Home
last modified time | relevance | path

Searched refs:ruleset (Results 1 – 25 of 39) sorted by relevance

12

/linux-6.15/drivers/net/ethernet/marvell/prestera/
H A Dprestera_acl.c147 ruleset = kzalloc(sizeof(*ruleset), GFP_KERNEL); in prestera_acl_ruleset_create()
148 if (!ruleset) in prestera_acl_ruleset_create()
235 prestera_acl_vtcam_id_put(ruleset->acl, ruleset->vtcam_id); in prestera_acl_ruleset_offload()
290 if (!ruleset) in prestera_acl_ruleset_lookup()
389 if (ruleset->ingress != rule->ruleset->ingress) in prestera_acl_ruleset_prio_refresh()
445 rule->ruleset = ruleset; in prestera_acl_rule_create()
473 ruleset->prio.min = min(ruleset->prio.min, prio); in prestera_acl_ruleset_prio_update()
474 ruleset->prio.max = max(ruleset->prio.max, prio); in prestera_acl_ruleset_prio_update()
481 struct prestera_acl_ruleset *ruleset = rule->ruleset; in prestera_acl_rule_add() local
532 struct prestera_acl_ruleset *ruleset = rule->ruleset; in prestera_acl_rule_del() local
[all …]
H A Dprestera_flower.c50 if (IS_ERR(ruleset)) in prestera_flower_parse_goto_action()
51 return PTR_ERR(ruleset); in prestera_flower_parse_goto_action()
56 rule->jump_ruleset = ruleset; in prestera_flower_parse_goto_action()
410 if (IS_ERR(ruleset)) in prestera_flower_prio_get()
411 return PTR_ERR(ruleset); in prestera_flower_prio_get()
430 if (IS_ERR(ruleset)) in prestera_flower_replace()
431 return PTR_ERR(ruleset); in prestera_flower_replace()
474 if (IS_ERR(ruleset)) in prestera_flower_destroy()
526 template->ruleset = ruleset; in prestera_flower_tmplt_create()
565 if (IS_ERR(ruleset)) in prestera_flower_stats()
[all …]
H A Dprestera_acl.h130 struct prestera_acl_ruleset *ruleset; member
156 prestera_acl_rule_create(struct prestera_acl_ruleset *ruleset,
162 prestera_acl_rule_lookup(struct prestera_acl_ruleset *ruleset,
188 int prestera_acl_ruleset_keymask_set(struct prestera_acl_ruleset *ruleset,
190 bool prestera_acl_ruleset_is_offload(struct prestera_acl_ruleset *ruleset);
191 int prestera_acl_ruleset_offload(struct prestera_acl_ruleset *ruleset);
192 void prestera_acl_ruleset_put(struct prestera_acl_ruleset *ruleset);
193 int prestera_acl_ruleset_bind(struct prestera_acl_ruleset *ruleset,
195 int prestera_acl_ruleset_unbind(struct prestera_acl_ruleset *ruleset,
197 u32 prestera_acl_ruleset_index_get(const struct prestera_acl_ruleset *ruleset);
[all …]
/linux-6.15/drivers/net/ethernet/mellanox/mlxsw/
H A Dspectrum_acl.c178 if (!ruleset) in mlxsw_sp_acl_ruleset_create()
200 return ruleset; in mlxsw_sp_acl_ruleset_create()
207 kfree(ruleset); in mlxsw_sp_acl_ruleset_create()
265 if (!ruleset) in mlxsw_sp_acl_ruleset_lookup()
285 if (ruleset) { in mlxsw_sp_acl_ruleset_get()
832 rule->ruleset = ruleset; in mlxsw_sp_acl_rule_create()
852 struct mlxsw_sp_acl_ruleset *ruleset = rule->ruleset; in mlxsw_sp_acl_rule_destroy() local
862 struct mlxsw_sp_acl_ruleset *ruleset = rule->ruleset; in mlxsw_sp_acl_rule_add() local
906 struct mlxsw_sp_acl_ruleset *ruleset = rule->ruleset; in mlxsw_sp_acl_rule_del() local
928 struct mlxsw_sp_acl_ruleset *ruleset = rule->ruleset; in mlxsw_sp_acl_rule_action_replace() local
[all …]
H A Dspectrum_flower.c131 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp_flower_parse_actions() local
137 if (IS_ERR(ruleset)) in mlxsw_sp_flower_parse_actions()
138 return PTR_ERR(ruleset); in mlxsw_sp_flower_parse_actions()
756 if (IS_ERR(ruleset)) in mlxsw_sp_flower_replace()
757 return PTR_ERR(ruleset); in mlxsw_sp_flower_replace()
801 if (IS_ERR(ruleset)) in mlxsw_sp_flower_destroy()
829 if (WARN_ON(IS_ERR(ruleset))) in mlxsw_sp_flower_stats()
870 return PTR_ERR_OR_ZERO(ruleset); in mlxsw_sp_flower_tmplt_create()
882 if (IS_ERR(ruleset)) in mlxsw_sp_flower_tmplt_destroy()
899 if (IS_ERR(ruleset)) in mlxsw_sp_flower_prio_get()
