Date: Mon, 19 Sep 2005 18:08:53 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: Brett Glass <brett@lariat.org> Cc: Luigi Rizzo <rizzo@icir.org>, net@freebsd.org Subject: Re: Efficient use of Dummynet pipes in IPFW Message-ID: <20050919160853.GA24643@obiwan.tataz.chchile.org> In-Reply-To: <6.2.3.4.2.20050919085600.07f783f0@localhost> References: <6.2.3.4.2.20050918205708.08cff430@localhost> <20050918235659.B60185@xorpc.icir.org> <6.2.3.4.2.20050919010035.07dfc448@localhost> <20050919005932.B60737@xorpc.icir.org> <6.2.3.4.2.20050919085600.07f783f0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Luigi, Brett, > >in terms of implementation, if you want to add it, the best place > >would be to add the 'skipto' fields to each 'action' opcode. > >I am not very interested in implementing it, though, because i still see > >ipfw as a low-level language. Is it a goal or an observation ? > I don't see it that way, because low level languages like assembler > are normally very efficient and highly granular. The underlying > opcode language of IPFW is low level for sure. But I would classify > IPFW's "language," as presented by the userland utility, as "high > level but limited." Sort of like the MS-DOS shell. While I'm quite reluctant to complixify ipfw syntax, I must admit that having the possibility to negate a whole rule could speed up well-thought rulesets. Efficiency _is_ a goal of ipfw. This would certainly simplify some rulesets, avoiding to use De Morgan's theorem, but more importantly, this will also prevent to tests for N rules when you just want to test for the negation of N criterions. At very high PPS, when pf is not an option any more but ipfw still is, this might create a gap with the current implementation. OTOH, I agree with Luigi about the "resume" keyword. This introduces a kind of linked-lists, but this is just syntactic sugar and I can't see any performance improvement with this. This might be worth to have but I'm a little but scared about adding such options because there would be no reason then to not add other syntactic facilities, which would end up messing the whole syntax. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050919160853.GA24643>