[Bug 1373] New: [ipset] ability to use a more complex mask on hash:*net* functionality for family ipv6

[bugzilla-daemon at netfilter.org]

https://bugzilla.netfilter.org/show_bug.cgi?id=1373

            Bug ID: 1373
           Summary: [ipset] ability to use a more complex mask on
                    hash:*net* functionality for family ipv6
           Product: ipset
           Version: unspecified
          Hardware: x86_64
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: default
          Assignee: netfilter-buglog at lists.netfilter.org
          Reporter: philippe.guibert at 6wind.com

Today, it is possible to apply a subnet mask.

ipset create foo hash:net family ipv6
ipset add foo 1001::0/112

The need is to use hexadecimal format of mask, to be able to create more subtle
masks. This filter can be useful, if one wants to filter only on the last 4
bytes of the ipv6 address, because we know this is an IPv4 mapped IPv6 address.

example:
ipset add foo 1001::0/0xffffff00

# above example does not look at the first 12 bytes of the ipv6 address, and
will focus on only 3 bytes of the incoming IPv6 address.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191016/179ff57e/attachment.html>