Home
last modified time | relevance | path

Searched refs:ruleset (Results 1 – 25 of 36) sorted by relevance

12

/linux/drivers/net/ethernet/marvell/prestera/
H A Dprestera_acl.c140 struct prestera_acl_ruleset *ruleset; in prestera_acl_ruleset_create() local
147 ruleset = kzalloc_obj(*ruleset); in prestera_acl_ruleset_create()
148 if (!ruleset) in prestera_acl_ruleset_create()
151 ruleset->acl = acl; in prestera_acl_ruleset_create()
152 ruleset->ingress = block->ingress; in prestera_acl_ruleset_create()
153 ruleset->ht_key.block = block; in prestera_acl_ruleset_create()
154 ruleset->ht_key.chain_index = chain_index; in prestera_acl_ruleset_create()
155 refcount_set(&ruleset->refcount, 1); in prestera_acl_ruleset_create()
157 err = rhashtable_init(&ruleset->rule_ht, &prestera_acl_rule_ht_params); in prestera_acl_ruleset_create()
166 ruleset->pcl_id = PRESTERA_ACL_PCL_ID_MAKE((u8)uid, chain_index); in prestera_acl_ruleset_create()
[all …]
H A Dprestera_flower.c11 struct prestera_acl_ruleset *ruleset; member
19 prestera_acl_ruleset_put(template->ruleset); in prestera_flower_template_free()
39 struct prestera_acl_ruleset *ruleset; in prestera_flower_parse_goto_action() local
48 ruleset = prestera_acl_ruleset_get(block->sw->acl, block, in prestera_flower_parse_goto_action()
50 if (IS_ERR(ruleset)) in prestera_flower_parse_goto_action()
51 return PTR_ERR(ruleset); in prestera_flower_parse_goto_action()
54 rule->re_arg.jump.i.index = prestera_acl_ruleset_index_get(ruleset); in prestera_flower_parse_goto_action()
56 rule->jump_ruleset = ruleset; in prestera_flower_parse_goto_action()
407 struct prestera_acl_ruleset *ruleset; in prestera_flower_prio_get() local
409 ruleset = prestera_acl_ruleset_lookup(block->sw->acl, block, chain_index); in prestera_flower_prio_get()
[all …]
H A Dprestera_acl.h130 struct prestera_acl_ruleset *ruleset; member
156 prestera_acl_rule_create(struct prestera_acl_ruleset *ruleset,
162 prestera_acl_rule_lookup(struct prestera_acl_ruleset *ruleset,
188 int prestera_acl_ruleset_keymask_set(struct prestera_acl_ruleset *ruleset,
190 bool prestera_acl_ruleset_is_offload(struct prestera_acl_ruleset *ruleset);
191 int prestera_acl_ruleset_offload(struct prestera_acl_ruleset *ruleset);
192 void prestera_acl_ruleset_put(struct prestera_acl_ruleset *ruleset);
193 int prestera_acl_ruleset_bind(struct prestera_acl_ruleset *ruleset,
195 int prestera_acl_ruleset_unbind(struct prestera_acl_ruleset *ruleset,
197 u32 prestera_acl_ruleset_index_get(const struct prestera_acl_ruleset *ruleset);
[all …]
/linux/drivers/net/ethernet/mellanox/mlxsw/
H A Dspectrum_acl.c70 struct mlxsw_sp_acl_ruleset *ruleset; member
100 mlxsw_sp_acl_ruleset_is_singular(const struct mlxsw_sp_acl_ruleset *ruleset) in mlxsw_sp_acl_ruleset_is_singular() argument
103 return refcount_read(&ruleset->ref_count) == 2; in mlxsw_sp_acl_ruleset_is_singular()
110 struct mlxsw_sp_acl_ruleset *ruleset = block->ruleset_zero; in mlxsw_sp_acl_ruleset_bind() local
111 const struct mlxsw_sp_acl_profile_ops *ops = ruleset->ht_key.ops; in mlxsw_sp_acl_ruleset_bind()
113 return ops->ruleset_bind(mlxsw_sp, ruleset->priv, in mlxsw_sp_acl_ruleset_bind()
121 struct mlxsw_sp_acl_ruleset *ruleset = block->ruleset_zero; in mlxsw_sp_acl_ruleset_unbind() local
