0f3cd9b3697708c86a825ae3cedabf7be6fd3e72 - SHIFTPHONES/kernel/common

commit	0f3cd9b3697708c86a825ae3cedabf7be6fd3e72	[log] [tgz]
author	Pablo Neira Ayuso <pablo@netfilter.org>	Fri Sep 23 15:23:33 2016 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	Sun Sep 25 23:16:42 2016 +0200
tree	14b59bebf1a6dc16a961864a93febfbacc4d3715
parent	7a682575ad4829b4de3e672a6ad5f73a05826b82 [diff]

netfilter: nf_tables: add range expression

Inverse ranges != [a,b] are not currently possible because rules are
composites of && operations, and we need to express this:

	data < a || data > b

This patch adds a new range expression. Positive ranges can be already
through two cmp expressions:

	cmp(sreg, data, >=)
	cmp(sreg, data, <=)

This new range expression provides an alternative way to express this.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_tables_core.h[diff]
include/uapi/linux/netfilter/nf_tables.h[diff]
net/netfilter/Makefile[diff]
net/netfilter/nf_tables_core.c[diff]
net/netfilter/nft_range.c[Added - diff]

5 files changed

tree: 14b59bebf1a6dc16a961864a93febfbacc4d3715