Re: The Future

From: Christian Kratzer <>
Date: Fri, 3 Jan 1997 01:50:29 +0100 (MET)


> said:
> } A separate process would only make matters more complicated and would
> } not do anything to speed up the lookup. A decent algorithm for ip acl
> } lookup would do the job far nicer.
> I think that having the acl stuff as a separate process need not
> significantly slow things down. If given a nice API, it does allow you to
> do some very wierd and wonderful things with ACL processing, so a policy
> based setup, or bandwidth based access limitation could be coded by
> someone external to squid and just dropped in - just like the rewriting.

yest it may not slow it down too much but I dont't think it's wort the
effort of putting acl searches to an external process when we could achieve
an order of magnitude faster response by going from a liner search
to a hashed or tree structure.

I have implemented an an ip to net matching algorithm with a hashtable
in a separate project. The bsd4.4 kernel uses a structure they call a
radix tree for the routing table. Both have in common that the search
goes from O(n) to O(log n)

This kind of change would bring lots of speed to acl mathing without any
significant rework.

Christian Kratzer

TopLink GbR, Internet Services
Christian Kratzer
Phone: 	+49 7452 885-0
Fax: 	+49 7452 885-199	FreeBSD spoken here!
Received on Thu Jan 02 1997 - 17:12:15 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:58 MST