netfilter: nf_tables: add range expression Inverse ranges != [a,b] are not currently possible because rules are composites of && operations, and we need to express this: data < a || data > b This patch adds a new range expression. Positive ranges can be already through two cmp expressions: cmp(sreg, data, >=) cmp(sreg, data, <=) This new range expression provides an alternative way to express this. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit: 0f3cd9b3697708c86a825ae3cedabf7be6fd3e72 [log] [tgz]
author: Pablo Neira Ayuso <pablo@netfilter.org> Fri Sep 23 15:23:33 2016 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> Sun Sep 25 23:16:42 2016 +0200
tree: 14b59bebf1a6dc16a961864a93febfbacc4d3715
parent: 7a682575ad4829b4de3e672a6ad5f73a05826b82 [diff] [blame]
diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c
index 67259ce..7c94ce0 100644
--- a/net/netfilter/nf_tables_core.c
+++ b/net/netfilter/nf_tables_core.c

@@ -263,8 +263,13 @@
 	if (err < 0)
 		goto err7;
 
-	return 0;
+	err = nft_range_module_init();
+	if (err < 0)
+		goto err8;
 
+	return 0;
+err8:
+	nft_dynset_module_exit();
 err7:
 	nft_payload_module_exit();
 err6:
commit	0f3cd9b3697708c86a825ae3cedabf7be6fd3e72	[log] [tgz]
author	Pablo Neira Ayuso <pablo@netfilter.org>	Fri Sep 23 15:23:33 2016 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	Sun Sep 25 23:16:42 2016 +0200
tree	14b59bebf1a6dc16a961864a93febfbacc4d3715
parent	7a682575ad4829b4de3e672a6ad5f73a05826b82 [diff] [blame]