From owner-cvs-all  Tue Feb 13 23:31:44 2001
Delivered-To: cvs-all@freebsd.org
Received: from elvis.mu.org (elvis.mu.org [207.154.226.10])
	by hub.freebsd.org (Postfix) with ESMTP
	id 18C4837B503; Tue, 13 Feb 2001 23:31:35 -0800 (PST)
Received: by elvis.mu.org (Postfix, from userid 1098)
	id 9942481D04; Wed, 14 Feb 2001 01:31:34 -0600 (CST)
Date: Wed, 14 Feb 2001 01:31:34 -0600
From: Bill Fumerola <billf@mu.org>
To: Julian Elischer <julian@elischer.org>
Cc: Poul-Henning Kamp <phk@critter.freebsd.dk>,
	cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/netinet ip_fw.c ip_fw.h src/sbin/ipfw ipfw.8 ipfw.c
Message-ID: <20010214013134.C483@elvis.mu.org>
References: <51205.982073676@critter> <3A89670C.82B8DAA9@elischer.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3A89670C.82B8DAA9@elischer.org>; from julian@elischer.org on Tue, Feb 13, 2001 at 08:55:40AM -0800
X-Operating-System: FreeBSD 4.2-FEARSOME-20010209 i386
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, Feb 13, 2001 at 08:55:40AM -0800, Julian Elischer wrote:

> I agree, though it is possible to break the single list in to these using 
> skipto rules.. (we did that at whistle.) the first rule immediatly jumped 
> to rule 8000 or something if it was an external incoming packet.
> 
> It's not perfect but it does aproximate what you are talking about..

ipfw could be very optimized based on interface-based, in/out-based lists.
skipto logically arranged the rules as phk talked about, but doesn't take
advantage of the performance increases that could result from optimizations
in the code because of this change.

It's very possible to do and do right[1]. I've talked with a few people about
this before. I'm going to be looking into writing it in the near future. 

-- 
Bill Fumerola - security yahoo         / Yahoo! inc.
              - fumerola@yahoo-inc.com / billf@FreeBSD.org


1. up to and including backwards compatability that would allow current
rules to fall into the new scheme w/o change..


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message