Home
last modified time | relevance | path

Searched refs:nft (Results 1 – 25 of 35) sorted by relevance

12

/linux-6.15/tools/testing/selftests/net/netfilter/
H A Dnft_nat.sh158 ip netns exec "$ns0" nft -f /dev/stdin <<EOF
350 ip netns exec "$ns0" nft -f /dev/stdin <<EOF
412 ip netns exec "$ns0" nft -f /dev/stdin <<EOF
503 ip netns exec "$ns0" nft -f /dev/stdin <<EOF
592 ip netns exec "$ns0" nft -f /dev/stdin <<EOF
667 ip netns exec "$ns0" nft -f /dev/stdin <<EOF
768 ip netns exec "$ns0" nft -f /dev/stdin <<EOF
786 ip netns exec "$ns0" nft -f /dev/stdin <<EOF
808 ip netns exec "$ns0" nft -f /dev/stdin <<EOF
996 ip netns exec "$i" nft -f /dev/stdin <<EOF
[all …]
H A Dnft_concat_range.sh515 eval "echo \"${set_template}\"" | nft -f -
977 nft flush ruleset >/dev/null 2>&1
1228 nft reset counter inet filter test >/dev/null
1349 nft flush inet filter test 2>/dev/null
1364 nft flush ruleset
1478 nft -f "${tmp}"
1534 nft flush set t s 2>/dev/null || return 1
1537 nft flush ruleset
1566 nft list set inet filter test ) | nft -f -
1590 nft flush ruleset
[all …]
H A Drpath.sh24 if nft --version >/dev/null 2>&1; then
25 nft='nft'
27 nft=''
30 if [ -z "$iptables$ip6tables$nft" ]; then
93 [ -n "$nft" ] && ip netns exec "$ns2" $nft -f - <<EOF
124 [ -n "$nft" ] || return 0
125 ip netns exec "$ns2" "$nft" list chain inet t c | \
138 if [ -n "$nft" ]; then
141 ip netns exec "$ns2" $nft -s list table inet t;
142 ) | ip netns exec "$ns2" $nft -f -
H A Dnft_flowtable.sh153 ip netns exec "$nsr1" nft -f - <<EOF
185 ip netns exec "$ns2" nft -f - <<EOF
202 nft --version
382 ip netns exec "$nsr1" nft -f - <<EOF
399 ip netns exec "$nsr1" nft -f - <<EOF
464 ip netns exec "$nsr1" nft list ruleset
478 ip netns exec "$nsr1" nft -f - <<EOF
499 ip netns exec "$nsr1" nft list ruleset
519 ip netns exec "$nsr1" nft list ruleset
540 ip netns exec "$nsr1" nft -f - <<EOF
[all …]
H A Dconntrack_vrf.sh98 ip netns exec "$ns0" nft -f - <<EOF
133 ip netns exec "$ns0" nft list ruleset
151 ip netns exec "$ns0" nft -f - <<EOF
179 if ip netns exec "$ns0" nft list table ip nat |grep -q 'counter packets 1' &&
180 ip netns exec "$ns0" nft list table ip nat |grep -q 'untracked counter packets [1-9]'; then
198 ip netns exec "$ns0" nft -f - <<EOF
214 if ip netns exec "$ns0" nft list table ip nat |grep -q 'counter packets 1'; then
224 ip netns exec "$ns0" nft -f - <<EOF
238 if ip netns exec "$ns0" nft list counter t fibcount | grep -q "packets 1"; then
H A Dnft_fib.sh38 ip netns exec "$netns" nft -f /dev/stdin <<EOF
51 ip netns exec "$netns" nft -f /dev/stdin <<EOF
65 ip netns exec "$netns" nft -f /dev/stdin <<EOF
91 …if ! ip netns exec "$ns" nft list table inet filter | grep 'fib saddr . iif' | grep "$address" | g…
93 ip netns exec "$ns" nft list table inet filter
168 ip netns exec "$nsrouter" nft flush table inet filter
201 ip netns exec "$ns1" nft flush ruleset
202 ip netns exec "$ns2" nft flush ruleset
203 ip netns exec "$nsrouter" nft flush ruleset
228 ip -net "$nsrouter" nft list ruleset
H A Dconntrack_tcp_unreplied.sh9 if ! nft --version > /dev/null 2>&1;then
39 if ! ip netns exec "$ns2" nft list counter inet filter "$name" | grep -q "$expect"; then
41 ip netns exec "$ns2" nft list counter inet filter "$name" 1>&2
68 ip netns exec "$ns1" nft -f - <<EOF
85 ip netns exec "$ns2" nft -f - <<EOF
126 ip netns exec "$ns2" nft -f - <<EOF
H A Dnft_queue.sh88 ip netns exec "$nsrouter" nft -f /dev/stdin <<EOF
124 ip netns exec "$nsrouter" nft -f /dev/stdin <<EOF
177 ip netns exec "$nsrouter" nft -f /dev/stdin <<EOF
254 ip netns exec "$nsrouter" nft list ruleset
316 ip netns exec "$nsrouter" nft -f /dev/stdin <<EOF
361 ip netns exec "$ns1" nft -f /dev/stdin <<EOF
388 ip netns exec "$ns1" nft list ruleset
422 ip netns exec "$nsrouter" nft -f /dev/stdin <<EOF
568 ip netns exec "$ns1" nft -f - <<EOF
585 ip netns exec "$ns1" nft flush ruleset
[all …]
H A Dnft_audit.sh19 nft --version >/dev/null 2>&1 || {
25 nft --check -f /dev/stdin >/dev/null 2>&1 <<EOF
33 nft --version
82 nft flush ruleset
231 readarray -t handles < <(nft -a list chain t1 c1 | \
