Hi,
On Wed, 1 Aug 2007, Pablo Neira Ayuso wrote:
> Jan Engelhardt wrote:
>> I was wondering whether there are any obstacles to merge ipset into
>> mainline - for example, it being too much of a hack like ipt_ROUTE was.
>> Otherwise, I'd like to prepare and submit it.
>
> It must use the new nfnetlink infrastructure.
Yes, exactly. But besides the netlink infrastructure it must also support
IPv6, before thinking on merging. The main modifications in ipset I'm
planning and working are
- use netlink instead of sockopt
- support IPv6
- throw away binding of sets (the hackish part of ipset), which is
complex and not efficient enough
- add new set types as a substitute of the purged out bindings
- throw away 'iptree' type which is somewhat a fiasco :-(
- add 'timeout' support to all set types
- add a 'union' type to make life even more easier :-)
> Jozsef is currently working on that.
Yep, slower than I hoped :-(.
Best regards,
Jozsef
-
E-mail : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
PGP key :
http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary