Home
last modified time | relevance | path

Searched refs:nft (Results 1 - 25 of 38) sorted by relevance

12

/kernel/linux/linux-6.6/tools/testing/selftests/netfilter/
H A Dnft_nat.sh21 nft --version > /dev/null 2>&1
23 echo "SKIP: Could not run test without nft tool"
86 ip netns exec $ns nft list counter inet filter $counter 1>&2
94 cnt=$(ip netns exec $ns nft list counter inet filter ns0in | grep -q "packets 1 bytes 84")
99 cnt=$(ip netns exec $ns nft list counter inet filter ns0out | grep -q "packets 1 bytes 84")
106 cnt=$(ip netns exec $ns nft list counter inet filter ns0in6 | grep -q "$expect")
111 cnt=$(ip netns exec $ns nft list counter inet filter ns0out6 | grep -q "$expect")
125 cnt=$(ip netns exec "$ns0" nft list counter inet filter ns0in | grep -q "packets 0 bytes 0")
131 cnt=$(ip netns exec "$ns0" nft list counter inet filter ns0in6 | grep -q "packets 0 bytes 0")
137 cnt=$(ip netns exec "$ns0" nft lis
[all...]
H A Dnft_trans_stress.sh37 echo "$OK: nft $2 test returned $r"
42 nft --version > /dev/null 2>&1
44 echo "SKIP: Could not run test without nft tool"
90 ip netns exec "$testns" nft -f "$tmp"
91 for i in $(seq 1 10) ; do ip netns exec "$testns" nft -f "$tmp" & done
96 ip netns exec "$testns" nft delete table inet $table
106 (echo "flush ruleset"; cat "$tmp") | ip netns exec "$testns" nft -f /dev/stdin
120 ) | ip netns exec "$testns" nft -f /dev/stdin
127 ) | ip netns exec "$testns" nft -f /dev/stdin
141 (echo "flush ruleset"; cat "$tmp") | ip netns exec "$testns" nft
[all...]
H A Drpath.sh24 if nft --version >/dev/null 2>&1; then
25 nft='nft'
27 nft=''
30 if [ -z "$iptables$ip6tables$nft" ]; then
31 echo "SKIP: Test needs iptables, ip6tables or nft"
75 [ -n "$nft" ] && ip netns exec "$ns2" $nft -f - <<EOF
89 #ip netns exec "$ns2" nft list ruleset
104 [ -n "$nft" ] || retur
[all...]
H A Dnft_concat_range.sh482 eval "echo \"${set_template}\"" | nft -f -
980 nft reset counter inet filter test >/dev/null 2>&1
981 nft flush ruleset >/dev/null 2>&1
1043 # Format destination and source fields into nft concatenated type
1081 # Format destination and source fields into nft type, start element only
1097 # Format first destination field into nft type
1114 if ! nft add element inet filter test "${1}"; then
1116 err "$(nft -a list ruleset)"
1134 if ! nft add element netdev perf norange "${1}"; then
1136 err "$(nft
[all...]
H A Dnft_flowtable.sh40 checktool "nft --version" "run test without nft tool"
159 ip netns exec $nsr1 nft -f - <<EOF
187 echo "SKIP: Could not load nft ruleset"
191 ip netns exec $ns2 nft -f - <<EOF
207 echo "SKIP: Could not load nft ruleset"
251 local orig=$(ip netns exec $nsr1 nft reset counter inet filter routed_orig | grep packets)
252 local repl=$(ip netns exec $nsr1 nft reset counter inet filter routed_repl | grep packets)
283 local counter=$(ip netns exec $ns2 nft reset counter inet filter ip4dscp3 | grep packets)
288 local counter=$(ip netns exec $ns2 nft rese
[all...]
