diff options
| author | Eric Westbrook <eric@westbrook.io> | 2018-08-28 15:14:42 -0600 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-11-01 00:29:43 +0100 |
| commit | 886503f34d63e681662057448819edb5b1057a97 (patch) | |
| tree | 6bb0b6412a9ffdc1ba20d77655774bf654434f9f /arch | |
| parent | 439cd39ea136d2c026805264d58a91f36b6b64ca (diff) | |
| download | linux-886503f34d63e681662057448819edb5b1057a97.tar.gz linux-886503f34d63e681662057448819edb5b1057a97.tar.bz2 linux-886503f34d63e681662057448819edb5b1057a97.zip | |
netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net
Allow /0 as advertised for hash:net,port,net sets.
For "hash:net,port,net", ipset(8) says that "either subnet
is permitted to be a /0 should you wish to match port
between all destinations."
Make that statement true.
Before:
# ipset create cidrzero hash:net,port,net
# ipset add cidrzero 0.0.0.0/0,12345,0.0.0.0/0
ipset v6.34: The value of the CIDR parameter of the IP address is invalid
# ipset create cidrzero6 hash:net,port,net family inet6
# ipset add cidrzero6 ::/0,12345,::/0
ipset v6.34: The value of the CIDR parameter of the IP address is invalid
After:
# ipset create cidrzero hash:net,port,net
# ipset add cidrzero 0.0.0.0/0,12345,0.0.0.0/0
# ipset test cidrzero 192.168.205.129,12345,172.16.205.129
192.168.205.129,tcp:12345,172.16.205.129 is in set cidrzero.
# ipset create cidrzero6 hash:net,port,net family inet6
# ipset add cidrzero6 ::/0,12345,::/0
# ipset test cidrzero6 fe80::1,12345,ff00::1
fe80::1,tcp:12345,ff00::1 is in set cidrzero6.
See also:
https://bugzilla.kernel.org/show_bug.cgi?id=200897
https://github.com/ewestbrook/linux/commit/df7ff6efb0934ab6acc11f003ff1a7580d6c1d9c
Signed-off-by: Eric Westbrook <linux@westbrook.io>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'arch')
0 files changed, 0 insertions, 0 deletions