Why isn CIDR notation directly supported by sendmail?
Date: December 3, 2002 Because it is in general very expensive to do this. Here’s an explanation from Per Hedeland: And not just more complex, it would have to do many more (comparatively expensive) lookups – there’s no way, given (e.g.) the IP address 66.205.192.123, to find the matching “66.205.192.0/19” with a single lookup in a general key/value hashed map. The code would have to look for “66.205.192.123”, “66.205.192.122/31”, “66.205.192.120/30”, “66.205.192.120/29”, etc, etc – 14 lookups to find a /19, 32 to establish a non-match. which is 8 times more than the available octet boundary lookup. I haven’t done any measurements, but I wouldn’t be surprised if even in the absolute worst case, that your map is 128 times bigger than it “needs” to be, the time for a single lookup won’t even double – i.e. you’ll lose already on the second lookup.
