diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-09-21 21:03:24 +0200 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-09-21 21:03:24 +0200 |
commit | 3a3794573386d0cb2930a9daad5615036c06f4e2 (patch) | |
tree | 52dc8066bff6301af9910a47f8e235336f77e8a8 /include/libipset/linux_ip_set.h | |
parent | 3578220cf27c3e7017dd8af6b17c08218cf632d0 (diff) |
Support to match elements marked with "nomatch" in hash:*net* sets
Exceptions can now be matched and we can branch according to the
possible cases:
a. match in the set if the element is not flagged as "nomatch"
b. match in the set if the element is flagged with "nomatch"
c. no match
i.e.
iptables ... -m set --match-set ... -j ...
iptables ... -m set --match-set ... --nomatch-entries -j ...
...
Diffstat (limited to 'include/libipset/linux_ip_set.h')
-rw-r--r-- | include/libipset/linux_ip_set.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/libipset/linux_ip_set.h b/include/libipset/linux_ip_set.h index 008da06..d3267a4 100644 --- a/include/libipset/linux_ip_set.h +++ b/include/libipset/linux_ip_set.h @@ -190,6 +190,7 @@ enum ip_set_dim { * If changed, new revision of iptables match/target is required. */ IPSET_DIM_MAX = 6, + IPSET_BIT_RETURN_NOMATCH = 7, }; /* Option flags for kernel operations */ @@ -198,6 +199,7 @@ enum ip_set_kopt { IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE), IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO), IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE), + IPSET_RETURN_NOMATCH = (1 << IPSET_BIT_RETURN_NOMATCH), }; #endif /* __IP_SET_H */ |