include: update nf_tables.h.

The kernel UAPI header includes a couple of new bitwise netlink
attributes and an enum.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/libnftnl/expr.h b/include/libnftnl/expr.h
index 3e0f5b078c7ad8488a1f5187ccae53a5e038c90d..cfe456dbc7a57adb77dbf81ce3fd5d9946cd5a63 100644 (file)
--- a/include/libnftnl/expr.h
+++ b/include/libnftnl/expr.h
@@ -116,6 +116,8 @@ enum {
        NFTNL_EXPR_BITWISE_LEN,
        NFTNL_EXPR_BITWISE_MASK,
        NFTNL_EXPR_BITWISE_XOR,
+       NFTNL_EXPR_BITWISE_OP,
+       NFTNL_EXPR_BITWISE_DATA,
 };
 
 enum {

diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index e237ecbdcd8ac3740cfaa714fcb6e3a1f340a317..261864736b26227b4f858d4b9b8dd1eeeb1e075b 100644 (file)
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -484,6 +484,20 @@ enum nft_immediate_attributes {
 };
 #define NFTA_IMMEDIATE_MAX     (__NFTA_IMMEDIATE_MAX - 1)
 
+/**
+ * enum nft_bitwise_ops - nf_tables bitwise operations
+ *
+ * @NFT_BITWISE_BOOL: mask-and-xor operation used to implement NOT, AND, OR and
+ *                    XOR boolean operations
+ * @NFT_BITWISE_LSHIFT: left-shift operation
+ * @NFT_BITWISE_RSHIFT: right-shift operation
+ */
+enum nft_bitwise_ops {
+       NFT_BITWISE_BOOL,
+       NFT_BITWISE_LSHIFT,
+       NFT_BITWISE_RSHIFT,
+};
+
 /**
  * enum nft_bitwise_attributes - nf_tables bitwise expression netlink attributes
  *
@@ -492,16 +506,20 @@ enum nft_immediate_attributes {
  * @NFTA_BITWISE_LEN: length of operands (NLA_U32)
  * @NFTA_BITWISE_MASK: mask value (NLA_NESTED: nft_data_attributes)
  * @NFTA_BITWISE_XOR: xor value (NLA_NESTED: nft_data_attributes)
+ * @NFTA_BITWISE_OP: type of operation (NLA_U32: nft_bitwise_ops)
+ * @NFTA_BITWISE_DATA: argument for non-boolean operations
+ *                     (NLA_NESTED: nft_data_attributes)
  *
- * The bitwise expression performs the following operation:
+ * The bitwise expression supports boolean and shift operations.  It implements
+ * the boolean operations by performing the following operation:
  *
  * dreg = (sreg & mask) ^ xor
  *
- * which allow to express all bitwise operations:
+ * with these mask and xor values:
  *
  *             mask    xor
  * NOT:                1       1
- * OR:         0       x
+ * OR:         ~x      x
  * XOR:                1       x
  * AND:                x       0
  */
@@ -512,6 +530,8 @@ enum nft_bitwise_attributes {
        NFTA_BITWISE_LEN,
        NFTA_BITWISE_MASK,
        NFTA_BITWISE_XOR,
+       NFTA_BITWISE_OP,
+       NFTA_BITWISE_DATA,
        __NFTA_BITWISE_MAX
 };
 #define NFTA_BITWISE_MAX       (__NFTA_BITWISE_MAX - 1)