Home
last modified time | relevance | path

Searched refs:ruleset (Results 1 – 25 of 35) sorted by relevance

12

/linux/drivers/net/ethernet/marvell/prestera/
H A Dprestera_acl.c140 struct prestera_acl_ruleset *ruleset; in prestera_acl_ruleset_create() local
147 ruleset = kzalloc_obj(*ruleset); in prestera_acl_ruleset_create()
148 if (!ruleset) in prestera_acl_ruleset_create()
151 ruleset->acl = acl; in prestera_acl_ruleset_create()
152 ruleset->ingress = block->ingress; in prestera_acl_ruleset_create()
153 ruleset->ht_key.block = block; in prestera_acl_ruleset_create()
154 ruleset->ht_key.chain_index = chain_index; in prestera_acl_ruleset_create()
155 refcount_set(&ruleset->refcount, 1); in prestera_acl_ruleset_create()
157 err = rhashtable_init(&ruleset->rule_ht, &prestera_acl_rule_ht_params); in prestera_acl_ruleset_create()
166 ruleset->pcl_id = PRESTERA_ACL_PCL_ID_MAKE((u8)uid, chain_index); in prestera_acl_ruleset_create()
[all …]
H A Dprestera_flower.c11 struct prestera_acl_ruleset *ruleset; member
19 prestera_acl_ruleset_put(template->ruleset); in prestera_flower_template_free()
39 struct prestera_acl_ruleset *ruleset; in prestera_flower_parse_goto_action() local
48 ruleset = prestera_acl_ruleset_get(block->sw->acl, block, in prestera_flower_parse_goto_action()
50 if (IS_ERR(ruleset)) in prestera_flower_parse_goto_action()
51 return PTR_ERR(ruleset); in prestera_flower_parse_goto_action()
54 rule->re_arg.jump.i.index = prestera_acl_ruleset_index_get(ruleset); in prestera_flower_parse_goto_action()
56 rule->jump_ruleset = ruleset; in prestera_flower_parse_goto_action()
407 struct prestera_acl_ruleset *ruleset; in prestera_flower_prio_get() local
409 ruleset = prestera_acl_ruleset_lookup(block->sw->acl, block, chain_index); in prestera_flower_prio_get()
[all …]
H A Dprestera_acl.h130 struct prestera_acl_ruleset *ruleset; member
156 prestera_acl_rule_create(struct prestera_acl_ruleset *ruleset,
162 prestera_acl_rule_lookup(struct prestera_acl_ruleset *ruleset,
188 int prestera_acl_ruleset_keymask_set(struct prestera_acl_ruleset *ruleset,
190 bool prestera_acl_ruleset_is_offload(struct prestera_acl_ruleset *ruleset);
191 int prestera_acl_ruleset_offload(struct prestera_acl_ruleset *ruleset);
192 void prestera_acl_ruleset_put(struct prestera_acl_ruleset *ruleset);
193 int prestera_acl_ruleset_bind(struct prestera_acl_ruleset *ruleset,
195 int prestera_acl_ruleset_unbind(struct prestera_acl_ruleset *ruleset,
197 u32 prestera_acl_ruleset_index_get(const struct prestera_acl_ruleset *ruleset);
[all …]
/linux/security/landlock/
H A Druleset.h52 * union landlock_key - Key of a ruleset's red-black tree
83 * struct landlock_id - Unique rule identifier for a ruleset
102 * @node: Node in the ruleset's red-black tree.
108 * for this ruleset element. The pointer is set once and never
125 * struct landlock_ruleset - Landlock ruleset
133 * landlock_rule nodes with inode object. Once a ruleset is tied to a
142 * landlock_rule nodes with network port. Once a ruleset is tied to a
156 * @work_free: Enables to free a ruleset within a lockless
171 * descriptors referencing this ruleset.
176 * the same object) rules in this ruleset
215 landlock_get_ruleset(struct landlock_ruleset * const ruleset) landlock_get_ruleset() argument
247 landlock_add_fs_access_mask(struct landlock_ruleset * const ruleset,const access_mask_t fs_access_mask,const u16 layer_level) landlock_add_fs_access_mask() argument
259 landlock_add_net_access_mask(struct landlock_ruleset * const ruleset,const access_mask_t net_access_mask,const u16 layer_level) landlock_add_net_access_mask() argument
271 landlock_add_scope_mask(struct landlock_ruleset * const ruleset,const access_mask_t scope_mask,const u16 layer_level) landlock_add_scope_mask() argument
282 landlock_get_fs_access_mask(const struct landlock_ruleset * const ruleset,const u16 layer_level) landlock_get_fs_access_mask() argument
291 landlock_get_net_access_mask(const struct landlock_ruleset * const ruleset,const u16 layer_level) landlock_get_net_access_mask() argument
298 landlock_get_scope_mask(const struct landlock_ruleset * const ruleset,const u16 layer_level) landlock_get_scope_mask() argument
[all...]