122 const struct mlxsw_sp_acl_profile_ops *ops = ruleset->ht_key.ops; in mlxsw_sp_acl_ruleset_unbind()
124 ops->ruleset_unbind(mlxsw_sp, ruleset->priv, in mlxsw_sp_acl_ruleset_unbind()
130 struct mlxsw_sp_acl_ruleset *ruleset, in mlxsw_sp_acl_ruleset_block_bind() argument
[all …]
H A Dspectrum_flower.c131 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp_flower_parse_actions() local
134 ruleset = mlxsw_sp_acl_ruleset_lookup(mlxsw_sp, block, in mlxsw_sp_flower_parse_actions()
137 if (IS_ERR(ruleset)) in mlxsw_sp_flower_parse_actions()
138 return PTR_ERR(ruleset); in mlxsw_sp_flower_parse_actions()
140 group_id = mlxsw_sp_acl_ruleset_group_id(ruleset); in mlxsw_sp_flower_parse_actions()
745 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp_flower_replace() local
753 ruleset = mlxsw_sp_acl_ruleset_get(mlxsw_sp, block, in mlxsw_sp_flower_replace()
756 if (IS_ERR(ruleset)) in mlxsw_sp_flower_replace()
757 return PTR_ERR(ruleset); in mlxsw_sp_flower_replace()
759 rule = mlxsw_sp_acl_rule_create(mlxsw_sp, ruleset, f->cookie, NULL, in mlxsw_sp_flower_replace()
[all …]
H A Dspectrum2_mr_tcam.c36 struct mlxsw_sp_acl_ruleset *ruleset) in mlxsw_sp2_mr_tcam_bind_group() argument
41 group_id = mlxsw_sp_acl_ruleset_group_id(ruleset); in mlxsw_sp2_mr_tcam_bind_group()
218 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp2_mr_tcam_route_create() local
223 ruleset = mlxsw_sp2_mr_tcam_proto_ruleset(mr_tcam, key->proto); in mlxsw_sp2_mr_tcam_route_create()
224 if (WARN_ON(!ruleset)) in mlxsw_sp2_mr_tcam_route_create()
227 rule = mlxsw_sp_acl_rule_create(mlxsw_sp, ruleset, in mlxsw_sp2_mr_tcam_route_create()
251 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp2_mr_tcam_route_destroy() local
254 ruleset = mlxsw_sp2_mr_tcam_proto_ruleset(mr_tcam, key->proto); in mlxsw_sp2_mr_tcam_route_destroy()
255 if (WARN_ON(!ruleset)) in mlxsw_sp2_mr_tcam_route_destroy()
258 rule = mlxsw_sp_acl_rule_lookup(mlxsw_sp, ruleset, in mlxsw_sp2_mr_tcam_route_destroy()
[all …]
H A Dspectrum_acl_tcam.c1696 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_flower_ruleset_add() local
1698 return mlxsw_sp_acl_tcam_vgroup_add(mlxsw_sp, tcam, &ruleset->vgroup, in mlxsw_sp_acl_tcam_flower_ruleset_add()
1709 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_flower_ruleset_del() local
1711 mlxsw_sp_acl_tcam_vgroup_del(&ruleset->vgroup); in mlxsw_sp_acl_tcam_flower_ruleset_del()
1720 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_flower_ruleset_bind() local
1722 return mlxsw_sp_acl_tcam_group_bind(mlxsw_sp, &ruleset->vgroup.group, in mlxsw_sp_acl_tcam_flower_ruleset_bind()
1732 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_flower_ruleset_unbind() local
1734 mlxsw_sp_acl_tcam_group_unbind(mlxsw_sp, &ruleset->vgroup.group, in mlxsw_sp_acl_tcam_flower_ruleset_unbind()
1741 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_flower_ruleset_group_id() local
1743 return mlxsw_sp_acl_tcam_group_id(&ruleset->vgroup.group); in mlxsw_sp_acl_tcam_flower_ruleset_group_id()
[all …]
/linux/security/landlock/
H A Dsyscalls.c37 #include "ruleset.h"
125 struct landlock_ruleset *ruleset = filp->private_data; in fop_ruleset_release()
127 landlock_put_ruleset(ruleset); in fop_ruleset_release()
147 * A ruleset file descriptor enables to build a ruleset by adding (i.e.
