Actually, there wouldn't be any real performance penalty, because these embrionic states are in effect only a tree sorted list of one shot rules.
When they match they're removed from the embrionic tree, filled in with some other details, and moved to the normal state tree. It's just done faster than if you added rules to match the same things. And if you don't like using embrionic states, then you would have an empty embrionic state tree and it would then only require one extra pointer comparison (and seeing that it's NULL), before moving on to evaluating the rule set. And if you were to follow my previous post, you wouldn't even have to evalutate the tree until you found a rule in the rule list that allowed you to do so. -- Rukh On Wed, 30 Oct 2002, Henning Brauer wrote: > On Wed, Oct 30, 2002 at 10:24:29PM +0100, Daniel Hartmeier wrote: > > On Wed, Oct 30, 2002 at 08:41:12PM +0000, Roy Badami wrote: > > > > > It seems to me that whilst it might require a minimal amount of kernel > > > machinery to permit setup of the outgoing connection from the proxy, > > > once established it is identical in nature to the incoming > > > connection... > > > > This could be solved with 'embryonic states', a separate list/tree of > > state entries that lack certain parts (like source ports, which are > > usually random and not known in advance). After the normal state lookup > > (if it fails), but before the rule set evaluation, a matching embryonic > > state would be completed and turn into a normal state. > > Uh well, this sounds like a massive performance penalty... I don't think I > like that. > > >