On Tue, 17 May 2011, Mr Dash Four wrote: > > Will attach these together with the above. I was quite pleased with it as it > > enabled me to streamline the whole process (ipset 4.5 wasn't the only thing > > I was building), so you may find this quite useful if you decide to update > > v4.5. > Here is the test case, I'll attach the rest privately to avoid the wrath of > the mail list daemon. > > [root@test1 ~]# ipset -N slow_mirrors iptreemap --gc 300 > [root@test1 ~]# ipset -L slow_mirrors > Name: slow_mirrors > Type: hash:ip > Header: family inet hashsize 1024 maxelem 65536 > Size in memory: 16512 > References: 0 > Members: > [root@test1 ~]# ipset -A slow_mirrors 212.219.56.128/26 > [root@test1 ~]# ipset -A slow_mirrors 130.59.0.0/16 The latter itself exhausts the maximal number of elements in the set, so the error message is normal. > ipset v6.5: Hash is full, cannot add more elements > [root@xp1 ~]# ipset -L -terse slow_mirrors > Name: slow_mirrors > Type: hash:ip > Header: family inet hashsize 32768 maxelem 65536 > Size in memory: 1006032 > References: 0 > > The way I look at it, the "old" iptree(map) type sets should be converted to > hash:net, not hash:ip to avoid this error. That's too late, I can't change the mapping from hash:ip to hash:net. (And if the mapping pointed to hash:net, you were surprised then that after adding say 192.68.0.0/24 to the set, you couldn't delete 192.68.0.1 from it. :-) Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html