[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DataStructure for Storing SPD,SA Entries
In message <sbcaca2a.040@prv-mail20.provo.novell.com>, "Hilarie Orman" writes:
>If the SPD's are non-interfering, the hash table is fine. I'd guess that
>these are the normal case for most configurations, but it's just a guess.
>
Sure -- but you have to verify that first, and if there are rules that do
interfere you need a backup datastructure or you need to expand the
SPD, which again takes checking and special code.
I'm not objecting to hash tables -- *if* they're applicable. My note
was more a caution on applicability.
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com
Follow-Ups: