tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 51953] Proposal: netmask filtering valve and filter
Date Tue, 04 Oct 2011 21:30:27 GMT

--- Comment #8 from Francis Galiegue <> 2011-10-04 21:30:27 UTC ---
(In reply to comment #7)
> This code is executed unconditionally:
> "
> final InetAddress addr = InetAddress.getByName(property);
> for (final NetMask nm: deny)
>      if (nm.matches(addr))
> "
> NetMask.matches does a new BigInteger().shiftRight (though the shift should be
> 0 bytes, and so should be pretty quick).
> Remember that this code may be executed for every request, include, and
> forward, so you'd better take every opportunity to reduce the amount of time
> required to run it.

Good point. I was tempted at first to do a byte[] manipulation but found
BigInteger to be very practical, especially since it requires the byte array to
be in network order -- which is what I wanted.

I'll have that second implementation working and compare the results in speed.

> In terms of making it more generic, what I meant was that you would be able to
> quickly match exact-matches (using a simple String.equals) and only do the
> extra work when there was a netmask to actually check.

That's true, but consider ::ffff: it actually is the same than An .equals() won't work here. OK, that's going far, but still.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message