From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: location@lists.ipfire.org Subject: libloc 0.9.11 released Date: Thu, 03 Mar 2022 15:05:33 +0000 Message-ID: <5D50DCEF-B42D-428E-9B47-DFD28A0BA7E1@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4309387711067242511==" List-Id: --===============4309387711067242511== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, This is the release announcement for libloc 0.9.11. It comes with the followi= ng changes: Most changes are around the exporter, which is now able to write any output t= o the console. This is useful when you want to load a custom list of countrie= s or ASes directly into ipset or nftables like so: root(a)michael:/build/libloc# location -d /var/lib/location/database.db expor= t --format=3Dnftables --family=3Dipv6 AS204867 VA define VAv6 =3D { 2a01:b8::/32, 2a01:84a0:2000::/40, 2a04:640::/29, 2a06:9f80::/29, 2a06:a005:4::/48, 2a07:8100::/29, 2a09:4c0:f100::/40, 2a0e:b101:f100::/40, 2a0e:b107:aef::/48, 2a0e:b107:1000::/44, 2a0f:b9c1:100::/46, 2a0f:b9c1:10e::/48, } define AS204867v6 =3D { 2001:678:b28::/48, } This command lists all sets that belong to AS204867 or VA in the desired form= at. In order to increase performance, we will now no longer =E2=80=9Cflatten=E2= =80=9D the tree for ipset and nftables, because those formats can handle over= lapping networks. xt_geoip on the other hand needed a list of non-overlapping= , sorted IP networks, which causes a lot of extra work to convert the data fr= om the database into this format. The names of the sets have been already for ipset and nftables. For a country= XX, the sets are now called XXv6 and XXv4 for IPv6 and IPv4 respectively. Th= e same schema applies to autonomous systems, e.g.: AS204867v6 AS204867v4. This change was required because sets cannot mix IPv6 and IPv4 addresses and = it is desirable to use both. For ipset, the parameters that create a set have been changed: * The maximum size of each set is set to 1 million. We used to hard-code 64k,= which was exceeded by a couple of countries, and setting it to the actual s= ize of a set didn=E2=80=99t allow to reload a set in ipset without destroying= the format set first. For that reason, we set this to a maximum that nobody = should ever reach. * The hashsize used to be set to 1024 which is the default for ipset. However= , this creates a performance problem for large sets when the system spends a = lot of time searching through linked lists. To avoid that, we increase the si= ze of the hash table aiming for a fill-factor of 0.75 which should make any l= ookup fast. This comes at the cost of slightly increased memory usage. See th= e commit messages for more details. Misc. * The LACNIC parser introduced in the previous release has been fixed and sho= uld not be able to parse all IP addresses correctly Thank you to everyone who has contributed to this release. You can find the source here: https://git.ipfire.org/?p=3Dlocation/libloc.git;a=3Dshortlog;h=3Drefs/tags/0= .9.11 https://source.ipfire.org/releases/libloc/libloc-0.9.11.tar.gz Best, -Michael --===============4309387711067242511==--