tech-net: Re: NetBSD in BSD Router / Firewall Testing

Subject: Re: NetBSD in BSD Router / Firewall Testing
To: Mike Tancsa <mike@sentex.net>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: tech-net
Date: 12/01/2006 09:55:06

On Fri, 01 Dec 2006 09:31:23 -0500
Mike Tancsa <mike@sentex.net> wrote:

> 
> # netstat -q
> arpintrq:
>          queue length: 0
>          maximum queue length: 50
>          packets dropped: 151

I'm not sure this one matters much in the real world -- I suspect it can
only happen when a large number of addresses are polled in a very short
time.  (OTOH, it might happen if a scanning worm was working through
the router.)

> ipintrq:
>          queue length: 0
>          maximum queue length: 256
>          packets dropped: 133721212

This is the second report we've seen recently of packet drops in this
queue.  We need to understand what's going on, I think.

		--Steve Bellovin, http://www.cs.columbia.edu/~smb