Home
last modified time | relevance | path

Searched +full:conntrack +full:- +full:related (Results 1 – 22 of 22) sorted by relevance

/linux-6.14.4/net/netfilter/ipvs/
Dip_vs_nfct.c1 // SPDX-License-Identifier: GPL-2.0-or-later
5 * Portions Copyright (C) 2001-2002
8 * Portions Copyright (C) 2003-2010
18 * - provide conntrack confirmation for new and related connections, by
19 * this way we can see their proper conntrack state in all hooks
20 * - support for all forwarding methods, not only NAT
21 * - FTP support (NAT), ability to support other NAT apps with expectations
22 * - to correctly create expectations for related NAT connections the proper
23 * NF conntrack support must be already installed, eg. ip_vs_ftp requires
26 * - alter reply for NAT when forwarding packet in original direction:
[all …]
Dip_vs_core.c1 // SPDX-License-Identifier: GPL-2.0-or-later
6 * high-performance and highly available server based on a
14 * with changes/fixes from Julian Anastasov, Lars Marowsky-Bree, Horms
18 * Paul `Rusty' Russell properly handle non-linear skbs
87 #define icmp_id(icmph) (((icmph)->un).echo.id)
88 #define icmpv6_id(icmph) (icmph->icmp6_dataun.u_echo.identifier)
117 while (--rows >= 0) in ip_vs_init_hash_table()
124 struct ip_vs_dest *dest = cp->dest; in ip_vs_in_stats()
125 struct netns_ipvs *ipvs = cp->ipvs; in ip_vs_in_stats()
127 if (dest && (dest->flags & IP_VS_DEST_F_AVAILABLE)) { in ip_vs_in_stats()
[all …]
Dip_vs_xmit.c1 // SPDX-License-Identifier: GPL-2.0-or-later
11 * - all transmitters are called from LOCAL_IN (remote clients) and
13 * - not all connections have destination server, for example,
15 * - bypass connections use daddr from packet
16 * - we can use dst without ref while sending in RCU section, we use
17 * ref when returning NF_ACCEPT for NAT-ed packet via loopback
19 * - skb->dev is NULL, skb->protocol is not set (both are set in POST_ROUTING)
20 * - skb->pkt_type is not set yet
21 * - the only place where we can see skb->sk != NULL
50 IP_VS_RT_MODE_NON_LOCAL = 2, /* Allow non-local dest */
[all …]
/linux-6.14.4/include/uapi/linux/netfilter/
Dnf_conntrack_common.h1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
11 /* Like NEW, but related to an existing connection, or ICMP error
51 /* Conntrack should never be early-expired. */
92 /* Conntrack is a template */
96 /* Conntrack is a fake untracked entry. Obsolete and not used anymore */
101 /* Re-purposed for in-kernel use:
102 * Tags a conntrack entry that clashed with an existing entry
109 /* Conntrack got a helper explicitly attached (ruleset, ctnetlink). */
113 /* Conntrack has been offloaded to flow table. */
117 /* Conntrack has been offloaded to hardware. */
[all …]
/linux-6.14.4/tools/testing/selftests/net/netfilter/
Dconntrack_icmp_related.sh3 # check that ICMP df-needed/pkttoobig icmp are set are set as related
8 # nsclient1 -> nsrouter1 -> nsrouter2 -> nsclient2
9 # MTU 1500, except for nsrouter2 <-> nsclient2 link (1280).
10 # ping nsclient2 from nsclient1, checking that conntrack did set RELATED
15 # nat of "established" icmp-echo "connection".