H A Dconntrack_vrf.sh50 nft --version > /dev/null 2>&1
52 echo "SKIP: Could not run test without nft tool"
108 ip netns exec $ns0 nft -f - <<EOF
143 ip netns exec $ns0 nft list ruleset
161 ip netns exec $ns0 nft -f - <<EOF
190 ip netns exec $ns0 nft list table ip nat |grep -q 'counter packets 2' &&
191 ip netns exec $ns0 nft list table ip nat |grep -q 'untracked counter packets [1-9]'
210 ip netns exec $ns0 nft -f - <<EOF
227 ip netns exec $ns0 nft list table ip nat |grep -q 'counter packets 2'
H A Dnft_fib.sh26 nft --version > /dev/null 2>&1
28 echo "SKIP: Could not run test without nft tool"
59 ip netns exec ${netns} nft -f /dev/stdin <<EOF
72 ip netns exec ${netns} nft -f /dev/stdin <<EOF
86 ip netns exec ${netns} nft -f /dev/stdin <<EOF
113 line=$(ip netns exec ${ns} nft list table inet filter | grep 'fib saddr . iif' | grep $address | grep "packets $want" )
118 ip netns exec ${ns} nft list table inet filter
204 ip netns exec ${nsrouter} nft flush table inet filter
238 ip netns exec ${ns1} nft flush ruleset
239 ip netns exec ${ns2} nft flus
[all...]
H A Dnft_meta.sh10 if ! nft --version > /dev/null 2>&1; then
11 echo "SKIP: Could not run test without nft tool"
28 ip netns exec "$ns0" nft -f /dev/stdin <<EOF
94 if ! ip netns exec "$ns0" nft list counter inet filter $cname | grep -q "$want"; then
97 ip netns exec "$ns0" nft list counter inet filter $cname
134 ip netns exec "$ns0" nft reset counters > /dev/null
H A Dnft_queue.sh31 nft --version > /dev/null 2>&1
33 echo "SKIP: Could not run test without nft tool"
94 ip netns exec ${nsrouter} nft -f /dev/stdin <<EOF
130 ip netns exec ${nsrouter} nft -f /dev/stdin <<EOF
187 ip netns exec ${nsrouter} nft -f /dev/stdin <<EOF
211 ip netns exec ${nsrouter} nft delete table $proto blackh
252 ip netns exec ${nsrouter} nft list ruleset
319 ip netns exec ${nsrouter} nft -f /dev/stdin <<EOF
368 ip netns exec ${ns1} nft -f /dev/stdin <<EOF
391 ip netns exec ${ns1} nft lis
[all...]
H A Dconntrack_tcp_unreplied.sh16 nft --version > /dev/null 2>&1
18 echo "SKIP: Could not run test without nft tool"
47 cnt=$(ip netns exec $ns2 nft list counter inet filter "$name" | grep -q "$expect")
50 ip netns exec $ns2 nft list counter inet filter "$name" 1>&2
91 ip netns exec $ns2 nft -f - <<EOF
103 echo "ERROR: Could not load nft rules"
117 ip netns exec $ns2 nft -f - <<EOF
H A Dnft_audit.sh4 # Check that audit logs generated for nft commands are as expected.
9 nft --version >/dev/null 2>&1 || {
10 echo "SKIP: missing nft tool"
40 nft flush ruleset
45 do_test "nft add table $table" \
48 do_test "nft add chain $table c1" \
51 do_test "nft add chain $table c2; add chain $table c3" \
56 do_test "nft $cmd" \
59 do_test "nft $cmd; $cmd" \
70 do_test "nft
[all...]
H A Dnft_nat_zones.sh63 nft --version > /dev/null 2>&1
65 echo "SKIP: Could not run test without nft tool"
161 ip netns exec $gw nft -f /dev/stdin<<EOF
217 ) | ip netns exec $gw nft -f /dev/stdin
240 ip netns exec $gw nft get element inet raw inicmp "{ 10.1.0.3 . \"veth$i\" . 10.3.0.99 }" | grep -q "{ 10.1.0.3 . \"veth$i\" . 10.3.0.99 counter packets 3 bytes 252 }"
244 ip netns exec $gw nft get element inet raw inicmp "{ 10.1.0.3 . \"veth$i\" . 10.3.0.99 }" 1>&2
249 ip netns exec $gw nft get element inet raw inicmp "{ 10.3.0.99 . \"veth0\" . 10.3.0.1 }" | grep -q "{ 10.3.0.99 . \"veth0\" . 10.3.0.1 counter packets $((3 * $maxclients)) bytes $((252 * $maxclients)) }"
253 ip netns exec $gw nft get element inet raw inicmp "{ 10.3.99 . \"veth0\" . 10.3.0.1 }" 1>&2
292 ip netns exec $gw nft get element inet raw inflows "{ 10.1.0.3 . 10000 . \"veth$i\" . 10.3.0.99 . 5201 }" > /dev/null
303 ip netns exec $gw nft ge
[all...]
