Hi. Looking into various ways of managing large rulebases using automated tools, and was thinking, would it make sense to have a hashed jump operation?
I.e. in one operation, jump to one of 2^n chains depending on a 2^n sized hash of a selected criteria (source, destination ip/port, protocol, etc..) Another option is obviously to create search trees by match -> jump with a set of intermediary chains. If one would attempt to implement such kinds of multitired jumps (hashed or whatever internal selection criteria), any ideas on how to proceed? I.e. how to write a custom "jump" like target? - How to reference the possible target chains? I.e. how to in the userspace tool convert user friendly chain names to their kernel name? - How to tell the core that processing should jump to the selected chain once the custom target has figured out which chain to jump to? Regards Henrik Nordström