149 * reentrant design is also used in a read way to enforce the ruleset on the
170 * sys_landlock_create_ruleset - Create a new ruleset
173 * the new ruleset.
181 * This system call enables to create a new Landlock ruleset, and returns the
203 struct landlock_ruleset *ruleset; in SYSCALL_DEFINE3()
124 struct landlock_ruleset *ruleset = filp->private_data; fop_ruleset_release() local
200 struct landlock_ruleset *ruleset; SYSCALL_DEFINE3() local
267 struct landlock_ruleset *ruleset; get_ruleset_from_fd() local
314 add_rule_path_beneath(struct landlock_ruleset * const ruleset,const void __user * const rule_attr) add_rule_path_beneath() argument
352 add_rule_net_port(struct landlock_ruleset * ruleset,const void __user * const rule_attr) add_rule_net_port() argument
[all...]
H A Druleset.h41 * union landlock_key - Key of a ruleset's red-black tree
72 * struct landlock_id - Unique rule identifier for a ruleset
91 * @node: Node in the ruleset's red-black tree.
97 * for this ruleset element. The pointer is set once and never
114 * struct landlock_ruleset - Landlock ruleset
122 * landlock_rule nodes with inode object. Once a ruleset is tied to a
131 * landlock_rule nodes with network port. Once a ruleset is tied to a
145 * @work_free: Enables to free a ruleset within a lockless
160 * descriptors referencing this ruleset.
165 * the same object) rules in this ruleset
215 landlock_get_ruleset(struct landlock_ruleset * const ruleset) landlock_get_ruleset() argument
247 landlock_add_fs_access_mask(struct landlock_ruleset * const ruleset,const access_mask_t fs_access_mask,const u16 layer_level) landlock_add_fs_access_mask() argument
259 landlock_add_net_access_mask(struct landlock_ruleset * const ruleset,const access_mask_t net_access_mask,const u16 layer_level) landlock_add_net_access_mask() argument
271 landlock_add_scope_mask(struct landlock_ruleset * const ruleset,const access_mask_t scope_mask,const u16 layer_level) landlock_add_scope_mask() argument
282 landlock_get_fs_access_mask(const struct landlock_ruleset * const ruleset,const u16 layer_level) landlock_get_fs_access_mask() argument
291 landlock_get_net_access_mask(const struct landlock_ruleset * const ruleset,const u16 layer_level) landlock_get_net_access_mask() argument
298 landlock_get_scope_mask(const struct landlock_ruleset * const ruleset,const u16 layer_level) landlock_get_scope_mask() argument
[all...]
H A Druleset.c148 static struct rb_root *get_root(struct landlock_ruleset *const ruleset, in get_root() argument
153 return &ruleset->root_inode; in get_root()
157 return &ruleset->root_net_port; in get_root()
179 const struct landlock_ruleset ruleset = { in build_check_ruleset() local
184 BUILD_BUG_ON(ruleset.num_rules < LANDLOCK_MAX_NUM_RULES); in build_check_ruleset()
185 BUILD_BUG_ON(ruleset.num_layers < LANDLOCK_MAX_NUM_LAYERS); in build_check_ruleset()
206 static int insert_rule(struct landlock_ruleset *const ruleset, in insert_rule() argument
217 lockdep_assert_held(&ruleset->lock); in insert_rule()
224 root = get_root(ruleset, id.type); in insert_rule()
278 if (ruleset->num_rules >= LANDLOCK_MAX_NUM_RULES) in insert_rule()
[all …]
H A Dnet.c22 int landlock_append_net_rule(struct landlock_ruleset *const ruleset, in landlock_append_net_rule() argument
35 ~landlock_get_net_access_mask(ruleset, 0); in landlock_append_net_rule()
37 mutex_lock(&ruleset->lock); in landlock_append_net_rule()
