diff options
author | Phil Sutter <phil@nwl.cc> | 2018-08-29 16:23:27 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-08-30 12:19:36 +0200 |
commit | 90d4ee087171e75d5313359ad6b6f1341e51ddc5 (patch) | |
tree | 59572c39aa334813b9b090fa46a57fedf9ff5aac /doc/libnftables-json.adoc | |
parent | 8f6e1c37e3e74e1fd490a0de5360ff1467c521cd (diff) |
JSON: Make match op mandatory, introduce 'in' operator
This special operator is required for cases where missing operator does
not lead to same results as equal operator, i.e. with bitmasks on RHS.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/libnftables-json.adoc')
-rw-r--r-- | doc/libnftables-json.adoc | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/doc/libnftables-json.adoc b/doc/libnftables-json.adoc index 309988bc..c174a354 100644 --- a/doc/libnftables-json.adoc +++ b/doc/libnftables-json.adoc @@ -577,8 +577,6 @@ processing continues with the next rule in the same chain. Operator indicating the type of comparison. ==== OPERATORS -The operator is usually optional and if omitted usually defaults to "==". -Allowed operators are: [horizontal] *&*:: Binary AND @@ -592,6 +590,17 @@ Allowed operators are: *>*:: Greater than *<=*:: Less than or equal to *>=*:: Greater than or equal to +*in*:: Perform a lookup, i.e. test if bits on RHS are contained in LHS value + +Unlike with standard API, the operator is mandatory here. In standard API, +missing operator may be resolved in two ways depending on the type of expression +on RHS: + +- If RHS is a bitmask or a list of bitmasks, the expression resolves into a + binary operation with not equal operator, like this: '+LHS & RHS != 0+'. +- In any other case, equal operator is simply inserted. + +For the non-trivial first case, JSON API supports *in* operator. === COUNTER [verse] |