H A Dsyscalls.c37 #include "ruleset.h"
130 struct landlock_ruleset *ruleset = filp->private_data; in fop_dummy_read()
132 landlock_put_ruleset(ruleset); in fop_dummy_read()
152 * A ruleset file descriptor enables to build a ruleset by adding (i.e.
154 * reentrant design is also used in a read way to enforce the ruleset on the
175 * sys_landlock_create_ruleset - Create a new ruleset
178 * the new ruleset.
186 * This system call enables to create a new Landlock ruleset.
191 * Return: The ruleset fil
124 struct landlock_ruleset *ruleset = filp->private_data; fop_ruleset_release() local
200 struct landlock_ruleset *ruleset; SYSCALL_DEFINE3() local
267 struct landlock_ruleset *ruleset; get_ruleset_from_fd() local
314 add_rule_path_beneath(struct landlock_ruleset * const ruleset,const void __user * const rule_attr) add_rule_path_beneath() argument
352 add_rule_net_port(struct landlock_ruleset * ruleset,const void __user * const rule_attr) add_rule_net_port() argument
[all...]
H A Druleset.c30 #include "ruleset.h"
64 /* Informs about useless ruleset. */ in landlock_create_ruleset()
148 static struct rb_root *get_root(struct landlock_ruleset *const ruleset, in get_root()
153 return &ruleset->root_inode; in get_root()
157 return &ruleset->root_net_port; in get_root()
179 const struct landlock_ruleset ruleset = { in build_check_ruleset()
184 BUILD_BUG_ON(ruleset.num_rules < LANDLOCK_MAX_NUM_RULES); in build_check_ruleset()
185 BUILD_BUG_ON(ruleset.num_layers < LANDLOCK_MAX_NUM_LAYERS); in build_check_ruleset()
189 * insert_rule - Create and insert a rule in a ruleset
191 * @ruleset
147 get_root(struct landlock_ruleset * const ruleset,const enum landlock_key_type key_type) get_root() argument
178 const struct landlock_ruleset ruleset = { build_check_ruleset() local
207 insert_rule(struct landlock_ruleset * const ruleset,const struct landlock_id id,const struct landlock_layer (* layers)[],const size_t num_layers) insert_rule() argument
306 landlock_insert_rule(struct landlock_ruleset * const ruleset,const struct landlock_id id,const access_mask_t access) landlock_insert_rule() argument
483 free_ruleset(struct landlock_ruleset * const ruleset) free_ruleset() argument
502 landlock_put_ruleset(struct landlock_ruleset * const ruleset) landlock_put_ruleset() argument
511 struct landlock_ruleset *ruleset; free_ruleset_work() local
518 landlock_put_ruleset_deferred(struct landlock_ruleset * const ruleset) landlock_put_ruleset_deferred() argument
540 landlock_merge_ruleset(struct landlock_ruleset * const parent,struct landlock_ruleset * const ruleset) landlock_merge_ruleset() argument
591 landlock_find_rule(const struct landlock_ruleset * const ruleset,const struct landlock_id id) landlock_find_rule() argument
[all...]
