From owner-freebsd-net@FreeBSD.ORG Sun Dec 25 18:56:39 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A8297106566B; Sun, 25 Dec 2011 18:56:39 +0000 (UTC) (envelope-from melifaro@FreeBSD.org) Received: from mail.ipfw.ru (unknown [IPv6:2a01:4f8:120:6141::2]) by mx1.freebsd.org (Postfix) with ESMTP id 3A5498FC08; Sun, 25 Dec 2011 18:56:39 +0000 (UTC) Received: from secured.by.ipfw.ru ([81.200.11.182] helo=ws.su29.net) by mail.ipfw.ru with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.76 (FreeBSD)) (envelope-from ) id 1RetF4-000IQm-20; Sun, 25 Dec 2011 22:56:18 +0400 Message-ID: <4EF7719A.8020902@FreeBSD.org> Date: Sun, 25 Dec 2011 22:55:22 +0400 From: "Alexander V. Chernikov" User-Agent: Thunderbird 2.0.0.24 (X11/20100515) MIME-Version: 1.0 To: "Bjoern A. Zeeb" References: <1674097252.20111218125051@nitronet.pl> <4EEDD566.8020609@FreeBSD.org> <20111220163355.GA87584@DataIX.net> <4EF73A4A.3050902@FreeBSD.org> <1413850829.20111225184712@nitronet.pl> In-Reply-To: X-Enigmail-Version: 0.96.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigC6E4F7F37CDABE2B10BCA50A" Cc: Pawel Tyll , freebsd-net@freebsd.org, "Andrey V. Elsukov" , freebsd-ipfw@freebsd.org, Jason Hellenthal Subject: Re: IPFW eXtended tables [Was: Re: IPFW tables, dummynet and IPv6] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Dec 2011 18:56:39 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigC6E4F7F37CDABE2B10BCA50A Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Bjoern A. Zeeb wrote: > On 25. Dec 2011, at 17:47 , Pawel Tyll wrote: >=20 >> Hi Alexander, >> >>> Changes: >>> * Tables (actually, radix trees) are now created/freed on demand. >> Does this mean IPFW_TABLES_MAX can now be safely set to arbitrarily= >> high number that would allow flexible numbering of tables? Arbitrarily= >> high being 0xFFFFFFFF or some other nice large number that won't step= >> on my ideas :) At the moment maximum number of tables remains the same however it is now possible to define IPFW_TABLES_MAX to 65k without much (memory) overhead. Since pointer to tables are stored in array, defining 2^32 tables require 4G * (8+8+1) memory for pointers only. >=20 > which also gets us to the point that the man page need to be updated al= ong > with the same changes and I cannot see that as part of the diff. Sure. This is actually the first part of commit, interface table changes and proper ipv6 'lookup' keyword support requires another change that is planned to be committed separately (with man page update) By the way, I see two possible syntax changes for interface tables: ipfw add .. skipto tablearg ip from any to any lookup or ipfw add .. skipto tablearg ip from any to any recv|xmit|via table(X) Personally I like 'lookup' variant. >=20 > /bz >=20 --------------enigC6E4F7F37CDABE2B10BCA50A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk73cZ4ACgkQwcJ4iSZ1q2mK9QCdGWa9AbInBY6UIoMvENYDtffF zngAn30PDes9RRdzqSPIHKZPKCsVxhVH =2B3J -----END PGP SIGNATURE----- --------------enigC6E4F7F37CDABE2B10BCA50A--