Hi, I have a couple of questions about pf tables.
1) Does it use radix tree and especially Patricia tree? Trying to read the code and searches on web pointed to that. 2) I've found this tool yesterday (iprange) that it's job is to optimize large sets of IPs/Networks https://github.com/firehol/iprange/wiki tldr; Given a large set of IPs/Networks/ranges, it aggregates prefixes to fewer and larger prefixes, in order for the kernel to do less lookups. For instance, running it on my attackers input file table which has ranges from /10 to /32 (21 different CIDR prefixes - 288 distinct CIDRs), proposes a reduction to 3 CIDR prefixes of /16, /24, /32 (3489 distinct CIDRs). Much more entries but only 3 different prefixes instead of 21. This is supposed to work for ipset and Linux which uses hash:net Could this principle of balancing the tree - but with increased number of nodes, be also beneficial for large pf tables? Thanks, G
