Re: IPFW: table approvement

[Lowell Gilbert]

KES  writes:

> Is it right place to post ideas?

Sure.  That doesn't mean anyone will implement them for you, but you can
try to discuss them here.

> If it is lets suggest next approvement
>
> IPFW has 'table' command
> each table entry has some 'tablearg'
>
> There are situations when you need each entry has multiple values.
> For example:
>
>
> #NAT
> table 1 add 10.0.1.0/24 1
> table 1 add 10.0.2.0/24 2
>
> #PIPE
> table 2 add 10.0.1.0/24 3
> table 2 add 10.0.2.0/24 4
>
> #tag
> table 3 add 10.0.1.0/24 7
> table 4 add 10.0.2.0/24 9
>
> ipfw add XXX tag  tablearg all from table(1) to any
> ipfw add XXX nat  tablearg all from table(2) to any
> ipfw add XXX pipe tablearg all from table(3) to any
>
>
> I will be best if it can be optimized as next:
> table 1 add 10.0.1.0/24 1 3 7
> table 1 add 10.0.2.0/24 2 4 9
>
> #user can name columns as:
> table 1 columns nat pipe tag
>
> #1. compatibility: first column can be used as usual
> ipfw add XXX tag tablearg all from table(1) to any
>
> #2. you may use value from second column of table entry as:
> ipfw add XXX nat tablearg(2) all from table(1) to any
>
> #3. you may use value by name
> ipfw add XXX pipe tablearg(pipe) all from table(1) to any
>
> #4. finally it will be good to apply multiple commands to one rule:
> ipfw add XXX pipe tablearg(pipe) nat tablearg(2) tag tablearg all from 
> table(1) to any
>
> What do you think?

It doesn't seem very efficient.  The tags and associated values would
have to be stored outside of the table entry itself, so there would be
more data structure traversal on every packet.  

Probably better would be to stick to the current scheme in the value
itself, and hash out of it.  

A big advantage of open source, of course, is that you can try your
ideas out yourself, and see how they work.

-- 
Lowell Gilbert, embedded/networking software engineer, Boston area
http://be-well.ilk.org/~lowell/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

IPFW: table approvement

[KES]

Hi.

Is it right place to post ideas?

If it is lets suggest next approvement

IPFW has 'table' command
each table entry has some 'tablearg'

There are situations when you need each entry has multiple values.
For example:


#NAT
table 1 add 10.0.1.0/24 1
table 1 add 10.0.2.0/24 2

#PIPE
table 2 add 10.0.1.0/24 3
table 2 add 10.0.2.0/24 4

#tag
table 3 add 10.0.1.0/24 7
table 4 add 10.0.2.0/24 9

ipfw add XXX tag  tablearg all from table(1) to any
ipfw add XXX nat  tablearg all from table(2) to any
ipfw add XXX pipe tablearg all from table(3) to any


I will be best if it can be optimized as next:
table 1 add 10.0.1.0/24 1 3 7
table 1 add 10.0.2.0/24 2 4 9

#user can name columns as:
table 1 columns nat pipe tag

#1. compatibility: first column can be used as usual
ipfw add XXX tag tablearg all from table(1) to any

#2. you may use value from second column of table entry as:
ipfw add XXX nat tablearg(2) all from table(1) to any

#3. you may use value by name
ipfw add XXX pipe tablearg(pipe) all from table(1) to any

#4. finally it will be good to apply multiple commands to one rule:
ipfw add XXX pipe tablearg(pipe) nat tablearg(2) tag tablearg all from table(1) 
to any

What do you think?

-- 
С уважением,
 KES  mailto:kes-...@yandex.ru

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"