Could you send me then the patch?
OK, I am posting this for future reference - as it turned out, for some
reason the method I used to compile/build the kernel modules which form
part of ipset was not up to scratch ("cp -al" has a lot to answer for!)
and, apparently, 2 vital files/patches were missed:
kernel/include/linux/netfilter/ipset/ip_set_ahash.h as well as a hunk in
net/netfilter/ipset/pfxlen.c.
The kernel compilation miraculously succeeded, but I was not able to use
the nomatch option, until I fixed the error thanks to Jozsef's help and
assistance.
-bash-4.1# ipset a test-net 10.1.2.7 timeout 0 nomatch
-bash-4.1# ipset l test-net
Name: test-net
Type: hash:net
Header: family inet hashsize 64 maxelem 5 timeout 0
Size in memory: 924
References: 18
Members:
10.1.2.7 timeout 0 nomatch
10.1.2.0/24 timeout 0
-bash-4.1# ipset t test-net 10.1.2.7
10.1.2.7 is NOT in set test-net.
So, it all works now!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
