aboutsummaryrefslogtreecommitdiffstats
path: root/include/uapi/linux
diff options
context:
space:
mode:
authorArturo Borrero <arturo.borrero.glez@gmail.com>2016-06-23 06:24:08 -0400
committerPablo Neira Ayuso <pablo@netfilter.org>2016-06-24 05:03:29 -0400
commit0071e184a535e40ce487528cb04f4690cb0da881 (patch)
tree6267df19373697d545ba080be1f3ababaf9e6d5b /include/uapi/linux
parent82bec71d46b83f39860e2838ff8394e4fcd6efab (diff)
netfilter: nf_tables: add support for inverted logic in nft_lookup
Introduce a new configuration option for this expression, which allows users to invert the logic of set lookups. In _init() we will now return EINVAL if NFT_LOOKUP_F_INV is in anyway related to a map lookup. The code in the _eval() function has been untangled and updated to sopport the XOR of options, as we should consider 4 cases: * lookup false, invert false -> NFT_BREAK * lookup false, invert true -> return w/o NFT_BREAK * lookup true, invert false -> return w/o NFT_BREAK * lookup true, invert true -> NFT_BREAK Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/uapi/linux')
-rw-r--r--include/uapi/linux/netfilter/nf_tables.h6
1 files changed, 6 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index 6a4dbe04f09e..01751faccaf8 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -546,6 +546,10 @@ enum nft_cmp_attributes {
546}; 546};
547#define NFTA_CMP_MAX (__NFTA_CMP_MAX - 1) 547#define NFTA_CMP_MAX (__NFTA_CMP_MAX - 1)
548 548
549enum nft_lookup_flags {
550 NFT_LOOKUP_F_INV = (1 << 0),
551};
552
549/** 553/**
550 * enum nft_lookup_attributes - nf_tables set lookup expression netlink attributes 554 * enum nft_lookup_attributes - nf_tables set lookup expression netlink attributes
551 * 555 *
@@ -553,6 +557,7 @@ enum nft_cmp_attributes {
553 * @NFTA_LOOKUP_SREG: source register of the data to look for (NLA_U32: nft_registers) 557 * @NFTA_LOOKUP_SREG: source register of the data to look for (NLA_U32: nft_registers)
554 * @NFTA_LOOKUP_DREG: destination register (NLA_U32: nft_registers) 558 * @NFTA_LOOKUP_DREG: destination register (NLA_U32: nft_registers)
555 * @NFTA_LOOKUP_SET_ID: uniquely identifies a set in a transaction (NLA_U32) 559 * @NFTA_LOOKUP_SET_ID: uniquely identifies a set in a transaction (NLA_U32)
560 * @NFTA_LOOKUP_FLAGS: flags (NLA_U32: enum nft_lookup_flags)
556 */ 561 */
557enum nft_lookup_attributes { 562enum nft_lookup_attributes {
558 NFTA_LOOKUP_UNSPEC, 563 NFTA_LOOKUP_UNSPEC,
@@ -560,6 +565,7 @@ enum nft_lookup_attributes {
560 NFTA_LOOKUP_SREG, 565 NFTA_LOOKUP_SREG,
561 NFTA_LOOKUP_DREG, 566 NFTA_LOOKUP_DREG,
562 NFTA_LOOKUP_SET_ID, 567 NFTA_LOOKUP_SET_ID,
568 NFTA_LOOKUP_FLAGS,
563 __NFTA_LOOKUP_MAX 569 __NFTA_LOOKUP_MAX
564}; 570};
565#define NFTA_LOOKUP_MAX (__NFTA_LOOKUP_MAX - 1) 571#define NFTA_LOOKUP_MAX (__NFTA_LOOKUP_MAX - 1)
generated by cgit v1.2.2 (git 2.25.0) at 2026-04-13 22:13:58 -0400