RFC: new ipfw options
Luigi Rizzo
rizzo at iet.unipi.it
Mon Jan 11 08:02:51 UTC 2010
On Sun, Jan 10, 2010 at 11:55:54PM -0800, Julian Elischer wrote:
> Maxim Ignatenko wrote:
> >2009/12/9 Luigi Rizzo <rizzo at iet.unipi.it>:
> >>3. a hash version of 'table's
> >>
> >> Right now ipfw tables are implented as routing tables, which is
> >> great if you have to lookup a longest matching prefix, but a
> >> bit overkill if you care only for ports or jail ids, and
> >> totally uninteresting if you want to lookup flow ids,
> >> or generic sequence of bytes. My plan here is to reuse the
> >> ipfw hash tables to make them available for 'ipfw table ...'
> >> commands. To avoid code and syntax bloat, I'd use the number
> >> 0..TABLE_MAX-1 for the existing prefix tables, and
> >> TABLE_MAX..2TABLE_MAX-1 for the new hash tables.
> >>
> >>comments welcome
> >>
> >
> >I think better use another name ('htable' for example) instead of
> >overloading the old one.
> >And thanks for great ideas.
> >_______________________________________________
> >freebsd-ipfw at freebsd.org mailing list
> >http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> >To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>
> please keep teh current tables for IP addresses, longes prefix
> matching is really hard to do right on other schemes with
> the same behaviour. I know, I've tried :-)
>
> the answer id to have different types of tabels I guess, but don't
> try combine when things should remain different.
for the time being i am not touching tables -- for my immediate needs
(matching ports and uid/jails) the radix tree is almost as good
as hash tables, so i am using them (code is already in HEAD -- see
the "lookup XXX" option).
cheers
luigi
More information about the freebsd-ipfw
mailing list