RFC: new ipfw options
Julian Elischer
julian at elischer.org
Mon Jan 11 08:34:08 UTC 2010
Maxim Ignatenko wrote:
> 2009/12/9 Luigi Rizzo <rizzo at iet.unipi.it>:
>> 3. a hash version of 'table's
>>
>> Right now ipfw tables are implented as routing tables, which is
>> great if you have to lookup a longest matching prefix, but a
>> bit overkill if you care only for ports or jail ids, and
>> totally uninteresting if you want to lookup flow ids,
>> or generic sequence of bytes. My plan here is to reuse the
>> ipfw hash tables to make them available for 'ipfw table ...'
>> commands. To avoid code and syntax bloat, I'd use the number
>> 0..TABLE_MAX-1 for the existing prefix tables, and
>> TABLE_MAX..2TABLE_MAX-1 for the new hash tables.
>>
>> comments welcome
>>
>
> I think better use another name ('htable' for example) instead of
> overloading the old one.
> And thanks for great ideas.
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
please keep teh current tables for IP addresses, longes prefix
matching is really hard to do right on other schemes with
the same behaviour. I know, I've tried :-)
the answer id to have different types of tabels I guess, but don't
try combine when things should remain different.
More information about the freebsd-ipfw
mailing list