Date: Wed, 2 Aug 2006 03:37:59 -0700 From: Luigi Rizzo <rizzo@icir.org> To: Ian FREISLICH <if@hetzner.co.za> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw performance and random musings. Message-ID: <20060802033759.A13393@xorpc.icir.org> In-Reply-To: <E1G8Dwx-000HwP-Am@hetzner.co.za>; from if@hetzner.co.za on Wed, Aug 02, 2006 at 12:27:39PM %2B0200 References: <rizzo@icir.org> <E1G8Dwx-000HwP-Am@hetzner.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Aug 02, 2006 at 12:27:39PM +0200, Ian FREISLICH wrote: ... > things. I can also give the ifp->if_index cache a go. Since I > need to virualise the firewall, I need a set of rules for each > interface. I can't think of another way of sharing the firewall > beween a few hundred customers than by doing this: that's too heavyweight, perhaps you need to implement a new microinstruction to hash the interface name and do an indirect jump to the right target. Although the syntax can be tricky, something like hash-if name:base:delta[,name:base:delta] where name is the basename of the interface (e.g. vlan) so that packets from interface fooX would jump to base+X*delta cheers luigi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060802033759.A13393>