Home
last modified time | relevance | path

Searched full:netfilter (Results 1 – 25 of 579) sorted by relevance

12345678910>>...24

/linux/tools/testing/selftests/bpf/progs/
H A Dverifier_netfilter_ctx.c11 SEC("netfilter")
12 __description("netfilter invalid context access, size too short")
25 SEC("netfilter")
26 __description("netfilter invalid context access, size too short")
39 SEC("netfilter")
40 __description("netfilter invalid context access, past end of ctx")
53 SEC("netfilter")
54 __description("netfilter invalid context, write")
71 SEC("netfilter")
72 __description("netfilter valid context read and invalid write")
[all …]
/linux/net/netfilter/
H A Dnf_conntrack_extend.c4 * Copyright (C) 2007 Netfilter Core Team <coreteam@netfilter.org>
14 #include <net/netfilter/nf_conntrack_extend.h>
16 #include <net/netfilter/nf_conntrack_helper.h>
17 #include <net/netfilter/nf_conntrack_acct.h>
18 #include <net/netfilter/nf_conntrack_seqadj.h>
19 #include <net/netfilter/nf_conntrack_ecache.h>
20 #include <net/netfilter/nf_conntrack_zones.h>
21 #include <net/netfilter/nf_conntrack_timestamp.h>
22 #include <net/netfilter/nf_conntrack_timeout.h>
23 #include <net/netfilter/nf_conntrack_labels.h>
[all …]
H A DKconfig2 menu "Core Netfilter Configuration"
3 depends on INET && NETFILTER
6 bool "Netfilter ingress support"
10 This allows you to classify packets from ingress using the Netfilter
14 bool "Netfilter egress support"
19 Netfilter infrastructure.
37 tristate "Netfilter base hook dump support"
43 to list the base netfilter hooks via NFNETLINK.
47 tristate "Netfilter NFACCT over NFNETLINK interface"
55 tristate "Netfilter NFQUEUE over NFNETLINK interface"
[all …]
H A Dnf_bpf_link.c6 #include <linux/netfilter.h>
8 #include <net/netfilter/nf_bpf_link.h>
157 info->netfilter.pf = nf_link->hook_ops.pf; in bpf_nf_link_fill_link_info()
158 info->netfilter.hooknum = nf_link->hook_ops.hooknum; in bpf_nf_link_fill_link_info()
159 info->netfilter.priority = nf_link->hook_ops.priority; in bpf_nf_link_fill_link_info()
160 info->netfilter.flags = hook ? BPF_F_NETFILTER_IP_DEFRAG : 0; in bpf_nf_link_fill_link_info()
184 switch (attr->link_create.netfilter.pf) { in bpf_nf_check_pf_and_hooks()
187 if (attr->link_create.netfilter.hooknum >= NF_INET_NUMHOOKS) in bpf_nf_check_pf_and_hooks()
194 if (attr->link_create.netfilter.flags & ~BPF_F_NETFILTER_IP_DEFRAG) in bpf_nf_check_pf_and_hooks()
198 prio = attr->link_create.netfilter.priority; in bpf_nf_check_pf_and_hooks()
[all …]
H A Dnf_dup_netdev.c3 * Copyright (c) 2015 Pablo Neira Ayuso <pablo@netfilter.org>
10 #include <linux/netfilter.h>
11 #include <linux/netfilter/nf_tables.h>
12 #include <net/netfilter/nf_tables.h>
13 #include <net/netfilter/nf_tables_offload.h>
14 #include <net/netfilter/nf_dup_netdev.h>
107 MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>");
108 MODULE_DESCRIPTION("Netfilter packet duplication support");
H A Dnf_conntrack_proto_generic.c3 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
9 #include <linux/netfilter.h>
10 #include <net/netfilter/nf_conntrack_l4proto.h>
11 #include <net/netfilter/nf_conntrack_timeout.h>
17 #include <linux/netfilter/nfnetlink.h>
18 #include <linux/netfilter/nfnetlink_cttimeout.h>
H A Dxt_LOG.c7 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
22 #include <linux/netfilter.h>
23 #include <linux/netfilter/x_tables.h>
24 #include <linux/netfilter/xt_LOG.h>
26 #include <net/netfilter/nf_log.h>
114 MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
H A Dxt_helper.c9 #include <linux/netfilter.h>
