On 21/01/2012 5:45 a.m., Mr Dash Four wrote:
Doable, but needs time and would involve adding the logic to
auto-merge smaller subnets into larger ones and to make possible to
delete subnets from larger networks.
Merging of ip ranges would be very difficult - I am having the same
problem here as well. I use PostgreSQL as part of my setup and even
though it has some nice capabilities to deal with "common"
ip/range/net address operations, it is still very difficult,
nigh-impossible to deal with ip range merges, simply because there are
so many possible scenarios: any two ranges could be partially
overlapping - like [ (] ), one range completely overlapping another -
like [ () ], or two ranges "touching" one another - like [ ]( ) - that
last one is very difficult to spot for merging and can't see it done
very easily.
Jozsef, have you had a look at how rbldnsd handles ranges? It has to
deal with the same issues as ipset seems to be facing now, also at some
high speed requirements. Maybe you could pull some inspiration out of that.
AYJ
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
