| /linux/drivers/net/ethernet/marvell/prestera/ |
| H A D | prestera_acl.c | 140 struct prestera_acl_ruleset *ruleset; in prestera_acl_ruleset_create() local 147 ruleset = kzalloc_obj(*ruleset); in prestera_acl_ruleset_create() 148 if (!ruleset) in prestera_acl_ruleset_create() 151 ruleset->acl = acl; in prestera_acl_ruleset_create() 152 ruleset->ingress = block->ingress; in prestera_acl_ruleset_create() 153 ruleset->ht_key.block = block; in prestera_acl_ruleset_create() 154 ruleset->ht_key.chain_index = chain_index; in prestera_acl_ruleset_create() 155 refcount_set(&ruleset->refcount, 1); in prestera_acl_ruleset_create() 157 err = rhashtable_init(&ruleset->rule_ht, &prestera_acl_rule_ht_params); in prestera_acl_ruleset_create() 166 ruleset->pcl_id = PRESTERA_ACL_PCL_ID_MAKE((u8)uid, chain_index); in prestera_acl_ruleset_create() [all …]
|
| H A D | prestera_flower.c | 11 struct prestera_acl_ruleset *ruleset; member 19 prestera_acl_ruleset_put(template->ruleset); in prestera_flower_template_free() 39 struct prestera_acl_ruleset *ruleset; in prestera_flower_parse_goto_action() local 48 ruleset = prestera_acl_ruleset_get(block->sw->acl, block, in prestera_flower_parse_goto_action() 50 if (IS_ERR(ruleset)) in prestera_flower_parse_goto_action() 51 return PTR_ERR(ruleset); in prestera_flower_parse_goto_action() 54 rule->re_arg.jump.i.index = prestera_acl_ruleset_index_get(ruleset); in prestera_flower_parse_goto_action() 56 rule->jump_ruleset = ruleset; in prestera_flower_parse_goto_action() 407 struct prestera_acl_ruleset *ruleset; in prestera_flower_prio_get() local 409 ruleset = prestera_acl_ruleset_lookup(block->sw->acl, block, chain_index); in prestera_flower_prio_get() [all …]
|
| H A D | prestera_acl.h | 130 struct prestera_acl_ruleset *ruleset; member 156 prestera_acl_rule_create(struct prestera_acl_ruleset *ruleset, 162 prestera_acl_rule_lookup(struct prestera_acl_ruleset *ruleset, 188 int prestera_acl_ruleset_keymask_set(struct prestera_acl_ruleset *ruleset, 190 bool prestera_acl_ruleset_is_offload(struct prestera_acl_ruleset *ruleset); 191 int prestera_acl_ruleset_offload(struct prestera_acl_ruleset *ruleset); 192 void prestera_acl_ruleset_put(struct prestera_acl_ruleset *ruleset); 193 int prestera_acl_ruleset_bind(struct prestera_acl_ruleset *ruleset, 195 int prestera_acl_ruleset_unbind(struct prestera_acl_ruleset *ruleset, 197 u32 prestera_acl_ruleset_index_get(const struct prestera_acl_ruleset *ruleset); [all …]
|
| /linux/security/landlock/ |
| H A D | ruleset.h | 52 * union landlock_key - Key of a ruleset's red-black tree 83 * struct landlock_id - Unique rule identifier for a ruleset 102 * @node: Node in the ruleset's red-black tree. 108 * for this ruleset element. The pointer is set once and never 125 * struct landlock_ruleset - Landlock ruleset 133 * landlock_rule nodes with inode object. Once a ruleset is tied to a 142 * landlock_rule nodes with network port. Once a ruleset is tied to a 156 * @work_free: Enables to free a ruleset within a lockless 171 * descriptors referencing this ruleset. 176 * the same object) rules in this ruleset 215 landlock_get_ruleset(struct landlock_ruleset * const ruleset) landlock_get_ruleset() argument 247 landlock_add_fs_access_mask(struct landlock_ruleset * const ruleset,const access_mask_t fs_access_mask,const u16 layer_level) landlock_add_fs_access_mask() argument 259 landlock_add_net_access_mask(struct landlock_ruleset * const ruleset,const access_mask_t net_access_mask,const u16 layer_level) landlock_add_net_access_mask() argument 271 landlock_add_scope_mask(struct landlock_ruleset * const ruleset,const access_mask_t scope_mask,const u16 layer_level) landlock_add_scope_mask() argument 282 landlock_get_fs_access_mask(const struct landlock_ruleset * const ruleset,const u16 layer_level) landlock_get_fs_access_mask() argument 291 landlock_get_net_access_mask(const struct landlock_ruleset * const ruleset,const u16 layer_level) landlock_get_net_access_mask() argument 298 landlock_get_scope_mask(const struct landlock_ruleset * const ruleset,const u16 layer_level) landlock_get_scope_mask() argument [all...] |
