netfilter: ipset: Add bitmask support to hash:ipport

Create a new revision of hash:ipport and add support for bitmask
parameter. The set did not support netmask so we'll add both netmask and
bitmask.

Signed-off-by: Vishwanath Pai <vpai@akamai.com>
Signed-off-by: Joshua Hunt <johunt@akamai.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>

diff --git a/lib/ipset_hash_ipport.c b/lib/ipset_hash_ipport.c
index 288be10f653a692fc67130a3403543e32bfcf29f..2fa8abd430c8beb50e2f945439ad3a1f52e7402e 100644 (file)
--- a/lib/ipset_hash_ipport.c
+++ b/lib/ipset_hash_ipport.c
@@ -604,6 +604,113 @@ static struct ipset_type ipset_hash_ipport6 = {
        .description = "bucketsize, initval support",
 };
 
+/* bitmask support */
+static struct ipset_type ipset_hash_ipport7 = {
+       .name = "hash:ip,port",
+       .alias = { "ipporthash", NULL },
+       .revision = 7,
+       .family = NFPROTO_IPSET_IPV46,
+       .dimension = IPSET_DIM_TWO,
+       .elem = {
+               [IPSET_DIM_ONE - 1] = {
+                       .parse = ipset_parse_ip4_single6,
+                       .print = ipset_print_ip,
+                       .opt = IPSET_OPT_IP
+               },
+               [IPSET_DIM_TWO - 1] = {
+                       .parse = ipset_parse_proto_port,
+                       .print = ipset_print_proto_port,
+                       .opt = IPSET_OPT_PORT
+               },
+       },
+       .cmd = {
+               [IPSET_CREATE] = {
+                       .args = {
+                               IPSET_ARG_FAMILY,
+                               /* Aliases */
+                               IPSET_ARG_INET,
+                               IPSET_ARG_INET6,
+                               IPSET_ARG_HASHSIZE,
+                               IPSET_ARG_MAXELEM,
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_COUNTERS,
+                               IPSET_ARG_COMMENT,
+                               IPSET_ARG_FORCEADD,
+                               IPSET_ARG_SKBINFO,
+                               IPSET_ARG_BUCKETSIZE,
+                               IPSET_ARG_INITVAL,
+                               IPSET_ARG_NETMASK,
+                               IPSET_ARG_BITMASK,
+                               /* Ignored options: backward compatibilty */
+                               IPSET_ARG_PROBES,
+                               IPSET_ARG_RESIZE,
+                               IPSET_ARG_IGNORED_FROM,
+                               IPSET_ARG_IGNORED_TO,
+                               IPSET_ARG_IGNORED_NETWORK,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = 0,
+                       .full = 0,
+                       .help = "",
+               },
+               [IPSET_ADD] = {
+                       .args = {
+                               IPSET_ARG_TIMEOUT,
+                               IPSET_ARG_PACKETS,
+                               IPSET_ARG_BYTES,
+                               IPSET_ARG_ADT_COMMENT,
+                               IPSET_ARG_SKBMARK,
+                               IPSET_ARG_SKBPRIO,
+                               IPSET_ARG_SKBQUEUE,
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_PORT_TO),
+                       .help = "IP,[PROTO:]PORT",
+               },
+               [IPSET_DEL] = {
+                       .args = {
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_IP_TO)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT)
+                               | IPSET_FLAG(IPSET_OPT_PORT_TO),
+                       .help = "IP,[PROTO:]PORT",
+               },
+               [IPSET_TEST] = {
+                       .args = {
+                               IPSET_ARG_NONE,
+                       },
+                       .need = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT),
+                       .full = IPSET_FLAG(IPSET_OPT_IP)
+                               | IPSET_FLAG(IPSET_OPT_PROTO)
+                               | IPSET_FLAG(IPSET_OPT_PORT),
+                       .help = "IP,[PROTO:]PORT",
+               },
+       },
+       .usage = "where depending on the INET family\n"
+                "      IP is a valid IPv4 or IPv6 address (or hostname).\n"
+                "      Adding/deleting multiple elements in IP/CIDR or FROM-TO form\n"
+                "      is supported for IPv4.\n"
+                "      Adding/deleting multiple elements with TCP/SCTP/UDP/UDPLITE\n"
+                "      port range is supported both for IPv4 and IPv6.",
+       .usagefn = ipset_port_usage,
+       .description = "netmask and bitmask support",
+};
+
 void _init(void);
 void _init(void)
 {
@@ -613,4 +720,5 @@ void _init(void)
        ipset_type_add(&ipset_hash_ipport4);
        ipset_type_add(&ipset_hash_ipport5);
        ipset_type_add(&ipset_hash_ipport6);
+       ipset_type_add(&ipset_hash_ipport7);
 }