Date: Thu, 27 Oct 2011 09:53:27 +0200 From: Luigi Rizzo <rizzo@iet.unipi.it> To: Ian Smith <smithi@nimnet.asn.au> Cc: Karim <fodillemlinkarim@gmail.com>, freebsd-ipfw@freebsd.org, Julian Elischer <julian@freebsd.org>, Michael Sierchio <kudzu@tenebras.com> Subject: Re: ipfw rule processing performances Message-ID: <20111027075327.GA29389@onelab2.iet.unipi.it> In-Reply-To: <20111027143807.B98377@sola.nimnet.asn.au> References: <4EA6D78F.6010607@gmail.com> <4EA73BAB.70607@freebsd.org> <CAHu1Y71Lf8=x3=S8cf__aT2fxyv6eX_EBqZvybgzwi9Q%2BSfzRQ@mail.gmail.com> <4EA85168.5020103@gmail.com> <4EA853D7.4010305@freebsd.org> <CAHu1Y705Ds7d06c0Qm_BM_x%2BmGGgZB41P=p2Xg33a5qQvpiyJg@mail.gmail.com> <4EA8A254.9070700@freebsd.org> <20111027143807.B98377@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 27, 2011 at 02:53:30PM +1100, Ian Smith wrote: > On Wed, 26 Oct 2011, Julian Elischer wrote: > > On 10/26/11 2:39 PM, Michael Sierchio wrote: > > > On Wed, Oct 26, 2011 at 11:39 AM, Julian Elischer<julian@freebsd.org> > > > wrote: > > > > > > > read up on all the things you can do with tablearg.. sometimes a single > > > > table can replace dozens of rules. > > > Julian - would you be so kind as to give an example? > > > > > > - M > > > > > off the top of my head: > > > > implement an ad-hoc RErouting table using fwd tablearg > > implement entirely differnt rules for a complicated set of subnets using > > skipto tablearg > > But in this context, isn't skipto tablearg time-expensive, in that it > can't use the cached target of a normal skipto, but must to walk the > ruleset from the skipto to the resulting rule each time? Since late 2009 it does a binary search on the rules so it is log(N) in the number of rules, not so slow. cheers luigi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111027075327.GA29389>