summaryrefslogtreecommitdiffstats
path: root/src/expression.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2021-02-01 22:21:41 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2021-02-05 13:38:20 +0100
commite6c32b2fa0b820bc81cbb99e8ed601eabbbfac69 (patch)
tree47e56d582bde34804b3913716a6c7745faa3c582 /src/expression.c
parent0c189656148d834b17aa9d98b0b11018bc9d2465 (diff)
src: add negation match on singleton bitmask value
This patch provides a shortcut for: ct status and dnat == 0 which allows to check for the packet whose dnat bit is unset: # nft add rule x y ct status ! dnat counter This operation is only available for expression with a bitmask basetype, eg. # nft describe ct status ct expression, datatype ct_status (conntrack status) (basetype bitmask, integer), 32 bits Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/expression.c')
-rw-r--r--src/expression.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/expression.c b/src/expression.c
index 58d73e95..a90a89ca 100644
--- a/src/expression.c
+++ b/src/expression.c
@@ -560,6 +560,7 @@ const char *expr_op_symbols[] = {
[OP_GT] = ">",
[OP_LTE] = "<=",
[OP_GTE] = ">=",
+ [OP_NEG] = "!",
};
static void unary_expr_print(const struct expr *expr, struct output_ctx *octx)