Date: Wed, 07 Mar 2007 13:47:14 -0800 From: Justin Robertson <justin@sk1llz.net> To: Chuck Swiger <cswiger@mac.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW SACK options Message-ID: <45EF32E2.8000807@sk1llz.net> In-Reply-To: <CDAD9871-3C36-4225-AABC-749BC703058D@mac.com> References: <000301c760fa$df57eb40$9e07c1c0$@net> <CDAD9871-3C36-4225-AABC-749BC703058D@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Chuck Swiger wrote: > On Mar 7, 2007, at 12:54 PM, Justin Robertson wrote: > [ ... ] >> Due to the nature of the current performance disparity between 6.x (I >> assume this is due to the work on making processes thread friendly?) and >> 4.11 (still kicking arse) I'm sticking with the 4.11 branch - and >> here comes >> my question. If someone is interested, could you work up an option to >> allow >> removal of the sackOK (sack permitted negotiation) on SYN packets, >> and then >> pass the SYN packet on with the tcpoption for sack stripped? > > Perhaps trying: > > sysctl net.inet.tcp.sack.enable=0 > > ...will do what you are looking for? > > ---Chuck > > No (this only works in 6.x, btw) - setting sack.enable=0 simply tells the system not to send selective acks itself, this doesn't stop a host from sending selective acks inbound, and processing them still causes the system to bog and die. What I'm looking for here, is a patch to ipfw to allow one to set a flag to strip the tcpoption sack from syn packets. -- Justin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45EF32E2.8000807>