Mr Dash Four wrote:
So I should not use IP_NF_SET_HASHSIZE for the time being until it is
fixed,
right?
Yes, because currently it's ignored. In this week I'm going to fix it
in the git repository but won't release a new version just for this.
There is another issue I found when using ipmap sets: when I execute,
for example, "ipset -N port-map ipmap --from 10 --to 30000" and then add
an element "ipset -A port-map 20" the two statements are accepted
without any error given (they shouldn't be as the map defined is an IP
map, not a port map and the values submitted are numbers, not IP
addresses)!
When I issue "ipset -L port-map" I get:
Header: from: 0.0.0.10 to: 0.0.117.48
members:
0.0.0.20
Is this deliberate or a bug?
It's deliberate.
The numbers are treated as modulo 256.
30,000 / 256 = 117.1875
.1875 * 256 = 48
Thus the whole number parts become segments of the quad: 117.48
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