| H A D | syscalls.c | 37 #include "ruleset.h" 130 struct landlock_ruleset *ruleset = filp->private_data; in fop_dummy_read() 132 landlock_put_ruleset(ruleset); in fop_dummy_read() 152 * A ruleset file descriptor enables to build a ruleset by adding (i.e. 154 * reentrant design is also used in a read way to enforce the ruleset on the 175 * sys_landlock_create_ruleset - Create a new ruleset 178 * the new ruleset. 186 * This system call enables to create a new Landlock ruleset. 191 * Return: The ruleset fil 124 struct landlock_ruleset *ruleset = filp->private_data; fop_ruleset_release() local 200 struct landlock_ruleset *ruleset; SYSCALL_DEFINE3() local 267 struct landlock_ruleset *ruleset; get_ruleset_from_fd() local 314 add_rule_path_beneath(struct landlock_ruleset * const ruleset,const void __user * const rule_attr) add_rule_path_beneath() argument 352 add_rule_net_port(struct landlock_ruleset * ruleset,const void __user * const rule_attr) add_rule_net_port() argument [all...] |
| H A D | ruleset.c | 30 #include "ruleset.h" 64 /* Informs about useless ruleset. */ in landlock_create_ruleset() 148 static struct rb_root *get_root(struct landlock_ruleset *const ruleset, in get_root() 153 return &ruleset->root_inode; in get_root() 157 return &ruleset->root_net_port; in get_root() 179 const struct landlock_ruleset ruleset = { in build_check_ruleset() 184 BUILD_BUG_ON(ruleset.num_rules < LANDLOCK_MAX_NUM_RULES); in build_check_ruleset() 185 BUILD_BUG_ON(ruleset.num_layers < LANDLOCK_MAX_NUM_LAYERS); in build_check_ruleset() 189 * insert_rule - Create and insert a rule in a ruleset 191 * @ruleset 147 get_root(struct landlock_ruleset * const ruleset,const enum landlock_key_type key_type) get_root() argument 178 const struct landlock_ruleset ruleset = { build_check_ruleset() local 207 insert_rule(struct landlock_ruleset * const ruleset,const struct landlock_id id,const struct landlock_layer (* layers)[],const size_t num_layers) insert_rule() argument 306 landlock_insert_rule(struct landlock_ruleset * const ruleset,const struct landlock_id id,const access_mask_t access) landlock_insert_rule() argument 483 free_ruleset(struct landlock_ruleset * const ruleset) free_ruleset() argument 502 landlock_put_ruleset(struct landlock_ruleset * const ruleset) landlock_put_ruleset() argument 511 struct landlock_ruleset *ruleset; free_ruleset_work() local 518 landlock_put_ruleset_deferred(struct landlock_ruleset * const ruleset) landlock_put_ruleset_deferred() argument 540 landlock_merge_ruleset(struct landlock_ruleset * const parent,struct landlock_ruleset * const ruleset) landlock_merge_ruleset() argument 591 landlock_find_rule(const struct landlock_ruleset * const ruleset,const struct landlock_id id) landlock_find_rule() argument [all...] |
| H A D | net.c | 20 #include "ruleset.h" 22 int landlock_append_net_rule(struct landlock_ruleset *const ruleset, in landlock_append_net_rule() argument 36 ~landlock_get_net_access_mask(ruleset, 0); in landlock_append_net_rule() 38 mutex_lock(&ruleset->lock); in landlock_append_net_rule() 39 err = landlock_insert_rule(ruleset, id, access_rights, flags); in landlock_append_net_rule() 40 mutex_unlock(&ruleset->lock); in landlock_append_net_rule()
