Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: iptables: Devel

ipset merge

  

 
iptables devel RSS feed   Index | Next | Previous | View Threaded


jengelh at computergmbh

Aug 1, 2007, 2:00 AM

Post #1 of 5 (865 views)
Permalink
ipset merge
Hi,


I was wondering whether there are any obstacles to merge ipset into
mainline - for example, it being too much of a hack like ipt_ROUTE was.
Otherwise, I'd like to prepare and submit it.


Thanks,
Jan
--


pablo at netfilter

Aug 1, 2007, 2:07 AM

Post #2 of 5 (820 views)
Permalink
Re: ipset merge [In reply to]
Jan Engelhardt wrote:
> I was wondering whether there are any obstacles to merge ipset into
> mainline - for example, it being too much of a hack like ipt_ROUTE was.
> Otherwise, I'd like to prepare and submit it.

It must use the new nfnetlink infrastructure. Jozsef is currently
working on that. I wanted to have a look at it but I have had not time
so far.

--
"Será preciso viajar a través de los ojos de los idiotas" -- Poeta en
Nueva York -- Federico García Lorca.


kadlec at blackhole

Aug 11, 2007, 7:40 AM

Post #3 of 5 (801 views)
Permalink
Re: ipset merge [In reply to]
Hi,

On Wed, 1 Aug 2007, Pablo Neira Ayuso wrote:

> Jan Engelhardt wrote:
>> I was wondering whether there are any obstacles to merge ipset into
>> mainline - for example, it being too much of a hack like ipt_ROUTE was.
>> Otherwise, I'd like to prepare and submit it.
>
> It must use the new nfnetlink infrastructure.

Yes, exactly. But besides the netlink infrastructure it must also support
IPv6, before thinking on merging. The main modifications in ipset I'm
planning and working are

- use netlink instead of sockopt
- support IPv6
- throw away binding of sets (the hackish part of ipset), which is
complex and not efficient enough
- add new set types as a substitute of the purged out bindings
- throw away 'iptree' type which is somewhat a fiasco :-(
- add 'timeout' support to all set types
- add a 'union' type to make life even more easier :-)

> Jozsef is currently working on that.

Yep, slower than I hoped :-(.

Best regards,
Jozsef
-
E-mail : kadlec [at] blackhole, kadlec [at] sunserv
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary


pud at safeTpin

Aug 11, 2007, 8:53 AM

Post #4 of 5 (804 views)
Permalink
Re: ipset merge [In reply to]
On Sat, 11 Aug 2007, Jozsef Kadlecsik wrote:

> - throw away binding of sets (the hackish part of ipset), which is
> complex and not efficient enough
> - add new set types as a substitute of the purged out bindings

an ip-port set would be really nice ;)


>> Jozsef is currently working on that.
>
> Yep, slower than I hoped :-(.

thanx


=;p/ud aka nerdpunk

--
auf der flucht vor einem selber und der rache der krawatten
springt man eher aus dem fenster, als ueber seinen schatten...
- kaput krauts
gpg-key #C3B04767


tooldcas at 163

Aug 12, 2007, 8:49 PM

Post #5 of 5 (796 views)
Permalink
Re: Re: ipset merge [In reply to]
>
>On Sat, 11 Aug 2007, Jozsef Kadlecsik wrote:
>
>> - throw away binding of sets (the hackish part of ipset), which is
>> complex and not efficient enough
>> - add new set types as a substitute of the purged out bindings
>
>an ip-port set would be really nice ;)
That's also what I need when I tried to match some nat-traversal address.

>
>>> Jozsef is currently working on that.
>>
>> Yep, slower than I hoped :-(.
>
>thanx
>
>
>=;p/ud aka nerdpunk
>
>--
>auf der flucht vor einem selber und der rache der krawatten
>springt man eher aus dem fenster, als ueber seinen schatten...
> - kaput krauts
>gpg-key #C3B04767
>
>

Regards

Daniel

tooldcas [at] 163
2007-08-13

iptables devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.