From 3fb5640916acdc413f2f7baccbd27e9e03970717 Mon Sep 17 00:00:00 2001 From: Jeremy Sowden Date: Fri, 17 Jan 2020 20:58:06 +0000 Subject: include: update nf_tables.h. The kernel UAPI header includes a couple of new bitwise netlink attributes and an enum. Signed-off-by: Jeremy Sowden Signed-off-by: Pablo Neira Ayuso --- include/libnftnl/expr.h | 2 ++ include/linux/netfilter/nf_tables.h | 26 +++++++++++++++++++++++--- 2 files changed, 25 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/libnftnl/expr.h b/include/libnftnl/expr.h index 3e0f5b0..cfe456d 100644 --- a/include/libnftnl/expr.h +++ b/include/libnftnl/expr.h @@ -116,6 +116,8 @@ enum { NFTNL_EXPR_BITWISE_LEN, NFTNL_EXPR_BITWISE_MASK, NFTNL_EXPR_BITWISE_XOR, + NFTNL_EXPR_BITWISE_OP, + NFTNL_EXPR_BITWISE_DATA, }; enum { diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index e237ecb..2618647 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -484,6 +484,20 @@ enum nft_immediate_attributes { }; #define NFTA_IMMEDIATE_MAX (__NFTA_IMMEDIATE_MAX - 1) +/** + * enum nft_bitwise_ops - nf_tables bitwise operations + * + * @NFT_BITWISE_BOOL: mask-and-xor operation used to implement NOT, AND, OR and + * XOR boolean operations + * @NFT_BITWISE_LSHIFT: left-shift operation + * @NFT_BITWISE_RSHIFT: right-shift operation + */ +enum nft_bitwise_ops { + NFT_BITWISE_BOOL, + NFT_BITWISE_LSHIFT, + NFT_BITWISE_RSHIFT, +}; + /** * enum nft_bitwise_attributes - nf_tables bitwise expression netlink attributes * @@ -492,16 +506,20 @@ enum nft_immediate_attributes { * @NFTA_BITWISE_LEN: length of operands (NLA_U32) * @NFTA_BITWISE_MASK: mask value (NLA_NESTED: nft_data_attributes) * @NFTA_BITWISE_XOR: xor value (NLA_NESTED: nft_data_attributes) + * @NFTA_BITWISE_OP: type of operation (NLA_U32: nft_bitwise_ops) + * @NFTA_BITWISE_DATA: argument for non-boolean operations + * (NLA_NESTED: nft_data_attributes) * - * The bitwise expression performs the following operation: + * The bitwise expression supports boolean and shift operations. It implements + * the boolean operations by performing the following operation: * * dreg = (sreg & mask) ^ xor * - * which allow to express all bitwise operations: + * with these mask and xor values: * * mask xor * NOT: 1 1 - * OR: 0 x + * OR: ~x x * XOR: 1 x * AND: x 0 */ @@ -512,6 +530,8 @@ enum nft_bitwise_attributes { NFTA_BITWISE_LEN, NFTA_BITWISE_MASK, NFTA_BITWISE_XOR, + NFTA_BITWISE_OP, + NFTA_BITWISE_DATA, __NFTA_BITWISE_MAX }; #define NFTA_BITWISE_MAX (__NFTA_BITWISE_MAX - 1) -- cgit v1.2.3