Hi,
On Wed, 28 Sep 2022, Vishwanath Pai wrote:
> Create a new revision of hash:netnet and add support for bitmask
> parameter. The set did not support netmask so we'll add both netmask and
> bitmask.
The "netmask" keyword is not added to the type but the "bitmask" only.
Technically the latter covers the former one, but maybe it'd be good to
add explicit support to "netmask" as well.
Best regards,
Jozsef
> Signed-off-by: Vishwanath Pai <vpai@xxxxxxxxxx>
> Signed-off-by: Joshua Hunt <johunt@xxxxxxxxxx>
> ---
> lib/ipset_hash_netnet.c | 100 ++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 100 insertions(+)
>
> diff --git a/lib/ipset_hash_netnet.c b/lib/ipset_hash_netnet.c
> index df993b8..3898b8f 100644
> --- a/lib/ipset_hash_netnet.c
> +++ b/lib/ipset_hash_netnet.c
> @@ -387,6 +387,105 @@ static struct ipset_type ipset_hash_netnet3 = {
> .description = "bucketsize, initval support",
> };
>
> +/* bitmask support */
> +static struct ipset_type ipset_hash_netnet4 = {
> + .name = "hash:net,net",
> + .alias = { "netnethash", NULL },
> + .revision = 4,
> + .family = NFPROTO_IPSET_IPV46,
> + .dimension = IPSET_DIM_TWO,
> + .elem = {
> + [IPSET_DIM_ONE - 1] = {
> + .parse = ipset_parse_ip4_net6,
> + .print = ipset_print_ip,
> + .opt = IPSET_OPT_IP
> + },
> + [IPSET_DIM_TWO - 1] = {
> + .parse = ipset_parse_ip4_net6,
> + .print = ipset_print_ip,
> + .opt = IPSET_OPT_IP2
> + },
> + },
> + .cmd = {
> + [IPSET_CREATE] = {
> + .args = {
> + IPSET_ARG_FAMILY,
> + /* Aliases */
> + IPSET_ARG_INET,
> + IPSET_ARG_INET6,
> + IPSET_ARG_HASHSIZE,
> + IPSET_ARG_MAXELEM,
> + IPSET_ARG_TIMEOUT,
> + IPSET_ARG_COUNTERS,
> + IPSET_ARG_COMMENT,
> + IPSET_ARG_FORCEADD,
> + IPSET_ARG_SKBINFO,
> + IPSET_ARG_BUCKETSIZE,
> + IPSET_ARG_INITVAL,
> + IPSET_ARG_BITMASK,
> + IPSET_ARG_NONE,
> + },
> + .need = 0,
> + .full = 0,
> + .help = "",
> + },
> + [IPSET_ADD] = {
> + .args = {
> + IPSET_ARG_TIMEOUT,
> + IPSET_ARG_NOMATCH,
> + IPSET_ARG_PACKETS,
> + IPSET_ARG_BYTES,
> + IPSET_ARG_ADT_COMMENT,
> + IPSET_ARG_SKBMARK,
> + IPSET_ARG_SKBPRIO,
> + IPSET_ARG_SKBQUEUE,
> + IPSET_ARG_NONE,
> + },
> + .need = IPSET_FLAG(IPSET_OPT_IP)
> + | IPSET_FLAG(IPSET_OPT_IP2),
> + .full = IPSET_FLAG(IPSET_OPT_IP)
> + | IPSET_FLAG(IPSET_OPT_CIDR)
> + | IPSET_FLAG(IPSET_OPT_IP_TO)
> + | IPSET_FLAG(IPSET_OPT_IP2)
> + | IPSET_FLAG(IPSET_OPT_CIDR2)
> + | IPSET_FLAG(IPSET_OPT_IP2_TO),
> + .help = "IP[/CIDR]|FROM-TO,IP[/CIDR]|FROM-TO",
> + },
> + [IPSET_DEL] = {
> + .args = {
> + IPSET_ARG_NONE,
> + },
> + .need = IPSET_FLAG(IPSET_OPT_IP)
> + | IPSET_FLAG(IPSET_OPT_IP2),
> + .full = IPSET_FLAG(IPSET_OPT_IP)
> + | IPSET_FLAG(IPSET_OPT_CIDR)
> + | IPSET_FLAG(IPSET_OPT_IP_TO)
> + | IPSET_FLAG(IPSET_OPT_IP2)
> + | IPSET_FLAG(IPSET_OPT_CIDR2)
> + | IPSET_FLAG(IPSET_OPT_IP2_TO),
> + .help = "IP[/CIDR]|FROM-TO,IP[/CIDR]|FROM-TO",
> + },
> + [IPSET_TEST] = {
> + .args = {
> + IPSET_ARG_NOMATCH,
> + IPSET_ARG_NONE,
> + },
> + .need = IPSET_FLAG(IPSET_OPT_IP)
> + | IPSET_FLAG(IPSET_OPT_IP2),
> + .full = IPSET_FLAG(IPSET_OPT_IP)
> + | IPSET_FLAG(IPSET_OPT_CIDR)
> + | IPSET_FLAG(IPSET_OPT_IP2)
> + | IPSET_FLAG(IPSET_OPT_CIDR2),
> + .help = "IP[/CIDR],IP[/CIDR]",
> + },
> + },
> + .usage = "where depending on the INET family\n"
> + " IP is an IPv4 or IPv6 address (or hostname),\n"
> + " CIDR is a valid IPv4 or IPv6 CIDR prefix.\n"
> + " IP range is not supported with IPv6.",
> + .description = "bitmask support",
> +};
> +
> void _init(void);
> void _init(void)
> {
> @@ -394,4 +493,5 @@ void _init(void)
> ipset_type_add(&ipset_hash_netnet1);
> ipset_type_add(&ipset_hash_netnet2);
> ipset_type_add(&ipset_hash_netnet3);
> + ipset_type_add(&ipset_hash_netnet4);
> }
> --
> 2.25.1
>
>
-
E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxx
PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics
H-1525 Budapest 114, POB. 49, Hungary
