Who knows if they're on the level or not. But at the risk of helping some "nuts", there's a really simple technique that can be used to put a table of *ANY* number of IPV4 IPs into this guy's machine. Since he's from Hong Kong it might not help, since he might need IPV6, but here goes anyway.
As someone else recently said: USE THE SOURCE
Yes :)
There are 4,294,967,296 theoretically possible IPV4 addresses. Since allocation can't go past 223.255.255.255, there are only 87% of that number that can exist.
Allocating 1 bit per IP address, a yes/no lookup table can be created in 448 MB of RAM. And that's all that's needed:
1) a program that creates a 448 MB lookup table, 1 bit per IP
2) modification to pf source to do a table lookup into that table to get a yes/no answer.
The lookup then becomes a a trivial operation to code, and runs in constant time (i.e. extremely fast).
I'm also assuming that a single bit of information per IP is all the poster needs, e.g. to make a yes/no decision on whether or not to blacklist an IP.
Yes, unfortuantely, there is a little flaw in your (otherwise good) thinking.
Each IP addresses takes 152 bytes on i386 (including stats and everything).
Therefore 1'500'000 address will takes something like 256 Megs of RAM.
If Kent is not able to allocate 256 Megs of kernel memory for his table,
I don't think allocating 448 Megs will succeed.
Something else that could be done with the source is to remove table entry statistics, which will probably boost the number of entries that can be put in a table by a significant margin. Cedric
