From owner-freebsd-net  Wed May 20 12:29:57 1998
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA06382
          for freebsd-net-outgoing; Wed, 20 May 1998 12:29:57 -0700 (PDT)
          (envelope-from owner-freebsd-net@FreeBSD.ORG)
Received: from whistle.com (s205m131.whistle.com [207.76.205.131])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA06303
          for <net@FreeBSD.ORG>; Wed, 20 May 1998 12:29:34 -0700 (PDT)
          (envelope-from archie@whistle.com)
Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id MAA07873; Wed, 20 May 1998 12:28:59 -0700 (PDT)
Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3)
	id sma007869; Wed May 20 12:28:54 1998
Received: (from archie@localhost) by bubba.whistle.com (8.8.7/8.6.12) id MAA02306; Wed, 20 May 1998 12:28:54 -0700 (PDT)
From: Archie Cobbs <archie@whistle.com>
Message-Id: <199805201928.MAA02306@bubba.whistle.com>
Subject: Re: struct ifnet handling...
In-Reply-To: <199805191942.VAA10394@labinfo.iet.unipi.it> from Luigi Rizzo at "May 19, 98 09:42:28 pm"
To: luigi@labinfo.iet.unipi.it (Luigi Rizzo)
Date: Wed, 20 May 1998 12:28:54 -0700 (PDT)
Cc: eivind@yes.no, kjc@csl.sony.co.jp, net@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL31 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Luigi Rizzo writes:
> > Sure.  This is a result of the initial implementation not being
> > chains-oriented.  There are a lot of rules that we're certain
> 
> but "chains" can be emulated with relative ease and efficiency
> using optimized SKIPTO instructions. Possibly we can have a 'switch'
> type of instruction to speed up initial selections basing on source/dst
> interface, or protocol types (small sets, in any case).
> 
> I am a bit reluctant on using pre-defined chains. it looks too high
> level, and i cannot tell very well if the mechanism is too strict,
> useful or overkill.

I agree. I think a lot of work can be done ``under the hood'' to make
the implementation faster, without affecting the user appearance.
Adding chains would torque the brains of every sysadmin out there who
has to re-do their entire rule set.

For example, we could easily "compile" the ipfw "program" into a
much faster, bit-mask-oriented "machine code" of some sort...

-Archie

___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message