On Thu, Mar 07, 2002 at 04:47:06PM -0500, Stephen Frost wrote:
> * Gozem ([EMAIL PROTECTED]) wrote:
> >
> > That feature will be available in ippool coming soon. You can add IPs to a
> > pool with the pooltype that removes its IP after X seconds.
> >
> > Example:
> > iptables -A chain -m pool --pool badboys -j DROP
> > iptables -A chain -m match -j POOL --pool badboys --add-src-ip
>
> I'm curious what happens when the addresses in a given pool vary
> signifigantly. From what I can tell, if you were to take the current 40
> IP addresses in my single 'recent' list and put them into a single pool
> the 'bitmap_bytes' call would return 434150492, or around 414M.
Correct for the current ippool implementation. In fact, the current bitmap
approach, using a single kmalloc() to allocate the bitmap, fails for a
covered address range larger than /15.
In the rewrite we hope to finish soon (harhar. as work permits, and next
week is CeBit... Hi Gozem, sorry for the delay...) the pool types are
modularized, and can thus be represented by anything. We aim for these
types in the initial implementation:
- the bitmap, as before
- a sparse, segmented bitmap (think page table tree layout)
- a hash of arbitrary IP addresses
- a small linear array of arbitrary IP addresses
New pool types can then be created in exactly the same way as iptables
matches and targets, i.e. compiled and autoloaded as modules.
best regards
Patrick
