tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Patch: accept filters for NetBSD
On Tuesday 29 January 2008, Elad Efrat wrote:
> Joerg Sonnenberger wrote:
> > On Tue, Jan 29, 2008 at 12:36:27PM +0200, Elad Efrat wrote:
> >> What's the motivation of adding the accept filters? I understand one may
> >> be performance -- are there any relevant benchmarks? Is it possible to
> >> hear more about why this is necessary, and what are planned future
> >> extensions, if any?
> >
> > The motivation for accept filters is to not have to worry about
> > connections until a certain amount of data was send. This helps reducing
> > the load on the server.
>
> Yes, as you quoted above, I understand one motivation may be
> performance.
>
> Are there any benchmarks done on ~current NetBSD? :)
My understanding is that the dataready filter can be used to prevent the type
of DoS attack that I inquired about in
http://mail-index.netbsd.org/netbsd-help/2005/01/10/0005.html
and where the attacker ties up all available httpd processes on a server.
This obviously helps server performance but may be difficult to quantify in a
benchmark.
Sverre
Home |
Main Index |
Thread Index |
Old Index