bugzilla-daemon at netfilter.org
2019-Oct-16 09:42 UTC
[Bug 1373] New: [ipset] ability to use a more complex mask on hash:*net* functionality for family ipv6
https://bugzilla.netfilter.org/show_bug.cgi?id=1373
Bug ID: 1373
Summary: [ipset] ability to use a more complex mask on
hash:*net* functionality for family ipv6
Product: ipset
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: default
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: philippe.guibert at 6wind.com
Today, it is possible to apply a subnet mask.
ipset create foo hash:net family ipv6
ipset add foo 1001::0/112
The need is to use hexadecimal format of mask, to be able to create more subtle
masks. This filter can be useful, if one wants to filter only on the last 4
bytes of the ipv6 address, because we know this is an IPv4 mapped IPv6 address.
example:
ipset add foo 1001::0/0xffffff00
# above example does not look at the first 12 bytes of the ipv6 address, and
will focus on only 3 bytes of the incoming IPv6 address.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191016/179ff57e/attachment.html>
bugzilla-daemon at netfilter.org
2019-Oct-31 13:27 UTC
[Bug 1373] [ipset] ability to use a more complex mask on hash:*net* functionality for family ipv6
https://bugzilla.netfilter.org/show_bug.cgi?id=1373
Jozsef Kadlecsik <kadlec at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kadlec at netfilter.org
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
--- Comment #1 from Jozsef Kadlecsik <kadlec at netfilter.org> ---
The code is based on the assumption of CIDR subnet masks. It is not possible to
extend it to support masks which cannot be expressed in CIDR numbers, sorry.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191031/a278a5c8/attachment.html>
Reasonably Related Threads
- [Bug 842] New: Addition of iptables rule referencing an ipset of the wrong address family does not fail
- [Bug 1369] New: ipset save|list -sorted sorts alphabetically instead of naturally
- [Bug 1750] New: 'ipset save' does not save in format loadable by systemd (it saves in 'ipset list' format)
- [Bug 1081] New: /tmp/ccKT2Q7s.o: In function `help': ipset.c:(.text+0x27c): undefined reference to `ipset_envopts'
- [Bug 880] New: ipset doesn't refresh the timeout for an existing entry when the table is FULL.