git.maquefel.me Git - linux.git/commit

author	Vishwanath Pai <vpai@akamai.com>
	Tue, 22 Nov 2022 19:30:57 +0000 (20:30 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 30 Nov 2022 17:55:36 +0000 (18:55 +0100)
commit	e9374524950512a1769f610a868fcdf89ea59b8e
tree	103f36a94f842d9bce531843809e701ef98aa317	tree \| snapshot
parent	a70e483460d58e64504dd679fd127e9549385c86	commit \| diff

netfilter: ipset: Add support for new bitmask parameter

Add a new parameter to complement the existing 'netmask' option. The
main difference between netmask and bitmask is that bitmask takes any
arbitrary ip address as input, it does not have to be a valid netmask.

The name of the new parameter is 'bitmask'. This lets us mask out
arbitrary bits in the ip address, for example:
ipset create set1 hash:ip bitmask 255.128.255.0
ipset create set2 hash:ip,port family inet6 bitmask ffff::ff80

Signed-off-by: Vishwanath Pai <vpai@akamai.com>
Signed-off-by: Joshua Hunt <johunt@akamai.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/linux/netfilter/ipset/ip_set.h		diff \| blob \| history
include/uapi/linux/netfilter/ipset/ip_set.h		diff \| blob \| history
net/netfilter/ipset/ip_set_hash_gen.h		diff \| blob \| history
net/netfilter/ipset/ip_set_hash_ip.c		diff \| blob \| history
net/netfilter/ipset/ip_set_hash_ipport.c		diff \| blob \| history
net/netfilter/ipset/ip_set_hash_netnet.c		diff \| blob \| history