Home
last modified time | relevance | path

Searched refs:nft (Results 1 – 25 of 29) sorted by relevance

12

/linux/tools/testing/selftests/net/netfilter/
H A Dnft_nat.sh69 ip netns exec "$ns" nft list counter inet filter "$counter" 1>&2
77 if ! ip netns exec "$ns" nft list counter inet filter ns0in | grep -q "packets 1 bytes 84";then
82 if ! ip netns exec "$ns" nft list counter inet filter ns0out | grep -q "packets 1 bytes 84";then
88 if ! ip netns exec "$ns" nft list counter inet filter ns0in6 | grep -q "$expect";then
92 if ! ip netns exec "$ns" nft list counter inet filter ns0out6 | grep -q "$expect";then
105 if ! ip netns exec "$ns0" nft list counter inet filter ns0in | grep -q "packets 0 bytes 0";then
110 if ! ip netns exec "$ns0" nft list counter inet filter ns0in6 | grep -q "packets 0 bytes 0";then
115 if ! ip netns exec "$ns0" nft list counter inet filter ns0out | grep -q "packets 0 bytes 0";then
119 if ! ip netns exec "$ns0" nft list counter inet filter ns0out6 | grep -q "packets 0 bytes 0";then
126 if ! ip netns exec "$ns0" nft list counter inet filter "${ns}${dir}" | grep -q "$expect";then
[all …]
H A Dnft_concat_range.sh496 eval "echo \"${set_template}\"" | nft -f -
957 nft reset counter inet filter test >/dev/null 2>&1
958 nft flush ruleset >/dev/null 2>&1
1095 if ! nft add element inet filter test "${1}"; then
1115 if ! nft add element netdev perf norange "${1}"; then
1124 if ! nft add element netdev perf noconcat "${1}"; then
1133 if ! nft delete element inet filter test "${1}"; then
1143 for token in $(nft list counter inet filter test); do
1152 for token in $(nft list counter netdev perf test); do
1209 nft reset counter inet filter test >/dev/null
[all …]
H A Drpath.sh24 if nft --version >/dev/null 2>&1; then
25 nft='nft'
27 nft=''
30 if [ -z "$iptables$ip6tables$nft" ]; then
93 [ -n "$nft" ] && ip netns exec "$ns2" $nft -f - <<EOF
124 [ -n "$nft" ] || return 0
125 ip netns exec "$ns2" "$nft" list chain inet t c | \
138 if [ -n "$nft" ]; then
141 ip netns exec "$ns2" $nft -s list table inet t;
142 ) | ip netns exec "$ns2" $nft -f -
H A Dnft_flowtable.sh153 ip netns exec "$nsr1" nft -f - <<EOF
185 ip netns exec "$ns2" nft -f - <<EOF
202 nft --version
235 orig=$(ip netns exec "$nsr1" nft reset counter inet filter routed_orig | grep packets)
236 repl=$(ip netns exec "$nsr1" nft reset counter inet filter routed_repl | grep packets)
271 counter=$(ip netns exec "$ns2" nft reset counter inet filter ip4dscp3 | grep packets)
276 counter=$(ip netns exec "$ns2" nft reset counter inet filter ip4dscp0 | grep packets)
382 ip netns exec "$nsr1" nft -f - <<EOF
394 ip netns exec "$nsr1" nft delete table netdev dscpmangle
399 ip netns exec "$nsr1" nft -f - <<EOF
[all …]
H A Dconntrack_vrf.sh98 ip netns exec "$ns0" nft -f - <<EOF
133 ip netns exec "$ns0" nft list ruleset
151 ip netns exec "$ns0" nft -f - <<EOF
179 if ip netns exec "$ns0" nft list table ip nat |grep -q 'counter packets 1' &&
180 ip netns exec "$ns0" nft list table ip nat |grep -q 'untracked counter packets [1-9]'; then
198 ip netns exec "$ns0" nft -f - <<EOF
214 if ip netns exec "$ns0" nft list table ip nat |grep -q 'counter packets 1'; then
224 ip netns exec "$ns0" nft -f - <<EOF
238 if ip netns exec "$ns0" nft list counter t fibcount | grep -q "packets 1"; then
H A Dnft_fib.sh38 ip netns exec "$netns" nft -f /dev/stdin <<EOF
51 ip netns exec "$netns" nft -f /dev/stdin <<EOF
65 ip netns exec "$netns" nft -f /dev/stdin <<EOF
91 …if ! ip netns exec "$ns" nft list table inet filter | grep 'fib saddr . iif' | grep "$address" | g…
93 ip netns exec "$ns" nft list table inet filter
168 ip netns exec "$nsrouter" nft flush table inet filter
201 ip netns exec "$ns1" nft flush ruleset
202 ip netns exec "$ns2" nft flush ruleset
203 ip netns exec "$nsrouter" nft flush ruleset
228 ip -net "$nsrouter" nft list ruleset
H A Dnft_queue.sh88 ip netns exec "$nsrouter" nft -f /dev/stdin <<EOF
124 ip netns exec "$nsrouter" nft -f /dev/stdin <<EOF
177 ip netns exec "$nsrouter" nft -f /dev/stdin <<EOF
201 if ! ip netns exec "$nsrouter" nft delete table "$proto" blackh; then
254 ip netns exec "$nsrouter" nft list ruleset
316 ip netns exec "$nsrouter" nft -f /dev/stdin <<EOF
361 ip netns exec "$ns1" nft -f /dev/stdin <<EOF
