On Thu, 19 Jan 2012, Mr Dash Four wrote: > > The userspace testing is passed to the kernel for execution. There's no > > shadow or backup or whatever set in userspace. The sets exist in kernel > > space and therefore all operations happen there. > > > So, is the above doable in any shape or form or not? Doable, but needs time and would involve adding the logic to auto-merge smaller subnets into larger ones and to make possible to delete subnets from larger networks. I'm sure you are aware, this is a free time project. > > Why do you need such tests at all? > > > Various reasons. Two common uses (at least in my case) would be to test ip > range against quite a large set of registered subnets (taken from the geoip > database and sorted using my own criteria). The tested ip range is either > candidate to 1). ban that network, in which case I do not want duplicates if > the existing range is already there; or 2) include the ip range in a separate > set, making sure that it is not already in the 'banned' set and also that it > is not already included in the 'customer' set (which although limited, has > quite significant number of set members - usually small subnets). > > Because the ip range in ipset is not working correctly, I had to first > manually go over the testing ranges. Later on I devised a small shell script > doing what I just described in my previous post (quoted above), but it is > quite ugly and inefficient - it would be much better if ip range testing in > ipset was functioning properly, saving me all this hassle. Sorry, for a while you have to use workarounds like you described. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html