Re: netfilter IPv6 support

From: Jeff Garzik
Date: Thu Aug 26 2004 - 16:24:28 EST

Next message: jmerkey: "Re: 1GB/2GB/3GB User Space Splitting Patch 2.6.8.1 (PSEUDO SPAM)"
Previous message: David S. Miller: "Re: netfilter IPv6 support"
In reply to: David S. Miller: "Re: netfilter IPv6 support"
Next in thread: Thomas Zehetbauer: "Re: netfilter IPv6 support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Aug 26, 2004 at 02:06:37PM -0700, David S. Miller wrote:
> On Thu, 26 Aug 2004 16:25:36 -0400
> Jeff Garzik <jgarzik@xxxxxxxxx> wrote:
>
> > As Andi puts it, there is no infinite hash.
>
> Using hash tables would be the problem :-)
>
> Longest matching prefix lookup algorithms are a well researched area.
> One we have not taken advantage of much at all. This is more than
> evident in our routing and netfilter code and I'm working to do
> something about it. :-)

Well, I interpreted Andi's statement as a more general complaint about
the overhead of per-connection resources involved in stateful
firewalling.

For example, a NAT box behind which 32,000 hosts sit, or something like
that :)

Jeff

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: jmerkey: "Re: 1GB/2GB/3GB User Space Splitting Patch 2.6.8.1 (PSEUDO SPAM)"
Previous message: David S. Miller: "Re: netfilter IPv6 support"
In reply to: David S. Miller: "Re: netfilter IPv6 support"
Next in thread: Thomas Zehetbauer: "Re: netfilter IPv6 support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]