IPFS Swarm Filters: Alternative to CIDR?

Okay, I really hope I’m not missing something silly here, but before I start writing out swarm filters for 192.168.{0…255}.0/24, I figured I’d better ask if there’s a better way.

I know that Swarm filters are deny-only, so there isn’t a way to say “deny this range except another range”. I’m just having trouble figuring out how to efficiently make a group of deny ranges that still allows a /24 within the larger /16 range.

So, for example, I’m trying to exclude 192.168.0.0/16, while including 192.168.5.0/24. I could imagine carving out a good chunk of that with a bitmask such as 255.255.7.0, but that doesn’t translate to CIDR. Does multiaddr have a way to use a bitmask instead of a CIDR, and is it supported in IPFS?

So far, the closest workaround I can come by is to go bit-by-bit in the third octet like this:

192.168.128.0/17
192.168.64.0/18
192.168.32.0/19
192.168.16.0/20
192.168.8.0/21

After that my binary gets a bit fuzzy:

192.168.0.0/22
192.168.2.0/23
192.168.0.0/24

(Edit: Update: The above didn’t work as I was still able to (attempt) to connect to 192.168.6.0/24)

Alternatively I could just put in entries for anything smaller than /21:

192.168.0.0/24
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.4.0/24
192.168.6.0/24
192.168.7.0/24

(Edit: Update: After testing, the above did work.

I realize looking through the issues in ipfs/go-ipfs on github that there is a technical hurdle to adding allow-list functionality to swarm filters. Instead, is there a way to use a bitmask instead of CIDR?

Thanks in advance for any clues

Unfortunately, there isn’t an existing solution for this within go-ipfs. With libp2p, you can pass arbitrary functions to filter addresses, but you obviously can’t do that with go-ipfs.

That is unfortunate. This is not entirely unexpected as I couldn’t see any mention of multiaddr having support for bitmasks. Thankfully, my rather brute-force workaround mentioned above worked, although I don’t know what strain might be caused by having a large number of filters.

At the moment, it checks each one sequentially. A bit unfortunate but it shouldn’t slow you down too much.