is polling still a thing?
Luigi Rizzo
rizzo at iet.unipi.it
Tue Jan 27 22:34:08 UTC 2015
On Tue, Jan 27, 2015 at 05:08:27PM -0500, Antoine Beaupr? wrote:
> On 2015-01-27 13:57:20, wishmaster wrote:
> > Have you consider to use netmap-based ipfw instead pf in DDoS mitigation? I think you should. And without any network ''haks'' like polling.
>
> My understanding of netmap was that it wasn't useful for packet
> forwarding, because its design is for transmitting packets directly to
> userland faster, whereas routers dataflow stay mostly in the router...
i think the suggestion was to have let netmap-ipfw
drop the traffic you don't want to deal with, and then
inject the remaining ones into the kernel where
the processing occurs -- possibly even using pf or
a different firewall
There are people using netmap-ipfw on external physical
boxes exactly in this way -- as a "bump in the wire",
but it is trivial to run it on the same machine.
cheers
luigi
> I'm hesitant in switching back to ipfw, considering how nice the
> featureset and syntax of pf is. But if that's what's needed to restore
> sanity...
>
> a.
>
> --
> Celui qui sait jouir du peu qu'il a est toujours assez riche.
> - Démocrite
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list