Am 11.07.2011 11:52, schrieb Jozsef Kadlecsik: > If overlapping networks with different interfaces was added to > the set, the type did not handle it properly. Example > > ipset create test hash:net,iface > ipset add test 192.168.0.0/16,eth0 > ipset add test 192.168.0.0/24,eth1 > > Now, if a packet was sent from 192.168.0.0/24,eth0, the type returned > a match. > > In the patch the algorithm is fixed in order to correctly handle > overlapping networks. > > Limitation: the same network cannot be stored with more than 64 different > interfaces in a single set. > Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
