Re: [ANNOUNCE] ipset-5.0 released

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 23 Dec 2010, Jozsef Kadlecsik wrote:

> On Thu, 23 Dec 2010, Mr Dash Four wrote:
> 
> > > The implementation behind ipset looks up the  (ipaddr, proto, port) triple
> > > in one step. Such packing don't work there.
> > >   
> > If that's the case how do you lookup IP address and port ranges then?
> 
> IP address and port ranges are exploded and the elements are inserted 
> one-by-one. And the exploded ranges are *not* converted back to ranges 
> when listing/saving the sets. At the bitmap types the ranges could be 
> converted back (not done yet), at the hash types it's not possible.

Just to illustrate:

# ipset create test hash:ip,port                          
# ipset add test 192.168.0.0/30,tcp:80-82                 
# ipset list test                                         
Name: test                                                                      
Type: hash:ip,port                                                              
Header: family inet hashsize 1024 maxelem 65536                                 
Size in memory: 16888                                                           
References: 0                                                                   
Members:                                                                        
192.168.0.3,tcp:81                                                              
192.168.0.0,tcp:82                                                              
192.168.0.1,tcp:81                                                              
192.168.0.1,tcp:82                                                              
192.168.0.3,tcp:82                                                              
192.168.0.0,tcp:80                                                              
192.168.0.2,tcp:80                                                              
192.168.0.0,tcp:81                                                              
192.168.0.1,tcp:80                                                              
192.168.0.2,tcp:82                                                              
192.168.0.2,tcp:81                                                              
192.168.0.3,tcp:80                                                              
                      
Best regards,
Jozsef
-
E-mail  : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux