Home
last modified time | relevance | path

Searched full:netfilter (Results 1 – 25 of 605) sorted by relevance

12345678910>>...25

/linux-6.14.4/tools/testing/selftests/bpf/progs/
Dverifier_netfilter_ctx.c11 SEC("netfilter")
12 __description("netfilter invalid context access, size too short")
25 SEC("netfilter")
26 __description("netfilter invalid context access, size too short")
39 SEC("netfilter")
40 __description("netfilter invalid context access, past end of ctx")
53 SEC("netfilter")
54 __description("netfilter invalid context, write")
71 SEC("netfilter")
72 __description("netfilter valid context read and invalid write")
[all …]
/linux-6.14.4/net/netfilter/
Dnf_conntrack_extend.c4 * Copyright (C) 2007 Netfilter Core Team <coreteam@netfilter.org>
14 #include <net/netfilter/nf_conntrack_extend.h>
16 #include <net/netfilter/nf_conntrack_helper.h>
17 #include <net/netfilter/nf_conntrack_acct.h>
18 #include <net/netfilter/nf_conntrack_seqadj.h>
19 #include <net/netfilter/nf_conntrack_ecache.h>
20 #include <net/netfilter/nf_conntrack_zones.h>
21 #include <net/netfilter/nf_conntrack_timestamp.h>
22 #include <net/netfilter/nf_conntrack_timeout.h>
23 #include <net/netfilter/nf_conntrack_labels.h>
[all …]
DKconfig2 menu "Core Netfilter Configuration"
3 depends on INET && NETFILTER
6 bool "Netfilter ingress support"
10 This allows you to classify packets from ingress using the Netfilter
14 bool "Netfilter egress support"
19 Netfilter infrastructure.
37 tristate "Netfilter base hook dump support"
43 to list the base netfilter hooks via NFNETLINK.
47 tristate "Netfilter NFACCT over NFNETLINK interface"
55 tristate "Netfilter NFQUEUE over NFNETLINK interface"
[all …]
Dnf_bpf_link.c6 #include <linux/netfilter.h>
8 #include <net/netfilter/nf_bpf_link.h>
157 info->netfilter.pf = nf_link->hook_ops.pf; in bpf_nf_link_fill_link_info()
158 info->netfilter.hooknum = nf_link->hook_ops.hooknum; in bpf_nf_link_fill_link_info()
159 info->netfilter.priority = nf_link->hook_ops.priority; in bpf_nf_link_fill_link_info()
160 info->netfilter.flags = hook ? BPF_F_NETFILTER_IP_DEFRAG : 0; in bpf_nf_link_fill_link_info()
184 switch (attr->link_create.netfilter.pf) { in bpf_nf_check_pf_and_hooks()
187 if (attr->link_create.netfilter.hooknum >= NF_INET_NUMHOOKS) in bpf_nf_check_pf_and_hooks()
194 if (attr->link_create.netfilter.flags & ~BPF_F_NETFILTER_IP_DEFRAG) in bpf_nf_check_pf_and_hooks()
198 prio = attr->link_create.netfilter.priority; in bpf_nf_check_pf_and_hooks()
[all …]
Dnf_dup_netdev.c3 * Copyright (c) 2015 Pablo Neira Ayuso <pablo@netfilter.org>
10 #include <linux/netfilter.h>
11 #include <linux/netfilter/nf_tables.h>
12 #include <net/netfilter/nf_tables.h>
13 #include <net/netfilter/nf_tables_offload.h>
14 #include <net/netfilter/nf_dup_netdev.h>
93 MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>");
94 MODULE_DESCRIPTION("Netfilter packet duplication support");
Dnf_conntrack_proto_generic.c3 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
9 #include <linux/netfilter.h>
10 #include <net/netfilter/nf_conntrack_l4proto.h>
11 #include <net/netfilter/nf_conntrack_timeout.h>
17 #include <linux/netfilter/nfnetlink.h>
18 #include <linux/netfilter/nfnetlink_cttimeout.h>
Dxt_LOG.c7 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
22 #include <linux/netfilter.h>
23 #include <linux/netfilter/x_tables.h>
24 #include <linux/netfilter/xt_LOG.h>
26 #include <net/netfilter/nf_log.h>
114 MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
Dnft_dup_netdev.c3 * Copyright (c) 2015 Pablo Neira Ayuso <pablo@netfilter.org>
10 #include <linux/netfilter.h>
11 #include <linux/netfilter/nf_tables.h>
12 #include <net/netfilter/nf_tables.h>
13 #include <net/netfilter/nf_tables_offload.h>
14 #include <net/netfilter/nf_dup_netdev.h>
111 MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>");
Dxt_helper.c9 #include <linux/netfilter.h>
10 #include <net/netfilter/nf_conntrack.h>
11 #include <net/netfilter/nf_conntrack_core.h>
12 #include <net/netfilter/nf_conntrack_helper.h>
13 #include <linux/netfilter/x_tables.h>
14 #include <linux/netfilter/xt_helper.h>
17 MODULE_AUTHOR("Martin Josefsson <gandalf@netfilter.org>");
Dnf_conntrack_timestamp.c3 * (C) 2010 Pablo Neira Ayuso <pablo@netfilter.org>
8 #include <linux/netfilter.h>
13 #include <net/netfilter/nf_conntrack.h>
14 #include <net/netfilter/nf_conntrack_extend.h>
15 #include <net/netfilter/nf_conntrack_timestamp.h>
Dxt_mac.c5 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
16 #include <linux/netfilter/xt_mac.h>
17 #include <linux/netfilter/x_tables.h>
20 MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
Dnft_reject_inet.c10 #include <linux/netfilter.h>
11 #include <linux/netfilter/nf_tables.h>
12 #include <net/netfilter/nf_tables.h>
13 #include <net/netfilter/nft_reject.h>
14 #include <net/netfilter/ipv4/nf_reject.h>
15 #include <net/netfilter/ipv6/nf_reject.h>
110 MODULE_DESCRIPTION("Netfilter nftables reject inet support");
Dnf_conntrack_acct.c2 /* Accounting handling for netfilter. */
10 #include <linux/netfilter.h>
16 #include <net/netfilter/nf_conntrack.h>
17 #include <net/netfilter/nf_conntrack_extend.h>
18 #include <net/netfilter/nf_conntrack_acct.h>
Dxt_MASQUERADE.c6 * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
10 #include <linux/netfilter/x_tables.h>
11 #include <net/netfilter/nf_nat.h>
12 #include <net/netfilter/nf_nat_masquerade.h>
15 MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
Dnft_fib_netdev.c5 * This code is based on net/netfilter/nft_fib_inet.c, written by
13 #include <linux/netfilter.h>
14 #include <linux/netfilter/nf_tables.h>
15 #include <net/netfilter/nf_tables_core.h>
16 #include <net/netfilter/nf_tables.h>
19 #include <net/netfilter/nft_fib.h>
Dnf_nat_helper.c4 * (C) 2000-2002 Harald Welte <laforge@netfilter.org>
5 * (C) 2003-2006 Netfilter Core Team <coreteam@netfilter.org>
16 #include <net/netfilter/nf_conntrack.h>
17 #include <net/netfilter/nf_conntrack_helper.h>
18 #include <net/netfilter/nf_conntrack_ecache.h>
19 #include <net/netfilter/nf_conntrack_expect.h>
20 #include <net/netfilter/nf_conntrack_seqadj.h>
21 #include <net/netfilter/nf_nat.h>
22 #include <net/netfilter/nf_nat_helper.h>
Dnf_nat_amanda.c3 * (C) 2002 by Brian J. Murrell <netfilter@interlinx.bc.ca>
13 #include <net/netfilter/nf_conntrack_helper.h>
14 #include <net/netfilter/nf_conntrack_expect.h>
15 #include <net/netfilter/nf_nat_helper.h>
16 #include <linux/netfilter/nf_conntrack_amanda.h>
20 MODULE_AUTHOR("Brian J. Murrell <netfilter@interlinx.bc.ca>");
Dnf_conntrack_timeout.c3 * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
8 #include <linux/netfilter.h>
19 #include <net/netfilter/nf_conntrack.h>
20 #include <net/netfilter/nf_conntrack_core.h>
21 #include <net/netfilter/nf_conntrack_extend.h>
22 #include <net/netfilter/nf_conntrack_l4proto.h>
