RE: em0, polling performance, P4 2.8ghz FSB 800mhz
From: Mike Silbersack (silby_at_silby.com)
Date: 02/29/04
- Previous message: Don Bowman: "RE: em0, polling performance, P4 2.8ghz FSB 800mhz"
- In reply to: Don Bowman: "RE: em0, polling performance, P4 2.8ghz FSB 800mhz"
- Next in thread: Deepak Jain: "Re: em0, polling performance, P4 2.8ghz FSB 800mhz"
- Reply: Deepak Jain: "Re: em0, polling performance, P4 2.8ghz FSB 800mhz"
- Reply: Robert Watson: "RE: em0, polling performance, P4 2.8ghz FSB 800mhz"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 29 Feb 2004 00:13:21 -0600 (CST) To: Don Bowman <don@sandvine.com>
On Sat, 28 Feb 2004, Don Bowman wrote:
> You could use ipfw to limit the damage of a syn flood, e.g.
> a keep-state rule with a limit of ~2-5 per source IP, lower the
> timeouts, increase the hash buckets in ipfw, etc. This would
> use a mask on src-ip of all bits.
> something like:
> allow tcp from any to any setup limit src-addr 2
>
> this would only allow 2 concurrent TCP sessions per unique
> source address. Depends on the syn flood you are expecting
> to experience. You could also use dummynet to shape syn
> traffic to a fixed level i suppose.
Does that really help? If so, we need to optimize the syncache. :(
Mike "Silby" Silbersack
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
- Previous message: Don Bowman: "RE: em0, polling performance, P4 2.8ghz FSB 800mhz"
- In reply to: Don Bowman: "RE: em0, polling performance, P4 2.8ghz FSB 800mhz"
- Next in thread: Deepak Jain: "Re: em0, polling performance, P4 2.8ghz FSB 800mhz"
- Reply: Deepak Jain: "Re: em0, polling performance, P4 2.8ghz FSB 800mhz"
- Reply: Robert Watson: "RE: em0, polling performance, P4 2.8ghz FSB 800mhz"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