38 err = landlock_insert_rule(ruleset, id, access_rights); in landlock_append_net_rule()
39 mutex_unlock(&ruleset->lock); in landlock_append_net_rule()
H A Dnet.h18 int landlock_append_net_rule(struct landlock_ruleset *const ruleset,
26 landlock_append_net_rule(struct landlock_ruleset *const ruleset, const u16 port, in landlock_append_net_rule() argument
H A DMakefile7 ruleset.o \
H A Dfs.h20 #include "ruleset.h"
127 int landlock_append_fs_rule(struct landlock_ruleset *const ruleset,
H A Dfs.c323 int landlock_append_fs_rule(struct landlock_ruleset *const ruleset, in landlock_append_fs_rule() argument
336 if (WARN_ON_ONCE(ruleset->num_layers != 1)) in landlock_append_fs_rule()
341 ~landlock_get_fs_access_mask(ruleset, 0); in landlock_append_fs_rule()
345 mutex_lock(&ruleset->lock); in landlock_append_fs_rule()
346 err = landlock_insert_rule(ruleset, id, access_rights); in landlock_append_fs_rule()
347 mutex_unlock(&ruleset->lock); in landlock_append_fs_rule()
/linux/tools/testing/selftests/net/netfilter/
H A Dnft_queue.sh256 ip netns exec "$nsrouter" nft list ruleset
322 flush ruleset
367 flush ruleset
393 ip netns exec "$ns1" nft list ruleset
445 flush ruleset
524 flush ruleset
599 flush ruleset
727 flush ruleset
743 ip netns exec "$ns1" nft flush ruleset
792 ip netns exec "$ns1" nft flush ruleset
H A Dconntrack_vrf.sh84 # as decided by the first iteration of the ruleset.
122 ip netns exec "$ns0" nft list ruleset
141 flush ruleset
188 flush ruleset
H A Dnft_flowtable.sh190 echo "SKIP: Could not load nft ruleset"
210 echo -n "SKIP: Could not load ruleset: "
507 ip netns exec "$nsr1" nft list ruleset
515 ip netns exec "$nsr1" nft list ruleset
551 ip netns exec "$nsr1" nft list ruleset
579 ip netns exec "$nsr1" nft list ruleset
627 ip netns exec "$nsr1" nft list ruleset
635 ip netns exec "$nsr1" nft list ruleset
681 ip netns exec "$nsr1" nft list ruleset
689 ip netns exec "$nsr1" nft list ruleset
[all...]
H A Dbr_netfilter.sh39 ip netns exec "$ns0" nft list ruleset
56 ip netns exec "$ns0" nft list ruleset
135 echo "SKIP: could not add nftables ruleset"
H A Dnft_audit.sh82 nft flush ruleset
H A Dnft_fib.sh344 flush ruleset
792 ip netns exec "$ns1" nft flush ruleset
793 ip netns exec "$ns2" nft flush ruleset
794 ip netns exec "$nsrouter" nft flush ruleset
/linux/Documentation/security/
H A Dlandlock.rst42 * Computation related to Landlock operations (e.g. enforcing a ruleset) shall
122 A domain is a read-only ruleset tied to a set of subjects (i.e. tasks'
123 credentials). Each time a ruleset is enforced on a task, the current domain is
124 duplicated and the ruleset is imported as a new layer of rules in the new
129 of a ruleset provided by the task.
134 .. kernel-doc:: security/landlock/ruleset.h
/linux/include/linux/crush/
H A Dmapper.h14 extern int crush_find_rule(const struct crush_map *map, int ruleset, int type, int size);
/linux/security/safesetid/
H A Dsecurityfs.c267 … size_t len, loff_t *ppos, struct mutex *policy_update_lock, struct __rcu setid_ruleset* ruleset) in safesetid_file_read() argument
274 pol = rcu_dereference_protected(ruleset, lockdep_is_held(policy_update_lock)); in safesetid_file_read()
/linux/tools/testing/selftests/net/mptcp/
H A Dmptcp_connect.sh687 flush ruleset
713 ip netns exec "$listener_ns" nft flush ruleset
721 ip netns exec "$listener_ns" nft flush ruleset
737 ip netns exec "$listener_ns" nft flush ruleset

12