On Tue, 28 Nov 2023, Марк Коренберг wrote: > Actually, I need an ipset that matches against list of interfaces > (without networks associated). Are there any ways ? No, that's not possible in ipset either. However, I'd suggest you to explore nftables where there are no such internal limitation than in ipset, supports matching interface indices or names and can store just interface names/indices in an nftables set too. Best regards, Jozsef > вт, 28 нояб. 2023 г. в 09:48, Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>: > > > > Hi, > > > > On Tue, 28 Nov 2023, Марк Коренберг wrote: > > > > > for i in `seq 0 70`; do ip link del dummy$i; done; > > > for i in `seq 0 70`; do ip link add type dummy; done; > > > for i in `seq 0 70`; do ipset add qwe 0.0.0.0/0,dummy$i; done; > > > > > > Reveals the problem. Only 64 records can be added, but there are no > > > obvious restrictions on that. I s it possible to increase the limit ? > > > > It is intentional. Such elements can be stored in the same hash bucket > > only and 64 is the max size I'm willing to sacrifice for that. Please > > note, that's a huge number and means linear evaluation, i.e. loosing > > performance. > > > > Best regards, > > Jozsef > > -- > > E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxx > > PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt > > Address : Wigner Research Centre for Physics > > H-1525 Budapest 114, POB. 49, Hungary > > > > -- > Segmentation fault > -- E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxx PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics H-1525 Budapest 114, POB. 49, Hungary
