| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Jan 2011 22:49:21 +0000 From: Mr Dash Four <mr.dash.four@...glemail.com> To: Jan Engelhardt <jengelh@...ozas.de>, Jozsef Kadlecsik <kadlec@...ckhole.kfki.hu>, netfilter-devel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [patch 2/4] ipset: make IPv4 and IPv6 address handling similar > You shouldn't use hash:ip with ranges for IPv4 too because the range > members are added individually, which is less efficient both memory > and performance wise, see: > > $ ipset create foo hash:ip hashsize 64 > $ ipset add foo 192.168.1.0/30 > $ ipset list foo > Name: foo > Type: hash:ip > Header: family inet hashsize 64 maxelem 65536 > Size in memory: 628 > References: 0 > Members: > 192.168.1.3 > 192.168.1.2 > 192.168.1.0 > 192.168.1.1 > I disagree! If I need to add the 192.168.1.0/30 then I have to execute a loop (via a script) and add individual elements (i.e. ipset add foo 192.168.1.0, ipset add foo 192.168.1.1 etc). By specifying ipset add foo 192.168.1.0/30 I do that in one go. Even though I am inclined to agree that storing individual elements may not be the best way memory/storage wise I think performance wise (i.e. when the actual matching is performed) it is better matching a single IP address than IP range. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists