too many CIDR blocks in whiteclnt

John Doherty jdoherty@gstype.com
Sat Nov 22 02:51:07 UTC 2003


On Friday 21 November 2003 06:50 pm, Vernon Schryver wrote:
> > From: John Doherty <jdoherty@gstype.com>
> >
> > Since updating to DCC 1.2.18 earlier today, I'm getting a fair
> > number of warnings that say "too many CIDR blocks in line 110 of
> > /var/dcc/whiteclnt." ...
>
> The new client whitelist CIDR mechanism allows only 64 large blocks
> /27 or larger.  Blocks /28 or smaller are handled the old way, but
> adding separate hash table entries for each IP address in the
> block.
>
> Can you make your blocks larger and so fewer?

There must be something I don't understand here. Other than my own 
/29, the /24 on line 110 is the only actual CIDR in my whiteclnt:

  $ sed '/^#/d' /var/dcc/whiteclnt | grep '/'
  ok      ip      199.239.138.0/24
  ok      ip      66.134.151.160/29

Everything else (and there's not that much else -- it's only 103 
non-comment, non-blank lines long) is an env_from address, a domain 
name, or a single IP address. I've just looked it over a few times 
and everything seems pretty kosher.

I don't know if this sheds any light, but what preceded line 110 is a 
block of 50 lines: foo001.bar.com through foo050.bar.com. They're all 
in the same /25, so I commented them out and added a line with that 
/25. After that change, the warning refers to line 111 rather than 
line 110.

> My choice of /28 for the boundary between old and new mechanisms
> was fairly arbitrary.  Is it too small?

Not for my purposes, but then, I'm very small-time.

Thanks.

-- John





More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.