H A Dnft_meta.sh10 if ! nft --version > /dev/null 2>&1; then
28 ip netns exec "$ns0" nft -f /dev/stdin <<EOF
94 if ! ip netns exec "$ns0" nft list counter inet filter "$cname" | grep -q "$want"; then
97 ip netns exec "$ns0" nft list counter inet filter "$cname"
134 ip netns exec "$ns0" nft reset counters > /dev/null
H A Dconntrack_icmp_related.sh19 if ! nft --version > /dev/null 2>&1;then
52 if ! ip netns exec "$ns" nft list counter inet filter "$name" | grep -q "$expect"; then
54 ip netns exec "$ns" nft list counter inet filter "$name" 1>&2
114 ip netns exec "$netns" nft -f - <<EOF
129 ip netns exec "$nsclient1" nft -f - <<EOF
149 ip netns exec "$nsclient2" nft -f - <<EOF
177 ip netns exec "$nsrouter1" nft -f - <<EOF
H A Dnft_nat_zones.sh117 ip netns exec "$gw" nft -f /dev/stdin<<EOF
200 … ip netns exec "$gw" nft get element inet raw inicmp "{ 10.1.0.3 . \"veth$i\" . 10.3.0.99 }" 1>&2
205 if ! ip netns exec "$gw" nft get element inet raw inicmp "{ 10.3.0.99 . \"veth0\" . 10.3.0.1 }" | g…
208 ip netns exec "$gw" nft get element inet raw inicmp "{ 10.3.99 . \"veth0\" . 10.3.0.1 }" 1>&2
252 …if ! ip netns exec "$gw" nft get element inet raw inflows "{ 10.1.0.3 . 10000 . \"veth$i\" . 10.3.…
262 if ! ip netns exec "$gw" nft get element inet raw inflows "{ 10.3.0.99 . 5201 . \"veth0\" . 10.3.0.…
H A Dbr_netfilter.sh39 ip netns exec "$ns0" nft list ruleset
56 ip netns exec "$ns0" nft list ruleset
121 ip netns exec "$ns0" nft -f - <<EOF
H A Dnft_zones_many.sh33 ip netns exec "$ns1" nft -f /dev/stdin<<EOF
63 ) | ip netns exec "$ns1" nft -f /dev/stdin
H A Dnft_synproxy.sh62 ip netns exec "$nsr" nft -f - <<EOF
91 ip netns exec "$nsr" nft list ruleset
H A Dconntrack_reverse_clash.sh19 ip netns exec "$ns0" nft -f - <<EOF
H A Dbr_netfilter_queue.sh60 nft -f /dev/stdin <<EOF
H A Dnft_conntrack_helper.sh49 ip netns exec "$ns" nft -f - <<EOF
/linux-6.15/Documentation/networking/
H A Dtproxy.rst24 Alternatively you can do this in nft with the following commands::
26 # nft add table filter
27 # nft add chain filter divert "{ type filter hook prerouting priority -150; }"
28 # nft add rule filter divert meta l4proto tcp socket transparent 1 meta mark set 1 accept
72 Or the following rule to nft:
74 # nft add rule filter divert tcp dport 80 tproxy to :50080 meta mark set 1 accept
/linux-6.15/drivers/net/wireless/ath/ath9k/
H A Dcalib.c148 int16_t *nft) in ath9k_hw_get_nf_thresh() argument
152 *nft = (int8_t)ah->eep_ops->get_eeprom(ah, EEP_NFTHRESH_5); in ath9k_hw_get_nf_thresh()
155 *nft = (int8_t)ah->eep_ops->get_eeprom(ah, EEP_NFTHRESH_2); in ath9k_hw_get_nf_thresh()
/linux-6.15/drivers/net/ethernet/netronome/nfp/flower/
H A Dconntrack.c1365 zt->nft = NULL; in get_nfp_zone_entry()
1837 if (!zt->nft) { in nfp_fl_ct_handle_pre_ct()
1838 zt->nft = ct_act->ct.flow_table; in nfp_fl_ct_handle_pre_ct()
1839 err = nf_flow_table_offload_add_cb(zt->nft, nfp_fl_ct_handle_nft_flow, zt); in nfp_fl_ct_handle_pre_ct()
2220 if (!zt->nft) /* avoid deadlock */ in nfp_fl_ct_handle_nft_flow()
2253 struct nf_flowtable *nft; in nfp_fl_ct_del_flow() local
2272 if (!zt->pre_ct_count && zt->nft) { in nfp_fl_ct_del_flow()
2273 nft = zt->nft; in nfp_fl_ct_del_flow()
2274 zt->nft = NULL; /* avoid deadlock */ in nfp_fl_ct_del_flow()
2275 nf_flow_table_offload_del_cb(nft, in nfp_fl_ct_del_flow()
H A Dconntrack.h64 struct nf_flowtable *nft; member
H A Dmetadata.c650 if (zt->nft) { in nfp_zone_table_entry_destroy()
651 nf_flow_table_offload_del_cb(zt->nft, in nfp_zone_table_entry_destroy()
654 zt->nft = NULL; in nfp_zone_table_entry_destroy()
/linux-6.15/net/ipv4/netfilter/
H A DKconfig21 (iptables-nft).
333 (iptables-nft).
350 Neither arptables-nft nor nftables need this to work.
361 This option is needed by both arptables-legacy and arptables-nft.
/linux-6.15/tools/testing/selftests/net/mptcp/
H A Dmptcp_connect.sh690 if ! ip netns exec "$listener_ns" nft -f /dev/stdin <<"EOF"
717 ip netns exec "$listener_ns" nft flush ruleset
725 ip netns exec "$listener_ns" nft flush ruleset
741 ip netns exec "$listener_ns" nft flush ruleset

12