ip pool documentation?

Ian Jones ian@dsl081-056-052.sfo1.dsl.speakeasy.net
13 Oct 2001 23:19:17 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Nathan Ward" <nathan@xoeit.co.nz> writes:

> is there any documentation available for the ip pool patch in netfilter?

No.
I managed to dig out the original readme from the first submission to
the mailing list by reading the archives. It would appear that this is
not actively maintained.

I have posted that original submission which includes a little bit of
a README in it here:
http://www.speakeasy.net/~roux/ippool.tgz

Note to readers of archives, this will not be around
long. Hmmm... perhaps I should just subject the list to the contents
of the readme? OK.


- ------- IPPOOL.CONF example -----------------
# sample /etc/ippool.conf
#
# Nr	Name	Type	Definition
0	toast	bitmap	10.1.0.0 10.1.0.255
1	another	bitmap	10.2.3.4 10.5.6.7



- ---- README for IPPOOL --------
Sun Apr 23 08:49:29 MEST 2000 <bof@bof.de>

This README could be longer...

PURPOSE

	ippool implements pools of IP addresses, which can be used
	in the iptables framework instead of, or in addition to,
	the normal IP address matches. Right now, a single pool
	is an inclusive [startip, endip] range of addresses, and
	a bitmap with one bit per address in that range; if the bit
	is set, the pool is said to match.

USAGE

	Here's a very brief example, based on the distributed ippool.conf:

	# create the 'toast' pool, with IP range from /etc/ippool.conf
	ippool -N toast
	# use this pool with netfilter
	iptables -A OUTPUT -m pool --srcpool toast -j LOG
	# test-ping one address from the pool, see that nothing gets logged
	ping 10.1.0.1
	# add the test IP addresses to the pool (set its bit)
	ippool -A toast 10.1.0.1
	# test-ping again, see that now there is something logged
	ping 10.1.0.1
	# add another IP addresses, remove the first one - just to show off.
	# look carefully at the output of the command: the rightmost two
	# columns give you an atomic indication whether the address previously
	# was in the pool
	ippool -A toast 10.1.0.1
	ippool -A toast 10.1.0.7
	ippool -D toast 10.1.0.1
	ippool -D toast 10.1.0.1

	Easy, isn't it?

STATE

	Almost everything but flushing pools, is done. If you need
	to redefine a pool, or make it empty, you have to remove
	all rules referencing pools, unload the ip_pool module,
	and load it again. Later...

	Nothing in this implementation is set in stone; I will certainly
	mangle the interfaces in the next few days. The purpose of this
	initial distribution is to get feedback.

	Some ideas for extension:
	- make pools accessible as a classifier in the network queueing
	  framework. This is why the ip_pool module is seperated from
	  the netfilter matcher.
	- implement 'hash', 'array', and 'sorted_array' pool types,
	  with hash lookup, sequential scan, and binary scan lookup.
	- maybe create subpools, representing a subset of another pool,
	  with the bitmap shared between them.
	- make a metapool type, which is a sequence of other pools,
	  matching if one of the contained pools matches.
	- put the pool naming into the kernel, for stability reasons.


-----BEGIN PGP SIGNATURE-----
Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard <http://www.gnupg.org/>

iD8DBQE7yS5lwBVKl/Nci0oRAg7TAKCPbOMOLk74YlRU1J03QFbFSdADiACghk22
1LsTvcTP4RpXkBX3UpdhVRw=
=5exz
-----END PGP SIGNATURE-----