10 #include <net/netfilter/nf_conntrack.h>
11 #include <net/netfilter/nf_conntrack_core.h>
12 #include <net/netfilter/nf_conntrack_helper.h>
13 #include <linux/netfilter/x_tables.h>
14 #include <linux/netfilter/xt_helper.h>
17 MODULE_AUTHOR("Martin Josefsson <gandalf@netfilter.org>");
H A Dnft_dup_netdev.c3 * Copyright (c) 2015 Pablo Neira Ayuso <pablo@netfilter.org>
10 #include <linux/netfilter.h>
11 #include <linux/netfilter/nf_tables.h>
12 #include <net/netfilter/nf_tables.h>
13 #include <net/netfilter/nf_tables_offload.h>
14 #include <net/netfilter/nf_dup_netdev.h>
111 MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>");
H A Dnft_reject_inet.c10 #include <linux/netfilter.h>
11 #include <linux/netfilter/nf_tables.h>
12 #include <net/netfilter/nf_tables.h>
13 #include <net/netfilter/nft_reject.h>
14 #include <net/netfilter/ipv4/nf_reject.h>
15 #include <net/netfilter/ipv6/nf_reject.h>
110 MODULE_DESCRIPTION("Netfilter nftables reject inet support");
H A Dxt_mac.c5 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
16 #include <linux/netfilter/xt_mac.h>
17 #include <linux/netfilter/x_tables.h>
20 MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
H A Dnf_conntrack_timestamp.c3 * (C) 2010 Pablo Neira Ayuso <pablo@netfilter.org>
8 #include <linux/netfilter.h>
13 #include <net/netfilter/nf_conntrack.h>
14 #include <net/netfilter/nf_conntrack_extend.h>
15 #include <net/netfilter/nf_conntrack_timestamp.h>
H A Dnf_conntrack_acct.c2 /* Accounting handling for netfilter. */
10 #include <linux/netfilter.h>
16 #include <net/netfilter/nf_conntrack.h>
17 #include <net/netfilter/nf_conntrack_extend.h>
18 #include <net/netfilter/nf_conntrack_acct.h>
H A Dxt_MASQUERADE.c6 * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
10 #include <linux/netfilter/x_tables.h>
11 #include <net/netfilter/nf_nat.h>
12 #include <net/netfilter/nf_nat_masquerade.h>
15 MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
H A Dnf_nat_helper.c4 * (C) 2000-2002 Harald Welte <laforge@netfilter.org>
5 * (C) 2003-2006 Netfilter Core Team <coreteam@netfilter.org>
16 #include <net/netfilter/nf_conntrack.h>
17 #include <net/netfilter/nf_conntrack_helper.h>
18 #include <net/netfilter/nf_conntrack_ecache.h>
19 #include <net/netfilter/nf_conntrack_expect.h>
20 #include <net/netfilter/nf_conntrack_seqadj.h>
21 #include <net/netfilter/nf_nat.h>
22 #include <net/netfilter/nf_nat_helper.h>
H A Dnft_fib_netdev.c5 * This code is based on net/netfilter/nft_fib_inet.c, written by
13 #include <linux/netfilter.h>
14 #include <linux/netfilter/nf_tables.h>
15 #include <net/netfilter/nf_tables_core.h>
16 #include <net/netfilter/nf_tables.h>
19 #include <net/netfilter/nft_fib.h>
H A Dnf_nat_amanda.c3 * (C) 2002 by Brian J. Murrell <netfilter@interlinx.bc.ca>
13 #include <net/netfilter/nf_conntrack_helper.h>
14 #include <net/netfilter/nf_conntrack_expect.h>
15 #include <net/netfilter/nf_nat_helper.h>
16 #include <linux/netfilter/nf_conntrack_amanda.h>
20 MODULE_AUTHOR("Brian J. Murrell <netfilter@interlinx.bc.ca>");
H A Dnf_conntrack_proto_icmp.c3 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
9 #include <linux/netfilter.h>
16 #include <net/netfilter/nf_conntrack_tuple.h>
17 #include <net/netfilter/nf_conntrack_l4proto.h>
18 #include <net/netfilter/nf_conntrack_core.h>
19 #include <net/netfilter/nf_conntrack_timeout.h>
20 #include <net/netfilter/nf_conntrack_zones.h>
21 #include <net/netfilter/nf_log.h>
252 #include <linux/netfilter/nfnetlink.h>
253 #include <linux/netfilter/nfnetlink_conntrack.h>
[all …]
