Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. iptables>
  3. Devel
ipset merge
jengelh at computergmbh
Aug 1, 2007, 2:00 AM
Post #1 of 5 (2172 views)
Permalink
Hi,


I was wondering whether there are any obstacles to merge ipset into
mainline - for example, it being too much of a hack like ipt_ROUTE was.
Otherwise, I'd like to prepare and submit it.


Thanks,
Jan
--
Re: ipset merge [ In reply to ]
pablo at netfilter
Aug 1, 2007, 2:07 AM
Post #2 of 5 (2109 views)
Permalink
Jan Engelhardt wrote:
> I was wondering whether there are any obstacles to merge ipset into
> mainline - for example, it being too much of a hack like ipt_ROUTE was.
> Otherwise, I'd like to prepare and submit it.

It must use the new nfnetlink infrastructure. Jozsef is currently
working on that. I wanted to have a look at it but I have had not time
so far.

--
"Será preciso viajar a través de los ojos de los idiotas" -- Poeta en
Nueva York -- Federico García Lorca.
Re: ipset merge [ In reply to ]
kadlec at blackhole
Aug 11, 2007, 7:40 AM
Post #3 of 5 (2092 views)
Permalink
Hi,

On Wed, 1 Aug 2007, Pablo Neira Ayuso wrote:

> Jan Engelhardt wrote:
>> I was wondering whether there are any obstacles to merge ipset into
>> mainline - for example, it being too much of a hack like ipt_ROUTE was.
>> Otherwise, I'd like to prepare and submit it.
>
> It must use the new nfnetlink infrastructure.

Yes, exactly. But besides the netlink infrastructure it must also support
IPv6, before thinking on merging. The main modifications in ipset I'm
planning and working are

- use netlink instead of sockopt
- support IPv6
- throw away binding of sets (the hackish part of ipset), which is
complex and not efficient enough
- add new set types as a substitute of the purged out bindings
- throw away 'iptree' type which is somewhat a fiasco :-(
- add 'timeout' support to all set types
- add a 'union' type to make life even more easier :-)

> Jozsef is currently working on that.

Yep, slower than I hoped :-(.

Best regards,
Jozsef
-
E-mail : kadlec@blackhole.kfki.hu, kadlec@sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
Re: ipset merge [ In reply to ]
pud at safeTpin
Aug 11, 2007, 8:53 AM
Post #4 of 5 (2088 views)
Permalink
On Sat, 11 Aug 2007, Jozsef Kadlecsik wrote:

> - throw away binding of sets (the hackish part of ipset), which is
> complex and not efficient enough
> - add new set types as a substitute of the purged out bindings

an ip-port set would be really nice ;)


>> Jozsef is currently working on that.
>
> Yep, slower than I hoped :-(.

thanx


=;p/ud aka nerdpunk

--
auf der flucht vor einem selber und der rache der krawatten
springt man eher aus dem fenster, als ueber seinen schatten...
- kaput krauts
gpg-key #C3B04767
Re: Re: ipset merge [ In reply to ]
tooldcas at 163
Aug 12, 2007, 8:49 PM
Post #5 of 5 (2076 views)
Permalink
>
>On Sat, 11 Aug 2007, Jozsef Kadlecsik wrote:
>
>> - throw away binding of sets (the hackish part of ipset), which is
>> complex and not efficient enough
>> - add new set types as a substitute of the purged out bindings
>
>an ip-port set would be really nice ;)
That's also what I need when I tried to match some nat-traversal address.

>
>>> Jozsef is currently working on that.
>>
>> Yep, slower than I hoped :-(.
>
>thanx
>
>
>=;p/ud aka nerdpunk
>
>--
>auf der flucht vor einem selber und der rache der krawatten
>springt man eher aus dem fenster, als ueber seinen schatten...
> - kaput krauts
>gpg-key #C3B04767
>
>

Regards

Daniel

tooldcas@163.com
2007-08-13

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal