From owner-freebsd-stable Sat Dec 2 15:32:52 2000 Delivered-To: freebsd-stable@freebsd.org Received: from pilikia.net (pilikia.net [12.36.98.183]) by hub.freebsd.org (Postfix) with ESMTP id CC97937B401 for ; Sat, 2 Dec 2000 15:32:48 -0800 (PST) Received: from gecko (gecko.local.pilikia.net [192.168.0.9]) by pilikia.net (8.9.3/8.9.3) with ESMTP id NAA28277; Sat, 2 Dec 2000 13:32:19 -1000 (HST) (envelope-from art@pilikia.net) Message-ID: <200012021332200050.180E38E0@smtp> In-Reply-To: References: X-Mailer: Calypso Version 3.10.03.02 (3) Date: Sat, 02 Dec 2000 13:32:20 -1000 Reply-To: art@pilikia.net From: "Arthur W. Neilson III" To: "Gordon Tetlow" Cc: stable@freebsd.org Subject: Re: Accept filters Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Right on, thanks for the info - just what I was looking for! My web server= is very lightly loaded, KeepAlive is set at the default of 5 :^). Surely I don't need the= accept filters. On 12/2/00 at 3:17 PM Gordon Tetlow wrote: >On Sat, 2 Dec 2000, Arthur W. Neilson III wrote: > >> I'm slowly building up a 4.2-STABLE box to replace my 3.5-STABLE= firewall box and am >> about to rebuild the kernel with the IPFW stuff enabled. Noticed a= couple unfamiliar >> options in LINT near where the IPFIREWALL stuff is, ACCEPT_FILTER_DATA >> and ACCEPT_FILTER_HTTP. The extremely brief comment just says these= control >> wether the accept filters are statically linked or not. I suppose it's= a performance >> win to statically link as you don't have to allocate/free filter storage= repetitively? >> Should I enable these options or not? > >I'll give a shot at this one. Please correct me if I'm wrong. > >Short Answer: No. > >Long Answer: >The accept filters delay passing off an incoming connection out of the >kernel and into a userland process until some set of conditions is met. >For the DATA filter, the condition is some packet must be received. For >the HTTP filter, the condition is a valid set of HTTP headers must be >received. Applications must be specifically written to take advantage of >the filter. AFAIK the only software written for these filters is Apache >1.3.13 and higher. And for a small capacity server, you won't notice the >difference. > >For more info read the apache docs on it at: >http://www.apache.org/docs/misc/perf-bsd44.html#accf > >-gordon -- __ / ) _/_ It is a capital mistake to theorise before one has data. /--/ __ / Insensibly one begins to twist facts to suit theories, / (_/ (_<__ Instead of theories to suit facts. -- Sherlock Holmes, "A Scandal in Bohemia" Arthur W. Neilson III, WH7N - FISTS #7448 Bank of Hawaii Tech Support http://www.pilikia.net art@pilikia.net, aneilson@boh.com, wh7n@arrl.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message