Date: Sun, 25 Dec 2011 20:44:55 +0100 From: Pawel Tyll <ptyll@nitronet.pl> To: "Alexander V. Chernikov" <melifaro@FreeBSD.org> Cc: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, freebsd-net@freebsd.org, "Andrey V. Elsukov" <ae@FreeBSD.org>, freebsd-ipfw@freebsd.org, Jason Hellenthal <jhell@DataIX.net> Subject: Re: IPFW eXtended tables [Was: Re: IPFW tables, dummynet and IPv6] Message-ID: <1634551546.20111225204455@nitronet.pl> In-Reply-To: <4EF7719A.8020902@FreeBSD.org> References: <1674097252.20111218125051@nitronet.pl> <4EEDD566.8020609@FreeBSD.org> <20111220163355.GA87584@DataIX.net> <4EF73A4A.3050902@FreeBSD.org> <1413850829.20111225184712@nitronet.pl> <AA3C6FCC-0817-4108-A107-3367A6F14757@lists.zabbadoz.net> <4EF7719A.8020902@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> At the moment maximum number of tables remains the same however it is > now possible to define IPFW_TABLES_MAX to 65k without much (memory) > overhead. Since pointer to tables are stored in array, defining 2^32 > tables require 4G * (8+8+1) memory for pointers only. 65k is also a good amount. Gives me 10 tables per vlan. :) > By the way, I see two possible syntax changes for interface tables: > ipfw add .. skipto tablearg ip from any to any lookup > <src-iface|dst-iface|iface> > or > ipfw add .. skipto tablearg ip from any to any recv|xmit|via table(X) > Personally I like 'lookup' variant. recv|xmit|via is in the ipfw spirit, so while personal tastes are always important, I would personally keep it consistent.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1634551546.20111225204455>