>>>>+Parameters: >>>>+For all masks default is all "1:s", to disable a field use mask 0 >>>>+For IPv6 it's just the last 32 bits that is included in the hash >>> >>>Why limit IPv6 to 32? >> >>Performance, and the gain of adding another 192 bits to jhash ain't much. >>However there is some cases when it hurts, i.e. when you can't mask of an subnet >>I'm not sure it it's a problem or not... > >I was thinking about the case where two particular hosts have the same >trailing 32 bits in their source address. For example, assuming IPv6 >starts to take a stronghold in the real world and home customers start >assigning <myprefix>::1 to the little home server (i.e. the PPP >endpoint) of theirs for remote login. Yes that's a good point, I will have a look at this and see haw to speed-up the IPv6 calc. btw parsing by using xoption.c is there a way to allow both hex format and mask length ? i.e. --smask 0xffff0000 or --smask /16 /Hans -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html