Date: Wed, 20 May 1998 00:10:08 +0200 From: Eivind Eklund <eivind@yes.no> To: Luigi Rizzo <luigi@labinfo.iet.unipi.it> Cc: kjc@csl.sony.co.jp, net@FreeBSD.ORG Subject: Re: struct ifnet handling... Message-ID: <19980520001008.55413@follo.net> In-Reply-To: <199805191942.VAA10394@labinfo.iet.unipi.it>; from Luigi Rizzo on Tue, May 19, 1998 at 09:42:28PM %2B0200 References: <19980519211917.64952@follo.net> <199805191942.VAA10394@labinfo.iet.unipi.it>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 19, 1998 at 09:42:28PM +0200, Luigi Rizzo wrote: > > Sure. This is a result of the initial implementation not being > > chains-oriented. There are a lot of rules that we're certain > > but "chains" can be emulated with relative ease and efficiency > using optimized SKIPTO instructions. Are you talking about automatically or by the user? If you're talking about the user level, I think that is loading a lot of things on the user that doesn't belong there. Rules should be written for clarity, not speed (just like code) - optimization should only happen when it is necessary. In this case, it is not necessary for the user to optimize. If you're talking system level: Yes, you can emulate it, but here you would want to use something that can 'run a packet' like a chain, to allow flexibility. > Possibly we can have a 'switch' type of instruction to speed up > initial selections basing on source/dst interface, or protocol types > (small sets, in any case). We can, but it makes the later job of doing _real_ optimization harder. If I find time for it, the final target will be generating machine code that correspond to the route- and firewall tables. > I am a bit reluctant on using pre-defined chains. it looks too high > level, and i cannot tell very well if the mechanism is too strict, > useful or overkill. I'm not certain what you mean by 'pre-defined chains'. I pointed out where there were logical splits, based on an automated transform of rules. These differences _are_ there, no matter what - there are those 6 classes of rules (at least). BTW: The concept of 'chains' are used on the Ciscos (there called 'rule lists' IIRC). Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980520001008.55413>