[Dnsmasq-discuss] ipset -exist option?

Alpha Betab definesinsanity at gmail.com
Thu Jun 9 20:54:10 BST 2016


I'm trying to use --ipset option, and finding that the length of my ipset
is growing very quickly.

After just an hour, I'm at over 800 entries. While this isn't a big deal
*yet*, I am a bit concerned about how it will deal with the long term. I'd
like to be able to use the timeout option on the ipset, with some manual
fairly large value, for instance, 2 hours.

ipset create myipset hash:ip timeout 7200

The problem with this, however, is that you could just happen to need that
domain again seconds before that timeout expires, and then have it drop
from the ipset immediately after.

Using IPSET_FLAG_EXIST would allow a subsequent lookup to cause the timeout
on that member to reset to the ipset's default timeout, essentially
preventing it from timing out if it continues to be needed.

While I don't see any problem with adding this flag globally, given how
restricted dnsmasq's use of ipsets is, it could also be done with an added
config option, like --ipset-exist=true.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20160609/998f5485/attachment.html>


More information about the Dnsmasq-discuss mailing list