From owner-freebsd-net@FreeBSD.ORG Mon Sep 19 16:09:02 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3AB3D16A41F for ; Mon, 19 Sep 2005 16:09:02 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from smtp1-g19.free.fr (smtp1-g19.free.fr [212.27.42.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 47B8843D6D for ; Mon, 19 Sep 2005 16:08:54 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by smtp1-g19.free.fr (Postfix) with ESMTP id 574CC2F626; Mon, 19 Sep 2005 18:08:53 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id C84EB405D; Mon, 19 Sep 2005 18:08:53 +0200 (CEST) Date: Mon, 19 Sep 2005 18:08:53 +0200 From: Jeremie Le Hen To: Brett Glass Message-ID: <20050919160853.GA24643@obiwan.tataz.chchile.org> References: <6.2.3.4.2.20050918205708.08cff430@localhost> <20050918235659.B60185@xorpc.icir.org> <6.2.3.4.2.20050919010035.07dfc448@localhost> <20050919005932.B60737@xorpc.icir.org> <6.2.3.4.2.20050919085600.07f783f0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6.2.3.4.2.20050919085600.07f783f0@localhost> User-Agent: Mutt/1.5.10i Cc: Luigi Rizzo , net@freebsd.org Subject: Re: Efficient use of Dummynet pipes in IPFW X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Sep 2005 16:09:02 -0000 Luigi, Brett, > >in terms of implementation, if you want to add it, the best place > >would be to add the 'skipto' fields to each 'action' opcode. > >I am not very interested in implementing it, though, because i still see > >ipfw as a low-level language. Is it a goal or an observation ? > I don't see it that way, because low level languages like assembler > are normally very efficient and highly granular. The underlying > opcode language of IPFW is low level for sure. But I would classify > IPFW's "language," as presented by the userland utility, as "high > level but limited." Sort of like the MS-DOS shell. While I'm quite reluctant to complixify ipfw syntax, I must admit that having the possibility to negate a whole rule could speed up well-thought rulesets. Efficiency _is_ a goal of ipfw. This would certainly simplify some rulesets, avoiding to use De Morgan's theorem, but more importantly, this will also prevent to tests for N rules when you just want to test for the negation of N criterions. At very high PPS, when pf is not an option any more but ipfw still is, this might create a gap with the current implementation. OTOH, I agree with Luigi about the "resume" keyword. This introduces a kind of linked-lists, but this is just syntactic sugar and I can't see any performance improvement with this. This might be worth to have but I'm a little but scared about adding such options because there would be no reason then to not add other syntactic facilities, which would end up messing the whole syntax. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >