_queue(skb, &state, i, verdict); in nf_hook_bridge_pre()
|
/net/bridge/netfilter/ |
D | ebtables.c | 201 int verdict, sp = 0; in ebt_do_table() local 247 verdict = ((struct ebt_standard_target *)t)->verdict; in ebt_do_table() 251 verdict = t->u.target->target(skb, &acpar); in ebt_do_table() 253 if (verdict == EBT_ACCEPT) { in ebt_do_table() 257 if (verdict == EBT_DROP) { in ebt_do_table() 261 if (verdict == EBT_RETURN) { in ebt_do_table() 278 if (verdict == EBT_CONTINUE) in ebt_do_table() 281 if (WARN(verdict < 0, "bogus standard verdict\n")) { in ebt_do_table() 291 chaininfo = (struct ebt_entries *) (base + verdict); in ebt_do_table() 768 if (((struct ebt_standard_target *)t)->verdict < in ebt_check_entry() [all …]
|