On Thu, 17 Sep 2009, Eric Leblond wrote: > Hi, > > Le jeudi 17 septembre 2009 a 21:15 +0200, Mikulas Patocka a écrit : > > Hi > > > > Here I submit an iptables module that can match large amounts (millions) > > of ip addresses efficiently using binary search. > > What are the differences with ipset ? (http://ipset.netfilter.org/) > > BR, What I wrote is static --- once loaded, then used. The only way to update the addresses is to reload it. Ipset is dynamic (and has more memory consumption because of it). In my implementation, the kernel reads the ip addresses, in ipset, the userspace tool reads them. I didn't know about ipset before because it is not in the kernel (will it ever be?) Mikulas
