diff options
author | Vishwanath Pai <vpai@akamai.com> | 2022-11-10 16:31:26 -0500 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@netfilter.org> | 2022-11-20 21:56:15 +0100 |
commit | b50666c0973336f6341dd74288352d2f611d7430 (patch) | |
tree | bf65dbf9085e50dbbcd241771f20ad74640e3473 /lib/errcode.c | |
parent | ac8e3cfbafdcd0dbb97b2a1d0dcd093549820c69 (diff) |
netfilter: ipset: Add support for new bitmask parameter
Add a new parameter to complement the existing 'netmask' option. The
main difference between netmask and bitmask is that bitmask takes any
arbitrary ip address as input, it does not have to be a valid netmask.
The name of the new parameter is 'bitmask'. This lets us mask out
arbitrary bits in the ip address, for example:
ipset create set1 hash:ip bitmask 255.128.255.0
ipset create set2 hash:ip,port family inet6 bitmask ffff::ff80
Signed-off-by: Vishwanath Pai <vpai@akamai.com>
Signed-off-by: Joshua Hunt <johunt@akamai.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Diffstat (limited to 'lib/errcode.c')
-rw-r--r-- | lib/errcode.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/errcode.c b/lib/errcode.c index 76bab74..49c97a1 100644 --- a/lib/errcode.c +++ b/lib/errcode.c @@ -44,6 +44,8 @@ static const struct ipset_errcode_table core_errcode_table[] = { "The value of the markmask parameter is invalid" }, { IPSET_ERR_INVALID_FAMILY, 0, "Protocol family not supported by the set type" }, + { IPSET_ERR_BITMASK_NETMASK_EXCL, 0, + "netmask and bitmask options are mutually exclusive, provide only one" }, /* DESTROY specific error codes */ { IPSET_ERR_BUSY, IPSET_CMD_DESTROY, |