From: Mark Wooding <mdw@distorted.org.uk>
Date: Mon, 5 Mar 2012 23:16:25 +0000 (+0000)
Subject: Overhaul address classification.
X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/commitdiff_plain/beb4f0eeafb386d83f2593fec489f4291583e08b?hp=beb4f0eeafb386d83f2593fec489f4291583e08b

Overhaul address classification.

The current system isn't scaling.  Adding new networks in particular is
very difficult, and requires subtle changes to all of the host
definitions -- which is also rather tedious.

This new version overhauls the way that the classification chains are
constructed.  The important part is that they're now derived from a
single description of the entire network.  (This isn't necessary: the
network and hosts could be scattered arbitrarily, but it makes
management easier for me.)

The critical bit is the algorithm in `net_interfaces' which computes
which networks' source addresses can arrive at a particular interface.
This algorithm isn't especially clever (what with being written in
Bourne shell and all) but seems to do the job fairly well, and it has
enough knobs to tweak that getting the right answer isn't too hard.
---