Home
last modified time | relevance | path

Searched refs:verdict (Results 1 – 25 of 58) sorted by relevance

123

/linux/tools/testing/selftests/bpf/progs/
H A Dtest_sockmap_listen.c66 int verdict; in prog_stream_verdict() local
69 verdict = bpf_sk_redirect_map(skb, &sock_map, zero, 0); in prog_stream_verdict()
71 verdict = bpf_sk_redirect_hash(skb, &sock_hash, &zero, 0); in prog_stream_verdict()
73 count = bpf_map_lookup_elem(&verdict_map, &verdict); in prog_stream_verdict()
77 return verdict; in prog_stream_verdict()
85 int verdict; in prog_skb_verdict() local
88 verdict = bpf_sk_redirect_map(skb, &sock_map, zero, in prog_skb_verdict()
91 verdict = bpf_sk_redirect_hash(skb, &sock_hash, &zero, in prog_skb_verdict()
94 count = bpf_map_lookup_elem(&verdict_map, &verdict); in prog_skb_verdict()
98 return verdict; in prog_skb_verdict()
[all …]
H A Dtest_skmsg_load_helpers.c30 int verdict = SK_PASS; in prog_msg_verdict_common() local
41 verdict = SK_DROP; in prog_msg_verdict_common()
43 return verdict; in prog_msg_verdict_common()
/linux/drivers/net/ethernet/amazon/ena/
H A Dena_xdp.h84 u32 verdict = ENA_XDP_PASS; in ena_xdp_execute() local
92 verdict = bpf_prog_run_xdp(xdp_prog, xdp); in ena_xdp_execute()
94 switch (verdict) { in ena_xdp_execute()
98 trace_xdp_exception(rx_ring->netdev, xdp_prog, verdict); in ena_xdp_execute()
100 verdict = ENA_XDP_DROP; in ena_xdp_execute()
116 verdict = ENA_XDP_TX; in ena_xdp_execute()
121 verdict = ENA_XDP_REDIRECT; in ena_xdp_execute()
124 trace_xdp_exception(rx_ring->netdev, xdp_prog, verdict); in ena_xdp_execute()
126 verdict = ENA_XDP_DROP; in ena_xdp_execute()
129 trace_xdp_exception(rx_ring->netdev, xdp_prog, verdict); in ena_xdp_execute()
[all …]
/linux/net/netfilter/
H A Dnft_fwd_netdev.c37 regs->verdict.code = NF_STOLEN; in nft_fwd_netdev_eval()
102 unsigned int verdict = NF_STOLEN; in nft_fwd_neigh_eval() local
114 verdict = NFT_BREAK; in nft_fwd_neigh_eval()
118 verdict = NF_DROP; in nft_fwd_neigh_eval()
123 verdict = NF_DROP; in nft_fwd_neigh_eval()
135 verdict = NFT_BREAK; in nft_fwd_neigh_eval()
139 verdict = NF_DROP; in nft_fwd_neigh_eval()
144 verdict = NF_DROP; in nft_fwd_neigh_eval()
153 verdict = NFT_BREAK; in nft_fwd_neigh_eval()
158 verdict = NF_DROP; in nft_fwd_neigh_eval()
[all …]
H A Dnf_tables_core.c42 const struct nft_verdict *verdict, in __nft_trace_packet() argument
52 nft_trace_notify(pkt, verdict, rule, info); in __nft_trace_packet()
56 struct nft_verdict *verdict, in nft_trace_packet() argument
63 __nft_trace_packet(pkt, verdict, rule, info, type); in nft_trace_packet()
91 regs->verdict.code = NFT_BREAK; in nft_cmp_fast_eval()
105 regs->verdict.code = NFT_BREAK; in nft_cmp16_fast_eval()
115 switch (regs->verdict.code & NF_VERDICT_MASK) { in __nft_trace_verdict()
132 __nft_trace_packet(pkt, &regs->verdict, rule, info, type); in __nft_trace_verdict()
274 regs.verdict.code = NFT_CONTINUE; in nft_do_chain()
287 if (regs.verdict.code != NFT_CONTINUE) in nft_do_chain()
[all …]
H A Dnf_tables_trace.c174 const struct nft_verdict *verdict, in nf_trace_fill_rule_info() argument
187 verdict->code == NFT_CONTINUE) in nf_trace_fill_rule_info()
195 static bool nft_trace_have_verdict_chain(const struct nft_verdict *verdict, in nft_trace_have_verdict_chain() argument
206 switch (verdict->code) { in nft_trace_have_verdict_chain()
237 const struct nft_verdict *verdict, in nft_trace_notify() argument
276 if (nft_trace_have_verdict_chain(verdict, info)) in nft_trace_notify()
277 size += nla_total_size(strlen(verdict->chain->name)); /* jump target */ in nft_trace_notify()
304 if (nf_trace_fill_rule_info(skb, verdict, rule, info)) in nft_trace_notify()
315 if (nft_verdict_dump(skb, NFTA_TRACE_VERDICT, verdict)) in nft_trace_notify()
319 v = verdict->code & NF_VERDICT_MASK; in nft_trace_notify()
H A Dnfnetlink_queue.c265 unsigned int verdict, i = *index; in nf_iterate() local
270 verdict = nf_hook_entry_hookfn(hook, skb, state); in nf_iterate()
271 if (verdict != NF_ACCEPT) { in nf_iterate()
273 if (verdict != NF_REPEAT) in nf_iterate()
274 return verdict; in nf_iterate()
355 static void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) in nf_reinject() argument
380 if (verdict == NF_REPEAT) in nf_reinject()
381 verdict = nf_hook_entry_hookfn(hook_entry, skb, &entry->state); in nf_reinject()
383 if (verdict == NF_ACCEPT) { in nf_reinject()
385 verdict = NF_DROP; in nf_reinject()
[all …]
H A Dnft_tproxy.c35 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v4()
41 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v4()
80 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v4()
102 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v6()
109 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v6()
153 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval_v6()
182 regs->verdict.code = NFT_BREAK; in nft_tproxy_eval()
H A Dnft_osf.c32 regs->verdict.code = NFT_BREAK; in nft_osf_eval()
37 regs->verdict.code = NFT_BREAK; in nft_osf_eval()
44 regs->verdict.code = NFT_BREAK; in nft_osf_eval()
48 regs->verdict.code = NFT_BREAK; in nft_osf_eval()
H A Dnft_ct_fast.c34 regs->verdict.code = NFT_BREAK; in nft_ct_get_fast_eval()
57 regs->verdict.code = NFT_BREAK; in nft_ct_get_fast_eval()
H A Dnft_compat.c92 regs->verdict.code = NFT_CONTINUE; in nft_target_eval_xt()
95 regs->verdict.code = ret; in nft_target_eval_xt()
119 regs->verdict.code = NF_ACCEPT; in nft_target_eval_bridge()
122 regs->verdict.code = NF_DROP; in nft_target_eval_bridge()
125 regs->verdict.code = NFT_CONTINUE; in nft_target_eval_bridge()
128 regs->verdict.code = NFT_RETURN; in nft_target_eval_bridge()
131 regs->verdict.code = ret; in nft_target_eval_bridge()
415 regs->verdict.code = NF_DROP; in __nft_match_eval()
421 regs->verdict.code = NFT_CONTINUE; in __nft_match_eval()
424 regs->verdict.code = NFT_BREAK; in __nft_match_eval()
H A Dnft_exthdr.c71 regs->verdict.code = NFT_BREAK; in nft_exthdr_ipv6_eval()
165 regs->verdict.code = NFT_BREAK; in nft_exthdr_ipv4_eval()
229 regs->verdict.code = NFT_BREAK; in nft_exthdr_tcp_eval()
309 regs->verdict.code = NFT_BREAK; in nft_exthdr_tcp_set_eval()
362 regs->verdict.code = NFT_BREAK; in nft_exthdr_tcp_strip_eval()
366 regs->verdict.code = NF_DROP; in nft_exthdr_tcp_strip_eval()
407 regs->verdict.code = NFT_BREAK; in nft_exthdr_sctp_eval()
/linux/tools/testing/selftests/net/netfilter/
H A Dnf_queue.c27 uint32_t verdict; member
174 .verdict = htonl(verd), in nfq_build_verdict()
329 opts.queue_num, opts.verdict); in mainloop()
339 opts.queue_num, opts.verdict); in mainloop()
350 nlh = nfq_build_verdict(buf, id, opts.queue_num, opts.verdict); in mainloop()
382 opts.verdict = atoi(optarg); in parse_opts()
383 if (opts.verdict > 0xffff) { in parse_opts()
388 opts.verdict <<= 16; in parse_opts()
389 opts.verdict |= NF_QUEUE; in parse_opts()
419 if (opts.verdict != NF_ACCEPT && (opts.verdict >> 16 == opts.queue_num)) { in parse_opts()
[all …]
/linux/net/ipv4/netfilter/
H A Diptable_mangle.c39 unsigned int ret, verdict; in ipt_mangle_out() local
54 verdict = ret & NF_VERDICT_MASK; in ipt_mangle_out()
56 if (verdict != NF_DROP && verdict != NF_STOLEN) { in ipt_mangle_out()
H A Darp_tables.c201 unsigned int verdict = NF_DROP; in arpt_do_table() local
251 v = ((struct xt_standard_target *)t)->verdict; in arpt_do_table()
255 verdict = (unsigned int)(-v) - 1; in arpt_do_table()
270 verdict = NF_DROP; in arpt_do_table()
282 verdict = t->u.kernel.target->target(skb, &acpar); in arpt_do_table()
284 if (verdict == XT_CONTINUE) { in arpt_do_table()
299 return verdict; in arpt_do_table()
348 t->verdict < 0) || visited) { in mark_source_chains()
375 int newpos = t->verdict; in mark_source_chains()
452 unsigned int verdict; in check_underflow() local
[all …]
H A Dip_tables.c172 t->verdict < 0) { in get_chainname_rulenum()
231 /* Initializing verdict to NF_DROP keeps gcc happy. */ in ipt_do_table()
232 unsigned int verdict = NF_DROP; in ipt_do_table() local
266 * TEE issues XT_CONTINUE verdict on original skb so we must not in ipt_do_table()
270 * but it is no problem since absolute verdict is issued by these. in ipt_do_table()
313 v = ((struct xt_standard_target *)t)->verdict; in ipt_do_table()
317 verdict = (unsigned int)(-v) - 1; in ipt_do_table()
332 verdict = NF_DROP; in ipt_do_table()
345 verdict = t->u.kernel.target->target(skb, &acpar); in ipt_do_table()
346 if (verdict in ipt_do_table()
574 unsigned int verdict; check_underflow() local
[all...]
/linux/Documentation/bpf/
H A Dmap_sockmap.rst14 the result of a BPF (verdict) program with the help of the BPF helpers
29 and a verdict program. The parser program determines how much data has been
30 parsed and therefore how much data needs to be queued to come to a verdict. The
31 verdict program is essentially the redirect program and can return a verdict
39 parse or verdict program. If adding a sock object to a map would result
64 There are additional helpers available to use with the parser and verdict
67 bytes the given verdict should apply to. The helper ``bpf_msg_cork_bytes()``
68 handles a different case where a BPF program cannot reach a verdict on a msg
90 the message ``msg`` is allowed to pass (i.e., if the verdict BPF program
136 If the ``map`` has BPF programs (parser and verdict), those will be inherited
[all …]
/linux/net/ipv6/netfilter/
H A Dip6table_mangle.c35 unsigned int ret, verdict; in ip6t_mangle_out() local
50 verdict = ret & NF_VERDICT_MASK; in ip6t_mangle_out()
52 if (verdict != NF_DROP && verdict != NF_STOLEN && in ip6t_mangle_out()
H A Dip6_tables.c197 t->verdict < 0) { in get_chainname_rulenum()
254 /* Initializing verdict to NF_DROP keeps gcc happy. */ in ip6t_do_table()
255 unsigned int verdict = NF_DROP; in ip6t_do_table() local
288 * TEE issues XT_CONTINUE verdict on original skb so we must not in ip6t_do_table()
292 * but it is no problem since absolute verdict is issued by these. in ip6t_do_table()
336 v = ((struct xt_standard_target *)t)->verdict; in ip6t_do_table()
340 verdict = (unsigned int)(-v) - 1; in ip6t_do_table()
353 verdict = NF_DROP; in ip6t_do_table()
366 verdict = t->u.kernel.target->target(skb, &acpar); in ip6t_do_table()
367 if (verdict in ip6t_do_table()
592 unsigned int verdict; check_underflow() local
[all...]
