@
ryd994 geoip准确吗? 和ipset的性能比较呢? 下面的文档说ipset用的是Jenkins3,但是搜不到这个
geoip vs ipset
xt_geoip uses the (probably) most efficient format, a (non-compressed) packed blob. Loading one country into the kernel costs as much as the file on disk.
Since ipset does not support arbitrary IPaddr–IPaddr ranges, one would need to approximate that using, for example, multiple Network/Prefixlength entries. Furthermore, if a hash set type is used, you can assume that, by the nature of hashes and/or trees, some buckets remain empty and/or additional metadata is required. The memory footprint with an ipset-based geoip thus is naturally larger. User reports[1] indicate it can become two orders of magnitude higher in certain cases (iptreemap).
xt_geoip's lookup time is O(log2(ranges)), so to lookup an address within 20,000 ranges, at most 15 iterations each with address comparisons (at most 3) are required. ipset uses Jenkins3 for hashing, which has a certain time cost of its own.