} 1. Implement it in a way similar to partial-dbm, ie try a series of masks
} on the address until one matches (eg address/8, address/16, address/24)
} if you could specify the start, end and step this should satisfy most
} peoples requirements. You would have to either force either /num or /mask
} format or preprocess the file for this to work reasonably
Well I would be rather upset at trying this at class (or 8 bit) boundaries
- if you are doing this you might just as well use the globbed netaddress
construction - ie 144.32.* for a class B.
Basically to do this right using this method you need to do a lookup start
with address/32 and working up through (address&netmask/32)/32 to
(address&netmask/0)/0 if you understand my pretty lousy notation. Thats
32 lookups for a fail!
[you need to search from most specific to least specific - ie widest to
smallest netmask) to make sure that more specific rules hit first]
Unfortunately binary searches do not work well due to the way that the
netmask width can be anything you want!
If you have seriously wide sets of network addresses then maybe you should
look at storing them in some form of splay tree in memory - and read them
in once at config time (you could stat the file and reread if its stale).
There is some splay tree code for doing pretty much exactly this in squid
(www cache - see
http://www.sunsite.doc.ic.ac.uk/packages/squid/ in the
UK).
Nigel.
--
[ Nigel.Metheringham@??? - Systems Software Engineer ]
[ Tel : +44 113 251 6012 Fax : +44 113 224 0003 ]
[ Friends don't let friends use sendmail! ]