-
Poul-Henning Kamp authored
The +table flag causes all overlapped ACL entries to be compiled as usual, and non-overlapped entries to be emitted as a table of bytes. When testing the ACL the compiled code is run before VPI_acl_table() is used to do a binary search on the table. Even with a binary search, the table is approx 3 times slower than the regular compiled ACLs (ie: only "blindingly fast" as oppposed to "lighting fast"). The advantage of +table is that C-compilers literally take no time, no matter the size of the ACL, where they will take seconds or even minutes compiling large ACLs as code.
cc885760