projects / linux-2.6-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 82bec71) | patch
netfilter: nf_tables: add support for inverted logic in nft_lookup
authorArturo Borrero <arturo.borrero.glez@gmail.com>
Thu, 23 Jun 2016 10:24:08 +0000 (12:24 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 24 Jun 2016 09:03:29 +0000 (11:03 +0200)
commit0071e184a535e40ce487528cb04f4690cb0da881
tree6267df19373697d545ba080be1f3ababaf9e6d5btree | snapshot
parent82bec71d46b83f39860e2838ff8394e4fcd6efabcommit | diff
netfilter: nf_tables: add support for inverted logic in nft_lookup

Introduce a new configuration option for this expression, which allows users
to invert the logic of set lookups.

In _init() we will now return EINVAL if NFT_LOOKUP_F_INV is in anyway
related to a map lookup.

The code in the _eval() function has been untangled and updated to sopport the
XOR of options, as we should consider 4 cases:
 * lookup false, invert false -> NFT_BREAK
 * lookup false, invert true -> return w/o NFT_BREAK
 * lookup true, invert false -> return w/o NFT_BREAK
 * lookup true, invert true -> NFT_BREAK

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/uapi/linux/netfilter/nf_tables.h diff | blob | blame | history
net/netfilter/nft_lookup.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)