Hi Pablo,
Please apply the next patch to your nf-next tree, which introduces a new feature
in ipset:
- The patch adds the new "bitmask" parameter to the hash:ip, hash:ip,port and
hash:net,net types. While the existing "netmask" parameter accepts only valid
netmask values, "bitmask" takes any arbitrary IP address and makes possible
to mask out arbitrary bits. Patch is from Vishwanath Pai.
Best regards,
Jozsef
The following changes since commit ab0377803dafc58f1e22296708c1c28e309414d6:
mrp: introduce active flags to prevent UAF when applicant uninit (2022-11-18 12:14:55 +0000)
are available in the Git repository at:
git://blackhole.kfki.hu/nf-next b16269331983edf64f
for you to fetch changes up to b16269331983edf64ff0c4a5286b900502a362a8:
netfilter: ipset: Add support for new bitmask parameter (2022-11-22 20:21:11 +0100)
----------------------------------------------------------------
Vishwanath Pai (1):
netfilter: ipset: Add support for new bitmask parameter
include/linux/netfilter/ipset/ip_set.h | 10 ++++
include/uapi/linux/netfilter/ipset/ip_set.h | 2 +
net/netfilter/ipset/ip_set_hash_gen.h | 71 +++++++++++++++++++++++++----
net/netfilter/ipset/ip_set_hash_ip.c | 19 ++++----
net/netfilter/ipset/ip_set_hash_ipport.c | 24 +++++++++-
net/netfilter/ipset/ip_set_hash_netnet.c | 26 +++++++++--
6 files changed, 126 insertions(+), 26 deletions(-)
