Date: Tue, 19 May 1998 15:56:59 +0200 (MET DST) From: Luigi Rizzo <luigi@labinfo.iet.unipi.it> To: eivind@yes.no (Eivind Eklund) Cc: kjc@csl.sony.co.jp, current@FreeBSD.ORG Subject: Re: struct ifnet handling... Message-ID: <199805191356.PAA09388@labinfo.iet.unipi.it> In-Reply-To: <19980519172127.08361@follo.net> from "Eivind Eklund" at May 19, 98 05:21:08 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> If you're interested in implementing fast firewall code, there are a > lot of changes that are more interesting than removing that strncmp(). > One of them is getting rid of the dual pass through the firewall rules > - which you can do by switching to a chained system. Can you explain ? I don't get this. if you refer to the poor implementation of SKIPTO rules, I already fixed that yesterday (and it is in today's dummynet patches). One thing i was thinking is to see rules as instructions, and each rule does only ONE test (be it on addresses, ports, etc.) This way you can quickly switch to the right piece of code, and avoid testing the flags 16 times on each rule to see which tests to apply and which one not. luigi -----------------------------+-------------------------------------- Luigi Rizzo | Dip. di Ingegneria dell'Informazione email: luigi@iet.unipi.it | Universita' di Pisa tel: +39-50-568533 | via Diotisalvi 2, 56126 PISA (Italy) fax: +39-50-568522 | http://www.iet.unipi.it/~luigi/ _____________________________|______________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805191356.PAA09388>