On Tue, 24 May 2011, Mr Dash Four wrote: > > The problem with it that the reported number can be inaccurate, at least in > > two cases: > > > > - Elements can time out, so even if whatever number reported, by the > > time it's displayed, the set can even be completely empty. In the case > > of a huge set, it can even occur that the number of elements reported > > does not match the actual number of elements listed. > > - Sets can be updated by the SET target > > > > The first one is the main reason I dropped reporting the number of elements > > (the initial design of the new ipset included it). > > > I see, reasonable point. > > OK, would it be possible then to get this figure when I use restore - I am > asking for this because, as you already know, ip ranges may mean inserting > more elements than the range itself and the indicator I used up until now to > determine how many set members I would have (the number of lines in my restore > file) is no longer a reliable indicator, so I would need to know how many > members I have inserted as a result of restore in order to determine the > maxelem value, adjust it and thus save system resources. Do you see my point? Currently I can suggest you that tune both the hashsize and maxelem parameters: the hashsize tells the system the initial hash size (and thus the used memory resource) while maxelem tells up to what number of elements can be added to the set. You are free to enter quite high maxelem values, it does not waste memory. As you add more and more elements, the hash size is increased from the one specified by 'hashsize'. But you (or the SET targets) can't add more elements than "maxelem". When you save a set, the current hashsize is saved and not the one specified at set creation time. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
