From owner-freebsd-stable  Sat Dec  2 15:17:10 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from sdmail0.sd.bmarts.com (sdmail0.sd.bmarts.com [192.215.234.86])
	by hub.freebsd.org (Postfix) with SMTP id 283E637B400
	for <stable@freebsd.org>; Sat,  2 Dec 2000 15:17:04 -0800 (PST)
Received: (qmail 19455 invoked by uid 1078); 2 Dec 2000 23:17:25 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 2 Dec 2000 23:17:25 -0000
Date: Sat, 2 Dec 2000 15:17:25 -0800 (PST)
From: Gordon Tetlow <gordont@bluemtn.net>
X-Sender: gordont@sdmail0.sd.bmarts.com
To: "Arthur W. Neilson III" <art@pilikia.net>
Cc: stable@freebsd.org
Subject: Re: Accept filters
In-Reply-To: <200012020939310510.17390D3C@smtp>
Message-ID: <Pine.BSF.4.05.10012021506460.10905-100000@sdmail0.sd.bmarts.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, 2 Dec 2000, Arthur W. Neilson III wrote:

> I'm slowly building up a 4.2-STABLE box to replace my 3.5-STABLE firewall box and am
> about to rebuild the kernel with the IPFW stuff enabled.  Noticed a couple unfamiliar
> options in LINT near where the IPFIREWALL stuff is, ACCEPT_FILTER_DATA
> and ACCEPT_FILTER_HTTP.  The extremely brief comment just says these control
> wether the accept filters are statically linked or not.  I suppose it's a performance
> win to statically link as you don't have to allocate/free filter storage repetitively?
> Should I enable these options or not?

I'll give a shot at this one. Please correct me if I'm wrong.

Short Answer: No.

Long Answer:
The accept filters delay passing off an incoming connection out of the
kernel and into a userland process until some set of conditions is met.
For the DATA filter, the condition is some packet must be received. For
the HTTP filter, the condition is a valid set of HTTP headers must be
received. Applications must be specifically written to take advantage of
the filter. AFAIK the only software written for these filters is Apache
1.3.13 and higher. And for a small capacity server, you won't notice the
difference.

For more info read the apache docs on it at:
http://www.apache.org/docs/misc/perf-bsd44.html#accf

-gordon



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message