H A Dnet.c20 #include "ruleset.h"
22 int landlock_append_net_rule(struct landlock_ruleset *const ruleset, in landlock_append_net_rule() argument
36 ~landlock_get_net_access_mask(ruleset, 0); in landlock_append_net_rule()
38 mutex_lock(&ruleset->lock); in landlock_append_net_rule()
39 err = landlock_insert_rule(ruleset, id, access_rights, flags); in landlock_append_net_rule()
40 mutex_unlock(&ruleset->lock); in landlock_append_net_rule()
H A Dnet.h12 #include "ruleset.h"
18 int landlock_append_net_rule(struct landlock_ruleset *const ruleset,
27 landlock_append_net_rule(struct landlock_ruleset *const ruleset, const u16 port, in landlock_append_net_rule()
26 landlock_append_net_rule(struct landlock_ruleset * const ruleset,const u16 port,access_mask_t access_rights) landlock_append_net_rule() argument
H A DMakefile7 ruleset.o \
H A Dfs.h20 #include "ruleset.h"
152 int landlock_append_fs_rule(struct landlock_ruleset *const ruleset,
H A Dfs.c52 #include "ruleset.h"
303 * shutdown, or by release_inode() when no more ruleset references the in get_inode_object()
326 int landlock_append_fs_rule(struct landlock_ruleset *const ruleset, in landlock_append_fs_rule()
339 if (WARN_ON_ONCE(ruleset->num_layers != 1)) in landlock_append_fs_rule()
344 ~landlock_get_fs_access_mask(ruleset, 0); in landlock_append_fs_rule()
348 mutex_lock(&ruleset->lock); in landlock_append_fs_rule()
349 err = landlock_insert_rule(ruleset, id, access_rights, flags); in landlock_append_fs_rule()
350 mutex_unlock(&ruleset->lock); in landlock_append_fs_rule()
539 * be inconsistent compared to domain 1's ruleset alone (e.g. it might in test_no_more_access()
540 * be denied to link/rename with domain 1's ruleset, wherea in test_no_more_access()
323 landlock_append_fs_rule(struct landlock_ruleset * const ruleset,const struct path * const path,access_mask_t access_rights) landlock_append_fs_rule() argument
[all...]
/linux/drivers/net/ethernet/mellanox/mlxsw/
H A Dspectrum_acl.c70 struct mlxsw_sp_acl_ruleset *ruleset; member
100 mlxsw_sp_acl_ruleset_is_singular(const struct mlxsw_sp_acl_ruleset *ruleset) in mlxsw_sp_acl_ruleset_is_singular() argument
103 return refcount_read(&ruleset->ref_count) == 2; in mlxsw_sp_acl_ruleset_is_singular()
110 struct mlxsw_sp_acl_ruleset *ruleset = block->ruleset_zero; in mlxsw_sp_acl_ruleset_bind() local
111 const struct mlxsw_sp_acl_profile_ops *ops = ruleset->ht_key.ops; in mlxsw_sp_acl_ruleset_bind()
113 return ops->ruleset_bind(mlxsw_sp, ruleset->priv, in mlxsw_sp_acl_ruleset_bind()
121 struct mlxsw_sp_acl_ruleset *ruleset = block->ruleset_zero; in mlxsw_sp_acl_ruleset_unbind() local
122 const struct mlxsw_sp_acl_profile_ops *ops = ruleset->ht_key.ops; in mlxsw_sp_acl_ruleset_unbind()
124 ops->ruleset_unbind(mlxsw_sp, ruleset->priv, in mlxsw_sp_acl_ruleset_unbind()
130 struct mlxsw_sp_acl_ruleset *ruleset, in mlxsw_sp_acl_ruleset_block_bind() argument
[all …]
H A Dspectrum_flower.c131 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp_flower_parse_actions() local
134 ruleset = mlxsw_sp_acl_ruleset_lookup(mlxsw_sp, block, in mlxsw_sp_flower_parse_actions()
137 if (IS_ERR(ruleset)) in mlxsw_sp_flower_parse_actions()
138 return PTR_ERR(ruleset); in mlxsw_sp_flower_parse_actions()
140 group_id = mlxsw_sp_acl_ruleset_group_id(ruleset); in mlxsw_sp_flower_parse_actions()
745 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp_flower_replace() local
753 ruleset = mlxsw_sp_acl_ruleset_get(mlxsw_sp, block, in mlxsw_sp_flower_replace()
756 if (IS_ERR(ruleset)) in mlxsw_sp_flower_replace()
757 return PTR_ERR(ruleset); in mlxsw_sp_flower_replace()
759 rule = mlxsw_sp_acl_rule_create(mlxsw_sp, ruleset, f->cookie, NULL, in mlxsw_sp_flower_replace()
[all …]
H A Dspectrum2_mr_tcam.c36 struct mlxsw_sp_acl_ruleset *ruleset) in mlxsw_sp2_mr_tcam_bind_group() argument
