[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: matching a list of IP's
From:       Christoph =?iso-8859-1?Q?Sch=F6nfeld?=
Date:       2000-07-15 10:38:33
[Download RAW message or body]

Samuel Krempp wrote:
> 
> I think netFilter would be greater with rules that match packets which
> src/dst IP (or MAC) *belongs* in a given list of adresses.
> Of course one can simply create a sequence of N rules (for a list of
> N adresses), but matching the adress in a bitmap would
> improve the speed drastically in such a case.
> By Bitmap, I mean an array of 2^N bits, representing all the adresses
> of a given network (even for a class B net, N=16 and the memory needed
> is'nt awfully big), with value 1 for adresses in the list and 0 for others.
I think we already have that functionality: You can specify a bitmap after the
slash aaa.bbb.ccc.ddd/mask. For Class C networks the mask is usually "24",
meaning "24 relevant bits", but you can specify a complete bismask here e.g.
../255.255.255.240, masking out the last 16 IPs 240-255.

did I get you wrong?

Christoph

[prev in list] [next in list] [prev in thread] [next in thread]