summaryrefslogtreecommitdiffstats
path: root/include/libipset
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2012-09-21 21:03:24 +0200
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2012-09-21 21:03:24 +0200
commit3a3794573386d0cb2930a9daad5615036c06f4e2 (patch)
tree52dc8066bff6301af9910a47f8e235336f77e8a8 /include/libipset
parent3578220cf27c3e7017dd8af6b17c08218cf632d0 (diff)
Support to match elements marked with "nomatch" in hash:*net* sets
Exceptions can now be matched and we can branch according to the possible cases: a. match in the set if the element is not flagged as "nomatch" b. match in the set if the element is flagged with "nomatch" c. no match i.e. iptables ... -m set --match-set ... -j ... iptables ... -m set --match-set ... --nomatch-entries -j ... ...
Diffstat (limited to 'include/libipset')
-rw-r--r--include/libipset/linux_ip_set.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/include/libipset/linux_ip_set.h b/include/libipset/linux_ip_set.h
index 008da06..d3267a4 100644
--- a/include/libipset/linux_ip_set.h
+++ b/include/libipset/linux_ip_set.h
@@ -190,6 +190,7 @@ enum ip_set_dim {
* If changed, new revision of iptables match/target is required.
*/
IPSET_DIM_MAX = 6,
+ IPSET_BIT_RETURN_NOMATCH = 7,
};
/* Option flags for kernel operations */
@@ -198,6 +199,7 @@ enum ip_set_kopt {
IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE),
IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO),
IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
+ IPSET_RETURN_NOMATCH = (1 << IPSET_BIT_RETURN_NOMATCH),
};
#endif /* __IP_SET_H */