Miles Sabin wrote:
Daniel Hartmeier wrote,
On Fri, Dec 20, 2002 at 12:25:57PM -0500, Michael Shalayeff wrote:
if i'm not mistaken n is the address length there...
so, regardless of the number of addresses in the set it's still
a constant for each address family...
Oh, my bad, so it's O(1)
Damien Miller wrote,
Miles Sabin wrote:
Just a suggestion ...
Take a peek at ternary trees for this kind of thing,
http://www.ddj.com/documents/s=921/ddj9804a/9804a.htm
http://citeseer.nj.nec.com/bentley97fast.html
Also the data structure described in:
Daniel Hartmeier wrote,
On Fri, Dec 20, 2002 at 12:25:57PM -0500, Michael Shalayeff wrote:
if i'm not mistaken n is the address length there...
so, regardless of the number of addresses in the set it's still
a constant for each address family...
Oh, my bad, so it's O(1) like a hash table,
On Fri, Dec 20, 2002 at 06:12:09PM +0100, Henning Brauer wrote:
I think it's useless. you can simply use N rules for N hosts.
Rule evaluation is O(n), at least for a huge block of rules that are
equal except for their addresses, while lookups in patricia trees are
O(log n)...
Daniel
Henning Brauer wrote:
On Fri, Dec 20, 2002 at 05:55:00PM +0100, Cedric Berger wrote:
As you might remember, I was interrested in an extension to PF
to be able to assign and manage a huge list of addresses to the
source or destination of any PF rule.
and if I
should try to clean it up and port
Making, drinking tea and reading an opus magnum from Daniel Hartmeier:
On Fri, Dec 20, 2002 at 06:12:09PM +0100, Henning Brauer wrote:
I think it's useless. you can simply use N rules for N hosts.
Rule evaluation is O(n), at least for a huge block of rules that are
equal except for their
On Fri, Dec 20, 2002 at 06:19:18PM +0100, Daniel Hartmeier wrote:
On Fri, Dec 20, 2002 at 06:12:09PM +0100, Henning Brauer wrote:
I think it's useless. you can simply use N rules for N hosts.
Rule evaluation is O(n), at least for a huge block of rules that are
equal except for their
On Fri, Dec 20, 2002 at 06:38:58PM +0100, Daniel Hartmeier wrote:
On Fri, Dec 20, 2002 at 06:31:03PM +0100, Cedric Berger wrote:
Assuming that each host needs X rules, it becomes N x X, which in my
case, could
easily be 10'000 x 10, which is huge, and a PITA to manage (i.e remove
and
Henning Brauer wrote:
well then let's look at it post-3.3. It's too late, too big, and too many
stuff has already changed.
I'm not in the position to look at a time frame. I would already be
very happy if it was one day included.
However, let me just say again that I designed that code with
Heh, I grant you that it's fast :)
+ if (m-addr32[0] == 0xCAFEBABE) {
+ if (pf_x_match_addr)
+ return pf_x_match_addr(a, m, b, af) ? !n : n;
+ return n;
+ }
But I think you need some out-of-band flag instead of a magic value.
Daniel Hartmeier wrote:
Heh, I grant you that it's fast :)
+ if (m-addr32[0] == 0xCAFEBABE) {
+ if (pf_x_match_addr)
+ return pf_x_match_addr(a, m, b, af) ? !n : n;
+ return n;
+ }
But I think you need some out-of-band flag instead
Daniel Hartmeier wrote:
Heh, I grant you that it's fast :)
+ if (m-addr32[0] == 0xCAFEBABE) {
+ if (pf_x_match_addr)
+ return pf_x_match_addr(a, m, b, af) ? !n : n;
+ return n;
+ }
But I think you need some out-of-band flag instead
Making, drinking tea and reading an opus magnum from Henning Brauer:
On Fri, Dec 20, 2002 at 06:38:58PM +0100, Daniel Hartmeier wrote:
On Fri, Dec 20, 2002 at 06:31:03PM +0100, Cedric Berger wrote:
Assuming that each host needs X rules, it becomes N x X, which in my
case, could
On Fri, Dec 20, 2002 at 07:40:09PM +0100, Henning Brauer wrote:
On Fri, Dec 20, 2002 at 01:30:09PM -0500, Michael Shalayeff wrote:
Making, drinking tea and reading an opus magnum from Henning Brauer:
well, that sucks. you can justify any code with any imaginary setup.
i do not understand
On Fri, 2002-12-20 at 13:30, Michael Shalayeff wrote:
well then let's look at it post-3.3. It's too late, too big, and too many
stuff has already changed.
hmm, it's four months before the next release, given at least
two months for an easy playing around and properly designed code
this is
On Fri, Dec 20, 2002 at 01:46:27PM -0500, Michael Lucas wrote:
I'm questing wether we still should bring new shit in. The number of bugs we
found recently is scary, and the new shit needs serious testing. And adding
_more_ features is for sure not helpfull.
As a user, please: stability
On Fri, Dec 20, 2002 at 01:56:40PM -0500, Michael Shalayeff wrote:
Making, drinking tea and reading an opus magnum from Jason Dixon:
On Fri, 2002-12-20 at 13:30, Michael Shalayeff wrote:
well then let's look at it post-3.3. It's too late, too big, and too many
stuff has already changed.
On Fri, Dec 20, 2002 at 08:07:59PM +0100, Cedric Berger wrote:
Now that change could result in a missed skip-step optimization if there
are two identical AF_INET addresses loaded with a different values in
words 1-3. I've added some code in pf_ioctl to always zero words 1-3
when we load the
On Fri, Dec 20, 2002 at 08:20:00PM +0100, Cedric Berger wrote:
Do you think that pf.c code will continue to change a lot
the following weeks?
no.
Michael Shalayeff wrote:
Making, drinking tea and reading an opus magnum from Cedric Berger:
Michael Shalayeff wrote:
so far, it's not implemented yet, nothing to talk about.
i suggest we return to this when some real diff resurfaces.
Does that mean that it's worth for me (and
Daniel Hartmeier wrote:
On Fri, Dec 20, 2002 at 07:11:12PM +0100, Cedric Berger wrote:
Yes, it's a valid address, but not a valid mask :)
Oh, misread the 'm-'. Hmm, it's not an invalid mask, actually, but one
pfctl can't load yet. There were a couple of requests to allow arbitrary
masks
21 matches
Mail list logo
