From owner-cvs-src@FreeBSD.ORG  Thu Feb 26 15:03:21 2004
Return-Path: <owner-cvs-src@FreeBSD.ORG>
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 985EF16A4CE
	for <cvs-src@freebsd.org>; Thu, 26 Feb 2004 15:03:21 -0800 (PST)
Received: from insomnia.benzedrine.cx (insomnia.benzedrine.cx [62.65.145.30])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DCB3643D1F
	for <cvs-src@freebsd.org>; Thu, 26 Feb 2004 15:03:20 -0800 (PST)
	(envelope-from dhartmei@insomnia.benzedrine.cx)
Received: from insomnia.benzedrine.cx (dhartmei@localhost [127.0.0.1])
	i1QN396L023634
	(version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO);
	Fri, 27 Feb 2004 00:03:10 +0100 (MET)
Received: (from dhartmei@localhost)
	by insomnia.benzedrine.cx (8.12.11/8.12.10/Submit) id i1QN39Ht021852;
	Fri, 27 Feb 2004 00:03:09 +0100 (MET)
Date: Fri, 27 Feb 2004 00:03:09 +0100
From: Daniel Hartmeier <daniel@benzedrine.cx>
To: kientzle@acm.org
Message-ID: <20040226230308.GD21156@insomnia.benzedrine.cx>
References: <Pine.NEB.3.96L.1040226150526.79901Y-100000@fledge.watson.org>
	<403E75F1.2070302@kientzle.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <403E75F1.2070302@kientzle.com>
User-Agent: Mutt/1.4.1i
cc: cvs-src@freebsd.org
Subject: Re: cvs commit: src/sys/contrib/pf/net if_pflog.c
	if_pflog.hif_pfsync.c src/sys/contrib/pf/netinet in4_cksum.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Feb 2004 23:03:21 -0000

On Thu, Feb 26, 2004 at 02:40:49PM -0800, Tim Kientzle wrote:

> but the data structures that handle this sort of
> thing efficiently are admittedly a bit esoteric.

Actually, everything needed for that is already in the kernel, the radix
tree used by the routing table does exactly that, efficiently. And it
has some other nice properties, like the lookup will find the most
narrow match, so pf can support

  table <goodguys> { 172.16.0.0/16, !172.16.1.0/24, 172.16.1.100 }

where 172.16.2.3 and 172.16.1.100 match, but 172.16.1.2 doesn't, which
can be useful for building white- and blacklists.

Daniel