summaryrefslogtreecommitdiffstats
path: root/doc/libnftables-json.adoc
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2018-08-29 16:23:27 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2018-08-30 12:19:36 +0200
commit90d4ee087171e75d5313359ad6b6f1341e51ddc5 (patch)
tree59572c39aa334813b9b090fa46a57fedf9ff5aac /doc/libnftables-json.adoc
parent8f6e1c37e3e74e1fd490a0de5360ff1467c521cd (diff)
JSON: Make match op mandatory, introduce 'in' operator
This special operator is required for cases where missing operator does not lead to same results as equal operator, i.e. with bitmasks on RHS. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/libnftables-json.adoc')
-rw-r--r--doc/libnftables-json.adoc13
1 files changed, 11 insertions, 2 deletions
diff --git a/doc/libnftables-json.adoc b/doc/libnftables-json.adoc
index 309988bc..c174a354 100644
--- a/doc/libnftables-json.adoc
+++ b/doc/libnftables-json.adoc
@@ -577,8 +577,6 @@ processing continues with the next rule in the same chain.
Operator indicating the type of comparison.
==== OPERATORS
-The operator is usually optional and if omitted usually defaults to "==".
-Allowed operators are:
[horizontal]
*&*:: Binary AND
@@ -592,6 +590,17 @@ Allowed operators are:
*>*:: Greater than
*<=*:: Less than or equal to
*>=*:: Greater than or equal to
+*in*:: Perform a lookup, i.e. test if bits on RHS are contained in LHS value
+
+Unlike with standard API, the operator is mandatory here. In standard API,
+missing operator may be resolved in two ways depending on the type of expression
+on RHS:
+
+- If RHS is a bitmask or a list of bitmasks, the expression resolves into a
+ binary operation with not equal operator, like this: '+LHS & RHS != 0+'.
+- In any other case, equal operator is simply inserted.
+
+For the non-trivial first case, JSON API supports *in* operator.
=== COUNTER
[verse]