Luigi Rizzo wrote:
>
> > On Wed, Sep 19, 2001 at 07:39:13PM +0200, Leif Neland wrote:
> >
> > > Or you could patch ipfw to be able to use a hash-db :-)
> >
> > skipto caches the pointer of the rule its skipping to the first time
> > it uses that rule. not going to get a better hash hit then that...
>
> not enough. The original message was asking for a rule of the form
>
> <action> $addr in $set ...
>
> where $set is a potentially large set of addresses (or ports as well),
> which, when "compiled", creates a hash table where one can do the search
> on O(1) time.
>
> With the current syntax we still have to explode the set with individual
> rules (naive approach) or something resembling a trie (using skipto rules).
worst case for IPv4 is 32 rules... one per bit..
>
> cheers
> luigi
>
> ----------------------------------+-----------------------------------------
> Luigi RIZZO, [EMAIL PROTECTED] . ACIRI/ICSI (on leave from Univ. di Pisa)
> http://www.iet.unipi.it/~luigi/ . 1947 Center St, Berkeley CA 94704
> Phone (510) 666 2927 .
> ----------------------------------+-----------------------------------------
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-net" in the body of the message
--
+------------------------------------+ ______ _ __
| __--_|\ Julian Elischer | \ U \/ / hard at work in
| / \ [EMAIL PROTECTED] +------>x USA \ a very strange
| ( OZ ) \___ ___ | country !
+- X_.---._/ presently in San Francisco \_/ \\
v
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
