Date: Sat, 29 Aug 2015 01:37:51 -0700 (PDT) From: Dmitry Mikhailov <dmitry@pushware.net> To: Hien Phan <phanquochien@gmail.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: syncookie CPU load Message-ID: <470638235.387.1440837471041.JavaMail.zimbra@pushware.net> In-Reply-To: <CABtQ6wRW7t7aSjirJcAZgQUDa42a6tek6%2B_vHuFXW=sm4bHGEA@mail.gmail.com> References: <2142623530.346.1440828562305.JavaMail.zimbra@pushware.net> <CABtQ6wRW7t7aSjirJcAZgQUDa42a6tek6%2B_vHuFXW=sm4bHGEA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Will PF synproxy allow to bypass the part of the code that causes high interrupt CPU usage? Dmitry From: "Hien Phan" <phanquochien@gmail.com> To: "Dmitry Mikhailov" <dmitry@pushware.net> Cc: "freebsd-questions" <freebsd-questions@freebsd.org> Sent: Saturday, August 29, 2015 12:12:04 AM Subject: Re: syncookie CPU load Hello, pf has built-in synproxy support, you could try it. On Sat, Aug 29, 2015 at 1:09 PM, Dmitry Mikhailov < dmitry@pushware.net > wrote: Doing a SYN flood test with FreeBSD on Xeon D (8 core) with syncookies enabled and the CPU load is around 20% (interrupts) at 150K pps. Is there any way reconfigure FreeBSD to bring this load down? Linux has a solution with netfilter synproxy which would not notice this low pps rate so I am wondering whether something similar is possible with FreeBSD? Dmitry _______________________________________________ freebsd-questions@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to " freebsd-questions-unsubscribe@freebsd.org "
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?470638235.387.1440837471041.JavaMail.zimbra>