Hi, The problem is definitely in software; currently linux just throws up and dies when placed under high network load (in terms of packets-per-second). The real solution is basically to do what NAPI does: to rewrite some network code and driver code to gracefully handle the case where the system doesn't keep up with network traffic. With NAPI, I can easily sustain fast ethernet tinygram routing (148kpps) on a P3 500, while userspace applications are not CPU-starved.
Currently there are driver patches for tulip and 3c59x cards. Get NAPI at ftp://robur.slu.se/pub/Linux/net-development/NAPI/ You will still see the problem with an athlon xp and plain linux 2.4, albeit under higher loads. cheers, Lennert On Wed, Feb 06, 2002 at 04:52:17AM +0200, Dimitris Zilaskos wrote: > > Hi , > > Some kids(?) are regularly packeting a box i have behind a bridge / > firewall . > > Firewall/bridge system is a p166 32 ram running slackware 8 . Kernel is > 2.4.17 patched with bridge-nf-0.0.6-against-2.4.17.diff . I am also using > bridge-utils-0.9.5 to setup the bridge . Behind the bridge is a hub with a > single box connected . The whole network runs at 10 Mbps . No processes > other than the absolutely necessary ones are running on the firewall . > > Symptom : > > During the attacks the firewall becomes very slow . I press num lock and > the light goes on after 30 seconds or so , i type something and it shows > up after some seconds etc . It is almost frozen . The box behind it of > course looses connectivity . When the attack ceases , or i pull the cable > connecting to the internet the system instantly returns to normal . The bridge > needs some more minutes to start working again but it eventually works . > > I am not sure if it is netfilter code /bridge code / obsolete hardware > issue . However , the same box in the past has served as an irc server > with kernel 2.4.0 , and handled various violent attacks like those ones > without showing the same symptoms . > > Attached are the ruleset where the host under attack is 1.2.3.4 , and a > small tcpdump snapshot of the attack . The whole tcpdump file of the > attack is over 100 Mbytes . > > I wanted to know what you guys think about the issue . Should I get an > athlon xp or something for the firewall ? > > Kind regards , > _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
