]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0c18965) | patch
src: add negation match on singleton bitmask value
authorPablo Neira Ayuso <pablo@netfilter.org>
Mon, 1 Feb 2021 21:21:41 +0000 (22:21 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 5 Feb 2021 12:38:20 +0000 (13:38 +0100)
commite6c32b2fa0b820bc81cbb99e8ed601eabbbfac69
tree47e56d582bde34804b3913716a6c7745faa3c582tree
parent0c189656148d834b17aa9d98b0b11018bc9d2465commit | diff
src: add negation match on singleton bitmask value

This patch provides a shortcut for:

ct status and dnat == 0

which allows to check for the packet whose dnat bit is unset:

  # nft add rule x y ct status ! dnat counter

This operation is only available for expression with a bitmask basetype, eg.

  # nft describe ct status
  ct expression, datatype ct_status (conntrack status) (basetype bitmask, integer), 32 bits

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/expression.h diff | blob | blame | history
src/evaluate.c diff | blob | blame | history
src/expression.c diff | blob | blame | history
src/netlink_delinearize.c diff | blob | blame | history
src/netlink_linearize.c diff | blob | blame | history
src/parser_bison.y diff | blob | blame | history
tests/py/any/ct.t diff | blob | blame | history
tests/py/any/ct.t.payload diff | blob | blame | history
Mirror of git://git.netfilter.org/nftables