diff options
author | Phil Sutter <phil@nwl.cc> | 2017-03-11 14:31:39 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-03-13 12:13:43 +0100 |
commit | f686a17eafa0bb5e9b0665c646fac09c9f95c0a5 (patch) | |
tree | a120b7e5ecc815f9daef482f1e9159021f8d00fb /include/linux | |
parent | c6cd7c22548a545ea9a831a1ea725d1716295b4a (diff) |
fib: Support existence check
This allows to check whether a FIB entry exists for a given packet by
comparing the expression with a boolean keyword like so:
| fib daddr oif exists
The implementation requires introduction of a generic expression flag
EXPR_F_BOOLEAN which allows relational expression to signal it's LHS
that a boolean comparison is being done (indicated by boolean type on
RHS). In contrast to exthdr existence checks, fib expression can't know
this in beforehand because the LHS syntax is absolutely identical to a
non-boolean comparison.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 4f7d7568..a9280a65 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -1257,6 +1257,7 @@ enum nft_fib_flags { NFTA_FIB_F_MARK = 1 << 2, /* use skb->mark */ NFTA_FIB_F_IIF = 1 << 3, /* restrict to iif */ NFTA_FIB_F_OIF = 1 << 4, /* restrict to oif */ + NFTA_FIB_F_PRESENT = 1 << 5, /* check existence only */ }; #define NFT_OBJECT_UNSPEC 0 |