DragonFly BSD
DragonFly kernel List (threaded) for 2006-06
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: ipfw deprecation


From: Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Date: Tue, 27 Jun 2006 10:56:52 -0700 (PDT)

:Incoming bandwidth limitation makes not much sense. There's no local
:queue involved and the transfer did happen already. DOS protection on
:the end-system is difficult...
:
:Joerg

    I'd say it is more situational, but still very important.  I've used
    incoming bandwidth limits on DNS servers.  Any UDP service where the
    incoming packet is much smaller then the outgoing packet can benefit.
    By clamping the input you avoid the situation where your userland server
    is grinding cpu to produce an output packet that would otherwise have to
    be discarded.

					-Matt
					Matthew Dillon 
					<dillon@xxxxxxxxxxxxx>



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]