Simon Matter wrote: > My question is whether it's possible to use perl for some kind of > Shorewall-accelerator. I mean if it would be possible to create a simple > shell to perl converter which then runs perl instead of the shell and does > exactly the same, then it could be used whenever perl is available, > otherwise a shell would be used.
If we look at overall performance, the compiler and the generated script need to be considered separately. I don't believe that the fact that the generated script is interpreted using a Bourne shell is a significant contributing factor to its performance. The bulk of the time is spent in fork() and exec() while launching iptables 1000s of times. So I think that we're safe in leaving that part alone. The compiler is a different issue. One problem is that some of the things needed to make Shorewall generate iptables-restore input would be very slow if implemented in the shell. Even though Perl is a somewhat quirky language, it works really well for writing the compiler part of Shorewall. But the Perl version of the compiler employs quite different algorithms from those used in the shell. My belief is that a shell->Perl translator capable of translating the current Shorewall shell code would comprise a much larger project then Shorewall itself. One example of what it would need to do: Because the shell provides exactly one hash table (it's symbol table), the current Shorewall code manufactures symbols on the fly (using 'eval') in an attempt to provide some of the same function that Perl hashes do. It would take a very smart program to see through what the current code is doing and create Perl hashes instead. Another factor concerning the current code is that it is beginning to get somewhat fragile. Today's Shorewall is doing many things that were not envisioned in the original design. The shell also tends to promote some bad programming practices, owing to the fact that all symbols are global (and I didn't start from the beginning setting the -u option). As a consequence, it is getting more and more difficult to extend the code to do new things without breaking old things. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ leaf-devel mailing list leaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-devel