On ons, 2008-08-13 at 16:25 +1200, Amos Jeffries wrote: > > Or maybe = "" should be equivalent to SetEmpty() in which case the > > original code works, and can be simplified a lot... not sure how > > IPAddress is supposed to work here, if it at all is supposed to be used > > in = "".. > > It should be capable of accepting it. "" == NULL == "garbage" to IPAddress.
Assigning "garbage" is an error. What should the IPAddress be set to in such case? > IIRC, the ACLIP::match() logics depend on addr2 being either the end of a > range different to addr1 or empty for optimal testing. addr1==addr2 is > worst-case match() state for every request. I suspect normalising all specifications into ranges may actually be the optimal case.. that way the match function becomes very simple, just a memcmp if you like.. (well, two memcmp, one for each bound, and preferably with alignment attributes so GCC optimizes them fully). But it requires finally dropping support for non-contiguous netmasks. Regards Henrik
signature.asc
Description: This is a digitally signed message part
