On Wed, 10 Jan 2001, Wes Peters wrote:
> Don Lewis wrote:
> > A good reason for putting these checks in their present location is
> > that it gets them out of the main code path. Under normal circumstances,
> > the vast majority of the incoming packets will be for established
> > connections and it wasteful to do unnecessary checking on these packets.
>
> But that is exactly NOT the case when being attacked with a SYN flood
> or something like that. Perhaps it would be advantageous to trip a flag
> if we hit the bandwidth limiting rate and do the checks much earlier only
> if we're under attack?
I'm not sure that really matters. Since (nearly) any packet will undergo
the pcb lookup, reducing the overhead of multicast packets wouldn't make
much difference - attackers can just use non-multicast packets.
Does anyone have an idea on what the performance impact of the multicast
checks really is? Just having a single check at the top of the code would
be nice from a readability standpoint.
Speaking of stream, I wonder if proper multicast checks are done for icmp
responses. Hrm.
Mike "Silby" Silbersack
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
