Add port mask support, allowing users to specify a source or destination
port with an optional mask. Example:
# ip rule add sport 80 table 100
# ip rule add sport 90/0xffff table 200
# ip rule add dport 1000-2000 table 300
# ip rule add sport 0x123/0xfff table 400
# ip rule add dport 0x4/0xff table 500
# ip rule add dport 0x8/0xf table 600
# ip rule del dport 0x8/0xf table 600
In non-JSON output, the mask is not printed in case of exact match:
$ ip rule show
0: from all lookup local
32761: from all dport 0x4/0xff lookup 500
32762: from all sport 0x123/0xfff lookup 400
32763: from all dport 1000-2000 lookup 300
32764: from all sport 90 lookup 200
32765: from all sport 80 lookup 100
32766: from all lookup main
32767: from all lookup default
Dump can be filtered by port value and mask:
$ ip rule show sport 80
32765: from all sport 80 lookup 100
$ ip rule show sport 90
32764: from all sport 90 lookup 200
$ ip rule show sport 0x123/0x0fff
32762: from all sport 0x123/0xfff lookup 400
$ ip rule show dport 4/0xff
32761: from all dport 0x4/0xff lookup 500
In JSON output, the port mask is printed as an hexadecimal string to be
consistent with other masks. The port value is printed as an integer in
order not to break existing scripts:
$ ip -j -p rule show sport 0x123/0xfff table 400
[ {
"priority": 32762,
"src": "all",
"sport": 291,
"sport_mask": "0xfff",
"table": "400"
} ]
The mask attribute is only sent to the kernel in case of inexact match
so that iproute2 will continue working with kernels that do not support
the attribute.
Signed-off-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Petr Machata <petrm@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
projects / thirdparty / iproute2.git / commit
