git.ipfire.org Git - thirdparty/ipset.git/commit

author	Vishwanath Pai <vpai@akamai.com>
	Thu, 10 Nov 2022 21:30:26 +0000 (16:30 -0500)
committer	Jozsef Kadlecsik <kadlec@netfilter.org>
	Sun, 20 Nov 2022 20:53:05 +0000 (21:53 +0100)
commit	ac8e3cfbafdcd0dbb97b2a1d0dcd093549820c69
tree	6bff3a5ce7d7aeb9e0cc72043295de6b926e616f	tree \| snapshot
parent	b9194d8cc41e8c0a028d98f2d2fb5d08552cf7f0	commit \| diff

netfilter: ipset: Add support for new bitmask parameter

Add a new parameter to complement the existing 'netmask' option. The
main difference between netmask and bitmask is that bitmask takes any
arbitrary ip address as input, it does not have to be a valid netmask.

The name of the new parameter is 'bitmask'. This lets us mask out
arbitrary bits in the ip address, for example:
ipset create set1 hash:ip bitmask 255.128.255.0
ipset create set2 hash:ip,port family inet6 bitmask ffff::ff80

Signed-off-by: Vishwanath Pai <vpai@akamai.com>
Signed-off-by: Joshua Hunt <johunt@akamai.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>

kernel/include/linux/netfilter/ipset/ip_set.h		diff \| blob \| blame \| history
kernel/include/uapi/linux/netfilter/ipset/ip_set.h		diff \| blob \| blame \| history
kernel/net/netfilter/ipset/ip_set_hash_gen.h		diff \| blob \| blame \| history
kernel/net/netfilter/ipset/ip_set_hash_ip.c		diff \| blob \| blame \| history
kernel/net/netfilter/ipset/ip_set_hash_ipport.c		diff \| blob \| blame \| history
kernel/net/netfilter/ipset/ip_set_hash_netnet.c		diff \| blob \| blame \| history