ipfw rule processing performances
Luigi Rizzo
rizzo at iet.unipi.it
Thu Oct 27 07:37:59 UTC 2011
On Thu, Oct 27, 2011 at 02:53:30PM +1100, Ian Smith wrote:
> On Wed, 26 Oct 2011, Julian Elischer wrote:
> > On 10/26/11 2:39 PM, Michael Sierchio wrote:
> > > On Wed, Oct 26, 2011 at 11:39 AM, Julian Elischer<julian at freebsd.org>
> > > wrote:
> > >
> > > > read up on all the things you can do with tablearg.. sometimes a single
> > > > table can replace dozens of rules.
> > > Julian - would you be so kind as to give an example?
> > >
> > > - M
> > >
> > off the top of my head:
> >
> > implement an ad-hoc RErouting table using fwd tablearg
> > implement entirely differnt rules for a complicated set of subnets using
> > skipto tablearg
>
> But in this context, isn't skipto tablearg time-expensive, in that it
> can't use the cached target of a normal skipto, but must to walk the
> ruleset from the skipto to the resulting rule each time?
Since late 2009 it does a binary search on the rules so it is log(N) in the
number of rules, not so slow.
cheers
luigi
More information about the freebsd-ipfw
mailing list