Re: [ANNOUNCE] ipset 6.11 released

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On Sun, 15 Jan 2012, Mr Dash Four wrote:

> > > Any chance of fixing this bug soon:
> > > 
> > > ~# ipset n test hash:net family inet timeout 0
> > > ~# ipset a test
> > > ~# ipset t test
> > > is in set test.
> > > ~# ipset t test
> > > is NOT in test.
> > 
> > It's a feature which I'm not going to fix in any near future.
> >   
> It isn't a "feature", it is a bug: is within the
> range, so the above test should return true, not false. Either that, or ip
> range values should be restricted/excluded from the "test" command in the
> ipset userspace binary.

The "test" functionality is already overloaded. It has two "modes":

- you can test how the *kernel* sees the set, when checking a single IP
- you can check whether an *exact* element is added to the set or not.

As the first one overloads the second one, for hash:*net* types the second 
mode is already "incomplete" in the sense that one cannot check whether a 
given single IP address is already added to a hash:*net* type of set as an 
exact element or not, because a network element may match it.

Your request means a third mode, which could lead to even more confusion, 
because that way one could not check whether the tested address as 
*element* is added to the set or not.

There's no magical element-aggregation in the hash:* types. That is, even 
if is added as an element, can be added again as 
an independent element: either it should be rejected (when the command was 
issued without the --exist flag) or silently ignored (when was issued with 
it). So even to consider your feature requests, it could come only after 
implementing element-aggregation.

Best regards,
E-mail  : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx
PGP key :
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at

[Linux Netfilter Development]     [Linux Kernel Networking Development]     [Linux Networking Development]     [Linux Kernel Development]     [Linux Resources]     [LARTC]     [Bugtraq]     [Consulting]     [Free Internet Dating]     [Yosemite Forum]     [Photo]

Add to Google Powered by Linux