From 24b35d0b8950407ce85eefef18576d54f1e2c20e Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Fri, 13 Jan 2012 22:52:44 +0100 Subject: Exceptions support added to hash:*net* types The "nomatch" keyword and option is added to the hash:*net* types, by which one can add exception entries to sets. Example: ipset create test hash:net ipset add test 192.168.0/24 ipset add test 192.168.0/30 nomatch In this case the IP addresses from 192.168.0/24 except 192.168.0/30 match the elements of the set. --- lib/data.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'lib/data.c') diff --git a/lib/data.c b/lib/data.c index 0210b7b..3bbb75b 100644 --- a/lib/data.c +++ b/lib/data.c @@ -319,11 +319,20 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value) case IPSET_OPT_PHYSDEV: cadt_flag_type_attr(data, opt, IPSET_FLAG_PHYSDEV); break; + case IPSET_OPT_NOMATCH: + cadt_flag_type_attr(data, opt, IPSET_FLAG_NOMATCH); + break; case IPSET_OPT_FLAGS: data->flags = *(const uint32_t *)value; break; case IPSET_OPT_CADT_FLAGS: data->cadt_flags = *(const uint32_t *)value; + if (data->cadt_flags & IPSET_FLAG_BEFORE) + ipset_data_flags_set(data, IPSET_FLAG(IPSET_OPT_BEFORE)); + if (data->cadt_flags & IPSET_FLAG_PHYSDEV) + ipset_data_flags_set(data, IPSET_FLAG(IPSET_OPT_PHYSDEV)); + if (data->cadt_flags & IPSET_FLAG_NOMATCH) + ipset_data_flags_set(data, IPSET_FLAG(IPSET_OPT_NOMATCH)); break; default: return -1; @@ -432,6 +441,7 @@ ipset_data_get(const struct ipset_data *data, enum ipset_opt opt) case IPSET_OPT_CADT_FLAGS: case IPSET_OPT_BEFORE: case IPSET_OPT_PHYSDEV: + case IPSET_OPT_NOMATCH: return &data->cadt_flags; default: return NULL; @@ -485,6 +495,7 @@ ipset_data_sizeof(enum ipset_opt opt, uint8_t family) /* Flags doesn't counted once :-( */ case IPSET_OPT_BEFORE: case IPSET_OPT_PHYSDEV: + case IPSET_OPT_NOMATCH: return sizeof(uint32_t); default: return 0; -- cgit v1.2.3