Hi Jozsef,
Sorry for the slow answer.
So if one could guarantee that your library alone communicates to the
ip_set module in the kernel, then it makes sense to pass the indices at
listing and cache them. However that cannot be guaranteed.
It's indeed the main use case of this library. You are right, if
something change ipset stored in kernel the cache is useless and dangerous.
Wouldn't make sense to add it to the header-only
listing (as you proposed), to make possible a quick check for all indices?
This solution is fine for me
The two new proposed commands are for direct, single-shot usage.
Yes, and they are perfect for that. Thanks for your time on this topic.
Best regards,
Florent Fourcot.
