On Thu, 23 Dec 2010, Mr Dash Four wrote: > > The implementation behind ipset looks up the (ipaddr, proto, port) triple > > in one step. Such packing don't work there. > > > If that's the case how do you lookup IP address and port ranges then? IP address and port ranges are exploded and the elements are inserted one-by-one. And the exploded ranges are *not* converted back to ranges when listing/saving the sets. At the bitmap types the ranges could be converted back (not done yet), at the hash types it's not possible. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
