Home
last modified time | relevance | path

Searched full:nat (Results 1 – 25 of 184) sorted by relevance

12345678

/linux-6.14.4/tools/testing/selftests/tc-testing/tc-tests/actions/
Dnat.json4 "name": "Add nat action on ingress with default control action",
7 "nat"
14 "$TC actions flush action nat",
20 "cmdUnderTest": "$TC actions add action nat ingress 192.168.1.1 200.200.200.1",
22 "verifyCmd": "$TC actions ls action nat",
23 "matchPattern": "action order [0-9]+: nat ingress 192.168.1.1/32 200.200.200.1 pass",
26 "$TC actions flush action nat"
31 "name": "Add nat action on ingress with pipe control action",
34 "nat"
41 "$TC actions flush action nat",
[all …]
Dct.json193 "name": "Try ct with zone, commit, mark, nat",
209 …"cmdUnderTest": "$TC actions add action ct zone 404 commit mark 0x42 nat src addr 5.5.5.7 index 42…
212 …"matchPattern": "action order [0-9]*: ct commit mark 66 zone 404 nat src addr 5.5.5.7 pipe.*index …
220 "name": "Try ct with full nat ipv4 range syntax",
236 …"cmdUnderTest": "$TC actions add action ct commit nat src addr 5.5.5.7-5.5.6.0 port 1000-2000 inde…
239 …"matchPattern": "action order [0-9]*: ct commit zone 0 nat src addr 5.5.5.7-5.5.6.0 port 1000-2000…
247 "name": "Try ct with full nat ipv6 syntax",
263 … "cmdUnderTest": "$TC actions add action ct commit nat src addr 2001::1 port 1000-2000 index 44",
266 …"matchPattern": "action order [0-9]*: ct commit zone 0 nat src addr 2001::1 port 1000-2000 pipe.*i…
274 "name": "Try ct with full nat ipv6 range syntax",
[all …]
/linux-6.14.4/net/ipv4/netfilter/
Dnf_nat_pptp.c5 * NAT support for PPTP (Point to Point Tunneling Protocol).
19 * TODO: - NAT to a unique tuple, not to TCP source port
40 MODULE_DESCRIPTION("Netfilter NAT helper module for PPTP");
53 struct nf_conn_nat *nat; in pptp_nat_expected() local
55 nat = nf_ct_nat_ext_add(ct); in pptp_nat_expected()
56 if (WARN_ON_ONCE(!nat)) in pptp_nat_expected()
59 nat_pptp_info = &nat->help.nat_pptp_info; in pptp_nat_expected()
129 struct nf_conn_nat *nat = nfct_nat(ct); in pptp_outbound_pkt() local
135 if (WARN_ON_ONCE(!nat)) in pptp_outbound_pkt()
138 nat_pptp_info = &nat->help.nat_pptp_info; in pptp_outbound_pkt()
[all …]
Diptable_nat.c23 .name = "nat",
67 table = xt_find_table(net, NFPROTO_IPV4, "nat"); in ipt_nat_register_lookups()
123 ipt_unregister_table_exit(net, "nat"); in iptable_nat_table_init()
136 ipt_unregister_table_exit(net, "nat"); in iptable_nat_net_exit()
175 MODULE_DESCRIPTION("iptables legacy nat table");
/linux-6.14.4/fs/f2fs/
Dnode.h11 /* node block offset on the NAT area dedicated to the given start node id */
37 /* vector size for gang look-up from nat cache that consists of radix tree */
51 IS_DIRTY, /* this nat entry is dirty? */
52 IS_PREALLOC, /* nat entry is preallocated */
67 struct list_head list; /* for clean or dirty nat list */
71 #define nat_get_nid(nat) ((nat)->ni.nid) argument
72 #define nat_set_nid(nat, n) ((nat)->ni.nid = (n)) argument
73 #define nat_get_blkaddr(nat) ((nat)->ni.blk_addr) argument
74 #define nat_set_blkaddr(nat, b) ((nat)->ni.blk_addr = (b)) argument
75 #define nat_get_ino(nat) ((nat)->ni.ino) argument
[all …]
/linux-6.14.4/net/netfilter/
Dnf_nat_ovs.c2 /* Support nat functions for openvswitch and used by OVS and TC conntrack. */
7 * range is only used for new, uninitialized NAT state.
