You shouldn't use hash:ip with ranges for IPv4 too because the range
members are added individually, which is less efficient both memory
and performance wise, see:
$ ipset create foo hash:ip hashsize 64
$ ipset add foo 192.168.1.0/30
$ ipset list foo
Name: foo
Type: hash:ip
Header: family inet hashsize 64 maxelem 65536
Size in memory: 628
References: 0
Members:
192.168.1.3
192.168.1.2
192.168.1.0
192.168.1.1
I disagree!
If I need to add the 192.168.1.0/30 then I have to execute a loop (via a
script) and add individual elements (i.e. ipset add foo 192.168.1.0,
ipset add foo 192.168.1.1 etc).
By specifying ipset add foo 192.168.1.0/30 I do that in one go. Even
though I am inclined to agree that storing individual elements may not
be the best way memory/storage wise I think performance wise (i.e. when
the actual matching is performed) it is better matching a single IP
address than IP range.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