19 if ! nft --version > /dev/null 2>&1;then
40 ip -net "$ns" link set "$dev" up
41 ip -net "$ns" addr add "192.168.$i.2/24" dev "$dev"
42 ip -net "$ns" addr add "dead:$i::2/64" dev "$dev" nodad
52 if ! ip netns exec "$ns" nft list counter inet filter "$name" | grep -q "$expect"; then
[all …]
/linux-6.14.4/drivers/net/ethernet/sfc/
Dtc_conntrack.c1 // SPDX-License-Identifier: GPL-2.0-only
33 struct efx_nic *efx = zone->efx; in efx_tc_ct_zone_free()
35 netif_err(efx, drv, efx->net_dev, in efx_tc_ct_zone_free()
37 zone->zone); in efx_tc_ct_zone_free()
39 nf_flow_table_offload_del_cb(zone->nf_ft, efx_tc_flow_block, zone); in efx_tc_ct_zone_free()
48 netif_err(efx, drv, efx->net_dev, in efx_tc_ct_free()
50 conn->cookie); in efx_tc_ct_free()
55 efx_tc_flower_release_counter(efx, conn->cnt); in efx_tc_ct_free()
63 rc = rhashtable_init(&efx->tc->ct_zone_ht, &efx_tc_ct_zone_ht_params); in efx_tc_init_conntrack()
66 rc = rhashtable_init(&efx->tc->ct_ht, &efx_tc_ct_ht_params); in efx_tc_init_conntrack()
[all …]
Dmcdi_pcol.h1 /* SPDX-License-Identifier: GPL-2.0-only */
4 * Copyright 2009-2018 Solarflare Communications Inc.
5 * Copyright 2019-2020 Xilinx Inc.
13 /* Power-on reset state */
35 /* The 'doorbell' addresses are hard-wired to alert the MC when written */
38 /* The rest of these are firmware-defined */
46 /* Values to be written to the per-port status dword in shared
71 * | | \--- Response
72 * | \------- Error
73 * \------------------------------ Resync (always set)
[all …]
/linux-6.14.4/net/netfilter/
Dnf_conntrack_proto_icmp.c1 // SPDX-License-Identifier: GPL-2.0-only
2 /* (C) 1999-2001 Paul `Rusty' Russell
3 * (C) 2002-2004 Netfilter Core Team <[email protected]>
4 * (C) 2006-2010 Patrick McHardy <[email protected]>
37 tuple->dst.u.icmp.type = hp->type; in icmp_pkt_to_tuple()
38 tuple->src.u.icmp.id = hp->un.echo.id; in icmp_pkt_to_tuple()
39 tuple->dst.u.icmp.code = hp->code; in icmp_pkt_to_tuple()
59 if (orig->dst.u.icmp.type >= sizeof(invmap) || in nf_conntrack_invert_icmp_tuple()
60 !invmap[orig->dst.u.icmp.type]) in nf_conntrack_invert_icmp_tuple()
63 tuple->src.u.icmp.id = orig->src.u.icmp.id; in nf_conntrack_invert_icmp_tuple()
[all …]
Dxt_helper.c1 // SPDX-License-Identifier: GPL-2.0-only
2 /* iptables module to match on related connections */
18 MODULE_DESCRIPTION("Xtables: Related connection matching");
26 const struct xt_helper_info *info = par->matchinfo; in helper_mt()
31 bool ret = info->invert; in helper_mt()
34 if (!ct || !ct->master) in helper_mt()
37 master_help = nfct_help(ct->master); in helper_mt()
42 helper = rcu_dereference(master_help->helper); in helper_mt()
46 if (info->name[0] == '\0') in helper_mt()
49 ret ^= !strncmp(helper->name, info->name, in helper_mt()
[all …]
Dnf_conntrack_core.c1 // SPDX-License-Identifier: GPL-2.0-only
6 /* (C) 1999-2001 Paul `Rusty' Russell
7 * (C) 2002-2006 Netfilter Core Team <[email protected]>
8 * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org>
9 * (C) 2005-2012 Patrick McHardy <[email protected]>
91 * allowing non-idle machines to wakeup more often when needed.
