aboutsummaryrefslogtreecommitdiffstats
path: root/include/uapi/linux
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2016-09-23 09:23:33 -0400
committerPablo Neira Ayuso <pablo@netfilter.org>2016-09-25 17:16:42 -0400
commit0f3cd9b3697708c86a825ae3cedabf7be6fd3e72 (patch)
tree14b59bebf1a6dc16a961864a93febfbacc4d3715 /include/uapi/linux
parent7a682575ad4829b4de3e672a6ad5f73a05826b82 (diff)
netfilter: nf_tables: add range expression
Inverse ranges != [a,b] are not currently possible because rules are composites of && operations, and we need to express this: data < a || data > b This patch adds a new range expression. Positive ranges can be already through two cmp expressions: cmp(sreg, data, >=) cmp(sreg, data, <=) This new range expression provides an alternative way to express this. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/uapi/linux')
-rw-r--r--include/uapi/linux/netfilter/nf_tables.h29
1 files changed, 29 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index 1cf41dd838b2..c6c4477c136b 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -546,6 +546,35 @@ enum nft_cmp_attributes {
546}; 546};
547#define NFTA_CMP_MAX (__NFTA_CMP_MAX - 1) 547#define NFTA_CMP_MAX (__NFTA_CMP_MAX - 1)
548 548
549/**
550 * enum nft_range_ops - nf_tables range operator
551 *
552 * @NFT_RANGE_EQ: equal
553 * @NFT_RANGE_NEQ: not equal
554 */
555enum nft_range_ops {
556 NFT_RANGE_EQ,
557 NFT_RANGE_NEQ,
558};
559
560/**
561 * enum nft_range_attributes - nf_tables range expression netlink attributes
562 *
563 * @NFTA_RANGE_SREG: source register of data to compare (NLA_U32: nft_registers)
564 * @NFTA_RANGE_OP: cmp operation (NLA_U32: nft_cmp_ops)
565 * @NFTA_RANGE_FROM_DATA: data range from (NLA_NESTED: nft_data_attributes)
566 * @NFTA_RANGE_TO_DATA: data range to (NLA_NESTED: nft_data_attributes)
567 */
568enum nft_range_attributes {
569 NFTA_RANGE_UNSPEC,
570 NFTA_RANGE_SREG,
571 NFTA_RANGE_OP,
572 NFTA_RANGE_FROM_DATA,
573 NFTA_RANGE_TO_DATA,
574 __NFTA_RANGE_MAX
575};
576#define NFTA_RANGE_MAX (__NFTA_RANGE_MAX - 1)
577
549enum nft_lookup_flags { 578enum nft_lookup_flags {
550 NFT_LOOKUP_F_INV = (1 << 0), 579 NFT_LOOKUP_F_INV = (1 << 0),
551}; 580};
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-16 22:26:30 -0400