On lör, 2007-09-01 at 01:00 +1200, Amos Jeffries wrote:
> A GOOD dtsdom_regexp would naturally fit in between dstdomain and dst.
> But squid apparently does not have a good regexp (I have not looked at
> it myself yet, just heard the screams of admin who tried it large-scale).
The problem with regex is that you can't sort them, and therefore you
can't build an intelligent lookup structure... and as a result Squid has
to search the whole list when using regex which scales very badly when
the list grows..
domains on the other hand is easy to sort, so dstdomain can build an
intelligent lookup structure for performing the match. Squid currently
uses play trees for this purpose to speed up repeated matches of the
same key..
What can be done easily is to further speed up the dstdomain acl by
simply replacing the tree lookup with an even more efficient tree.
But there is no known easy ways of speeding up the regex matches, other
than possibly trying to merge as many regexes as possible into one jumbo
expression which might be quicker in some regex libraries and slower in
other... if lucky this improves the regex matching maybe 10 fold, but
still it scales rather badly with size...
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:04 MDT