ipfw rule processing performances
Ian Smith
smithi at nimnet.asn.au
Thu Oct 27 12:48:30 UTC 2011
On Thu, 27 Oct 2011, Luigi Rizzo wrote:
> On Thu, Oct 27, 2011 at 02:53:30PM +1100, Ian Smith wrote:
> > On Wed, 26 Oct 2011, Julian Elischer wrote:
> > > On 10/26/11 2:39 PM, Michael Sierchio wrote:
> > > > On Wed, Oct 26, 2011 at 11:39 AM, Julian Elischer<julian at freebsd.org>
> > > > wrote:
> > > >
> > > > > read up on all the things you can do with tablearg.. sometimes a single
> > > > > table can replace dozens of rules.
> > > > Julian - would you be so kind as to give an example?
> > > >
> > > > - M
> > > >
> > > off the top of my head:
> > >
> > > implement an ad-hoc RErouting table using fwd tablearg
> > > implement entirely differnt rules for a complicated set of subnets using
> > > skipto tablearg
> >
> > But in this context, isn't skipto tablearg time-expensive, in that it
> > can't use the cached target of a normal skipto, but must to walk the
> > ruleset from the skipto to the resulting rule each time?
>
> Since late 2009 it does a binary search on the rules so it is log(N) in the
> number of rules, not so slow.
Might have known I was a couple of years behind the times, on form :)
cheers, Ian
More information about the freebsd-ipfw
mailing list