Home
last modified time | relevance | path

Searched +full:conntrack +full:- +full:related (Results 1 – 25 of 43) sorted by relevance

12

/kernel/linux/linux-6.6/net/netfilter/ipvs/
Dip_vs_nfct.c1 // SPDX-License-Identifier: GPL-2.0-or-later
5 * Portions Copyright (C) 2001-2002
8 * Portions Copyright (C) 2003-2010
18 * - provide conntrack confirmation for new and related connections, by
19 * this way we can see their proper conntrack state in all hooks
20 * - support for all forwarding methods, not only NAT
21 * - FTP support (NAT), ability to support other NAT apps with expectations
22 * - to correctly create expectations for related NAT connections the proper
23 * NF conntrack support must be already installed, eg. ip_vs_ftp requires
26 * - alter reply for NAT when forwarding packet in original direction:
[all …]
/kernel/linux/linux-5.10/net/netfilter/ipvs/
Dip_vs_nfct.c1 // SPDX-License-Identifier: GPL-2.0-or-later
5 * Portions Copyright (C) 2001-2002
8 * Portions Copyright (C) 2003-2010
18 * - provide conntrack confirmation for new and related connections, by
19 * this way we can see their proper conntrack state in all hooks
20 * - support for all forwarding methods, not only NAT
21 * - FTP support (NAT), ability to support other NAT apps with expectations
22 * - to correctly create expectations for related NAT connections the proper
23 * NF conntrack support must be already installed, eg. ip_vs_ftp requires
26 * - alter reply for NAT when forwarding packet in original direction:
[all …]
/kernel/linux/linux-6.6/include/uapi/linux/netfilter/
Dnf_conntrack_common.h1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
11 /* Like NEW, but related to an existing connection, or ICMP error
51 /* Conntrack should never be early-expired. */
92 /* Conntrack is a template */
96 /* Conntrack is a fake untracked entry. Obsolete and not used anymore */
101 /* Re-purposed for in-kernel use:
102 * Tags a conntrack entry that clashed with an existing entry
109 /* Conntrack got a helper explicitly attached (ruleset, ctnetlink). */
113 /* Conntrack has been offloaded to flow table. */
117 /* Conntrack has been offloaded to hardware. */
[all …]
/kernel/linux/linux-5.10/include/uapi/linux/netfilter/
Dnf_conntrack_common.h1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
11 /* Like NEW, but related to an existing connection, or ICMP error
51 /* Conntrack should never be early-expired. */
92 /* Conntrack is a template */
96 /* Conntrack is a fake untracked entry. Obsolete and not used anymore */
101 /* Re-purposed for in-kernel use:
102 * Tags a conntrack entry that clashed with an existing entry
109 /* Conntrack got a helper explicitly attached (ruleset, ctnetlink). */
113 /* Conntrack has been offloaded to flow table. */
117 /* Conntrack has been offloaded to hardware. */
[all …]
/kernel/linux/linux-6.6/tools/testing/selftests/netfilter/
Dconntrack_tcp_unreplied.sh2 # SPDX-License-Identifier: GPL-2.0
4 # Check that UNREPLIED tcp conntrack will eventually timeout.
7 # Kselftest framework requirement - SKIP code is 4.
12 sfx=$(mktemp -u "XXXXXXXX")
13 ns1="ns1-$sfx"
14 ns2="ns2-$sfx"
16 nft --version > /dev/null 2>&1
17 if [ $? -ne 0 ];then
22 ip -Version > /dev/null 2>&1
23 if [ $? -ne 0 ];then
[all …]
Dconntrack_icmp_related.sh3 # check that ICMP df-needed/pkttoobig icmp are set are set as related
8 # nsclient1 -> nsrouter1 -> nsrouter2 -> nsclient2
9 # MTU 1500, except for nsrouter2 <-> nsclient2 link (1280).
10 # ping nsclient2 from nsclient1, checking that conntrack did set RELATED
15 # nat of "established" icmp-echo "connection".
17 # Kselftest framework requirement - SKIP code is 4.
21 nft --version > /dev/null 2>&1
22 if [ $? -ne 0 ];then
27 ip -Version > /dev/null 2>&1
28 if [ $? -ne 0 ];then
[all …]
/kernel/linux/linux-5.10/tools/testing/selftests/netfilter/
Dconntrack_icmp_related.sh3 # check that ICMP df-needed/pkttoobig icmp are set are set as related
8 # nsclient1 -> nsrouter1 -> nsrouter2 -> nsclient2
9 # MTU 1500, except for nsrouter2 <-> nsclient2 link (1280).
10 # ping nsclient2 from nsclient1, checking that conntrack did set RELATED
15 # nat of "established" icmp-echo "connection".
17 # Kselftest framework requirement - SKIP code is 4.
21 nft --version > /dev/null 2>&1
22 if [ $? -ne 0 ];then
27 ip -Version > /dev/null 2>&1
28 if [ $? -ne 0 ];then
[all …]
/kernel/linux/linux-5.10/net/openvswitch/
Dconntrack.c1 // SPDX-License-Identifier: GPL-2.0-only
29 #include "conntrack.h"
38 /* Metadata mark for masked write to conntrack mark */
44 /* Metadata label for masked write to conntrack label. */
56 /* Conntrack action context for execution. */
83 /* Elements in ovs_ct_limit_info->limits hash table */
107 switch (ntohs(key->eth.type)) { in key_to_nfproto()
153 return ct ? READ_ONCE(ct->mark) : 0; in ovs_ct_get_mark()
159 /* Guard against conntrack labels max size shrinking below 128 bits. */
170 memcpy(labels, cl->bits, OVS_CT_LABELS_LEN); in ovs_ct_get_labels()
[all …]
/kernel/linux/linux-6.6/drivers/net/ethernet/sfc/
Dtc_conntrack.c1 // SPDX-License-Identifier: GPL-2.0-only
33 struct efx_nic *efx = zone->efx; in efx_tc_ct_zone_free()
35 netif_err(efx, drv, efx->net_dev, in efx_tc_ct_zone_free()
37 zone->zone); in efx_tc_ct_zone_free()
39 nf_flow_table_offload_del_cb(zone->nf_ft, efx_tc_flow_block, zone); in efx_tc_ct_zone_free()
48 netif_err(efx, drv, efx->net_dev, in efx_tc_ct_free()
50 conn->cookie); in efx_tc_ct_free()
55 efx_tc_flower_release_counter(efx, conn->cnt); in efx_tc_ct_free()
63 rc = rhashtable_init(&efx->tc->ct_zone_ht, &efx_tc_ct_zone_ht_params); in efx_tc_init_conntrack()
66 rc = rhashtable_init(&efx->tc->ct_ht, &efx_tc_ct_ht_params); in efx_tc_init_conntrack()
[all …]
/kernel/linux/linux-6.6/net/netfilter/
Dnf_conntrack_proto_icmp.c1 // SPDX-License-Identifier: GPL-2.0-only
2 /* (C) 1999-2001 Paul `Rusty' Russell
3 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
4 * (C) 2006-2010 Patrick McHardy <kaber@trash.net>
37 tuple->dst.u.icmp.type = hp->type; in icmp_pkt_to_tuple()
38 tuple->src.u.icmp.id = hp->un.echo.id; in icmp_pkt_to_tuple()
39 tuple->dst.u.icmp.code = hp->code; in icmp_pkt_to_tuple()
59 if (orig->dst.u.icmp.type >= sizeof(invmap) || in nf_conntrack_invert_icmp_tuple()
60 !invmap[orig->dst.u.icmp.type]) in nf_conntrack_invert_icmp_tuple()
63 tuple->src.u.icmp.id = orig->src.u.icmp.id; in nf_conntrack_invert_icmp_tuple()
[all …]
Dxt_helper.c1 // SPDX-License-Identifier: GPL-2.0-only
2 /* iptables module to match on related connections */
18 MODULE_DESCRIPTION("Xtables: Related connection matching");
26 const struct xt_helper_info *info = par->matchinfo; in helper_mt()
31 bool ret = info->invert; in helper_mt()
34 if (!ct || !ct->master) in helper_mt()
37 master_help = nfct_help(ct->master); in helper_mt()
42 helper = rcu_dereference(master_help->helper); in helper_mt()
46 if (info->name[0] == '\0') in helper_mt()
49 ret ^= !strncmp(helper->name, info->name, in helper_mt()
[all …]
Dnf_conntrack_core.c1 // SPDX-License-Identifier: GPL-2.0-only
6 /* (C) 1999-2001 Paul `Rusty' Russell
7 * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
8 * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org>
9 * (C) 2005-2012 Patrick McHardy <kaber@trash.net>
91 * allowing non-idle machines to wakeup more often when needed.
