netfilter: ipset: Add support for new bitmask parameter

Add a new parameter to complement the existing 'netmask' option. The main difference between netmask and bitmask is that bitmask takes any arbitrary ip address as input, it does not have to be a valid netmask. The name of the new parameter is 'bitmask'. This lets us mask out arbitrary bits in the ip address, for example: ipset create set1 hash:ip bitmask 255.128.255.0 ipset create set2 hash:ip,port family inet6 bitmask ffff::ff80 Signed-off-by: Vishwanath Pai <vpai@akamai.com> Signed-off-by: Joshua Hunt <johunt@akamai.com> Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
author: Vishwanath Pai <vpai@akamai.com> 2022-11-10 16:31:26 -0500
committer: Jozsef Kadlecsik <kadlec@netfilter.org> 2022-11-20 21:56:15 +0100
commit: b50666c0973336f6341dd74288352d2f611d7430 (patch)
tree: bf65dbf9085e50dbbcd241771f20ad74640e3473 /lib/print.c
parent: ac8e3cfbafdcd0dbb97b2a1d0dcd093549820c69 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/print.c b/lib/print.c
index a7ffd81..50f0ad6 100644
--- a/lib/print.c
+++ b/lib/print.c
@@ -265,7 +265,7 @@ ipset_print_ip(char *buf, unsigned int len,
 	assert(buf);
 	assert(len > 0);
 	assert(data);
-	assert(opt == IPSET_OPT_IP || opt == IPSET_OPT_IP2);
+	assert(opt == IPSET_OPT_IP || opt == IPSET_OPT_IP2 || opt == IPSET_OPT_BITMASK);
 
 	D("len: %u", len);
 	family = ipset_data_family(data);
@@ -976,6 +976,7 @@ ipset_print_data(char *buf, unsigned int len,
 		size = ipset_print_elem(buf, len, data, opt, env);
 		break;
 	case IPSET_OPT_IP:
+	case IPSET_OPT_BITMASK:
 		size = ipset_print_ip(buf, len, data, opt, env);
 		break;
 	case IPSET_OPT_PORT:
author	Vishwanath Pai <vpai@akamai.com>	2022-11-10 16:31:26 -0500
committer	Jozsef Kadlecsik <kadlec@netfilter.org>	2022-11-20 21:56:15 +0100
commit	b50666c0973336f6341dd74288352d2f611d7430 (patch)
tree	bf65dbf9085e50dbbcd241771f20ad74640e3473 /lib/print.c
parent	ac8e3cfbafdcd0dbb97b2a1d0dcd093549820c69 (diff)