cvs commit: src/sys/contrib/pf/net if_pflog.c
if_pflog.hif_pfsync.c src/sys/contrib/pf/netinet in4_cksum.c
Daniel Hartmeier
daniel at benzedrine.cx
Thu Feb 26 15:03:21 PST 2004
On Thu, Feb 26, 2004 at 02:40:49PM -0800, Tim Kientzle wrote:
> but the data structures that handle this sort of
> thing efficiently are admittedly a bit esoteric.
Actually, everything needed for that is already in the kernel, the radix
tree used by the routing table does exactly that, efficiently. And it
has some other nice properties, like the lookup will find the most
narrow match, so pf can support
table <goodguys> { 172.16.0.0/16, !172.16.1.0/24, 172.16.1.100 }
where 172.16.2.3 and 172.16.1.100 match, but 172.16.1.2 doesn't, which
can be useful for building white- and blacklists.
Daniel
More information about the cvs-src
mailing list