20 hooknum = NF_INET_LOCAL_IN; /* Source NAT */ in nf_ct_nat_execute()
22 hooknum = NF_INET_LOCAL_OUT; /* Destination NAT */ in nf_ct_nat_execute()
56 /* Initialize according to the NAT action. */ in nf_ct_nat_execute()
94 /* Add NAT extension if not confirmed yet. */ in nf_ct_nat()
96 return NF_DROP; /* Can't NAT. */ in nf_ct_nat()
100 /* NAT an established or related connection like before. */ in nf_ct_nat()
103 * for which NAT was applied in the forward in nf_ct_nat()
104 * direction. Do the reverse NAT. in nf_ct_nat()
Dnf_nat_masquerade.c33 struct nf_conn_nat *nat; in nf_nat_masquerade_ipv4() local
60 nat = nf_ct_nat_ext_add(ct); in nf_nat_masquerade_ipv4()
61 if (nat) in nf_nat_masquerade_ipv4()
62 nat->masq_index = out->ifindex; in nf_nat_masquerade_ipv4()
141 const struct nf_conn_nat *nat = nfct_nat(i); in device_cmp() local
144 if (!nat) in device_cmp()
146 return nat->masq_index == w->ifindex; in device_cmp()
245 struct nf_conn_nat *nat; in nf_nat_masquerade_ipv6() local
258 nat = nf_ct_nat_ext_add(ct); in nf_nat_masquerade_ipv6()
259 if (nat) in nf_nat_masquerade_ipv6()
[all …]
Dnft_chain_nat.c37 .name = "nat",
58 .name = "nat",
89 .name = "nat",
142 MODULE_ALIAS_NFT_CHAIN(AF_INET, "nat");
145 MODULE_ALIAS_NFT_CHAIN(AF_INET6, "nat");
148 MODULE_ALIAS_NFT_CHAIN(1, "nat"); /* NFPROTO_INET */
Dnf_conntrack_helper.c132 struct nf_conntrack_nat_helper *nat; in nf_nat_helper_try_module_get() local
143 nat = nf_conntrack_nat_helper_find(h->nat_mod_name); in nf_nat_helper_try_module_get()
144 if (!nat) { in nf_nat_helper_try_module_get()
150 nat = nf_conntrack_nat_helper_find(mod_name); in nf_nat_helper_try_module_get()
151 if (!nat) { in nf_nat_helper_try_module_get()
157 if (!try_module_get(nat->module)) in nf_nat_helper_try_module_get()
167 struct nf_conntrack_nat_helper *nat; in nf_nat_helper_put() local
169 nat = nf_conntrack_nat_helper_find(helper->nat_mod_name); in nf_nat_helper_put()
170 if (WARN_ON_ONCE(!nat)) in nf_nat_helper_put()
173 module_put(nat->module); in nf_nat_helper_put()
[all …]
Dnf_nat_bpf.c2 /* Unstable NAT Helpers for XDP and TC-BPF hook
17 /* bpf_ct_set_nat_info - Set source or destination nat address
19 * Set source or destination nat address of the newly allocated
26 * @addr - Nat source/destination address
27 * @port - Nat source/destination port. Non-positive values are
Dnf_nat_core.c187 * nf_nat_used_tuple - check if proposed nat tuple clashes with existing entry
188 * @tuple: proposed NAT binding
195 * INITIATOR -> NAT/PAT -> RESPONDER
197 * INITIATOR passes through NAT/PAT ("us") and SNAT is done (saddr rewrite).
198 * Then, later, NAT/PAT itself also connects to RESPONDER.
213 * @return: true if the proposed NAT mapping collides with an existing entry.
220 * incoming ones. NAT means they don't have a fixed mapping, in nf_nat_used_tuple()
238 * @tuple: proposed NAT binding
243 * @ignored_conntrack will not be subject to NAT.
245 * @return: true if the proposed NAT mapping collides with existing entry.
[all …]
/linux-6.14.4/tools/testing/selftests/net/netfilter/
Dnft_nat.sh3 # This test is for basic NAT functionality: snat, dnat, redirect, masquerade.
159 table $family nat {
161 type nat hook output priority 0; policy accept;
213 ip netns exec "$ns0" nft flush chain ip6 nat output
229 table $family nat {
231 type nat hook output priority 0; policy accept;
238 echo "SKIP: inet nat tests"
289 ip netns exec "$ns0" nft flush chain "$family" nat output
331 test $lret -eq 0 && echo "PASS: ping to $ns1 OK after $family nat output chain flush"
351 table $family nat {
[all …]
Dnf_nat_edemux.sh4 # Test NAT source port clash resolution
47 ip netns exec "$ns2" iptables -t nat -A OUTPUT -d 10.96.0.1/32 -p tcp --dport 443 -j DNAT --to-dest…
58 # NAT must reallocate source port 10000 because
65 echo "PASS: socat can connect via NAT'd address"
67 echo "FAIL: socat cannot connect via NAT'd address"
71 ip netns exec "$ns1" iptables -t nat -A PREROUTING -p tcp --dport 5202 -j REDIRECT --to-ports 5201
72 ip netns exec "$ns1" iptables -t nat -A PREROUTING -p tcp --dport 5203 -j REDIRECT --to-ports 5201
Dconntrack_vrf.sh153 table ip nat {
165 type nat hook postrouting priority 0;
178 # must also check that nat table was evaluated on second (lower device) iteration.
