Date: Sat, 02 Dec 2000 13:32:20 -1000 From: "Arthur W. Neilson III" <art@pilikia.net> To: "Gordon Tetlow" <gordont@bluemtn.net> Cc: stable@freebsd.org Subject: Re: Accept filters Message-ID: <200012021332200050.180E38E0@smtp> In-Reply-To: <Pine.BSF.4.05.10012021506460.10905-100000@sdmail0.sd.bmarts.com> References: <Pine.BSF.4.05.10012021506460.10905-100000@sdmail0.sd.bmarts.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Right on, thanks for the info - just what I was looking for! My web server= is very lightly loaded, KeepAlive is set at the default of 5 :^). Surely I don't need the= accept filters. On 12/2/00 at 3:17 PM Gordon Tetlow wrote: >On Sat, 2 Dec 2000, Arthur W. Neilson III wrote: > >> I'm slowly building up a 4.2-STABLE box to replace my 3.5-STABLE= firewall box and am >> about to rebuild the kernel with the IPFW stuff enabled. Noticed a= couple unfamiliar >> options in LINT near where the IPFIREWALL stuff is, ACCEPT_FILTER_DATA >> and ACCEPT_FILTER_HTTP. The extremely brief comment just says these= control >> wether the accept filters are statically linked or not. I suppose it's= a performance >> win to statically link as you don't have to allocate/free filter storage= repetitively? >> Should I enable these options or not? > >I'll give a shot at this one. Please correct me if I'm wrong. > >Short Answer: No. > >Long Answer: >The accept filters delay passing off an incoming connection out of the >kernel and into a userland process until some set of conditions is met. >For the DATA filter, the condition is some packet must be received. For >the HTTP filter, the condition is a valid set of HTTP headers must be >received. Applications must be specifically written to take advantage of >the filter. AFAIK the only software written for these filters is Apache >1.3.13 and higher. And for a small capacity server, you won't notice the >difference. > >For more info read the apache docs on it at: >http://www.apache.org/docs/misc/perf-bsd44.html#accf > >-gordon -- __ / ) _/_ It is a capital mistake to theorise before one has data. /--/ __ / Insensibly one begins to twist facts to suit theories, / (_/ (_<__ Instead of theories to suit facts. -- Sherlock Holmes, "A Scandal in Bohemia" Arthur W. Neilson III, WH7N - FISTS #7448 Bank of Hawaii Tech Support http://www.pilikia.net art@pilikia.net, aneilson@boh.com, wh7n@arrl.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012021332200050.180E38E0>