Home
last modified time | relevance | path

Searched refs:ruleset (Results 1 – 25 of 27) sorted by relevance

12

/linux/drivers/net/ethernet/mellanox/mlxsw/
A Dspectrum_acl.c172 if (!ruleset) in mlxsw_sp_acl_ruleset_create()
194 return ruleset; in mlxsw_sp_acl_ruleset_create()
201 kfree(ruleset); in mlxsw_sp_acl_ruleset_create()
259 if (!ruleset) in mlxsw_sp_acl_ruleset_lookup()
279 if (ruleset) { in mlxsw_sp_acl_ruleset_get()
735 rule->ruleset = ruleset; in mlxsw_sp_acl_rule_create()
755 struct mlxsw_sp_acl_ruleset *ruleset = rule->ruleset; in mlxsw_sp_acl_rule_destroy() local
765 struct mlxsw_sp_acl_ruleset *ruleset = rule->ruleset; in mlxsw_sp_acl_rule_add() local
809 struct mlxsw_sp_acl_ruleset *ruleset = rule->ruleset; in mlxsw_sp_acl_rule_del() local
831 struct mlxsw_sp_acl_ruleset *ruleset = rule->ruleset; in mlxsw_sp_acl_rule_action_replace() local
[all …]
A Dspectrum_flower.c91 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp_flower_parse_actions() local
97 if (IS_ERR(ruleset)) in mlxsw_sp_flower_parse_actions()
98 return PTR_ERR(ruleset); in mlxsw_sp_flower_parse_actions()
599 if (IS_ERR(ruleset)) in mlxsw_sp_flower_replace()
600 return PTR_ERR(ruleset); in mlxsw_sp_flower_replace()
644 if (IS_ERR(ruleset)) in mlxsw_sp_flower_destroy()
672 if (WARN_ON(IS_ERR(ruleset))) in mlxsw_sp_flower_stats()
713 return PTR_ERR_OR_ZERO(ruleset); in mlxsw_sp_flower_tmplt_create()
725 if (IS_ERR(ruleset)) in mlxsw_sp_flower_tmplt_destroy()
742 if (IS_ERR(ruleset)) in mlxsw_sp_flower_prio_get()
[all …]
A Dspectrum2_mr_tcam.c36 struct mlxsw_sp_acl_ruleset *ruleset) in mlxsw_sp2_mr_tcam_bind_group() argument
41 group_id = mlxsw_sp_acl_ruleset_group_id(ruleset); in mlxsw_sp2_mr_tcam_bind_group()
214 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp2_mr_tcam_route_create() local
220 if (WARN_ON(!ruleset)) in mlxsw_sp2_mr_tcam_route_create()
223 rule = mlxsw_sp_acl_rule_create(mlxsw_sp, ruleset, in mlxsw_sp2_mr_tcam_route_create()
247 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp2_mr_tcam_route_destroy() local
251 if (WARN_ON(!ruleset)) in mlxsw_sp2_mr_tcam_route_destroy()
254 rule = mlxsw_sp_acl_rule_lookup(mlxsw_sp, ruleset, in mlxsw_sp2_mr_tcam_route_destroy()
271 struct mlxsw_sp_acl_ruleset *ruleset; in mlxsw_sp2_mr_tcam_route_update() local
275 if (WARN_ON(!ruleset)) in mlxsw_sp2_mr_tcam_route_update()
[all …]
A Dspectrum_acl_tcam.c1625 mlxsw_sp_acl_tcam_vgroup_del(&ruleset->vgroup); in mlxsw_sp_acl_tcam_flower_ruleset_del()
1657 return mlxsw_sp_acl_tcam_group_id(&ruleset->vgroup.group); in mlxsw_sp_acl_tcam_flower_ruleset_group_id()
1729 struct mlxsw_sp_acl_tcam_mr_ruleset *ruleset = ruleset_priv; in mlxsw_sp_acl_tcam_mr_ruleset_add() local
1746 ruleset->vchunk = mlxsw_sp_acl_tcam_vchunk_get(mlxsw_sp, in mlxsw_sp_acl_tcam_mr_ruleset_add()
1747 &ruleset->vgroup, 1, in mlxsw_sp_acl_tcam_mr_ruleset_add()
1749 if (IS_ERR(ruleset->vchunk)) { in mlxsw_sp_acl_tcam_mr_ruleset_add()
1750 err = PTR_ERR(ruleset->vchunk); in mlxsw_sp_acl_tcam_mr_ruleset_add()
1757 mlxsw_sp_acl_tcam_vgroup_del(&ruleset->vgroup); in mlxsw_sp_acl_tcam_mr_ruleset_add()