/linux/tools/testing/selftests/bpf/prog_tests/
H A Dsockmap_basic.c158 int err, map, verdict; in test_skmsg_helpers() local
164 verdict = bpf_program__fd(skel->progs.prog_msg_verdict); in test_skmsg_helpers()
167 err = bpf_prog_attach(verdict, map, BPF_SK_MSG_VERDICT, 0); in test_skmsg_helpers()
171 err = bpf_prog_detach2(verdict, map, BPF_SK_MSG_VERDICT); in test_skmsg_helpers()
381 int err, map, verdict; in test_sockmap_skb_verdict_attach() local
387 verdict = bpf_program__fd(skel->progs.prog_skb_verdict); in test_sockmap_skb_verdict_attach()
390 err = bpf_prog_attach(verdict, map, first, 0); in test_sockmap_skb_verdict_attach()
394 err = bpf_prog_attach(verdict, map, second, 0); in test_sockmap_skb_verdict_attach()
397 err = bpf_prog_detach2(verdict, map, first); in test_sockmap_skb_verdict_attach()
498 int n, err, map, verdict, c1 = -1, p1 = -1; in test_sockmap_skb_verdict_shutdown() local
[all …]
H A Dsockmap_listen.c728 int verdict = bpf_program__fd(skel->progs.prog_stream_verdict); in test_skb_redir_to_connected() local
737 err = xbpf_prog_attach(verdict, sock_map, BPF_SK_SKB_STREAM_VERDICT, 0); in test_skb_redir_to_connected()
744 xbpf_prog_detach2(verdict, sock_map, BPF_SK_SKB_STREAM_VERDICT); in test_skb_redir_to_connected()
753 int verdict = bpf_program__fd(skel->progs.prog_msg_verdict); in test_msg_redir_to_connected() local
758 err = xbpf_prog_attach(verdict, sock_map, BPF_SK_MSG_VERDICT, 0); in test_msg_redir_to_connected()
764 xbpf_prog_detach2(verdict, sock_map, BPF_SK_MSG_VERDICT); in test_msg_redir_to_connected()
848 int verdict = bpf_program__fd(skel->progs.prog_stream_verdict); in test_skb_redir_to_listening() local
857 err = xbpf_prog_attach(verdict, sock_map, BPF_SK_SKB_STREAM_VERDICT, 0); in test_skb_redir_to_listening()
864 xbpf_prog_detach2(verdict, sock_map, BPF_SK_SKB_STREAM_VERDICT); in test_skb_redir_to_listening()
873 int verdict = bpf_program__fd(skel->progs.prog_msg_verdict); in test_msg_redir_to_listening() local
[all …]
H A Dns_current_pid_tgid.c124 int verdict, map, server_fd = -1, client_fd = -1; in test_current_pid_tgid_sk_msg() local
145 verdict = bpf_program__fd(skel->progs.sk_msg); in test_current_pid_tgid_sk_msg()
147 err = bpf_prog_attach(verdict, map, BPF_SK_MSG_VERDICT, 0); in test_current_pid_tgid_sk_msg()
H A Dcgroup_attach_override.c13 static int prog_load(int verdict) in prog_load() argument
16 BPF_MOV64_IMM(BPF_REG_0, verdict), /* r0 = verdict */ in prog_load()
/linux/net/netfilter/ipvs/
H A Dip_vs_core.c1041 unsigned int verdict = NF_DROP; in handle_response_icmp() local
1079 verdict = NF_ACCEPT; in handle_response_icmp()
1084 return verdict; in handle_response_icmp()
1539 int verdict = ip_vs_out_icmp_v6(ipvs, skb, &related, in ip_vs_out_hook() local
1543 return verdict; in ip_vs_out_hook()
1549 int verdict = ip_vs_out_icmp(ipvs, skb, &related, hooknum); in ip_vs_out_hook() local
1552 return verdict; in ip_vs_out_hook()
1646 int *verdict, struct ip_vs_conn **cpp, in ip_vs_try_to_schedule() argument
1657 if (!pp->conn_schedule(ipvs, af, skb, pd, verdict, cpp, iph)) in ip_vs_try_to_schedule()
1671 *verdict = NF_ACCEPT; in ip_vs_try_to_schedule()
[all …]
H A Dip_vs_proto_udp.c33 int *verdict, struct ip_vs_conn **cpp, in udp_conn_schedule() argument
51 *verdict = NF_DROP; in udp_conn_schedule()
70 *verdict = NF_DROP; in udp_conn_schedule()
81 *verdict = ip_vs_leave(svc, skb, pd, iph); in udp_conn_schedule()
83 *verdict = NF_DROP; in udp_conn_schedule()

123