tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 51953] Proposal: netmask filtering valve and filter
Date Tue, 04 Oct 2011 21:15:43 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=51953

--- Comment #7 from Christopher Schultz <chris@christopherschultz.net> 2011-10-04 21:15:43
UTC ---
This code is executed unconditionally:

"
final InetAddress addr = InetAddress.getByName(property);

for (final NetMask nm: deny)
     if (nm.matches(addr))
"

NetMask.matches does a new BigInteger().shiftRight (though the shift should be
0 bytes, and so should be pretty quick).

Remember that this code may be executed for every request, include, and
forward, so you'd better take every opportunity to reduce the amount of time
required to run it.

In terms of making it more generic, what I meant was that you would be able to
quickly match exact-matches (using a simple String.equals) and only do the
extra work when there was a netmask to actually check.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message