cvs commit: src/sbin/ipfw ipfw.8 ipfw2.c src/sys/netinet in.h
ip_fw.h ip_fw2.c raw_ip.c
Luigi Rizzo
rizzo at icir.org
Fri Jun 11 09:11:22 GMT 2004
On Fri, Jun 11, 2004 at 10:21:36AM +0300, Ruslan Ermilov wrote:
...
> > number. Why did you choose to use numbers?
> >
> This is in spirit of the current IPFW syntax: no names for rules,
> rulesets, pipes, hence no names for tables. ;)
to elaborate further:
it makes a lot of sense for the internal representation of object
identifiers to use numbers, so that we do not need to store them
in variable-size structures (in ipfw1 this would have been a
nightmare; not so much in ipfw2) and the first lookup is still fast
(subsequent lookups cache a pointer to the target).
We should at some point introduce symbolic identifiers, probably
of the type @foo or with some special character in front, to
make it clear that these names are not hostnames or
ipfw options.
cheers
luigi
More information about the freebsd-ipfw
mailing list