1766 mlxsw_sp_acl_tcam_vchunk_put(mlxsw_sp, ruleset->vchunk); in mlxsw_sp_acl_tcam_mr_ruleset_del()
1767 mlxsw_sp_acl_tcam_vgroup_del(&ruleset->vgroup); in mlxsw_sp_acl_tcam_mr_ruleset_del()
[all …]
A Dspectrum.h929 struct mlxsw_sp_acl_ruleset *ruleset);
930 u16 mlxsw_sp_acl_ruleset_group_id(struct mlxsw_sp_acl_ruleset *ruleset);
931 void mlxsw_sp_acl_ruleset_prio_get(struct mlxsw_sp_acl_ruleset *ruleset,
1000 struct mlxsw_sp_acl_ruleset *ruleset,
1015 struct mlxsw_sp_acl_ruleset *ruleset,
/linux/security/landlock/
A Dsyscalls.c100 landlock_put_ruleset(ruleset); in fop_ruleset_release()
191 if (IS_ERR(ruleset)) in SYSCALL_DEFINE3()
192 return PTR_ERR(ruleset); in SYSCALL_DEFINE3()
218 ruleset = ERR_PTR(-EBADFD); in get_ruleset_from_fd()
222 ruleset = ERR_PTR(-EPERM); in get_ruleset_from_fd()
227 ruleset = ERR_PTR(-EINVAL); in get_ruleset_from_fd()
234 return ruleset; in get_ruleset_from_fd()
331 if (IS_ERR(ruleset)) in SYSCALL_DEFINE4()
332 return PTR_ERR(ruleset); in SYSCALL_DEFINE4()
417 if (IS_ERR(ruleset)) in SYSCALL_DEFINE2()
[all …]
A Druleset.c154 lockdep_assert_held(&ruleset->lock); in insert_rule()
214 ruleset->num_rules++; in insert_rule()
364 put_hierarchy(ruleset->hierarchy); in free_ruleset()
365 kfree(ruleset); in free_ruleset()
371 if (ruleset && refcount_dec_and_test(&ruleset->usage)) in landlock_put_ruleset()
372 free_ruleset(ruleset); in landlock_put_ruleset()
377 struct landlock_ruleset *ruleset; in free_ruleset_work() local
380 free_ruleset(ruleset); in free_ruleset_work()
385 if (ruleset && refcount_dec_and_test(&ruleset->usage)) { in landlock_put_ruleset_deferred()
409 if (WARN_ON_ONCE(!ruleset || parent == ruleset)) in landlock_merge_ruleset()
[all …]
A Druleset.h145 void landlock_put_ruleset(struct landlock_ruleset *const ruleset);
146 void landlock_put_ruleset_deferred(struct landlock_ruleset *const ruleset);
148 int landlock_insert_rule(struct landlock_ruleset *const ruleset,
153 struct landlock_ruleset *const ruleset);
156 const struct landlock_ruleset *const ruleset,
159 static inline void landlock_get_ruleset(struct landlock_ruleset *const ruleset) in landlock_get_ruleset() argument
161 if (ruleset) in landlock_get_ruleset()
162 refcount_inc(&ruleset->usage); in landlock_get_ruleset()
A Dfs.c152 int landlock_append_fs_rule(struct landlock_ruleset *const ruleset, in landlock_append_fs_rule() argument
162 if (WARN_ON_ONCE(ruleset->num_layers != 1)) in landlock_append_fs_rule()
166 access_rights |= LANDLOCK_MASK_ACCESS_FS & ~ruleset->fs_access_masks[0]; in landlock_append_fs_rule()
170 mutex_lock(&ruleset->lock); in landlock_append_fs_rule()
171 err = landlock_insert_rule(ruleset, object, access_rights); in landlock_append_fs_rule()
172 mutex_unlock(&ruleset->lock); in landlock_append_fs_rule()
A DMakefile3 landlock-y := setup.o syscalls.o object.o ruleset.o \
A Dfs.h67 int landlock_append_fs_rule(struct landlock_ruleset *const ruleset,
/linux/drivers/net/ethernet/marvell/prestera/
A Dprestera_acl.c45 struct prestera_acl_ruleset *ruleset; in prestera_acl_ruleset_create() local
48 ruleset = kzalloc(sizeof(*ruleset), GFP_KERNEL); in prestera_acl_ruleset_create()
49 if (!ruleset) in prestera_acl_ruleset_create()
60 ruleset->sw = sw; in prestera_acl_ruleset_create()
62 return ruleset; in prestera_acl_ruleset_create()
67 kfree(ruleset); in prestera_acl_ruleset_create()
73 prestera_hw_acl_ruleset_del(ruleset->sw, ruleset->id); in prestera_acl_ruleset_destroy()
75 kfree(ruleset); in prestera_acl_ruleset_destroy()
91 if (IS_ERR(block->ruleset)) { in prestera_acl_block_create()
166 return block->ruleset; in prestera_acl_block_ruleset_get()
[all …]
A Dprestera_acl.h46 struct prestera_acl_ruleset *ruleset; member
114 prestera_acl_rule_lookup(struct prestera_acl_ruleset *ruleset,
/linux/Documentation/userspace-api/
A Dlandlock.rst59 perror("Failed to create a ruleset");
66 denied by the ruleset. To add ``/usr`` to the ruleset, we open it with the
90 perror("Failed to update ruleset");
108 The current thread is now ready to sandbox itself with the ruleset.
113 perror("Failed to enforce ruleset");
124 ruleset.
135 ruleset.
204 Creating a new ruleset
213 Extending a ruleset
222 Enforcing a ruleset
[all …]
/linux/Documentation/security/
A Dlandlock.rst42 * Computation related to Landlock operations (e.g. enforcing a ruleset) shall
69 A domain is a read-only ruleset tied to a set of subjects (i.e. tasks'
70 credentials). Each time a ruleset is enforced on a task, the current domain is
71 duplicated and the ruleset is imported as a new layer of rules in the new
76 of a ruleset provided by the task.
81 .. kernel-doc:: security/landlock/ruleset.h
/linux/tools/testing/selftests/netfilter/
A Dconntrack_vrf.sh143 ip netns exec $ns0 nft list ruleset
162 flush ruleset
211 flush ruleset
A Dnft_flowtable.sh319 ip netns exec nsr1 nft list ruleset
350 ip netns exec nsr1 nft list ruleset
370 ip netns exec nsr1 nft list ruleset
405 ip netns exec nsr1 nft list ruleset
430 ip netns exec nsr1 nft list ruleset
498 ip netns exec nsr1 nft list ruleset 1>&2
A Dnft_queue.sh251 ip netns exec ${nsrouter} nft list ruleset
302 flush ruleset
351 flush ruleset
376 ip netns exec ${ns1} nft list ruleset
A Dnft_zones_many.sh47 flush ruleset
A Dnft_concat_range.sh923 nft flush ruleset >/dev/null 2>&1
1306 nft flush ruleset
1473 nft flush ruleset
/linux/include/linux/crush/
A Dmapper.h14 extern int crush_find_rule(const struct crush_map *map, int ruleset, int type, int size);
A Dcrush.h81 __u8 ruleset; member
/linux/security/safesetid/
A Dsecurityfs.c264 … size_t len, loff_t *ppos, struct mutex *policy_update_lock, struct __rcu setid_ruleset* ruleset) in safesetid_file_read() argument
271 pol = rcu_dereference_protected(ruleset, lockdep_is_held(policy_update_lock)); in safesetid_file_read()
/linux/net/ceph/crush/
A Dmapper.c42 int crush_find_rule(const struct crush_map *map, int ruleset, int type, int size) in crush_find_rule() argument
48 map->rules[i]->mask.ruleset == ruleset && in crush_find_rule()
/linux/Documentation/networking/
A Dtproxy.rst67 add rules like this to the iptables ruleset above::

Completed in 54 milliseconds

12