Re: [PATCH iproute2-next v2 4/5] iprule: Add port mask support

[Petr Machata <petrm@nvidia.com>]

Ido Schimmel <idosch@nvidia.com> writes:

> Add port mask support, allowing users to specify a source or destination
> port with an optional mask. Example:
>
>  # ip rule add sport 80 table 100
>  # ip rule add sport 90/0xffff table 200
>  # ip rule add dport 1000-2000 table 300
>  # ip rule add sport 0x123/0xfff table 400
>  # ip rule add dport 0x4/0xff table 500
>  # ip rule add dport 0x8/0xf table 600
>  # ip rule del dport 0x8/0xf table 600
>
> In non-JSON output, the mask is not printed in case of exact match:
>
>  $ ip rule show
>  0:      from all lookup local
>  32761:  from all dport 0x4/0xff lookup 500
>  32762:  from all sport 0x123/0xfff lookup 400
>  32763:  from all dport 1000-2000 lookup 300
>  32764:  from all sport 90 lookup 200
>  32765:  from all sport 80 lookup 100
>  32766:  from all lookup main
>  32767:  from all lookup default
>
> Dump can be filtered by port value and mask:
>
>  $ ip rule show sport 80
>  32765:  from all sport 80 lookup 100
>  $ ip rule show sport 90
>  32764:  from all sport 90 lookup 200
>  $ ip rule show sport 0x123/0x0fff
>  32762:  from all sport 0x123/0xfff lookup 400
>  $ ip rule show dport 4/0xff
>  32761:  from all dport 0x4/0xff lookup 500
>
> In JSON output, the port mask is printed as an hexadecimal string to be
> consistent with other masks. The port value is printed as an integer in
> order not to break existing scripts:
>
>  $ ip -j -p rule show sport 0x123/0xfff table 400
>  [ {
>          "priority": 32762,
>          "src": "all",
>          "sport": 291,
>          "sport_mask": "0xfff",
>          "table": "400"
>      } ]
>
> The mask attribute is only sent to the kernel in case of inexact match
> so that iproute2 will continue working with kernels that do not support
> the attribute.
>
> Signed-off-by: Ido Schimmel <idosch@nvidia.com>

Reviewed-by: Petr Machata <petrm@nvidia.com>