From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 932F0C25B06 for ; Thu, 4 Aug 2022 22:11:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232491AbiHDWLT (ORCPT ); Thu, 4 Aug 2022 18:11:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43368 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230335AbiHDWLS (ORCPT ); Thu, 4 Aug 2022 18:11:18 -0400 X-Greylist: delayed 101 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Thu, 04 Aug 2022 15:11:17 PDT Received: from rin.romanrm.net (rin.romanrm.net [51.158.148.128]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 350D113EA6 for ; Thu, 4 Aug 2022 15:11:16 -0700 (PDT) Received: from nvm (nvm2.home.romanrm.net [IPv6:fd39::4a:3cff:fe57:d6b5]) by rin.romanrm.net (Postfix) with SMTP id 30B3F5A5 for ; Thu, 4 Aug 2022 22:09:31 +0000 (UTC) Date: Fri, 5 Aug 2022 03:09:29 +0500 From: Roman Mamedov To: netdev@vger.kernel.org Subject: [iproute2] Rightmost part IPv6 address masking? Message-ID: <20220805030929.613f7bc7@nvm> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Hello, ip6tables supports the little-known format to mask the rightmost part of an IPv6 address: # ip6tables -A FORWARD -d ::a:b:c:d/::ffff:ffff:ffff:ffff -j ACCEPT would match any IP which ends with the specified sequence, i.e.: *:*:*:*:a:b:c:d. This is really useful in cases where the ISP provides a dynamic IPv6 prefix, or there are prefixes from multiple ISPs in a LAN. However in iproute2 there is no such support for "ip rule": # ip -6 rule add from ::a:b:c:d/::ffff:ffff:ffff:ffff lookup main Error: inet6 prefix is expected rather than "::a:b:c:d/::ffff:ffff:ffff:ffff". I suppose the iproute2 developers might be reading this, so could you please consider adding support for masks like these? Aside from that, would you reckon there's a limitation which would prevent this kind of masks from working on the kernels-side? Or maybe anyone can suggest the proper way to specify this for "ip rule" which is supported currently? Thanks -- With respect, Roman