Home
last modified time | relevance | path

Searched full:nftables (Results 1 – 25 of 53) sorted by relevance

123

/linux/net/ipv4/netfilter/
H A DKconfig21 This is not needed if you are using iptables over nftables
334 This is not needed if you are using arptables over nftables
353 Neither arptables-nft nor nftables need this to work.
365 It is not used by nftables.
H A Dnft_reject_ipv4.c76 MODULE_DESCRIPTION("IPv4 packet rejection for nftables");
H A Dnft_dup_ipv4.c112 MODULE_DESCRIPTION("IPv4 nftables packet duplication support");
/linux/net/netfilter/
H A Dnft_set_pipapo.c547 * @set: nftables API set representation
588 * @set: nftables API set representation
589 * @elem: nftables API element representation containing key data
982 * @k: Input key for classification, without nftables padding
1258 * @set: nftables API set representation
1280 * @set: nftables API set representation
1281 * @elem: nftables API element representation containing key data
1685 * @set: nftables API set representation
1793 * @set: nftables API set representation
1834 * @set: nftables API set representation
[all …]
H A Dnft_set_pipapo_avx2.c191 * @pkt: Packet data, pointer to input nftables register
266 * @pkt: Packet data, pointer to input nftables register
343 * @pkt: Packet data, pointer to input nftables register
439 * @pkt: Packet data, pointer to input nftables register
529 * @pkt: Packet data, pointer to input nftables register
665 * @pkt: Packet data, pointer to input nftables register
723 * @pkt: Packet data, pointer to input nftables register
788 * @pkt: Packet data, pointer to input nftables register
864 * @pkt: Packet data, pointer to input nftables register
950 * @pkt: Packet data, pointer to input nftables register
[all …]
H A Dnft_fib_inet.c80 MODULE_DESCRIPTION("nftables fib inet support");
H A Dnft_fib_netdev.c89 MODULE_DESCRIPTION("nftables netdev fib lookups support");
H A DKconfig193 match and the nftables ct expression.
471 nftables is the new packet classification framework that intends to
475 (https://www.netfilter.org/projects/nftables) uses to build the
581 infrastructure (also known as NFQUEUE) from nftables.
661 This makes transparent proxy support available in nftables.
767 you use iptables over nftables (iptables-nft).
H A Dnft_set_pipapo.h8 /* Count of concatenated fields depends on count of 32-bit nftables registers */
172 * @ext: nftables API extensions
H A Dnft_dup_netdev.c113 MODULE_DESCRIPTION("nftables netdev packet duplication support");
H A Dnft_reject_inet.c110 MODULE_DESCRIPTION("Netfilter nftables reject inet support");
H A Dnft_reject.c133 MODULE_DESCRIPTION("Netfilter x_tables over nftables module");
H A Dnft_chain_nat.c140 MODULE_DESCRIPTION("nftables network address translation support");
H A Dnft_reject_netdev.c189 MODULE_DESCRIPTION("Reject packets from netdev via nftables");
H A Dnft_osf.c189 MODULE_DESCRIPTION("nftables passive OS fingerprint support");
H A Dnft_fib.c208 MODULE_DESCRIPTION("Query routing table from nftables");
/linux/Documentation/networking/
H A Dbridge.rst259 consider using nftables for packet filtering.
261 The older ebtables tool is more feature-limited compared to nftables, but
262 just like nftables it doesn't need this module either to function.
274 Note that ebtables and nftables will work fine without the br_netfilter module.
276 plug in the routing stack. nftables rules in ip/ip6/inet/arp families won't
283 iptables matching capabilities (including conntrack). nftables doesn't have
H A Dnf_flowtable.rst102 nftables ingress chain (make sure the flowtable priority is smaller than the
103 nftables ingress chain hence the flowtable runs before in the pipeline).
/linux/tools/testing/selftests/net/netfilter/
H A Dnft_meta.sh127 echo "OK: nftables meta iif/oif counters at expected values"
139 echo "OK: nftables meta cpu counter at expected values"
H A Dnft_zones_many.sh47 echo "SKIP: Cannot add nftables rules"
H A Dbr_netfilter.sh135 echo "SKIP: could not add nftables ruleset"
H A Dnft_interface_stress.sh5 # Torture nftables' netdevice notifier callbacks and related code by frequent
/linux/net/ipv6/netfilter/
H A Dnft_reject_ipv6.c77 MODULE_DESCRIPTION("IPv6 packet rejection for nftables");
H A Dnft_dup_ipv6.c110 MODULE_DESCRIPTION("IPv6 nftables packet duplication support");
/linux/net/bridge/netfilter/
H A Dnft_reject_bridge.c215 MODULE_DESCRIPTION("Reject packets from bridge via nftables");

123