H A Dnf_conntrack_proto_udp.c3 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
17 #include <linux/netfilter.h>
20 #include <net/netfilter/nf_conntrack_l4proto.h>
21 #include <net/netfilter/nf_conntrack_ecache.h>
22 #include <net/netfilter/nf_conntrack_timeout.h>
23 #include <net/netfilter/nf_log.h>
24 #include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
25 #include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
219 #include <linux/netfilter/nfnetlink.h>
220 #include <linux/netfilter/nfnetlink_cttimeout.h>
H A Dxt_connlimit.c2 * netfilter module to limit the number of parallel tcp
20 #include <linux/netfilter/x_tables.h>
21 #include <linux/netfilter/xt_connlimit.h>
23 #include <net/netfilter/nf_conntrack.h>
24 #include <net/netfilter/nf_conntrack_core.h>
25 #include <net/netfilter/nf_conntrack_tuple.h>
26 #include <net/netfilter/nf_conntrack_zones.h>
27 #include <net/netfilter/nf_conntrack_count.h>
H A Dnf_conntrack_timeout.c3 * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
8 #include <linux/netfilter.h>
19 #include <net/netfilter/nf_conntrack.h>
20 #include <net/netfilter/nf_conntrack_core.h>
21 #include <net/netfilter/nf_conntrack_extend.h>
22 #include <net/netfilter/nf_conntrack_l4proto.h>
23 #include <net/netfilter/nf_conntrack_timeout.h>
H A Dxt_NFQUEUE.c2 /* iptables module for using new netfilter netlink queue
4 * (C) 2005 by Harald Welte <laforge@netfilter.org>
12 #include <linux/netfilter.h>
14 #include <linux/netfilter/x_tables.h>
15 #include <linux/netfilter/xt_NFQUEUE.h>
17 #include <net/netfilter/nf_queue.h>
19 MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
/linux/tools/testing/selftests/net/netfilter/
H A Dconntrack_resize.sh23 if ! sysctl -q net.netfilter.nf_conntrack_max >/dev/null;then
28 init_net_max=$(sysctl -n net.netfilter.nf_conntrack_max) || exit 1
29 ct_buckets=$(sysctl -n net.netfilter.nf_conntrack_buckets) || exit 1
37 sysctl -q net.netfilter.nf_conntrack_max=$init_net_max
38 sysctl -q net.netfilter.nf_conntrack_buckets=$ct_buckets
95 sysctl -q net.netfilter.nf_conntrack_buckets=$RANDOM
233 …[ "$r1" -eq 1 ] && ip netns exec "$ns" sysctl -q net.netfilter.nf_conntrack_icmp_timeout=$((RANDOM…
234 …[ "$r2" -eq 1 ] && ip netns exec "$ns" sysctl -q net.netfilter.nf_conntrack_udp_timeout=$((RANDOM%…
251 ip netns exec "$ns" sysctl -q net.netfilter.nf_conntrack_icmp_timeout=30
252 ip netns exec "$ns" sysctl -q net.netfilter.nf_conntrack_udp_timeout=30
[all …]
/linux/net/ipv6/netfilter/
H A Dnf_defrag_ipv6_hooks.c3 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
9 #include <linux/netfilter.h>
20 #include <net/netfilter/nf_conntrack.h>
21 #include <net/netfilter/nf_conntrack_helper.h>
22 #include <net/netfilter/nf_conntrack_l4proto.h>
23 #include <net/netfilter/nf_conntrack_core.h>
24 #include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
26 #include <net/netfilter/nf_conntrack_zones.h>
27 #include <net/netfilter/ipv6/nf_defrag_ipv6.h>
/linux/net/
H A DKconfig165 menuconfig NETFILTER
166 bool "Network packet filtering framework (Netfilter)"
168 Netfilter is a framework for filtering and mangling network packets
201 Another use of Netfilter is in transparent proxying: if a machine on
206 Yet another use of Netfilter is building a bridging firewall. Using
209 protocols over the bridge, use ebtables (under bridge netfilter
212 Various modules exist for netfilter which replace the previous
218 if NETFILTER
221 bool "Advanced netfilter configuration"
222 depends on NETFILTER
163 menuconfig NETFILTER global() config
[all...]

12345678910>>...24