Yes, exactly. With the hashsize parameter, you tell the system how much
memory is allocated for the set when created. With maxelem it is
instructed at what point to stop increasing the set and refuse adding more
elements.
It turns out that ipset is more efficient in that respect as well. Over
15k members take about 0.6MB of RAM, which isn't that bad!
I have one suggestion though: it would be nice if you could implement a
"check" option to accompany restore so that ipset doesn't actually do
anything, but just checks the syntax of that file (a dummy run, if you
like) and reports any errors or omissions (it could be more than one!).
It would be nice to have that feature and help in avoiding errors (see
also my other post with regards to that).
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