179 if ip netns exec "$ns0" nft list table ip nat |grep -q 'counter packets 1' &&
180 ip netns exec "$ns0" nft list table ip nat |grep -q 'untracked counter packets [1-9]'; then
200 table ip nat {
202 type nat hook postrouting priority 0;
213 # must also check that nat table was evaluated on second (lower device) iteration.
214 if ip netns exec "$ns0" nft list table ip nat |grep -q 'counter packets 1'; then
Dconntrack_tcp_unreplied.sh120 # the nat redirect rule.
127 table inet nat {
129 type nat hook prerouting priority 0; policy accept;
135 echo "ERROR: Could not load nat redirect"
148 echo "INFO: NAT redirect added in ns $ns2, waiting for $BUSYWAIT_TIMEOUT ms for nat to take effect"
Dnft_flowtable.sh476 # Same, but with NAT enabled. Same as in first test: we expect normal forward path
479 table ip nat {
481 type nat hook prerouting priority 0; policy accept;
486 type nat hook postrouting priority 0; policy accept;
498 echo "FAIL: flow offload for ns1/ns2 with NAT" 1>&2
518 echo "FAIL: flow offload for ns1/ns2 with NAT and pmtu discovery" 1>&2
523 # Add bridge interface br0 to Router1, with NAT enabled.
539 # br0 with NAT enabled.
541 flush table ip nat
542 table ip nat {
[all …]
Dconntrack_icmp_related.sh15 # nat of "established" icmp-echo "connection".
174 # make sure NAT core rewrites adress of icmp error if nat is used according to
175 # conntrack nat information (icmp error will be directed at nsrouter1 address,
178 table ip nat {
180 type nat hook postrouting priority 0; policy accept;
184 table ip6 nat {
186 type nat hook postrouting priority 0; policy accept;
/linux-6.14.4/net/ipv6/netfilter/
Dip6table_nat.c5 * Based on Rusty Russell's IPv4 NAT code. Development of IPv6 NAT
25 .name = "nat",
68 table = xt_find_table(net, NFPROTO_IPV6, "nat"); in ip6t_nat_register_lookups()
125 ip6t_unregister_table_exit(net, "nat"); in ip6table_nat_table_init()
138 ip6t_unregister_table_exit(net, "nat"); in ip6table_nat_net_exit()
177 MODULE_DESCRIPTION("Ip6tables legacy nat table");
/linux-6.14.4/include/net/netfilter/
Dnf_nat.h22 /* per conntrack: nat application helper private data */
24 /* insert nat helper private data here */
59 struct nf_conn_nat *nat, in nf_nat_oif_changed() argument
63 return nat && nat->masq_index && hooknum == NF_INET_POST_ROUTING && in nf_nat_oif_changed()
65 nat->masq_index != out->ifindex; in nf_nat_oif_changed()
/linux-6.14.4/net/openvswitch/
Dconntrack.c55 OVS_CT_NAT = 1 << 0, /* NAT for committed connections only. */
56 OVS_CT_SRC_NAT = 1 << 1, /* Source NAT for NEW connections. */
57 OVS_CT_DST_NAT = 1 << 2, /* Destination NAT for NEW connections. */
66 u8 nat : 3; /* enum ovs_ct_nat */ member
76 struct nf_nat_range2 range; /* Only present for SRC NAT and DST NAT. */
239 * 'keep_nat_flags' is true, the existing NAT flags retained, else they are
503 /* Must invert the tuple if skb has been transformed by NAT. */ in ovs_ct_find_existing()
674 if (!(info->nat & OVS_CT_NAT)) in ovs_ct_nat()
676 if (info->nat & OVS_CT_SRC_NAT) in ovs_ct_nat()
678 if (info->nat & OVS_CT_DST_NAT) in ovs_ct_nat()
[all …]
/linux-6.14.4/net/bridge/netfilter/
Debtable_nat.c35 .name = "nat",
47 .name = "nat",
81 ebt_unregister_table_pre_exit(net, "nat"); in frame_nat_net_pre_exit()
86 ebt_unregister_table(net, "nat"); in frame_nat_net_exit()
119 MODULE_DESCRIPTION("ebtables legacy stateless nat table");
/linux-6.14.4/drivers/net/ethernet/mellanox/mlx5/core/en/tc/
Dct_fs_hmfs.c113 bool nat, bool ipv4, bool tcp, bool gre) in mlx5_ct_fs_hmfs_matcher_get() argument
121 hmfs_matcher = nat ? in mlx5_ct_fs_hmfs_matcher_get()
134 tbl = nat ? fs_hmfs->ct_nat_tbl : fs_hmfs->ct_tbl; in mlx5_ct_fs_hmfs_matcher_get()
139 "ct_fs_hmfs: failed to create bwc matcher (nat %d, ipv4 %d, tcp %d, gre %d), err: %ld\n", in mlx5_ct_fs_hmfs_matcher_get()
140 nat, ipv4, tcp, gre, PTR_ERR(hws_bwc_matcher)); in mlx5_ct_fs_hmfs_matcher_get()
198 bool nat, tcp, ipv4, gre; in mlx5_ct_fs_hmfs_ct_rule_add() local
208 nat = (attr->ft == fs_hmfs->ct_nat); in mlx5_ct_fs_hmfs_ct_rule_add()
215 hmfs_matcher = mlx5_ct_fs_hmfs_matcher_get(fs, spec, nat, ipv4, tcp, gre); in mlx5_ct_fs_hmfs_ct_rule_add()
Dct_fs_smfs.c111 mlx5_ct_fs_smfs_matcher_get(struct mlx5_ct_fs *fs, bool nat, bool ipv4, bool tcp, bool gre) in mlx5_ct_fs_smfs_matcher_get() argument
121 matchers = nat ? &fs_smfs->matchers_nat : &fs_smfs->matchers; in mlx5_ct_fs_smfs_matcher_get()
147 tbl = nat ? fs_smfs->ct_nat_tbl : fs_smfs->ct_tbl; in mlx5_ct_fs_smfs_matcher_get()
151 "ct_fs_smfs: failed to create matcher (nat %d, ipv4 %d, tcp %d, gre %d), err: %ld\n", in mlx5_ct_fs_smfs_matcher_get()
152 nat, ipv4, tcp, gre, PTR_ERR(dr_matcher)); in mlx5_ct_fs_smfs_matcher_get()
232 bool nat, tcp, ipv4, gre; in mlx5_ct_fs_smfs_ct_rule_add() local
251 nat = (attr->ft == fs_smfs->ct_nat); in mlx5_ct_fs_smfs_ct_rule_add()
258 smfs_matcher = mlx5_ct_fs_smfs_matcher_get(fs, nat, ipv4, tcp, gre); in mlx5_ct_fs_smfs_ct_rule_add()
/linux-6.14.4/net/netfilter/ipvs/
Dip_vs_nfct.c20 * - support for all forwarding methods, not only NAT
21 * - FTP support (NAT), ability to support other NAT apps with expectations
22 * - to correctly create expectations for related NAT connections the proper
25 * NAT rules are needed)
26 * - alter reply for NAT when forwarding packet in original direction:
30 * PASV response can not be NAT-ed) but Active FTP should work
81 /* Never alter conntrack for non-NAT conns */ in ip_vs_update_conntrack()
198 /* Never alter conntrack for non-NAT conns */ in ip_vs_nfct_expect_callback()
/linux-6.14.4/drivers/net/ethernet/broadcom/bnxt/
Dbnxt_tc.c212 actions->nat.l3_is_ipv4 = true; in bnxt_tc_parse_pedit()
214 actions->nat.src_xlate = true; in bnxt_tc_parse_pedit()
215 actions->nat.l3.ipv4.saddr.s_addr = htonl(val); in bnxt_tc_parse_pedit()
217 actions->nat.src_xlate = false; in bnxt_tc_parse_pedit()
218 actions->nat.l3.ipv4.daddr.s_addr = htonl(val); in bnxt_tc_parse_pedit()
226 netdev_dbg(bp->dev, "nat.src_xlate = %d src IP: %pI4 dst ip : %pI4\n", in bnxt_tc_parse_pedit()
227 actions->nat.src_xlate, &actions->nat.l3.ipv4.saddr, in bnxt_tc_parse_pedit()
228 &actions->nat.l3.ipv4.daddr); in bnxt_tc_parse_pedit()
233 actions->nat.l3_is_ipv4 = false; in bnxt_tc_parse_pedit()
239 actions->nat.src_xlate = true; in bnxt_tc_parse_pedit()
[all …]

12345678