From owner-freebsd-ipfw@FreeBSD.ORG  Tue Aug 19 13:47:03 2008
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 938211065681;
	Tue, 19 Aug 2008 13:47:03 +0000 (UTC)
	(envelope-from luigi@onelab2.iet.unipi.it)
Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.9.129])
	by mx1.freebsd.org (Postfix) with ESMTP id 5B9CF8FC08;
	Tue, 19 Aug 2008 13:47:03 +0000 (UTC)
	(envelope-from luigi@onelab2.iet.unipi.it)
Received: by onelab2.iet.unipi.it (Postfix, from userid 275)
	id C09E273098; Tue, 19 Aug 2008 15:31:01 +0200 (CEST)
Date: Tue, 19 Aug 2008 15:31:01 +0200
From: Luigi Rizzo <rizzo@iet.unipi.it>
To: Ian Smith <smithi@nimnet.asn.au>
Message-ID: <20080819133101.GA23276@onelab2.iet.unipi.it>
References: <48926C02.6030308@elischer.org>
	<Pine.BSF.3.96.1080819152451.21367A-100000@gaia.nimnet.asn.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.BSF.3.96.1080819152451.21367A-100000@gaia.nimnet.asn.au>
User-Agent: Mutt/1.4.2.3i
Cc: FreeBSD Net <freebsd-net@freebsd.org>, ipfw@freebsd.org,
	Julian Elischer <julian@elischer.org>
Subject: Re: ipfw add skipto tablearg....
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Aug 2008 13:47:03 -0000

On Tue, Aug 19, 2008 at 11:12:04PM +1000, Ian Smith wrote:
> On Thu, 31 Jul 2008, Julian Elischer wrote:
...
>  > ipfw add 1000 skipto tablearg ip from any to table(31)
...
>  > see attached patch... (hopefully not stripped)
>  > 
>  > Of course it is hoped that the rules you are skipping to are nearby
>  > as it iterates through the rules following the skipto to find the
>  > target,
> 
> Until $someone adds a direct skipto target jump at the virtual machine
> code level - big recalc hit when adding/deleting rules/sets I suppose -
> it's still the fastest way to get from a to b, where b > a

you mean with tables-based skipto targets ? Because the regular
skipto has been a constant-time op forever, even in ipfw1 i believe,
invalidating the target cache on a change and recomputing it the
fly at the first request.

> Speaking of which, should ipfw whinge when asked to skip backwards,
> which it can't, confirmed on a recent browse re Mike's ipfw-classifyd
> and a local test months ago.

right... but the error can only be reliably detected in the kernel,
as the rule number is not always known when the rule is added.

	cheers
	luigi