I also agree that a runtime structure to track traffic attributes and match them to targets would be great. I created my own match-tree table generator to achieve a similar effect. It works, but updating large static structures can be rather time consuming and fragile. I have a question about the '-g' terminology used by Casper and Oscar. Is this a new piece of functionality? Or are you talking about the --goto option? Susan > > This all begs the question on how effective some tree structure with -g > > is implemented, to figure out how much of a performance benefit such a > > new target would have over a treelike chain structure. > > If we compare many linear -g with just one function gettarget(ip) the > different is many/one. Tree-like -g structure would save most > comparitions, but is hard to write for every task. Function-like target > is real fast and fully automatic, the only disadvantage is in fact it > doesn't exist :) > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
