azez at ufomechanic
Aug 17, 2007, 8:18 AM
Post #4 of 5
* Krzysztof Oledzki wrote, On 17/08/07 14:03:
Re: revisit: ipset nethash set type limited to /31
[In reply to]
> On Fri, 17 Aug 2007, Jan Engelhardt wrote:
>> On Aug 17 2007 16:54, Neville C. Dempsey wrote:
>>> As ipset_nethash.c stands it handles subnet masks from /1 to /31 fine,
>>> but the cases /0 & /32 are required to be handled in a different chain.
>> /0 is not a network anymore, it is "everything".
>> /32 is a single host, I think iphash is better suited for this.
> As long you don't need to handle both networks and host in the same set.
> If you do then you end up with double number of sets (eg. 400 instead of
> 200) and more complicated iptables rules.
> Best regards,
I think we could have an extra byte per 8 entries, and they can take 1
bit each, giving 33 bit hash entries.
Its the sanest way.
the /0 entry can just be a single flag per hash, as there is only one of