Return-Path: X-Original-To: apmail-tomcat-dev-archive@www.apache.org Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 30C5D7123 for ; Tue, 4 Oct 2011 21:30:50 +0000 (UTC) Received: (qmail 99864 invoked by uid 500); 4 Oct 2011 21:30:49 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 99801 invoked by uid 500); 4 Oct 2011 21:30:49 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 99792 invoked by uid 99); 4 Oct 2011 21:30:49 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Oct 2011 21:30:49 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.115] (HELO eir.zones.apache.org) (140.211.11.115) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Oct 2011 21:30:48 +0000 Received: by eir.zones.apache.org (Postfix, from userid 80) id A2E3A4F281; Tue, 4 Oct 2011 21:30:27 +0000 (UTC) From: bugzilla@apache.org To: dev@tomcat.apache.org Subject: DO NOT REPLY [Bug 51953] Proposal: netmask filtering valve and filter Date: Tue, 04 Oct 2011 21:30:27 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Tomcat 7 X-Bugzilla-Component: Catalina X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fgaliegue@gmail.com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: dev@tomcat.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 https://issues.apache.org/bugzilla/show_bug.cgi?id=51953 --- Comment #8 from Francis Galiegue 2011-10-04 21:30:27 UTC --- (In reply to comment #7) > This code is executed unconditionally: > > " > final InetAddress addr = InetAddress.getByName(property); > > for (final NetMask nm: deny) > if (nm.matches(addr)) > " > > NetMask.matches does a new BigInteger().shiftRight (though the shift should be > 0 bytes, and so should be pretty quick). > > Remember that this code may be executed for every request, include, and > forward, so you'd better take every opportunity to reduce the amount of time > required to run it. > Good point. I was tempted at first to do a byte[] manipulation but found BigInteger to be very practical, especially since it requires the byte array to be in network order -- which is what I wanted. I'll have that second implementation working and compare the results in speed. > In terms of making it more generic, what I meant was that you would be able to > quickly match exact-matches (using a simple String.equals) and only do the > extra work when there was a netmask to actually check. That's true, but consider ::ffff:127.0.0.1: it actually is the same than 127.0.0.1. An .equals() won't work here. OK, that's going far, but still. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org