Exceptions support added to hash:*net* types

The "nomatch" keyword and option is added to the hash:*net* types,
by which one can add exception entries to sets. Example:

	ipset create test hash:net
	ipset add test 192.168.0/24
	ipset add test 192.168.0/30 nomatch

In this case the IP addresses from 192.168.0/24 except 192.168.0/30
match the elements of the set.

1 files changed, 11 insertions, 0 deletions

diff --git a/lib/data.c b/lib/data.c
index 0210b7b..3bbb75b 100644
--- a/lib/data.c
+++ b/lib/data.c
@@ -319,11 +319,20 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value)
 	case IPSET_OPT_PHYSDEV:
 		cadt_flag_type_attr(data, opt, IPSET_FLAG_PHYSDEV);
 		break;
+	case IPSET_OPT_NOMATCH:
+		cadt_flag_type_attr(data, opt, IPSET_FLAG_NOMATCH);
+		break;
 	case IPSET_OPT_FLAGS:
 		data->flags = *(const uint32_t *)value;
 		break;
 	case IPSET_OPT_CADT_FLAGS:
 		data->cadt_flags = *(const uint32_t *)value;
+		if (data->cadt_flags & IPSET_FLAG_BEFORE)
+			ipset_data_flags_set(data, IPSET_FLAG(IPSET_OPT_BEFORE));
+		if (data->cadt_flags & IPSET_FLAG_PHYSDEV)
+			ipset_data_flags_set(data, IPSET_FLAG(IPSET_OPT_PHYSDEV));
+		if (data->cadt_flags & IPSET_FLAG_NOMATCH)
+			ipset_data_flags_set(data, IPSET_FLAG(IPSET_OPT_NOMATCH));
 		break;
 	default:
 		return -1;
@@ -432,6 +441,7 @@ ipset_data_get(const struct ipset_data *data, enum ipset_opt opt)
 	case IPSET_OPT_CADT_FLAGS:
 	case IPSET_OPT_BEFORE:
 	case IPSET_OPT_PHYSDEV:
+	case IPSET_OPT_NOMATCH:
 		return &data->cadt_flags;
 	default:
 		return NULL;
@@ -485,6 +495,7 @@ ipset_data_sizeof(enum ipset_opt opt, uint8_t family)
 	/* Flags doesn't counted once :-( */
 	case IPSET_OPT_BEFORE:
 	case IPSET_OPT_PHYSDEV:
+	case IPSET_OPT_NOMATCH:
 		return sizeof(uint32_t);
 	default:
 		return 0;