41 group_id = mlxsw_sp_acl_ruleset_group_id(ruleset); in mlxsw_sp2_mr_tcam_bind_group()
218 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp2_mr_tcam_route_create() local
223 ruleset = mlxsw_sp2_mr_tcam_proto_ruleset(mr_tcam, key->proto); in mlxsw_sp2_mr_tcam_route_create()
224 if (WARN_ON(!ruleset)) in mlxsw_sp2_mr_tcam_route_create()
227 rule = mlxsw_sp_acl_rule_create(mlxsw_sp, ruleset, in mlxsw_sp2_mr_tcam_route_create()
251 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp2_mr_tcam_route_destroy() local
254 ruleset = mlxsw_sp2_mr_tcam_proto_ruleset(mr_tcam, key->proto); in mlxsw_sp2_mr_tcam_route_destroy()
255 if (WARN_ON(!ruleset)) in mlxsw_sp2_mr_tcam_route_destroy()
258 rule = mlxsw_sp_acl_rule_lookup(mlxsw_sp, ruleset, in mlxsw_sp2_mr_tcam_route_destroy()
[all …]
H A Dspectrum_acl_tcam.c1696 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_flower_ruleset_add() local
1698 return mlxsw_sp_acl_tcam_vgroup_add(mlxsw_sp, tcam, &ruleset->vgroup, in mlxsw_sp_acl_tcam_flower_ruleset_add()
1709 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_flower_ruleset_del() local
1711 mlxsw_sp_acl_tcam_vgroup_del(&ruleset->vgroup); in mlxsw_sp_acl_tcam_flower_ruleset_del()
1720 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_flower_ruleset_bind() local
1722 return mlxsw_sp_acl_tcam_group_bind(mlxsw_sp, &ruleset->vgroup.group, in mlxsw_sp_acl_tcam_flower_ruleset_bind()
1732 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_flower_ruleset_unbind() local
1734 mlxsw_sp_acl_tcam_group_unbind(mlxsw_sp, &ruleset->vgroup.group, in mlxsw_sp_acl_tcam_flower_ruleset_unbind()
1741 struct mlxsw_sp_acl_tcam_flower_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_flower_ruleset_group_id() local
1743 return mlxsw_sp_acl_tcam_group_id(&ruleset->vgroup.group); in mlxsw_sp_acl_tcam_flower_ruleset_group_id()
[all …]
/linux/tools/testing/selftests/net/netfilter/
H A Dnft_queue.sh259 ip netns exec "$nsrouter" nft list ruleset
327 flush ruleset
372 flush ruleset
398 ip netns exec "$ns1" nft list ruleset
408 ip netns exec "$ns1" nft flush ruleset
452 flush ruleset
531 flush ruleset
606 flush ruleset
753 flush ruleset
802 flush ruleset
[all...]
H A Dconntrack_vrf.sh84 # as decided by the first iteration of the ruleset.
122 ip netns exec "$ns0" nft list ruleset
141 flush ruleset
188 flush ruleset
H A Dnft_flowtable.sh190 echo "SKIP: Could not load nft ruleset"
210 echo -n "SKIP: Could not load ruleset: "
507 ip netns exec "$nsr1" nft list ruleset
515 ip netns exec "$nsr1" nft list ruleset
551 ip netns exec "$nsr1" nft list ruleset
579 ip netns exec "$nsr1" nft list ruleset
627 ip netns exec "$nsr1" nft list ruleset
635 ip netns exec "$nsr1" nft list ruleset
681 ip netns exec "$nsr1" nft list ruleset
689 ip netns exec "$nsr1" nft list ruleset
[all...]
H A Dbr_netfilter.sh39 ip netns exec "$ns0" nft list ruleset
56 ip netns exec "$ns0" nft list ruleset
135 echo "SKIP: could not add nftables ruleset"
H A Dnft_audit.sh82 nft flush ruleset
/linux/tools/testing/selftests/net/ovpn/
H A Dtest-mark.sh78 ruleset
138 ruleset
/linux/include/linux/crush/
H A Dmapper.h14 extern int crush_find_rule(const struct crush_map *map, int ruleset, int type, int size);
H A Dcrush.h81 __u8 ruleset; member
/linux/security/safesetid/
H A Dsecurityfs.c267 … size_t len, loff_t *ppos, struct mutex *policy_update_lock, struct __rcu setid_ruleset* ruleset) in safesetid_file_read() argument
274 pol = rcu_dereference_protected(ruleset, lockdep_is_held(policy_update_lock)); in safesetid_file_read()
/linux/tools/testing/selftests/net/mptcp/
H A Dmptcp_connect.sh687 flush ruleset
713 ip netns exec "$listener_ns" nft flush ruleset
721 ip netns exec "$listener_ns" nft flush ruleset
737 ip netns exec "$listener_ns" nft flush ruleset

12