On 5 May 2003, John A. Sullivan III wrote: > Thanks for the reply. If that's the only overhead, I don't think we'll > notice it. Is that all the additional overhead incurred? Yes. [...] > Does the iprange patch in effect create multiple standard > source/destination rules or is its processing as efficient as the > standard source/destination rules once it has passed the any address > evaluation? Thanks in advance for the clarification - John No, it does not convert internally the given range into CIDR blocks. It's a natural range evaluation. Have a look at net/ipv4/netfilter/ipt_iprange.c in the source tree. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
