On Thu, Jul 15, 2010 at 03:37:02PM -0400, Wietse Venema wrote:
> > One might suggest that CIDR is not a good fit for this even if stored
> > just once, an IPC based server that walks trees rather than lists
> > would be far more suitable...
>
> I agree that the Postfix CIDR implementation achieves simplicity
> of implementation (including correctness) by sacrificing space and
> speed.
>
> It seems that speed-wise improvements could be made cheaply by
> adding IF/ENDIF support, similar to the regexp/pcre tables.
Yes, this did occur to me:
IF 192.0.0.0/4
IF 192.0.0.0/12
IF 192.0.0.0/20
192.0.2.1 REJECT example address
ENDIF optional text
ENDIF 192.0.0.0/12
ENDIF 192.0.0.0/4
plus a suitable "compiler" script that constructs a sensibly
efficient nested IF structure from a list of CIDR blocks.
--
Viktor.
