[pve-devel] [PATCH] implement ipset ip/net groups
Alexandre DERUMIER
aderumier at odiso.com
Fri Mar 28 13:34:46 CET 2014
>>Stupid question, but why do we need different types - netgroups and ipgroup?
>>
>>We can easily represent a single IP as network: 192.168.0.1/32
or is there a problem with that?
t
I think it's just speed or hash memory optimisation
I found a good presentation here :
http://workshop.netfilter.org/2013/wiki/images/a/ab/Jozsef_Kadlecsik_ipset-osd-public.pdf
But I think you can indeed use net:hash for /32
doc say:
Speed linearly grows with the numberof different sizes of the netblocks,
so maybe they are a first hash of netmask, then second hash on ip.
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre Derumier" <aderumier at odiso.com>, pve-devel at pve.proxmox.com
Envoyé: Vendredi 28 Mars 2014 09:39:26
Objet: RE: [pve-devel] [PATCH] implement ipset ip/net groups
> groups.fw
> ---------
> [ipgroup ipgroup1]
>
> 192.168.0.1
> 192.168.0.2
> 192.168.0.3
>
> [ipgroup ipgroup2]
>
> 192.168.0.3
> 192.168.0.4
>
> [netgroup netgroup1]
>
> 192.168.0.0/24
> 10.0.0.0/8
Stupid question, but why do we need different types - netgroups and ipgroup?
We can easily represent a single IP as network: 192.168.0.1/32
or is there a problem with that?
More information about the pve-devel
mailing list