From owner-freebsd-net@FreeBSD.ORG Thu Aug 14 10:44:25 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9244E10C; Thu, 14 Aug 2014 10:44:25 +0000 (UTC) Received: from mail-lb0-x231.google.com (mail-lb0-x231.google.com [IPv6:2a00:1450:4010:c04::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 767372452; Thu, 14 Aug 2014 10:44:24 +0000 (UTC) Received: by mail-lb0-f177.google.com with SMTP id s7so830781lbd.36 for ; Thu, 14 Aug 2014 03:44:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=9Emzx579XucHI7hUvpY/DO6lq6rtCJOQWVx1mxAHX64=; b=uRLkuqXFU0MCzpuCZ8sP5jyLMAM3tkS7LziIiuveoncQBv530ugxYXQPgkGXWzHgvi 8q6N08Q4ay4Poj2Neofn9fWXFEwBBKguTvzz+CPJW/YgKn3Q9GC54X9D6PMh/aYJQJju vySml/18qWKEIOqLf7SzMc5QXoNEkRVIbVMRElcexYMwMn1twyhkB50ODCNZyw601OPy I23F51M7/BJXKjh1SVqLQhCqN8oUTwCP8gvoHluc6Q1Poc2SJahMPSRWi/lwL+z6sZK/ ES8SwarTXQc5XPKAhurDkvicQSpcC1AenUKbbgOJ6gxDjNmPlTgeVOWYtufM6NEc8eBt rplA== MIME-Version: 1.0 X-Received: by 10.112.22.37 with SMTP id a5mr3942315lbf.76.1408013062224; Thu, 14 Aug 2014 03:44:22 -0700 (PDT) Sender: rizzo.unipi@gmail.com Received: by 10.114.244.2 with HTTP; Thu, 14 Aug 2014 03:44:22 -0700 (PDT) In-Reply-To: <53EC880B.3020903@yandex-team.ru> References: <53EBC687.9050503@yandex-team.ru> <53EC880B.3020903@yandex-team.ru> Date: Thu, 14 Aug 2014 12:44:22 +0200 X-Google-Sender-Auth: nW20OSYRnenml96i0Nu5cYilVFA Message-ID: Subject: Re: [CFT] new tables for ipfw From: Luigi Rizzo To: "Alexander V. Chernikov" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: "freebsd-net@freebsd.org" , Luigi Rizzo , "Andrey V. Elsukov" , freebsd-ipfw X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Aug 2014 10:44:25 -0000 On Thu, Aug 14, 2014 at 11:57 AM, Alexander V. Chernikov < melifaro@yandex-team.ru> wrote: > On 14.08.2014 13:23, Luigi Rizzo wrote: > > > > > On Wed, Aug 13, 2014 at 10:11 PM, Alexander V. Chernikov < > melifaro@yandex-team.ru> wrote: > >> Hello list. >> >> I've been hacking ipfw for a while and It seems there is something ready >> to test/review in projects/ipfw branch. >> > > =E2=80=8Bthis is a fantastic piece of work, thanks for doing it and for > integrating the feedback. > =E2=80=8B > I have some detailed feedback that will send you privately, > but just a curiosity: > > =E2=80=8B...=E2=80=8B >> >> Some examples (see ipfw(8) manual page for the description): >> >> >> =E2=80=8B... >> >> >> ipfw table mi_test create type cidr algo "cidr:hash masks=3D/30,/64" >> > > =E2=80=8Bwhy do we need to specify mask lengths in the above=E2=80=8B ? > > Well, since we're hashing IP we have to know mask to cut host bits in > advance. > (And the real reason is that I'm too lazy to implement hierarchical > matching (check /32, then /31, then /30) like how, for example, > =E2=80=8Boh well for that we should use cidr:radix Research results have never shown a strong superiority of hierarchical hash tables over good radix implementations, and in those cases one usually adopts partial prefix expansion so you only have, say, masks that are a multiple of 2..8 bits so you only need a small number of hash lookups. =E2=80=8Bcheers luigi=E2=80=8B