5.x concerns
Robert Watson
rwatson at FreeBSD.org
Sun Feb 13 12:50:32 PST 2005
On Sun, 6 Feb 2005, Scott Long wrote:
> > 3 - robustness, 5.3 seems to not handle ddos attacks so well, I
> > remember on a 4.x machine I could easily take a full 100mbit udp flood
> > and have the server respond albeit maybe with some lag but it stayed
> > functional, 5.x seems to crumble under a lot less pressure on the same
> > machine. This could be with pf been loaded on top of ipfw adding
> > extra overhead I dont know.
>
> This probably would add quite a bit of overhead. The ipfw package is
> not locked, so dealing with that adds even more overhead, unfortunately.
Actualy, just to set the record straight on this technically -- ipfw is
locked, albeit using a variation on the sx lock theme. ipfw will run
without Giant as long as the rest of the stack is running without Giant.
Robert N M Watson
More information about the freebsd-stable
mailing list