23 #include <net/netfilter/nf_conntrack_timeout.h>
Dxt_NFQUEUE.c2 /* iptables module for using new netfilter netlink queue
4 * (C) 2005 by Harald Welte <laforge@netfilter.org>
12 #include <linux/netfilter.h>
14 #include <linux/netfilter/x_tables.h>
15 #include <linux/netfilter/xt_NFQUEUE.h>
17 #include <net/netfilter/nf_queue.h>
19 MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
Dxt_connlimit.c2 * netfilter module to limit the number of parallel tcp
20 #include <linux/netfilter/x_tables.h>
21 #include <linux/netfilter/xt_connlimit.h>
23 #include <net/netfilter/nf_conntrack.h>
24 #include <net/netfilter/nf_conntrack_core.h>
25 #include <net/netfilter/nf_conntrack_tuple.h>
26 #include <net/netfilter/nf_conntrack_zones.h>
27 #include <net/netfilter/nf_conntrack_count.h>
Dnf_conntrack_proto_udp.c3 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
17 #include <linux/netfilter.h>
20 #include <net/netfilter/nf_conntrack_l4proto.h>
21 #include <net/netfilter/nf_conntrack_ecache.h>
22 #include <net/netfilter/nf_conntrack_timeout.h>
23 #include <net/netfilter/nf_log.h>
24 #include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
25 #include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
219 #include <linux/netfilter/nfnetlink.h>
220 #include <linux/netfilter/nfnetlink_cttimeout.h>
Dnf_conntrack_proto_icmp.c3 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
9 #include <linux/netfilter.h>
16 #include <net/netfilter/nf_conntrack_tuple.h>
17 #include <net/netfilter/nf_conntrack_l4proto.h>
18 #include <net/netfilter/nf_conntrack_core.h>
19 #include <net/netfilter/nf_conntrack_timeout.h>
20 #include <net/netfilter/nf_conntrack_zones.h>
21 #include <net/netfilter/nf_log.h>
252 #include <linux/netfilter/nfnetlink.h>
253 #include <linux/netfilter/nfnetlink_conntrack.h>
[all …]
/linux-6.14.4/net/ipv6/netfilter/
Dnf_defrag_ipv6_hooks.c3 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
9 #include <linux/netfilter.h>
20 #include <net/netfilter/nf_conntrack.h>
21 #include <net/netfilter/nf_conntrack_helper.h>
22 #include <net/netfilter/nf_conntrack_l4proto.h>
23 #include <net/netfilter/nf_conntrack_core.h>
24 #include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
26 #include <net/netfilter/nf_conntrack_zones.h>
27 #include <net/netfilter/ipv6/nf_defrag_ipv6.h>
/linux-6.14.4/net/
DKconfig159 menuconfig NETFILTER config
160 bool "Network packet filtering framework (Netfilter)"
162 Netfilter is a framework for filtering and mangling network packets
195 Another use of Netfilter is in transparent proxying: if a machine on
200 Yet another use of Netfilter is building a bridging firewall. Using
203 protocols over the bridge, use ebtables (under bridge netfilter
206 Various modules exist for netfilter which replace the previous
212 if NETFILTER
215 bool "Advanced netfilter configuration"
216 depends on NETFILTER
[all …]
/linux-6.14.4/include/linux/
Dnetfilter_netdev.h5 #include <linux/netfilter.h>
71 * On ingress, packets are classified first by tc, then by netfilter.
73 * netfilter can be thought of as layers, with netfilter layered above tc:
74 * When tc redirects a packet to another interface, netfilter is not applied
77 * The nf_skip_egress flag controls whether netfilter is applied on egress.
79 * packet passes through tc and netfilter. Because __dev_queue_xmit() may be
81 * false after sch_handle_egress(). This ensures that netfilter is applied

12345678910>>...25