From owner-freebsd-ipfw@FreeBSD.ORG  Wed Aug  2 10:38:00 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F37E816A4DA
	for <freebsd-ipfw@freebsd.org>; Wed,  2 Aug 2006 10:37:59 +0000 (UTC)
	(envelope-from rizzo@icir.org)
Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B441E43D45
	for <freebsd-ipfw@freebsd.org>; Wed,  2 Aug 2006 10:37:59 +0000 (GMT)
	(envelope-from rizzo@icir.org)
Received: from xorpc.icir.org (localhost [127.0.0.1])
	by xorpc.icir.org (8.12.11/8.12.11) with ESMTP id k72Abxrh013620;
	Wed, 2 Aug 2006 03:37:59 -0700 (PDT)
	(envelope-from rizzo@xorpc.icir.org)
Received: (from rizzo@localhost)
	by xorpc.icir.org (8.12.11/8.12.3/Submit) id k72Abxuq013619;
	Wed, 2 Aug 2006 03:37:59 -0700 (PDT) (envelope-from rizzo)
Date: Wed, 2 Aug 2006 03:37:59 -0700
From: Luigi Rizzo <rizzo@icir.org>
To: Ian FREISLICH <if@hetzner.co.za>
Message-ID: <20060802033759.A13393@xorpc.icir.org>
References: <rizzo@icir.org> <E1G8Dwx-000HwP-Am@hetzner.co.za>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <E1G8Dwx-000HwP-Am@hetzner.co.za>;
	from if@hetzner.co.za on Wed, Aug 02, 2006 at 12:27:39PM +0200
Cc: freebsd-ipfw@freebsd.org
Subject: Re: ipfw performance and random musings.
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Aug 2006 10:38:00 -0000

On Wed, Aug 02, 2006 at 12:27:39PM +0200, Ian FREISLICH wrote:
...
> things.  I can also give the ifp->if_index cache a go.  Since I
> need to virualise the firewall, I need a set of rules for each
> interface.  I can't think of another way of sharing the firewall
> beween a few hundred customers than by doing this:

that's too heavyweight, perhaps you need to implement a
new microinstruction to hash the interface name and do an indirect
jump to the right target. Although the syntax can be tricky, something
like
	hash-if name:base:delta[,name:base:delta]

where name is the basename of the interface (e.g. vlan)
so that packets from interface fooX would jump to base+X*delta

	cheers
	luigi