From owner-freebsd-current  Sat Jan  8  0: 8:37 2000
Delivered-To: freebsd-current@freebsd.org
Received: from info.iet.unipi.it (info.iet.unipi.it [131.114.9.184])
	by hub.freebsd.org (Postfix) with ESMTP id 04558151B3
	for <freebsd-current@FreeBSD.ORG>; Sat,  8 Jan 2000 00:08:31 -0800 (PST)
	(envelope-from luigi@info.iet.unipi.it)
Received: (from luigi@localhost)
	by info.iet.unipi.it (8.9.3/8.9.3) id JAA09575;
	Sat, 8 Jan 2000 09:08:30 +0100 (CET)
	(envelope-from luigi)
From: Luigi Rizzo <luigi@info.iet.unipi.it>
Message-Id: <200001080808.JAA09575@info.iet.unipi.it>
Subject: Re: ipfw optimizations
In-Reply-To: <200001080031.QAA13581@gndrsh.dnsmgr.net> from "Rodney W. Grimes"
 at "Jan 7, 2000 04:31:00 pm"
To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
Date: Sat, 8 Jan 2000 09:08:29 +0100 (CET)
Cc: Patrick Bihan-Faou <patrick@mindstep.com>,
	Harold Gutch <logix@foobar.franken.de>, freebsd-current@FreeBSD.ORG,
	Nate Williams <nate@mt.sri.com>
X-Mailer: ELM [version 2.4ME+ PL61 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> clnsrv "allow    " tcp   ""   43 "${tcp_nicname_c}"    "${tcp_nicname_s}"
> clnsrv "allow    " tcp   ""   53 "${tcp_domain_c}"     "${tcp_domain_s}"
...
> ... on and on up to the 1024 and then a few splattered after that.

looks like the search path can become extremely long!.

> The single largest optimization would probably be a dispatch based on
> source or destination port, the latter being more prevelent.

ok... dispatch on ports is easy to implement, easier than dispatch
on (masked) IP's.

> I can't easily send out the actual IP firewall list, it may expose
> what ever router I grabbed it off of to an attack :-)

understand -- this is why i just asked only about the structure of the
ruleset and the length of the longest search path.

	cheers
	luigi

-----------------------------------+-------------------------------------
  Luigi RIZZO, luigi@iet.unipi.it  . Dip. di Ing. dell'Informazione
  http://www.iet.unipi.it/~luigi/  . Universita` di Pisa
  TEL/FAX: +39-050-568.533/522     . via Diotisalvi 2, 56126 PISA (Italy)
  Mobile   +39-347-0373137
-----------------------------------+-------------------------------------


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message