100 #define MAX_CHAINLEN (80u - MIN_CHAINLEN)
261 tuple->src.u.udp.port = inet_hdr->sport; in nf_ct_get_tuple_ports()
262 tuple->dst.u.udp.port = inet_hdr->dport; in nf_ct_get_tuple_ports()
281 tuple->src.l3num = l3num; in nf_ct_get_tuple()
[all …]
Dnf_nat_ovs.c1 // SPDX-License-Identifier: GPL-2.0-only
2 /* Support nat functions for openvswitch and used by OVS and TC conntrack. */
28 ip_hdr(skb)->protocol == IPPROTO_ICMP) { in nf_ct_nat_execute()
35 u8 nexthdr = ipv6_hdr(skb)->nexthdr; in nf_ct_nat_execute()
49 /* Non-ICMP, fall thru to initialize if needed. */ in nf_ct_nat_execute()
57 err = (range && range->flags & NF_NAT_RANGE_MAP_IPS) in nf_ct_nat_execute()
98 if (ctinfo != IP_CT_NEW && (ct->status & IPS_NAT_MASK) && in nf_ct_nat()
100 /* NAT an established or related connection like before. */ in nf_ct_nat()
106 maniptype = ct->status & IPS_SRC_NAT in nf_ct_nat()
109 maniptype = ct->status & IPS_SRC_NAT in nf_ct_nat()
[all …]
DKconfig1 # SPDX-License-Identifier: GPL-2.0-only
71 and is also scheduled to replace the old syslog-based ipt_LOG
89 through your machine, in order to figure out how they are related
107 If both are enabled the backend to use can be configured at run-time
108 by means of per-address-family sysctl tunables.
120 of packets, but this mark value is kept in the conntrack session
152 This option enables for the list of known conntrack entries
154 is considered obsolete in favor of using the conntrack(8)
182 This allows you to store the flow start-time and to obtain
183 the flow-stop time (once it has been destroyed) via Connection
[all …]
/kernel/linux/linux-5.10/include/uapi/linux/
Dopenvswitch.h1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
4 * Copyright (c) 2007-2017 Nicira, Inc.
18 * 02110-1301, USA
28 * struct ovs_header - header for OVS Generic Netlink messages.
46 * - API users are expected to provide OVS_DP_ATTR_USER_FEATURES
63 * enum ovs_datapath_attr - attributes for %OVS_DP_* commands.
93 #define OVS_DP_ATTR_MAX (__OVS_DP_ATTR_MAX - 1)
141 /* Kernel-to-user notifications. */
150 * enum ovs_packet_attr - attributes for %OVS_PACKET_* commands.
200 #define OVS_PACKET_ATTR_MAX (__OVS_PACKET_ATTR_MAX - 1)
[all …]
/kernel/linux/linux-5.10/net/netfilter/
Dnf_conntrack_proto_icmp.c1 // SPDX-License-Identifier: GPL-2.0-only
2 /* (C) 1999-2001 Paul `Rusty' Russell
3 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
4 * (C) 2006-2010 Patrick McHardy <kaber@trash.net>
37 tuple->dst.u.icmp.type = hp->type; in icmp_pkt_to_tuple()
38 tuple->src.u.icmp.id = hp->un.echo.id; in icmp_pkt_to_tuple()
39 tuple->dst.u.icmp.code = hp->code; in icmp_pkt_to_tuple()
59 if (orig->dst.u.icmp.type >= sizeof(invmap) || in nf_conntrack_invert_icmp_tuple()
60 !invmap[orig->dst.u.icmp.type]) in nf_conntrack_invert_icmp_tuple()
63 tuple->src.u.icmp.id = orig->src.u.icmp.id; in nf_conntrack_invert_icmp_tuple()
[all …]
Dxt_helper.c1 // SPDX-License-Identifier: GPL-2.0-only
2 /* iptables module to match on related connections */
18 MODULE_DESCRIPTION("Xtables: Related connection matching");
26 const struct xt_helper_info *info = par->matchinfo; in helper_mt()
31 bool ret = info->invert; in helper_mt()
34 if (!ct || !ct->master) in helper_mt()
37 master_help = nfct_help(ct->master); in helper_mt()
42 helper = rcu_dereference(master_help->helper); in helper_mt()
46 if (info->name[0] == '\0') in helper_mt()
49 ret ^= !strncmp(helper->name, info->name, in helper_mt()
[all …]
Dnf_conntrack_core.c1 // SPDX-License-Identifier: GPL-2.0-only
6 /* (C) 1999-2001 Paul `Rusty' Russell
7 * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
8 * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org>
9 * (C) 2005-2012 Patrick McHardy <kaber@trash.net>
197 n = (sizeof(tuple->src) + sizeof(tuple->dst.u3)) / sizeof(u32); in hash_conntrack_raw()
199 (((__force __u16)tuple->dst.u.all << 16) | in hash_conntrack_raw()
200 tuple->dst.protonum)); in hash_conntrack_raw()
234 tuple->src.u.udp.port = inet_hdr->sport; in nf_ct_get_tuple_ports()
235 tuple->dst.u.udp.port = inet_hdr->dport; in nf_ct_get_tuple_ports()
[all …]
DKconfig1 # SPDX-License-Identifier: GPL-2.0-only
47 and is also scheduled to replace the old syslog-based ipt_LOG
65 through your machine, in order to figure out how they are related
91 of packets, but this mark value is kept in the conntrack session
123 This option enables for the list of known conntrack entries
125 is considered obsolete in favor of using the conntrack(8)
153 This allows you to store the flow start-time and to obtain
154 the flow-stop time (once it has been destroyed) via Connection
162 This option enables support for assigning user-defined flag bits
191 bool 'UDP-Lite protocol connection tracking support'
[all …]
/kernel/linux/linux-6.6/include/uapi/linux/
Dopenvswitch.h1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
4 * Copyright (c) 2007-2017 Nicira, Inc.