385 …if ! ip netns exec "$ns1" nft list chain inet filter "$n" | grep -q "oifname \"$d\" icmp type echo…
388 ip netns exec "$ns1" nft list ruleset
422 ip netns exec "$nsrouter" nft -f /dev/stdin <<EOF
[all …]
H A Dconntrack_tcp_unreplied.sh9 if ! nft --version > /dev/null 2>&1;then
39 if ! ip netns exec "$ns2" nft list counter inet filter "$name" | grep -q "$expect"; then
41 ip netns exec "$ns2" nft list counter inet filter "$name" 1>&2
68 ip netns exec "$ns1" nft -f - <<EOF
85 ip netns exec "$ns2" nft -f - <<EOF
126 ip netns exec "$ns2" nft -f - <<EOF
H A Dnft_audit.sh19 nft --version >/dev/null 2>&1 || {
25 nft --check -f /dev/stdin >/dev/null 2>&1 <<EOF
33 nft --version
82 nft flush ruleset
231 readarray -t handles < <(nft -a list chain t1 c1 | \
H A Dnft_meta.sh10 if ! nft --version > /dev/null 2>&1; then
28 ip netns exec "$ns0" nft -f /dev/stdin <<EOF
94 if ! ip netns exec "$ns0" nft list counter inet filter "$cname" | grep -q "$want"; then
97 ip netns exec "$ns0" nft list counter inet filter "$cname"
134 ip netns exec "$ns0" nft reset counters > /dev/null
H A Dconntrack_icmp_related.sh19 if ! nft --version > /dev/null 2>&1;then
52 if ! ip netns exec "$ns" nft list counter inet filter "$name" | grep -q "$expect"; then
54 ip netns exec "$ns" nft list counter inet filter "$name" 1>&2
114 ip netns exec "$netns" nft -f - <<EOF
129 ip netns exec "$nsclient1" nft -f - <<EOF
149 ip netns exec "$nsclient2" nft -f - <<EOF
177 ip netns exec "$nsrouter1" nft -f - <<EOF
H A Dnft_nat_zones.sh117 ip netns exec "$gw" nft -f /dev/stdin<<EOF
200 … ip netns exec "$gw" nft get element inet raw inicmp "{ 10.1.0.3 . \"veth$i\" . 10.3.0.99 }" 1>&2
205 if ! ip netns exec "$gw" nft get element inet raw inicmp "{ 10.3.0.99 . \"veth0\" . 10.3.0.1 }" | g…
208 ip netns exec "$gw" nft get element inet raw inicmp "{ 10.3.99 . \"veth0\" . 10.3.0.1 }" 1>&2
252 …if ! ip netns exec "$gw" nft get element inet raw inflows "{ 10.1.0.3 . 10000 . \"veth$i\" . 10.3.…
262 if ! ip netns exec "$gw" nft get element inet raw inflows "{ 10.3.0.99 . 5201 . \"veth0\" . 10.3.0.…
H A Dbr_netfilter.sh39 ip netns exec "$ns0" nft list ruleset
56 ip netns exec "$ns0" nft list ruleset
121 ip netns exec "$ns0" nft -f - <<EOF
H A Dnft_synproxy.sh62 ip netns exec "$nsr" nft -f - <<EOF
91 ip netns exec "$nsr" nft list ruleset
H A Dnft_zones_many.sh33 ip netns exec "$ns1" nft -f /dev/stdin<<EOF
63 ) | ip netns exec "$ns1" nft -f /dev/stdin
H A Dconntrack_reverse_clash.sh19 ip netns exec "$ns0" nft -f - <<EOF
H A Dbr_netfilter_queue.sh60 nft -f /dev/stdin <<EOF
H A Dnft_conntrack_helper.sh49 ip netns exec "$ns" nft -f - <<EOF
H A Dnft_tproxy_tcp.sh217 echo "$nftables_rules" | ip netns exec "$nsrouter" nft -f /dev/stdin
H A Dnft_tproxy_udp.sh183 ip netns exec "$nsrouter" nft -f /dev/stdin <<EOF
/linux/Documentation/networking/
H A Dtproxy.rst24 Alternatively you can do this in nft with the following commands::
26 # nft add table filter
27 # nft add chain filter divert "{ type filter hook prerouting priority -150; }"
28 # nft add rule filter divert meta l4proto tcp socket transparent 1 meta mark set 1 accept
72 Or the following rule to nft:
74 # nft add rule filter divert tcp dport 80 tproxy to :50080 meta mark set 1 accept
/linux/drivers/net/ethernet/netronome/nfp/flower/
H A Dconntrack.c1365 zt->nft = NULL; in get_nfp_zone_entry()
1837 if (!zt->nft) { in nfp_fl_ct_handle_pre_ct()
1838 zt->nft = ct_act->ct.flow_table; in nfp_fl_ct_handle_pre_ct()
1839 err = nf_flow_table_offload_add_cb(zt->nft, nfp_fl_ct_handle_nft_flow, zt); in nfp_fl_ct_handle_pre_ct()
2220 if (!zt->nft) /* avoid deadlock */ in nfp_fl_ct_handle_nft_flow()
2253 struct nf_flowtable *nft; in nfp_fl_ct_del_flow() local
2272 if (!zt->pre_ct_count && zt->nft) { in nfp_fl_ct_del_flow()
2273 nft = zt->nft; in nfp_fl_ct_del_flow()
2274 zt->nft = NULL; /* avoid deadlock */ in nfp_fl_ct_del_flow()
2275 nf_flow_table_offload_del_cb(nft, in nfp_fl_ct_del_flow()
H A Dmetadata.c650 if (zt->nft) { in nfp_zone_table_entry_destroy()
651 nf_flow_table_offload_del_cb(zt->nft, in nfp_zone_table_entry_destroy()
654 zt->nft = NULL; in nfp_zone_table_entry_destroy()
H A Dconntrack.h64 struct nf_flowtable *nft; member
/linux/include/net/
H A Dnet_namespace.h149 struct netns_nftables nft; member

12