netfilter: nf_tables: add support for inverted logic in nft_lookup - kernel/linux.git

diff options

author	Arturo Borrero <arturo.borrero.glez@gmail.com>	2016-06-23 13:24:08 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-06-24 12:03:29 +0300
commit	0071e184a535e40ce487528cb04f4690cb0da881 (patch)
tree	6267df19373697d545ba080be1f3ababaf9e6d5b /net/ipv4
parent	82bec71d46b83f39860e2838ff8394e4fcd6efab (diff)
download	linux-0071e184a535e40ce487528cb04f4690cb0da881.tar.xz

netfilter: nf_tables: add support for inverted logic in nft_lookup

Introduce a new configuration option for this expression, which allows users to invert the logic of set lookups. In _init() we will now return EINVAL if NFT_LOOKUP_F_INV is in anyway related to a map lookup. The code in the _eval() function has been untangled and updated to sopport the XOR of options, as we should consider 4 cases: * lookup false, invert false -> NFT_BREAK * lookup false, invert true -> return w/o NFT_BREAK * lookup true, invert false -> return w/o NFT_BREAK * lookup true, invert true -> NFT_BREAK Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'net/ipv4')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: