From owner-freebsd-ipfw@FreeBSD.ORG  Sun Dec 25 19:20:39 2011
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7BBC9106566B;
	Sun, 25 Dec 2011 19:20:39 +0000 (UTC)
	(envelope-from bzeeb-lists@lists.zabbadoz.net)
Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25])
	by mx1.freebsd.org (Postfix) with ESMTP id 294118FC0C;
	Sun, 25 Dec 2011 19:20:39 +0000 (UTC)
Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587])
	(using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.sbone.de (Postfix) with ESMTPS id 8CF4525D37C3;
	Sun, 25 Dec 2011 19:20:37 +0000 (UTC)
Received: from content-filter.sbone.de (content-filter.sbone.de
	[IPv6:fde9:577b:c1a9:31::2013:2742])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.sbone.de (Postfix) with ESMTPS id 597DCBD7C5B;
	Sun, 25 Dec 2011 19:20:36 +0000 (UTC)
X-Virus-Scanned: amavisd-new at sbone.de
Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587])
	by content-filter.sbone.de (content-filter.sbone.de
	[fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024)
	with ESMTP id bS3L1snqkRa0; Sun, 25 Dec 2011 19:20:34 +0000 (UTC)
Received: from orange-en1.sbone.de (orange-en1.sbone.de
	[IPv6:fde9:577b:c1a9:31:cabc:c8ff:fecf:e8e3])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by mail.sbone.de (Postfix) with ESMTPSA id E4C2EBD7C5A;
	Sun, 25 Dec 2011 19:20:33 +0000 (UTC)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
In-Reply-To: <4EF7719A.8020902@FreeBSD.org>
Date: Sun, 25 Dec 2011 19:20:33 +0000
Content-Transfer-Encoding: quoted-printable
Message-Id: <762A1F72-F7F2-4076-BD9B-49E0DDE32643@lists.zabbadoz.net>
References: <1674097252.20111218125051@nitronet.pl>
	<4EEDD566.8020609@FreeBSD.org> <20111220163355.GA87584@DataIX.net>
	<4EF73A4A.3050902@FreeBSD.org>
	<1413850829.20111225184712@nitronet.pl>
	<AA3C6FCC-0817-4108-A107-3367A6F14757@lists.zabbadoz.net>
	<4EF7719A.8020902@FreeBSD.org>
To: Alexander V. Chernikov <melifaro@FreeBSD.org>
X-Mailer: Apple Mail (2.1084)
Cc: Pawel Tyll <ptyll@nitronet.pl>, "Andrey V. Elsukov" <ae@FreeBSD.org>,
	Jason Hellenthal <jhell@DataIX.net>, freebsd-ipfw@freebsd.org,
	freebsd-net@freebsd.org
Subject: Re: IPFW eXtended tables [Was: Re: IPFW tables, dummynet and IPv6]
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Dec 2011 19:20:39 -0000

On 25. Dec 2011, at 18:55 , Alexander V. Chernikov wrote:

> Bjoern A. Zeeb wrote:
>> On 25. Dec 2011, at 17:47 , Pawel Tyll wrote:
>>=20
>>> Hi Alexander,
>>>=20
>>>> Changes:
>>>> * Tables (actually, radix trees) are now created/freed on demand.
>>> Does  this  mean  IPFW_TABLES_MAX can now be safely set to =
arbitrarily
>>> high number that would allow flexible numbering of tables? =
Arbitrarily
>>> high  being 0xFFFFFFFF or some other nice large number that won't =
step
>>> on my ideas :)
> At the moment maximum number of tables remains the same however it is
> now possible to define IPFW_TABLES_MAX to 65k without much (memory)
> overhead. Since pointer to tables are stored in array, defining 2^32
> tables require 4G * (8+8+1) memory for pointers only.
>>=20
>> which also gets us to the point that the man page need to be updated =
along
>> with the same changes and I cannot see that as part of the diff.
> Sure. This is actually the first part of commit, interface table =
changes
>  and proper ipv6 'lookup' keyword support requires another change that
> is planned to be committed separately (with man page update)
>=20
>=20
> By the way, I see two possible syntax changes for interface tables:

changes or additions?  Try not to break old config files please if not =
needed.

>=20
> ipfw add .. skipto tablearg ip from any to any lookup
> <src-iface|dst-iface|iface>
> or
> ipfw add .. skipto tablearg ip from any to any recv|xmit|via table(X)
>=20
> Personally I like 'lookup' variant.
>=20
>>=20
>> /bz
>>=20
>=20
>=20

--=20
Bjoern A. Zeeb                                 You have to have visions!
         Stop bit received. Insert coin for new address family.