From: Mr Dash Four <mr.dash.four@googlemail.com>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: netfilter@vger.kernel.org
Subject: Re: ipporthash, ipportiphash, ipportnethash problems
Date: Sun, 03 Oct 2010 23:02:16 +0100 [thread overview]
Message-ID: <4CA8FD68.9080907@googlemail.com> (raw)
In-Reply-To: <alpine.DEB.2.00.1010032048470.26617@blackhole.kfki.hu>
>> This is a major headache for me for 2 reasons:
>>
>
> Sorry, what I provide is a generic, distribution-independent package. I'm
> aware that this can create a maintenance problem in a
> distribution-dependent environment, but I cannot help at that.
>
I have managed to find a solution, but it is pretty ugly! I can now
package the compiled files (from BUILDROOT) into rpm, though what I will
work on when I next have the time for it is to get the compilation
process to execute in arch-independent environment. I will also
fine-tune the rpm spec file and post it here so that whoever is
interested in packaging xtables+ipset into rpm can use this file to
prepare rpms instead of relying on the people from fedora who 'maintain'
the repos to do it (I am still waiting for the 1.29 rpms to show up on
fedora updates which is a disgrace really)!
>> I can give you of at least 2 uses based on my experience:
>>
>>
> The present 4.x branch is in "maintenance" mode for me. I'll think on
> adding such a type to 5.x.
>
If I can help you out with some testing I would gladly do it.
Another feature you may add to your list is support for port ranges in a
single set element, like "IP,port-port" for example. You already have
similar support for multiple IP addresses (when subnets are used) - port
ranges is another useful feature to have. One example where I can use
this is when defining 'high-' (or unprivileged) ports - currently I
'solve' this particular problem with enrolling a set consisting of 1024
elements containing ports 0-1023 and then specifying a negative match
(i.e. not privileged) on that set, which is not very convenient.
>> That's brilliant news! I take it you will be introducing protocol support for
>> all the constructs, is that right? How long would it take before you release
>> this?
>>
>
> I'm going to release ipset 5.0 around the netfilter developer workshop
> this month.
>
Superb news!
next prev parent reply other threads:[~2010-10-03 22:02 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-30 22:03 ipporthash, ipportiphash, ipportnethash problems Mr Dash Four
2010-10-01 7:18 ` Jozsef Kadlecsik
2010-10-01 11:22 ` Mr Dash Four
2010-10-01 21:05 ` Jozsef Kadlecsik
2010-10-02 10:36 ` Mr Dash Four
2010-10-02 19:21 ` Jozsef Kadlecsik
2010-10-02 20:08 ` Mr Dash Four
2010-10-02 20:40 ` Jan Engelhardt
2010-10-02 20:54 ` Mr Dash Four
2010-10-02 21:06 ` Jan Engelhardt
2010-10-03 18:57 ` Jozsef Kadlecsik
2010-10-03 22:02 ` Mr Dash Four [this message]
2010-10-02 20:35 ` Mr Dash Four
2010-10-03 19:13 ` Jozsef Kadlecsik
2010-10-03 22:04 ` Mr Dash Four
2010-10-04 9:36 ` Jozsef Kadlecsik
2010-10-06 14:23 ` Mr Dash Four
2010-10-06 14:37 ` Mike Wright
2010-10-06 15:26 ` Mr Dash Four
2010-10-06 19:57 ` Jozsef Kadlecsik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CA8FD68.9080907@googlemail.com \
--to=mr.dash.four@googlemail.com \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.