H A Dconntrack_icmp_related.sh21 nft --version > /dev/null 2>&1
23 echo "SKIP: Could not run test without nft tool"
55 cnt=$(ip netns exec $ns nft list counter inet filter "$name" | grep -q "$expect")
58 ip netns exec $ns nft list counter inet filter "$name" 1>&2
132 ip netns exec $netns nft -f - <<EOF
147 ip netns exec nsclient1 nft -f - <<EOF
167 ip netns exec nsclient2 nft -f - <<EOF
196 ip netns exec nsrouter1 nft -f - <<EOF
H A Dnft_zones_many.sh28 checktool "nft --version" "run test without nft tool"
46 ip netns exec $ns nft -f /dev/stdin<<EOF
69 ) | ip netns exec $ns nft -f /dev/stdin
80 # nft rule in output places each packet in a different zone.
H A Dnft_synproxy.sh21 checktool "nft --version" "run test without nft tool"
81 ip netns exec $nsr nft -f - <<EOF
103 echo "SKIP: Cannot add nft synproxy"
112 ip netns exec $nsr nft list ruleset
H A Dnft_conntrack_helper.sh4 # 1. can attach ftp helper to a connection from nft ruleset.
22 nft --version > /dev/null 2>&1
24 echo "SKIP: Could not run test without nft tool"
73 ip netns exec ${ns} nft -f - <<EOF
/kernel/linux/linux-5.10/tools/testing/selftests/netfilter/
H A Dnft_nat.sh21 nft --version > /dev/null 2>&1
23 echo "SKIP: Could not run test without nft tool"
86 ip netns exec $ns nft list counter inet filter $counter 1>&2
94 cnt=$(ip netns exec $ns nft list counter inet filter ns0in | grep -q "packets 1 bytes 84")
99 cnt=$(ip netns exec $ns nft list counter inet filter ns0out | grep -q "packets 1 bytes 84")
106 cnt=$(ip netns exec $ns nft list counter inet filter ns0in6 | grep -q "$expect")
111 cnt=$(ip netns exec $ns nft list counter inet filter ns0out6 | grep -q "$expect")
125 cnt=$(ip netns exec "$ns0" nft list counter inet filter ns0in | grep -q "packets 0 bytes 0")
131 cnt=$(ip netns exec "$ns0" nft list counter inet filter ns0in6 | grep -q "packets 0 bytes 0")
137 cnt=$(ip netns exec "$ns0" nft lis
[all...]
H A Dnft_concat_range.sh465 eval "echo \"${set_template}\"" | nft -f -
922 nft reset counter inet filter test >/dev/null 2>&1
923 nft flush ruleset >/dev/null 2>&1
985 # Format destination and source fields into nft concatenated type
1022 # Format destination and source fields into nft type, start element only
1038 # Format first destination field into nft type
1055 if ! nft add element inet filter test "${1}"; then
1057 err "$(nft -a list ruleset)"
1075 if ! nft add element netdev perf norange "${1}"; then
1077 err "$(nft
[all...]
H A Dconntrack_vrf.sh50 nft --version > /dev/null 2>&1
52 echo "SKIP: Could not run test without nft tool"
108 ip netns exec $ns0 nft -f - <<EOF
143 ip netns exec $ns0 nft list ruleset
161 ip netns exec $ns0 nft -f - <<EOF
190 ip netns exec $ns0 nft list table ip nat |grep -q 'counter packets 2' &&
191 ip netns exec $ns0 nft list table ip nat |grep -q 'untracked counter packets [1-9]'
210 ip netns exec $ns0 nft -f - <<EOF
227 ip netns exec $ns0 nft list table ip nat |grep -q 'counter packets 2'
H A Dnft_meta.sh10 if ! nft --version > /dev/null 2>&1; then
11 echo "SKIP: Could not run test without nft tool"
28 ip netns exec "$ns0" nft -f /dev/stdin <<EOF
94 if ! ip netns exec "$ns0" nft list counter inet filter $cname | grep -q "$want"; then
97 ip netns exec "$ns0" nft list counter inet filter $cname
134 ip netns exec "$ns0" nft reset counters > /dev/null
H A Dnft_flowtable.sh36 checktool "nft --version" "run test without nft tool"
151 ip netns exec nsr1 nft -f - <<EOF
195 echo "SKIP: Could not load nft ruleset"
319 ip netns exec nsr1 nft list ruleset
332 ip netns exec nsr1 nft -f - <<EOF
350 ip netns exec nsr1 nft list ruleset
356 handle=$(ip netns exec nsr1 nft -a list table inet filter | grep something-to-grep-for | cut -d \# -f 2)
358 if ! ip netns exec nsr1 nft delete rule inet filter forward $handle; then
370 ip netns exec nsr1 nft lis
[all...]
H A Dconntrack_icmp_related.sh21 nft --version > /dev/null 2>&1
23 echo "SKIP: Could not run test without nft tool"
55 cnt=$(ip netns exec $ns nft list counter inet filter "$name" | grep -q "$expect")
58 ip netns exec $ns nft list counter inet filter "$name" 1>&2
132 ip netns exec $netns nft -f - <<EOF
147 ip netns exec nsclient1 nft -f - <<EOF
167 ip netns exec nsclient2 nft -f - <<EOF
196 ip netns exec nsrouter1 nft -f - <<EOF
H A Dnft_queue.sh27 nft --version > /dev/null 2>&1
29 echo "SKIP: Could not run test without nft tool"
90 ip netns exec ${nsrouter} nft -f /dev/stdin <<EOF
125 ip netns exec ${nsrouter} nft -f /dev/stdin <<EOF
182 ip netns exec ${nsrouter} nft -f /dev/stdin <<EOF
206 ip netns exec ${nsrouter} nft delete table $proto blackh
247 ip netns exec ${nsrouter} nft list ruleset
297 ip netns exec ${nsrouter} nft -f /dev/stdin <<EOF
H A Dnft_conntrack_helper.sh4 # 1. can attach ftp helper to a connection from nft ruleset.
22 nft --version > /dev/null 2>&1
24 echo "SKIP: Could not run test without nft tool"
73 ip netns exec ${ns} nft -f - <<EOF
/kernel/linux/linux-6.6/drivers/net/ethernet/netronome/nfp/flower/
H A Dconntrack.c289 /* if pre ct entry do nat, the nat ip exists in nft entry, in nfp_ct_merge_check()
290 * will be do merge check when do nft and post ct merge, in nfp_ct_merge_check()
311 /* if pre ct entry do nat, the nat ip exists in nft entry, in nfp_ct_merge_check()
312 * will be do merge check when do nft and post ct merge, in nfp_ct_merge_check()
333 /* if pre ct entry do nat, the nat tport exists in nft entry, in nfp_ct_merge_check()
334 * will be do merge check when do nft and post ct merge, in nfp_ct_merge_check()
527 * currently surpport nft entries merge check in different zones
567 /* Check for nft->action conflicts */ in nfp_ct_merge_act_check()
611 * ct status when nft is nat entry. in nfp_ct_check_meta()
774 /* nft entr in nfp_fl_merge_actions_offload()
2253 struct nf_flowtable *nft; nfp_fl_ct_del_flow() local
[all...]

Completed in 10 milliseconds

12