|
| H A D | net.h | 12 #include "ruleset.h" 18 int landlock_append_net_rule(struct landlock_ruleset *const ruleset, 27 landlock_append_net_rule(struct landlock_ruleset *const ruleset, const u16 port, in landlock_append_net_rule() 26 landlock_append_net_rule(struct landlock_ruleset * const ruleset,const u16 port,access_mask_t access_rights) landlock_append_net_rule() argument
|
| H A D | Makefile | 7 ruleset.o \
|
| H A D | fs.h | 20 #include "ruleset.h" 152 int landlock_append_fs_rule(struct landlock_ruleset *const ruleset,
|
| H A D | fs.c | 52 #include "ruleset.h" 303 * shutdown, or by release_inode() when no more ruleset references the in get_inode_object() 326 int landlock_append_fs_rule(struct landlock_ruleset *const ruleset, in landlock_append_fs_rule() 339 if (WARN_ON_ONCE(ruleset->num_layers != 1)) in landlock_append_fs_rule() 344 ~landlock_get_fs_access_mask(ruleset, 0); in landlock_append_fs_rule() 348 mutex_lock(&ruleset->lock); in landlock_append_fs_rule() 349 err = landlock_insert_rule(ruleset, id, access_rights, flags); in landlock_append_fs_rule() 350 mutex_unlock(&ruleset->lock); in landlock_append_fs_rule() 539 * be inconsistent compared to domain 1's ruleset alone (e.g. it might in test_no_more_access() 540 * be denied to link/rename with domain 1's ruleset, wherea in test_no_more_access() 323 landlock_append_fs_rule(struct landlock_ruleset * const ruleset,const struct path * const path,access_mask_t access_rights) landlock_append_fs_rule() argument [all...] |
| /linux/drivers/net/ethernet/mellanox/mlxsw/ |
| H A D | spectrum_acl.c | 70 struct mlxsw_sp_acl_ruleset *ruleset; member 100 mlxsw_sp_acl_ruleset_is_singular(const struct mlxsw_sp_acl_ruleset *ruleset) in mlxsw_sp_acl_ruleset_is_singular() argument 103 return refcount_read(&ruleset->ref_count) == 2; in mlxsw_sp_acl_ruleset_is_singular() 110 struct mlxsw_sp_acl_ruleset *ruleset = block->ruleset_zero; in mlxsw_sp_acl_ruleset_bind() local 111 const struct mlxsw_sp_acl_profile_ops *ops = ruleset->ht_key.ops; in mlxsw_sp_acl_ruleset_bind() 113 return ops->ruleset_bind(mlxsw_sp, ruleset->priv, in mlxsw_sp_acl_ruleset_bind() 121 struct mlxsw_sp_acl_ruleset *ruleset = block->ruleset_zero; in mlxsw_sp_acl_ruleset_unbind() local 122 const struct mlxsw_sp_acl_profile_ops *ops = ruleset->ht_key.ops; in mlxsw_sp_acl_ruleset_unbind() 124 ops->ruleset_unbind(mlxsw_sp, ruleset->priv, in mlxsw_sp_acl_ruleset_unbind() 130 struct mlxsw_sp_acl_ruleset *ruleset, in mlxsw_sp_acl_ruleset_block_bind() argument [all …]
|
| H A D | spectrum_flower.c | 131 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp_flower_parse_actions() local 134 ruleset = mlxsw_sp_acl_ruleset_lookup(mlxsw_sp, block, in mlxsw_sp_flower_parse_actions() 137 if (IS_ERR(ruleset)) in mlxsw_sp_flower_parse_actions() 138 return PTR_ERR(ruleset); in mlxsw_sp_flower_parse_actions() 140 group_id = mlxsw_sp_acl_ruleset_group_id(ruleset); in mlxsw_sp_flower_parse_actions() 745 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp_flower_replace() local 753 ruleset = mlxsw_sp_acl_ruleset_get(mlxsw_sp, block, in mlxsw_sp_flower_replace() 756 if (IS_ERR(ruleset)) in mlxsw_sp_flower_replace() 757 return PTR_ERR(ruleset); in mlxsw_sp_flower_replace() 759 rule = mlxsw_sp_acl_rule_create(mlxsw_sp, ruleset, f->cookie, NULL, in mlxsw_sp_flower_replace() [all …]
|