18 * 02110-1301, USA
28 * struct ovs_header - header for OVS Generic Netlink messages.
46 * - API users are expected to provide OVS_DP_ATTR_USER_FEATURES
63 * enum ovs_datapath_attr - attributes for %OVS_DP_* commands.
73 * @OVS_DP_ATTR_PER_CPU_PIDS: Per-cpu array of PIDs for upcalls when
95 * per-cpu dispatch mode
101 #define OVS_DP_ATTR_MAX (__OVS_DP_ATTR_MAX - 1)
138 /* Allow per-cpu dispatch of upcalls */
[all …]
Dpkt_cls.h1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
63 #define TC_ACT_UNSPEC (-1)
75 * equivalent of TC_ACT_STOLEN - drop
89 #define TC_ACT_EXT_VAL_MASK ((1 << __TC_ACT_EXT_SHIFT) - 1)
203 #define TCA_POLICE_MAX (__TCA_POLICE_MAX - 1)
239 #define TCA_U32_MAX (__TCA_U32_MAX - 1)
297 #define TCA_RSVP_MAX (__TCA_RSVP_MAX - 1 )
327 #define TCA_ROUTE4_MAX (__TCA_ROUTE4_MAX - 1)
342 #define TCA_FW_MAX (__TCA_FW_MAX - 1)
358 #define TCA_TCINDEX_MAX (__TCA_TCINDEX_MAX - 1)
[all …]
/kernel/linux/linux-6.6/net/openvswitch/
Dconntrack.c1 // SPDX-License-Identifier: GPL-2.0-only
33 #include "conntrack.h"
42 /* Metadata mark for masked write to conntrack mark */
48 /* Metadata label for masked write to conntrack label. */
60 /* Conntrack action context for execution. */
87 /* Elements in ovs_ct_limit_info->limits hash table */
111 switch (ntohs(key->eth.type)) { in key_to_nfproto()
157 return ct ? READ_ONCE(ct->mark) : 0; in ovs_ct_get_mark()
163 /* Guard against conntrack labels max size shrinking below 128 bits. */
174 memcpy(labels, cl->bits, OVS_CT_LABELS_LEN); in ovs_ct_get_labels()
[all …]
/kernel/linux/linux-6.6/Documentation/netlink/specs/
Dovs_flow.yaml1 # SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
5 protocol: genetlink-legacy
6 uapi-header: linux/openvswitch.h
12 -
13 name: ovs-header
18 -
19 name: dp-ifindex
24 -
25 name: ovs-flow-stats
28 -
[all …]
/kernel/linux/linux-5.10/net/sched/
Dact_ct.c1 // SPDX-License-Identifier: GPL-2.0 OR Linux-OpenIB
2 /* -
62 int i = flow_action->num_entries++; in tcf_ct_flow_table_flow_action_get_next()
64 return &flow_action->entries[i]; in tcf_ct_flow_table_flow_action_get_next()
76 entry->id = FLOW_ACTION_MANGLE; in tcf_ct_add_mangle_action()
77 entry->mangle.htype = htype; in tcf_ct_add_mangle_action()
78 entry->mangle.mask = ~mask; in tcf_ct_add_mangle_action()
79 entry->mangle.offset = offset; in tcf_ct_add_mangle_action()
80 entry->mangle.val = val; in tcf_ct_add_mangle_action()
84 * (target) is different then the current dir tuple - meaning nat for ports
[all …]
/kernel/linux/linux-5.10/include/net/
Dnet_namespace.h1 /* SPDX-License-Identifier: GPL-2.0 */
29 #include <net/netns/conntrack.h>
61 * Do not place here read-mostly fields.
221 return ERR_PTR(-EINVAL); in copy_net_ns()
236 return ERR_PTR(-EINVAL); in get_net_ns()
261 refcount_inc(&net->count); in get_net()
272 if (!refcount_inc_not_zero(&net->count)) in maybe_get_net()
279 if (refcount_dec_and_test(&net->count)) in put_net()
291 return refcount_read(&net->count) != 0; in check_net()
336 pnet->net = net; in write_pnet()
[all …]

12