[all …]
H A Dspectrum2_mr_tcam.c36 struct mlxsw_sp_acl_ruleset *ruleset) in mlxsw_sp2_mr_tcam_bind_group() argument
41 group_id = mlxsw_sp_acl_ruleset_group_id(ruleset); in mlxsw_sp2_mr_tcam_bind_group()
218 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp2_mr_tcam_route_create() local
224 if (WARN_ON(!ruleset)) in mlxsw_sp2_mr_tcam_route_create()
227 rule = mlxsw_sp_acl_rule_create(mlxsw_sp, ruleset, in mlxsw_sp2_mr_tcam_route_create()
251 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp2_mr_tcam_route_destroy() local
255 if (WARN_ON(!ruleset)) in mlxsw_sp2_mr_tcam_route_destroy()
258 rule = mlxsw_sp_acl_rule_lookup(mlxsw_sp, ruleset, in mlxsw_sp2_mr_tcam_route_destroy()
275 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp2_mr_tcam_route_update() local
279 if (WARN_ON(!ruleset)) in mlxsw_sp2_mr_tcam_route_update()
[all …]
H A Dspectrum_acl_tcam.c1710 mlxsw_sp_acl_tcam_vgroup_del(&ruleset->vgroup); in mlxsw_sp_acl_tcam_flower_ruleset_del()
1742 return mlxsw_sp_acl_tcam_group_id(&ruleset->vgroup.group); in mlxsw_sp_acl_tcam_flower_ruleset_group_id()
1814 struct mlxsw_sp_acl_tcam_mr_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_mr_ruleset_add() local
1831 ruleset->vchunk = mlxsw_sp_acl_tcam_vchunk_get(mlxsw_sp, in mlxsw_sp_acl_tcam_mr_ruleset_add()
1832 &ruleset->vgroup, 1, in mlxsw_sp_acl_tcam_mr_ruleset_add()
1834 if (IS_ERR(ruleset->vchunk)) { in mlxsw_sp_acl_tcam_mr_ruleset_add()
1835 err = PTR_ERR(ruleset->vchunk); in mlxsw_sp_acl_tcam_mr_ruleset_add()
1842 mlxsw_sp_acl_tcam_vgroup_del(&ruleset->vgroup); in mlxsw_sp_acl_tcam_mr_ruleset_add()
1851 mlxsw_sp_acl_tcam_vchunk_put(mlxsw_sp, ruleset->vchunk); in mlxsw_sp_acl_tcam_mr_ruleset_del()
1852 mlxsw_sp_acl_tcam_vgroup_del(&ruleset->vgroup); in mlxsw_sp_acl_tcam_mr_ruleset_del()
[all …]
/linux-6.15/security/landlock/
H A Druleset.h203 int landlock_insert_rule(struct landlock_ruleset *const ruleset,
209 struct landlock_ruleset *const ruleset);
217 if (ruleset) in landlock_get_ruleset()
218 refcount_inc(&ruleset->usage); in landlock_get_ruleset()
255 ruleset->access_masks[layer_level].fs |= fs_mask; in landlock_add_fs_access_mask()
267 ruleset->access_masks[layer_level].net |= net_mask; in landlock_add_net_access_mask()
271 landlock_add_scope_mask(struct landlock_ruleset *const ruleset, in landlock_add_scope_mask() argument
278 ruleset->access_masks[layer_level].scope |= mask; in landlock_add_scope_mask()
286 return ruleset->access_masks[layer_level].fs | in landlock_get_fs_access_mask()
294 return ruleset->access_masks[layer_level].net; in landlock_get_net_access_mask()
[all …]
H A Dsyscalls.c126 landlock_put_ruleset(ruleset); in fop_ruleset_release()
248 if (IS_ERR(ruleset)) in SYSCALL_DEFINE3()
249 return PTR_ERR(ruleset); in SYSCALL_DEFINE3()
255 landlock_put_ruleset(ruleset); in SYSCALL_DEFINE3()
280 landlock_get_ruleset(ruleset); in get_ruleset_from_fd()
281 return ruleset; in get_ruleset_from_fd()
434 if (IS_ERR(ruleset)) in SYSCALL_DEFINE4()
435 return PTR_ERR(ruleset); in SYSCALL_DEFINE4()
519 if (IS_ERR(ruleset)) in SYSCALL_DEFINE2()
520 return PTR_ERR(ruleset); in SYSCALL_DEFINE2()
[all …]
H A Druleset.c150 return &ruleset->root_inode; in get_root()
154 return &ruleset->root_net_port; in get_root()
221 root = get_root(ruleset, id.type); in insert_rule()
282 ruleset->num_rules++; in insert_rule()
491 kfree(ruleset); in free_ruleset()
497 if (ruleset && refcount_dec_and_test(&ruleset->usage)) in landlock_put_ruleset()
498 free_ruleset(ruleset); in landlock_put_ruleset()
503 struct landlock_ruleset *ruleset; in free_ruleset_work() local
506 free_ruleset(ruleset); in free_ruleset_work()
512 if (ruleset && refcount_dec_and_test(&ruleset->usage)) { in landlock_put_ruleset_deferred()
[all …]
H A Dnet.c22 int landlock_append_net_rule(struct landlock_ruleset *const ruleset, in landlock_append_net_rule() argument
35 ~landlock_get_net_access_mask(ruleset, 0); in landlock_append_net_rule()
37 mutex_lock(&ruleset->lock); in landlock_append_net_rule()
38 err = landlock_insert_rule(ruleset, id, access_rights); in landlock_append_net_rule()
39 mutex_unlock(&ruleset->lock); in landlock_append_net_rule()
H A Dnet.h18 int landlock_append_net_rule(struct landlock_ruleset *const ruleset,
26 landlock_append_net_rule(struct landlock_ruleset *const ruleset, const u16 port, in landlock_append_net_rule() argument
H A DMakefile3 landlock-y := setup.o syscalls.o object.o ruleset.o \
H A Dfs.h127 int landlock_append_fs_rule(struct landlock_ruleset *const ruleset,
H A Dfs.c323 int landlock_append_fs_rule(struct landlock_ruleset *const ruleset, in landlock_append_fs_rule() argument
336 if (WARN_ON_ONCE(ruleset->num_layers != 1)) in landlock_append_fs_rule()
341 ~landlock_get_fs_access_mask(ruleset, 0); in landlock_append_fs_rule()
345 mutex_lock(&ruleset->lock); in landlock_append_fs_rule()
346 err = landlock_insert_rule(ruleset, id, access_rights); in landlock_append_fs_rule()
347 mutex_unlock(&ruleset->lock); in landlock_append_fs_rule()
/linux-6.15/Documentation/userspace-api/
H A Dlandlock.rst50 We first need to define the ruleset that will contain our rules.
140 perror("Failed to create a ruleset");
147 denied by the ruleset. To add ``/usr`` to the ruleset, we open it with the
171 perror("Failed to update ruleset");
212 perror("Failed to enforce ruleset");
223 with the new ruleset.
447 Creating a new ruleset
456 Extending a ruleset
466 Enforcing a ruleset
494 restrict such paths with dedicated ruleset flags.
[all …]
/linux-6.15/Documentation/security/
H A Dlandlock.rst42 * Computation related to Landlock operations (e.g. enforcing a ruleset) shall
116 A domain is a read-only ruleset tied to a set of subjects (i.e. tasks'
117 credentials). Each time a ruleset is enforced on a task, the current domain is
118 duplicated and the ruleset is imported as a new layer of rules in the new
123 of a ruleset provided by the task.
128 .. kernel-doc:: security/landlock/ruleset.h
/linux-6.15/tools/testing/selftests/net/netfilter/
H A Dnft_queue.sh254 ip netns exec "$nsrouter" nft list ruleset
317 flush ruleset
362 flush ruleset
388 ip netns exec "$ns1" nft list ruleset
423 flush ruleset
500 flush ruleset
569 flush ruleset
585 ip netns exec "$ns1" nft flush ruleset
634 ip netns exec "$ns1" nft flush ruleset
H A Dconntrack_vrf.sh133 ip netns exec "$ns0" nft list ruleset
152 flush ruleset
199 flush ruleset
225 flush ruleset
H A Dnft_fib.sh201 ip netns exec "$ns1" nft flush ruleset
202 ip netns exec "$ns2" nft flush ruleset
203 ip netns exec "$nsrouter" nft flush ruleset
228 ip -net "$nsrouter" nft list ruleset
H A Dnft_flowtable.sh464 ip netns exec "$nsr1" nft list ruleset
499 ip netns exec "$nsr1" nft list ruleset
519 ip netns exec "$nsr1" nft list ruleset
557 ip netns exec "$nsr1" nft list ruleset
581 ip netns exec "$nsr1" nft list ruleset
651 ip netns exec "$nsr1" nft list ruleset 1>&2
H A Dbr_netfilter.sh39 ip netns exec "$ns0" nft list ruleset
56 ip netns exec "$ns0" nft list ruleset
/linux-6.15/include/linux/crush/
H A Dmapper.h14 extern int crush_find_rule(const struct crush_map *map, int ruleset, int type, int size);
/linux-6.15/Documentation/translations/zh_CN/security/
H A Dlandlock.rst118 security/landlock/ruleset.h
/linux-6.15/security/safesetid/
H A Dsecurityfs.c267 … size_t len, loff_t *ppos, struct mutex *policy_update_lock, struct __rcu setid_ruleset* ruleset) in safesetid_file_read() argument
274 pol = rcu_dereference_protected(ruleset, lockdep_is_held(policy_update_lock)); in safesetid_file_read()

12