proxymap(8), number of connections, detecting altered tables
in [Postfix]
|
Prev: proxymap(8), number of connections, detecting altered tables
Next: address verification, smtpd_mumble_error_limit,smtpd_client_event_limit_exceptions
From: Wietse Venema on 15 Jul 2010 15:37 Victor Duchovni: > On Thu, Jul 15, 2010 at 02:31:36PM -0400, Wietse Venema wrote: > > > > Also, only use proxymap for IPC based tables (ldap, mysql, pgsql, tcp, ...), > > > do not use proxymap for indexed files, cidr tables, pcre/regexp tables, .... > > > > It depends on what the trade-offs are. I know of one user with > > very large cidr tables - sacrificing performance to avoid running > > out of physical memory. > > One might suggest that CIDR is not a good fit for this even if stored > just once, an IPC based server that walks trees rather than lists > would be far more suitable... I agree that the Postfix CIDR implementation achieves simplicity of implementation (including correctness) by sacrificing space and speed. It seems that speed-wise improvements could be made cheaply by adding IF/ENDIF support, similar to the regexp/pcre tables. Wietse
From: Victor Duchovni on 15 Jul 2010 15:55
On Thu, Jul 15, 2010 at 03:37:02PM -0400, Wietse Venema wrote: > > One might suggest that CIDR is not a good fit for this even if stored > > just once, an IPC based server that walks trees rather than lists > > would be far more suitable... > > I agree that the Postfix CIDR implementation achieves simplicity > of implementation (including correctness) by sacrificing space and > speed. > > It seems that speed-wise improvements could be made cheaply by > adding IF/ENDIF support, similar to the regexp/pcre tables. Yes, this did occur to me: IF 192.0.0.0/4 IF 192.0.0.0/12 IF 192.0.0.0/20 192.0.2.1 REJECT example address ENDIF optional text ENDIF 192.0.0.0/12 ENDIF 192.0.0.0/4 plus a suitable "compiler" script that constructs a sensibly efficient nested IF structure from a list of CIDR blocks. -- Viktor. |