Re: ipset hash:net,iface - can not add more than 64 interfaces

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Okay, got it.

Is there any options to store interface indices internally (instead of
names) ? i.e. if I renamed an interface, it would also “rename” in
ipset (actually just listing it would resolve indices to current
names). This feature would speed up matching ipset in network stack
because it does not require resolving index to name.

вт, 28 нояб. 2023 г. в 09:48, Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>:
>
> Hi,
>
> On Tue, 28 Nov 2023, Марк Коренберг wrote:
>
> > for i in `seq 0 70`; do ip link del dummy$i; done;
> > for i in `seq 0 70`; do ip link add type dummy; done;
> > for i in `seq 0 70`; do ipset add qwe 0.0.0.0/0,dummy$i; done;
> >
> > Reveals the problem. Only 64 records can be added, but there are no
> > obvious restrictions on that. I s it possible to increase the limit ?
>
> It is intentional. Such elements can be stored in the same hash bucket
> only and 64 is the max size I'm willing to sacrifice for that. Please
> note, that's a huge number and means linear evaluation, i.e. loosing
> performance.
>
> Best regards,
> Jozsef
> --
> E-mail  : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxx
> PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt
> Address : Wigner Research Centre for Physics
>           H-1525 Budapest 114, POB. 49, Hungary



-- 
Segmentation fault





[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux