Date: Sun, 13 Feb 2005 20:49:16 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: Scott Long <scottl@freebsd.org> Cc: freebsd-stable@freebsd.org Subject: Re: 5.x concerns Message-ID: <Pine.NEB.3.96L.1050213204741.52401C-100000@fledge.watson.org> In-Reply-To: <42064C2D.6030401@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 6 Feb 2005, Scott Long wrote: > > 3 - robustness, 5.3 seems to not handle ddos attacks so well, I > > remember on a 4.x machine I could easily take a full 100mbit udp flood > > and have the server respond albeit maybe with some lag but it stayed > > functional, 5.x seems to crumble under a lot less pressure on the same > > machine. This could be with pf been loaded on top of ipfw adding > > extra overhead I dont know. > > This probably would add quite a bit of overhead. The ipfw package is > not locked, so dealing with that adds even more overhead, unfortunately. Actualy, just to set the record straight on this technically -- ipfw is locked, albeit using a variation on the sx lock theme. ipfw will run without Giant as long as the rest of the stack is running without Giant. Robert N M Watson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1050213204741.52401C-100000>