IPFW eXtended tables [Was: Re: IPFW tables, dummynet and IPv6]
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Sun Dec 25 19:20:39 UTC 2011
On 25. Dec 2011, at 18:55 , Alexander V. Chernikov wrote:
> Bjoern A. Zeeb wrote:
>> On 25. Dec 2011, at 17:47 , Pawel Tyll wrote:
>>
>>> Hi Alexander,
>>>
>>>> Changes:
>>>> * Tables (actually, radix trees) are now created/freed on demand.
>>> Does this mean IPFW_TABLES_MAX can now be safely set to arbitrarily
>>> high number that would allow flexible numbering of tables? Arbitrarily
>>> high being 0xFFFFFFFF or some other nice large number that won't step
>>> on my ideas :)
> At the moment maximum number of tables remains the same however it is
> now possible to define IPFW_TABLES_MAX to 65k without much (memory)
> overhead. Since pointer to tables are stored in array, defining 2^32
> tables require 4G * (8+8+1) memory for pointers only.
>>
>> which also gets us to the point that the man page need to be updated along
>> with the same changes and I cannot see that as part of the diff.
> Sure. This is actually the first part of commit, interface table changes
> and proper ipv6 'lookup' keyword support requires another change that
> is planned to be committed separately (with man page update)
>
>
> By the way, I see two possible syntax changes for interface tables:
changes or additions? Try not to break old config files please if not needed.
>
> ipfw add .. skipto tablearg ip from any to any lookup
> <src-iface|dst-iface|iface>
> or
> ipfw add .. skipto tablearg ip from any to any recv|xmit|via table(X)
>
> Personally I like 'lookup' variant.
>
>>
>> /bz
>>
>
>
--
Bjoern A. Zeeb You have to have visions!
Stop bit received. Insert coin for new address family.
More information about the freebsd-ipfw
mailing list