Add a new parameter to complement the existing 'netmask' option. The
main difference between netmask and bitmask is that bitmask takes any
arbitrary ip address as input, it does not have to be a valid netmask.
The name of the new parameter is 'bitmask'. This lets us mask out
arbitrary bits in the ip address, for example:
ipset create set1 hash:ip bitmask 255.128.255.0
ipset create set2 hash:ip,port family inet6 bitmask ffff::ff80
This patchset contains userspace patches, I will submit the kernel patch
separately.
Changes in v3:
* Add netmask option to hash:net,net
* Update man page for hash:net,net
* Add netmask tests to hash:net,net
* Add check in userspace to make sure netmask and bitmask options are mutually exclusive
* Add a test to make sure netmask/bitmask are mutually exclusive
Changes in v2:
* Removed the changes to nf_inet_addr.h and nfproto.h, this will break on older kernels
* Remove bitmask option from net,net since it is redundant, update the manpage
* Add tests for the new bitmask param (similar to netmask tests)
Vishwanath Pai (6):
netfilter: ipset: Add support for new bitmask parameter
netfilter: ipset: Add bitmask support to hash:ip
netfilter: ipset: Add bitmask support to hash:ipport
netfilter: ipset: Add bitmask support to hash:netnet
netfilter: ipset: Update the man page to include netmask/bitmask
options
netfilter: ipset: add tests for the new bitmask feature
include/libipset/args.h | 1 +
include/libipset/data.h | 6 +-
include/libipset/linux_ip_set.h | 2 +
include/libipset/parse.h | 2 +
lib/args.c | 8 +++
lib/data.c | 10 +++
lib/debug.c | 1 +
lib/errcode.c | 2 +
lib/ipset_hash_ip.c | 86 +++++++++++++++++++++++
lib/ipset_hash_ipport.c | 108 +++++++++++++++++++++++++++++
lib/ipset_hash_netnet.c | 101 +++++++++++++++++++++++++++
lib/parse.c | 43 ++++++++++++
lib/print.c | 3 +-
lib/session.c | 8 +++
src/ipset.8 | 33 ++++++++-
tests/hash:ip,port.t | 118 ++++++++++++++++++++++++++++++++
tests/hash:ip,port.t.list3 | 11 +++
tests/hash:ip,port.t.list4 | 9 +++
tests/hash:ip,port.t.list5 | 11 +++
tests/hash:ip,port.t.list6 | 9 +++
tests/hash:ip,port.t.list7 | 9 +++
tests/hash:ip.t | 76 +++++++++++++++++++-
tests/hash:ip.t.list4 | 11 +++
tests/hash:ip.t.list5 | 9 +++
tests/hash:ip.t.list6 | 9 +++
tests/hash:net,net.t | 106 ++++++++++++++++++++++++++++
tests/hash:net,net.t.list3 | 11 +++
tests/hash:net,net.t.list4 | 9 +++
tests/hash:net,net.t.list5 | 11 +++
tests/hash:net,net.t.list6 | 9 +++
tests/hash:net,net.t.list7 | 9 +++
31 files changed, 834 insertions(+), 7 deletions(-)
create mode 100644 tests/hash:ip,port.t.list3
create mode 100644 tests/hash:ip,port.t.list4
create mode 100644 tests/hash:ip,port.t.list5
create mode 100644 tests/hash:ip,port.t.list6
create mode 100644 tests/hash:ip,port.t.list7
create mode 100644 tests/hash:ip.t.list4
create mode 100644 tests/hash:ip.t.list5
create mode 100644 tests/hash:ip.t.list6
create mode 100644 tests/hash:net,net.t.list3
create mode 100644 tests/hash:net,net.t.list4
create mode 100644 tests/hash:net,net.t.list5
create mode 100644 tests/hash:net,net.t.list6
create mode 100644 tests/hash:net,net.t.list7
--
2.25.1
