Date: Wed, 20 May 1998 12:28:54 -0700 (PDT) From: Archie Cobbs <archie@whistle.com> To: luigi@labinfo.iet.unipi.it (Luigi Rizzo) Cc: eivind@yes.no, kjc@csl.sony.co.jp, net@FreeBSD.ORG Subject: Re: struct ifnet handling... Message-ID: <199805201928.MAA02306@bubba.whistle.com> In-Reply-To: <199805191942.VAA10394@labinfo.iet.unipi.it> from Luigi Rizzo at "May 19, 98 09:42:28 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Luigi Rizzo writes: > > Sure. This is a result of the initial implementation not being > > chains-oriented. There are a lot of rules that we're certain > > but "chains" can be emulated with relative ease and efficiency > using optimized SKIPTO instructions. Possibly we can have a 'switch' > type of instruction to speed up initial selections basing on source/dst > interface, or protocol types (small sets, in any case). > > I am a bit reluctant on using pre-defined chains. it looks too high > level, and i cannot tell very well if the mechanism is too strict, > useful or overkill. I agree. I think a lot of work can be done ``under the hood'' to make the implementation faster, without affecting the user appearance. Adding chains would torque the brains of every sysadmin out there who has to re-do their entire rule set. For example, we could easily "compile" the ipfw "program" into a much faster, bit-mask-oriented "machine code" of some sort... -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805201928.MAA02306>