On 2024-06-21 04:53, Jeff Pang via mailop wrote:
given currently I have 3000+ block IPs, every normal client requests to submission, the ip will be checked through those 3000+ list, which slow down the normal client's connection certainly.
I think you are worrying about nothing.3000+ IPv4 or v6 could easily be parsed into an efficient byte or word binary tree (or btree) which would take little memory and be fast to search (for an IPv4 probably 1 or 2 byte compares, 4 at most), IPv6 would probably use the 16 bit word boundary to split the IPs into a tree. CIDRs would probably be expanded for speed (vs memory). A search probably takes micro seconds to do.
I have never seen iptables source, but using some text based comparison internally would be horrible. I'd expect the developers would have considered LARGE IP tables and converted the textual representation into more efficient binary form.
Have faith in the tools, until it can be proven otherwise. -- Anthony C Howe ach...@snert.com BarricadeMX & Milters http://nanozen.snert.com/ http://software.snert.com/
OpenPGP_0xA550323B6ED894D7.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