100 #define MAX_CHAINLEN (80u - MIN_CHAINLEN)
261 tuple->src.u.udp.port = inet_hdr->sport; in nf_ct_get_tuple_ports()
262 tuple->dst.u.udp.port = inet_hdr->dport; in nf_ct_get_tuple_ports()
281 tuple->src.l3num = l3num; in nf_ct_get_tuple()
[all …]
Dnf_nat_ovs.c1 // SPDX-License-Identifier: GPL-2.0-only
2 /* Support nat functions for openvswitch and used by OVS and TC conntrack. */
28 ip_hdr(skb)->protocol == IPPROTO_ICMP) { in nf_ct_nat_execute()
35 u8 nexthdr = ipv6_hdr(skb)->nexthdr; in nf_ct_nat_execute()
49 /* Non-ICMP, fall thru to initialize if needed. */ in nf_ct_nat_execute()
57 err = (range && range->flags & NF_NAT_RANGE_MAP_IPS) in nf_ct_nat_execute()
98 if (ctinfo != IP_CT_NEW && (ct->status & IPS_NAT_MASK) && in nf_ct_nat()
100 /* NAT an established or related connection like before. */ in nf_ct_nat()
106 maniptype = ct->status & IPS_SRC_NAT in nf_ct_nat()
109 maniptype = ct->status & IPS_SRC_NAT in nf_ct_nat()
[all …]
DKconfig1 # SPDX-License-Identifier: GPL-2.0-only
71 and is also scheduled to replace the old syslog-based ipt_LOG
89 through your machine, in order to figure out how they are related
107 If both are enabled the backend to use can be configured at run-time
108 by means of per-address-family sysctl tunables.
120 of packets, but this mark value is kept in the conntrack session
152 This option enables for the list of known conntrack entries
154 is considered obsolete in favor of using the conntrack(8)
182 This allows you to store the flow start-time and to obtain
183 the flow-stop time (once it has been destroyed) via Connection
[all …]
Dnf_conntrack_h323_main.c1 // SPDX-License-Identifier: GPL-2.0-only
6 * Copyright (c) 2006-2012 Patrick McHardy <[email protected]>
84 tcpdataoff = protoff + th->doff * 4; in get_tpkt_data()
87 tcpdatalen = skb->len - tcpdataoff; in get_tpkt_data()
104 if (info->tpkt_len[dir] > 0) { in get_tpkt_data()
107 "bytes\n", info->tpkt_len[dir]); in get_tpkt_data()
108 if (info->tpkt_len[dir] <= tcpdatalen) { in get_tpkt_data()
112 *datalen = info->tpkt_len[dir]; in get_tpkt_data()
128 tcpdatalen -= tpktoff; in get_tpkt_data()
147 tpktlen - 4); in get_tpkt_data()
[all …]
/linux-6.14.4/include/uapi/linux/
Dopenvswitch.h1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
4 * Copyright (c) 2007-2017 Nicira, Inc.
18 * 02110-1301, USA
28 * struct ovs_header - header for OVS Generic Netlink messages.
46 * - API users are expected to provide OVS_DP_ATTR_USER_FEATURES
63 * enum ovs_datapath_attr - attributes for %OVS_DP_* commands.
73 * @OVS_DP_ATTR_PER_CPU_PIDS: Per-cpu array of PIDs for upcalls when
95 * per-cpu dispatch mode
101 #define OVS_DP_ATTR_MAX (__OVS_DP_ATTR_MAX - 1)
138 /* Allow per-cpu dispatch of upcalls */
[all …]
Dpkt_cls.h1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
63 #define TC_ACT_UNSPEC (-1)
75 * equivalent of TC_ACT_STOLEN - drop
89 #define TC_ACT_EXT_VAL_MASK ((1 << __TC_ACT_EXT_SHIFT) - 1)
203 #define TCA_POLICE_MAX (__TCA_POLICE_MAX - 1)
239 #define TCA_U32_MAX (__TCA_U32_MAX - 1)
299 #define TCA_ROUTE4_MAX (__TCA_ROUTE4_MAX - 1)
314 #define TCA_FW_MAX (__TCA_FW_MAX - 1)
340 #define FLOW_KEY_MAX (__FLOW_KEY_MAX - 1)
364 #define TCA_FLOW_MAX (__TCA_FLOW_MAX - 1)
[all …]
/linux-6.14.4/net/openvswitch/
Dconntrack.c1 // SPDX-License-Identifier: GPL-2.0-only
33 #include "conntrack.h"
42 /* Metadata mark for masked write to conntrack mark */
48 /* Metadata label for masked write to conntrack label. */
60 /* Conntrack action context for execution. */
87 /* Elements in ovs_ct_limit_info->limits hash table */
111 switch (ntohs(key->eth.type)) { in key_to_nfproto()
157 return ct ? READ_ONCE(ct->mark) : 0; in ovs_ct_get_mark()
163 /* Guard against conntrack labels max size shrinking below 128 bits. */
174 if (ct->master && !nf_ct_is_confirmed(ct)) in ovs_ct_get_labels()
[all …]
/linux-6.14.4/Documentation/netlink/specs/
Dovs_flow.yaml1 # SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
5 protocol: genetlink-legacy
6 uapi-header: linux/openvswitch.h
12 -
13 name: ovs-header
18 -
19 name: dp-ifindex
24 -
25 name: ovs-flow-stats
28 -
[all …]
/linux-6.14.4/include/net/
Dnet_namespace.h1 /* SPDX-License-Identifier: GPL-2.0 */
27 #include <net/netns/conntrack.h>
63 * Do not place here read-mostly fields.
222 return ERR_PTR(-EINVAL); in copy_net_ns()
237 return ERR_PTR(-EINVAL); in get_net_ns()
242 return ERR_PTR(-EINVAL); in get_net_ns_by_fd()
265 refcount_inc(&net->ns.count); in get_net()
276 if (!refcount_inc_not_zero(&net->ns.count)) in maybe_get_net()
284 if (refcount_dec_and_test(&net->ns.count)) in put_net()
296 return refcount_read(&net->ns.count) != 0; in check_net()
[all …]
/linux-6.14.4/drivers/net/ethernet/netronome/nfp/flower/
Dconntrack.c1 // SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
7 #include "conntrack.h"
30 * get_hashentry() - Wrapper around hashtable lookup.
51 return ERR_PTR(-ENOMEM); in get_hashentry()
59 struct flow_dissector *dissector = rule->match.dissector; in is_pre_ct_flow()
64 if (dissector->used_keys & BIT_ULL(FLOW_DISSECTOR_KEY_CT)) { in is_pre_ct_flow()
66 if (ct.key->ct_state) in is_pre_ct_flow()
70 if (flow->common.chain_index) in is_pre_ct_flow()
73 flow_action_for_each(i, act, &flow->rule->action) { in is_pre_ct_flow()
74 if (act->id == FLOW_ACTION_CT) { in is_pre_ct_flow()
[all …]
/linux-6.14.4/net/ipv6/
Dip6_output.c1 // SPDX-License-Identifier: GPL-2.0-or-later
21 * : add ip6_append_data and related functions
38 #include <linux/bpf-cgroup.h>
63 struct net_device *dev = dst->dev; in ip6_finish_output2()
72 if (unlikely(hh_len > skb_headroom(skb)) && dev->header_ops) { in ip6_finish_output2()
79 return -ENOMEM; in ip6_finish_output2()
85 daddr = &hdr->daddr; in ip6_finish_output2()
87 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(sk) && in ip6_finish_output2()
89 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) || in ip6_finish_output2()
90 ipv6_chk_mcast_addr(dev, daddr, &hdr->saddr))) { in ip6_finish_output2()
[all …]
/linux-6.14.4/net/ipv4/
Dudp.c1 // SPDX-License-Identifier: GPL-2.0-or-later
33 * Fred Van Kempen : Net2e support for sk->broadcast.
63 * bound-to-device socket
77 #include <linux/bpf-cgroup.h>
139 return sk->sk_prot->h.udp_table ? : sock_net(sk)->ipv4.udp_table; in udp_get_table_prot()
150 sk_for_each(sk2, &hslot->head) { in udp_lib_lport_inuse()
153 (bitmap || udp_sk(sk2)->udp_port_hash == num) && in udp_lib_lport_inuse()
154 (!sk2->sk_reuse || !sk->sk_reuse) && in udp_lib_lport_inuse()
155 (!sk2->sk_bound_dev_if || !sk->sk_bound_dev_if || in udp_lib_lport_inuse()
156 sk2->sk_bound_dev_if == sk->sk_bound_dev_if) && in udp_lib_lport_inuse()
[all …]
/linux-6.14.4/include/linux/
Dskbuff.h1 /* SPDX-License-Identifier: GPL-2.0-or-later */
7 * Florian La Roche, <[email protected]-sb.de>
28 #include <linux/dma-mapping.h>
40 #include <net/dropreason-core.h>
49 * IP checksum related features
57 * .. flat-table:: Checksum related device features
60 * * - %NETIF_F_HW_CSUM
61 * - The driver (or its device) is able to compute one
67 * * - %NETIF_F_IP_CSUM
68 * - Driver (device) is only able to checksum plain
[all …]