[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DataStructure for Storing SPD,SA Entries

To: "Hilarie Orman" <HORMAN@volera.com>
Subject: Re: DataStructure for Storing SPD,SA Entries
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Mon, 15 Oct 2001 14:19:18 -0400
Cc: agokhale@postmaster.co.uk, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

In message <sbcaca2a.040@prv-mail20.provo.novell.com>, "Hilarie Orman" writes:
>If the SPD's are non-interfering, the hash table is fine.  I'd guess that
>these are the normal case for most configurations, but it's just a guess.
>

Sure -- but you have to verify that first, and if there are rules that do
interfere you need a backup datastructure or you need to expand the 
SPD, which again takes checking and special code.

I'm not objecting to hash tables -- *if* they're applicable.  My note 
was more a caution on applicability.

		--Steve Bellovin, http://www.research.att.com/~smb
		Full text of "Firewalls" book now at http://www.wilyhacker.com

Follow-Ups:

Re: DataStructure for Storing SPD,SA Entries

From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: DataStructure for Storing SPD,SA Entries
Next by Date: Re: DataStructure for Storing SPD,SA Entries
Prev by thread: Re: DataStructure for Storing SPD,SA Entries
Next by thread: Re: DataStructure for Storing SPD,SA Entries
Index(es):
- Main
- Thread