tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 51953] Proposal: netmask filtering valve and filter
Date Tue, 04 Oct 2011 21:30:27 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=51953

--- Comment #8 from Francis Galiegue <fgaliegue@gmail.com> 2011-10-04 21:30:27 UTC ---
(In reply to comment #7)
> This code is executed unconditionally:
> 
> "
> final InetAddress addr = InetAddress.getByName(property);
> 
> for (final NetMask nm: deny)
>      if (nm.matches(addr))
> "
> 
> NetMask.matches does a new BigInteger().shiftRight (though the shift should be
> 0 bytes, and so should be pretty quick).
> 
> Remember that this code may be executed for every request, include, and
> forward, so you'd better take every opportunity to reduce the amount of time
> required to run it.
> 

Good point. I was tempted at first to do a byte[] manipulation but found
BigInteger to be very practical, especially since it requires the byte array to
be in network order -- which is what I wanted.

I'll have that second implementation working and compare the results in speed.

> In terms of making it more generic, what I meant was that you would be able to
> quickly match exact-matches (using a simple String.equals) and only do the
> extra work when there was a netmask to actually check.

That's true, but consider ::ffff:127.0.0.1: it actually is the same than
127.0.0.1. An .equals() won't work here. OK, that's going far, but still.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message