From owner-freebsd-questions@freebsd.org Sat Aug 29 08:37:17 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 117BA9C3569 for ; Sat, 29 Aug 2015 08:37:17 +0000 (UTC) (envelope-from dmitry@pushware.net) Received: from mail.pushware.net (mail.pushware.net [198.245.177.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E0452896 for ; Sat, 29 Aug 2015 08:37:16 +0000 (UTC) (envelope-from dmitry@pushware.net) Received: from localhost (localhost [127.0.0.1]) by mail.pushware.net (Postfix) with ESMTP id 766125F3518; Sat, 29 Aug 2015 01:37:52 -0700 (PDT) Received: from mail.pushware.net ([127.0.0.1]) by localhost (mail.pushware.net [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id CAXKddt37xzc; Sat, 29 Aug 2015 01:37:51 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.pushware.net (Postfix) with ESMTP id 6EFE35F3516; Sat, 29 Aug 2015 01:37:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at pushware.net Received: from mail.pushware.net ([127.0.0.1]) by localhost (mail.pushware.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id du4O3BBs6h9u; Sat, 29 Aug 2015 01:37:51 -0700 (PDT) Received: from mail.pushware.net (mail.pushware.net [10.5.2.5]) by mail.pushware.net (Postfix) with ESMTP id 317EB5F3518; Sat, 29 Aug 2015 01:37:51 -0700 (PDT) Date: Sat, 29 Aug 2015 01:37:51 -0700 (PDT) From: Dmitry Mikhailov To: Hien Phan Cc: freebsd-questions Message-ID: <470638235.387.1440837471041.JavaMail.zimbra@pushware.net> In-Reply-To: References: <2142623530.346.1440828562305.JavaMail.zimbra@pushware.net> Subject: Re: syncookie CPU load MIME-Version: 1.0 X-Originating-IP: [10.5.2.5] X-Mailer: Zimbra 8.6.0_GA_1178 (ZimbraWebClient - FF40 (Mac)/8.6.0_GA_1178) Thread-Topic: syncookie CPU load Thread-Index: ZtF/Jg1jr2PfFXddYo1JY2StpV3dDw== Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Aug 2015 08:37:17 -0000 Will PF synproxy allow to bypass the part of the code that causes high interrupt CPU usage? Dmitry From: "Hien Phan" To: "Dmitry Mikhailov" Cc: "freebsd-questions" Sent: Saturday, August 29, 2015 12:12:04 AM Subject: Re: syncookie CPU load Hello, pf has built-in synproxy support, you could try it. On Sat, Aug 29, 2015 at 1:09 PM, Dmitry Mikhailov < dmitry@pushware.net > wrote: Doing a SYN flood test with FreeBSD on Xeon D (8 core) with syncookies enabled and the CPU load is around 20% (interrupts) at 150K pps. Is there any way reconfigure FreeBSD to bring this load down? Linux has a solution with netfilter synproxy which would not notice this low pps rate so I am wondering whether something similar is possible with FreeBSD? Dmitry _______________________________________________ freebsd-questions@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to " freebsd-questions-unsubscribe@freebsd.org "