| H A D | spectrum2_mr_tcam.c | 36 struct mlxsw_sp_acl_ruleset *ruleset) in mlxsw_sp2_mr_tcam_bind_group() argument 41 group_id = mlxsw_sp_acl_ruleset_group_id(ruleset); in mlxsw_sp2_mr_tcam_bind_group() 218 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp2_mr_tcam_route_create() local 223 ruleset = mlxsw_sp2_mr_tcam_proto_ruleset(mr_tcam, key->proto); in mlxsw_sp2_mr_tcam_route_create() 224 if (WARN_ON(!ruleset)) in mlxsw_sp2_mr_tcam_route_create() 227 rule = mlxsw_sp_acl_rule_create(mlxsw_sp, ruleset, in mlxsw_sp2_mr_tcam_route_create() 251 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp2_mr_tcam_route_destroy() local 254 ruleset = mlxsw_sp2_mr_tcam_proto_ruleset(mr_tcam, key->proto); in mlxsw_sp2_mr_tcam_route_destroy() 255 if (WARN_ON(!ruleset)) in mlxsw_sp2_mr_tcam_route_destroy() 258 rule = mlxsw_sp_acl_rule_lookup(mlxsw_sp, ruleset, in mlxsw_sp2_mr_tcam_route_destroy() [all …]
|
| H A D | spectrum_acl_tcam.c | 1696 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_flower_ruleset_add() local 1698 return mlxsw_sp_acl_tcam_vgroup_add(mlxsw_sp, tcam, &ruleset->vgroup, in mlxsw_sp_acl_tcam_flower_ruleset_add() 1709 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_flower_ruleset_del() local 1711 mlxsw_sp_acl_tcam_vgroup_del(&ruleset->vgroup); in mlxsw_sp_acl_tcam_flower_ruleset_del() 1720 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_flower_ruleset_bind() local 1722 return mlxsw_sp_acl_tcam_group_bind(mlxsw_sp, &ruleset->vgroup.group, in mlxsw_sp_acl_tcam_flower_ruleset_bind() 1732 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_flower_ruleset_unbind() local 1734 mlxsw_sp_acl_tcam_group_unbind(mlxsw_sp, &ruleset->vgroup.group, in mlxsw_sp_acl_tcam_flower_ruleset_unbind() 1741 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_flower_ruleset_group_id() local 1743 return mlxsw_sp_acl_tcam_group_id(&ruleset->vgroup.group); in mlxsw_sp_acl_tcam_flower_ruleset_group_id() [all …]
|
| /linux/tools/testing/selftests/net/netfilter/ |
| H A D | nft_queue.sh | 259 ip netns exec "$nsrouter" nft list ruleset 327 flush ruleset 372 flush ruleset 398 ip netns exec "$ns1" nft list ruleset 408 ip netns exec "$ns1" nft flush ruleset 452 flush ruleset 531 flush ruleset 606 flush ruleset 753 flush ruleset 802 flush ruleset [all...] |
| H A D | conntrack_vrf.sh | 84 # as decided by the first iteration of the ruleset. 122 ip netns exec "$ns0" nft list ruleset 141 flush ruleset 188 flush ruleset
|
| H A D | nft_flowtable.sh | 190 echo "SKIP: Could not load nft ruleset" 210 echo -n "SKIP: Could not load ruleset: " 507 ip netns exec "$nsr1" nft list ruleset 515 ip netns exec "$nsr1" nft list ruleset 551 ip netns exec "$nsr1" nft list ruleset 579 ip netns exec "$nsr1" nft list ruleset 627 ip netns exec "$nsr1" nft list ruleset 635 ip netns exec "$nsr1" nft list ruleset 681 ip netns exec "$nsr1" nft list ruleset 689 ip netns exec "$nsr1" nft list ruleset [all...] |
| H A D | br_netfilter.sh | 39 ip netns exec "$ns0" nft list ruleset 56 ip netns exec "$ns0" nft list ruleset 135 echo "SKIP: could not add nftables ruleset"
|
| H A D | nft_audit.sh | 82 nft flush ruleset
|
| /linux/tools/testing/selftests/net/ovpn/ |
| H A D | test-mark.sh | 78 ruleset 138 ruleset
|
| /linux/include/linux/crush/ |
| H A D | mapper.h | 14 extern int crush_find_rule(const struct crush_map *map, int ruleset, int type, int size);
|
| H A D | crush.h | 81 __u8 ruleset; member
|
| /linux/security/safesetid/ |
| H A D | securityfs.c | 267 … size_t len, loff_t *ppos, struct mutex *policy_update_lock, struct __rcu setid_ruleset* ruleset) in safesetid_file_read() argument 274 pol = rcu_dereference_protected(ruleset, lockdep_is_held(policy_update_lock)); in safesetid_file_read()
|
| /linux/tools/testing/selftests/net/mptcp/ |
| H A D | mptcp_connect.sh | 687 flush ruleset 713 ip netns exec "$listener_ns" nft flush ruleset 721 ip netns exec "$listener_ns" nft flush ruleset 737 ip netns exec "$listener_ns" nft flush ruleset
|