On Fri, May 20, 2016 at 03:24:26PM -0400, Wietse Venema wrote:
> I can do a little better than thats, and also give a number for the
> per-query overhead. With this i5-650 CPU @3.2GHZ, it takes 0.92
> seconds to parse 1 million IPv4 patterns, and less than about 0.01
> second to search through those 1 million IPv4 patterns.
>
> The matching process could be sped up a lot by adding support for
> IF/ENDIF as with regexp: and pcre: tables, but it is hard to justify
> that effort with current use cases.
Performance reasons aside, 'if ... endif' support can make the map
files more readable (matter of taste perhaps), and may be worthwhile
for that reason:
Before (exceptions before rule):
192.0.2.1 DUNNO
192.0.2.5 DUNNO
...
192.0.2.0/24 REJECT
After (rule first with nested exceptions):
if 192.0.2.0/24
192.0.2.1 DUNNO
192.0.2.5 DUNNO
...
0.0.0.0/0 REJECT
endif
--
Viktor.
