diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-01-13 22:52:44 +0100 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-01-13 22:52:44 +0100 |
commit | 24b35d0b8950407ce85eefef18576d54f1e2c20e (patch) | |
tree | 8ecba4e1c02fb03cfab8ae0f37ab60b7455c137f /lib/data.c | |
parent | dd71826fcfcfcc8c36f0508cc183dd222da40452 (diff) |
Exceptions support added to hash:*net* types
The "nomatch" keyword and option is added to the hash:*net* types,
by which one can add exception entries to sets. Example:
ipset create test hash:net
ipset add test 192.168.0/24
ipset add test 192.168.0/30 nomatch
In this case the IP addresses from 192.168.0/24 except 192.168.0/30
match the elements of the set.
Diffstat (limited to 'lib/data.c')
-rw-r--r-- | lib/data.c | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -319,11 +319,20 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value) case IPSET_OPT_PHYSDEV: cadt_flag_type_attr(data, opt, IPSET_FLAG_PHYSDEV); break; + case IPSET_OPT_NOMATCH: + cadt_flag_type_attr(data, opt, IPSET_FLAG_NOMATCH); + break; case IPSET_OPT_FLAGS: data->flags = *(const uint32_t *)value; break; case IPSET_OPT_CADT_FLAGS: data->cadt_flags = *(const uint32_t *)value; + if (data->cadt_flags & IPSET_FLAG_BEFORE) + ipset_data_flags_set(data, IPSET_FLAG(IPSET_OPT_BEFORE)); + if (data->cadt_flags & IPSET_FLAG_PHYSDEV) + ipset_data_flags_set(data, IPSET_FLAG(IPSET_OPT_PHYSDEV)); + if (data->cadt_flags & IPSET_FLAG_NOMATCH) + ipset_data_flags_set(data, IPSET_FLAG(IPSET_OPT_NOMATCH)); break; default: return -1; @@ -432,6 +441,7 @@ ipset_data_get(const struct ipset_data *data, enum ipset_opt opt) case IPSET_OPT_CADT_FLAGS: case IPSET_OPT_BEFORE: case IPSET_OPT_PHYSDEV: + case IPSET_OPT_NOMATCH: return &data->cadt_flags; default: return NULL; @@ -485,6 +495,7 @@ ipset_data_sizeof(enum ipset_opt opt, uint8_t family) /* Flags doesn't counted once :-( */ case IPSET_OPT_BEFORE: case IPSET_OPT_PHYSDEV: + case IPSET_OPT_NOMATCH: return sizeof(uint32_t); default: return 0; |