syncookie CPU load
Dmitry Mikhailov
dmitry at pushware.net
Sat Aug 29 08:37:17 UTC 2015
Will PF synproxy allow to bypass the part of the code that causes high interrupt CPU usage?
Dmitry
From: "Hien Phan" <phanquochien at gmail.com>
To: "Dmitry Mikhailov" <dmitry at pushware.net>
Cc: "freebsd-questions" <freebsd-questions at freebsd.org>
Sent: Saturday, August 29, 2015 12:12:04 AM
Subject: Re: syncookie CPU load
Hello,
pf has built-in synproxy support, you could try it.
On Sat, Aug 29, 2015 at 1:09 PM, Dmitry Mikhailov < dmitry at pushware.net > wrote:
Doing a SYN flood test with FreeBSD on Xeon D (8 core) with syncookies enabled and the CPU load is around 20% (interrupts) at 150K pps. Is there any way reconfigure FreeBSD to bring this load down? Linux has a solution with netfilter synproxy which would not notice this low pps rate so I am wondering whether something similar is possible with FreeBSD?
Dmitry
_______________________________________________
freebsd-questions at freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to " freebsd-questions-unsubscribe at freebsd.org "
More information about the freebsd-questions
mailing list