Date: Tue, 27 Jan 2015 17:08:27 -0500 From: Antoine =?utf-8?Q?Beaupr=C3=A9?= <anarcat@koumbit.org> To: wishmaster <artemrts@ukr.net> Cc: freebsd-net@freebsd.org Subject: Re: is polling still a thing? Message-ID: <87pp9zc1wk.fsf@marcos.anarc.at> In-Reply-To: <1422384769.867067950.y2iiuu53@frv34.fwdcdn.com> References: <871tmgceup.fsf@marcos.anarc.at> <1422384769.867067950.y2iiuu53@frv34.fwdcdn.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2015-01-27 13:57:20, wishmaster wrote:
> Have you consider to use netmap-based ipfw instead pf in DDoS mitigation?=
I think you should. And without any network ''haks'' like polling.
My understanding of netmap was that it wasn't useful for packet
forwarding, because its design is for transmitting packets directly to
userland faster, whereas routers dataflow stay mostly in the router...
I'm hesitant in switching back to ipfw, considering how nice the
featureset and syntax of pf is. But if that's what's needed to restore
sanity...
a.
--=20
Celui qui sait jouir du peu qu'il a est toujours assez riche.
- D=C3=A9mocrite
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87pp9zc1wk.fsf>