diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-09-23 15:23:33 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-09-25 23:16:42 +0200 |
commit | 0f3cd9b3697708c86a825ae3cedabf7be6fd3e72 (patch) | |
tree | 14b59bebf1a6dc16a961864a93febfbacc4d3715 /net/netfilter/nf_tables_core.c | |
parent | 7a682575ad4829b4de3e672a6ad5f73a05826b82 (diff) | |
download | linux-0f3cd9b3697708c86a825ae3cedabf7be6fd3e72.tar.bz2 |
netfilter: nf_tables: add range expression
Inverse ranges != [a,b] are not currently possible because rules are
composites of && operations, and we need to express this:
data < a || data > b
This patch adds a new range expression. Positive ranges can be already
through two cmp expressions:
cmp(sreg, data, >=)
cmp(sreg, data, <=)
This new range expression provides an alternative way to express this.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nf_tables_core.c')
-rw-r--r-- | net/netfilter/nf_tables_core.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c index 67259cefef06..7c94ce0080d5 100644 --- a/net/netfilter/nf_tables_core.c +++ b/net/netfilter/nf_tables_core.c @@ -263,8 +263,13 @@ int __init nf_tables_core_module_init(void) if (err < 0) goto err7; - return 0; + err = nft_range_module_init(); + if (err < 0) + goto err8; + return 0; +err8: + nft_dynset_module_exit(); err7: nft_payload_module_exit(); err6: |