tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Patch: accept filters for NetBSD



On Tuesday 29 January 2008, Elad Efrat wrote:
> Joerg Sonnenberger wrote:
> > On Tue, Jan 29, 2008 at 12:36:27PM +0200, Elad Efrat wrote:
> >> What's the motivation of adding the accept filters? I understand one may
> >> be performance -- are there any relevant benchmarks? Is it possible to
> >> hear more about why this is necessary, and what are planned future
> >> extensions, if any?
> >
> > The motivation for accept filters is to not have to worry about
> > connections until a certain amount of data was send. This helps reducing
> > the load on the server.
>
> Yes, as you quoted above, I understand one motivation may be
> performance.
>
> Are there any benchmarks done on ~current NetBSD? :)

My understanding is that the dataready filter can be used to prevent the type 
of DoS attack that I inquired about in

        http://mail-index.netbsd.org/netbsd-help/2005/01/10/0005.html

and where the attacker ties up all available httpd processes on a server.  
This obviously helps server performance but may be difficult to quantify in a 
benchmark.

Sverre



Home | Main Index | Thread Index | Old Index