Date: Thu, 4 Jan 2001 16:13:22 -0800 (PST) From: Jon Simola <jon@abccom.bc.ca> To: Luigi Rizzo <rizzo@aciri.org> Cc: ipfw@FreeBSD.ORG Subject: Re: Indexing IPFW rule Message-ID: <Pine.BSF.3.96.1010104160428.462a-100000@newmail.netbistro.com> In-Reply-To: <200101041434.f04EYC189940@iguana.aciri.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 4 Jan 2001, Luigi Rizzo wrote:
> The idea in principle is ok, but your implementation is rather expensive
> at runtime, as you have to scan the list of rules every time you
> match a packet. I think this is too expensive in practice.
>
> Your code below seems to try and use the "next_rule_ptr" field which
> i introduced some time ago to cache the jump target in skipto rules,
> but this is not enough for your rules -- basically the 'if'
> branch should be never taken.
>
> > + case IP_FW_F_INDEX: /* dst_ip */
> > + if ( f->next_rule_ptr )
> > + chain = f->next_rule_ptr ;
> > + else
> > + chain = lookup_index_rule(chain, dst_ip.s_addr) ;
> > + if (! chain) goto dropit;
> > + goto again ;
Yep, that shows how inexperienced I am with the code :) I'll remove the
if...else there.
> Another problem in your code is that you hardwire the mask to
> 24 bit in the code, this can be confusing.
Yeah, a shortcut to getting the code working. I've got an idea how to fix
that, just requires getting a little more familiar with the code.
Thanks for the feedback. I'll keep working on this and re-emerge when I've got
something a little more polished.
---
Jon Simola <jon@abccom.bc.ca> | "In the near future - corporate networks
Systems Administrator | reach out to the stars, electrons and light
ABC Communications | flow throughout the universe." -- GITS
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1010104160428.462a-100000>