[bind10-dev] ACL Syntax proposal
Shane Kerr
shane at isc.org
Mon May 30 13:59:06 UTC 2011
Michal,
On Sun, 2011-05-29 at 10:38 +0000, Michal 'vorner' Vaner wrote:
> > You may want to take a look at the underlying data structure for ACLs
> > in BIND 9 (though it will hurt your head to do so, and I will need to buy
> > you a recreational beverage of your choice to apologize for the way I
> > wrote it).
>
> I'd love to, but I don't know if there's enough time for studying it. Maybe I'll
> enjoy it when there'll be the need to optimise it ;-). So, for now, I just take
> the description.
In my mind the most important implementation thing is the use of radix
trees, which are a lot faster once you have more than a smallish number
of match items, since it is an O(1) match regardless of how many match
items there are. (In the address part of ACL-matching only, not talking
about TSIG of course; although TSIG-matching can probably be made O(1)
by using a hash-table.)
Any more fancy optimizations can probably come after copying the radix
tree technique. :)
--
Shane
More information about the bind10-dev
mailing list