В Вто, 28/04/2009 в 10:39 -0500, Susan Hinrichs пишет: > I also agree that a runtime structure to track traffic attributes and > match them to targets would be great. I created my own match-tree table > generator to achieve a similar effect. It works, but updating large > static structures can be rather time consuming and fragile. Can you share details? > I have a question about the '-g' terminology used by Casper and Oscar. > Is this a new piece of functionality? Or are you talking about the > --goto option? Personaly, I was talking about --goto. > > > This all begs the question on how effective some tree structure with -g > > > is implemented, to figure out how much of a performance benefit such a > > > new target would have over a treelike chain structure. > > > > If we compare many linear -g with just one function gettarget(ip) the > > different is many/one. Tree-like -g structure would save most > > comparitions, but is hard to write for every task. Function-like target > > is real fast and fully automatic, the only disadvantage is in fact it > > doesn't exist :) > > > > -- Покотиленко Костик <casper@xxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
