IPFW eXtended tables [Was: Re: IPFW tables, dummynet and IPv6]
Alexander V. Chernikov
melifaro at FreeBSD.org
Sun Dec 25 18:56:39 UTC 2011
Bjoern A. Zeeb wrote:
> On 25. Dec 2011, at 17:47 , Pawel Tyll wrote:
>
>> Hi Alexander,
>>
>>> Changes:
>>> * Tables (actually, radix trees) are now created/freed on demand.
>> Does this mean IPFW_TABLES_MAX can now be safely set to arbitrarily
>> high number that would allow flexible numbering of tables? Arbitrarily
>> high being 0xFFFFFFFF or some other nice large number that won't step
>> on my ideas :)
At the moment maximum number of tables remains the same however it is
now possible to define IPFW_TABLES_MAX to 65k without much (memory)
overhead. Since pointer to tables are stored in array, defining 2^32
tables require 4G * (8+8+1) memory for pointers only.
>
> which also gets us to the point that the man page need to be updated along
> with the same changes and I cannot see that as part of the diff.
Sure. This is actually the first part of commit, interface table changes
and proper ipv6 'lookup' keyword support requires another change that
is planned to be committed separately (with man page update)
By the way, I see two possible syntax changes for interface tables:
ipfw add .. skipto tablearg ip from any to any lookup
<src-iface|dst-iface|iface>
or
ipfw add .. skipto tablearg ip from any to any recv|xmit|via table(X)
Personally I like 'lookup' variant.
>
> /bz
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20111225/fea29e28/signature.pgp
More information about the freebsd-net
mailing list