Hi all: If this is a silly question, so be it. ;-)
Anyhoo, I'm stress-testing my new firewall in the lab, and I'm performing some igmp DoS attacks against it. Running something like igmpofdeath (5000 packets) brings the system to a grinding halt (scrub on). (yes, I know DoS attacks are basically undefensible, but read on...) I tried setting a 5000 limit on the frags (scrub still on), and it was able to handle 5000, but choked on 10000. I'm still relatively new to the concepts of stress-testing firewalls, so I'm not sure whether this kind of thing is something that needs to be reported as a "bug". Normally I wouldn't think so, but seeing as how the memory pool is supposedly being "capped", it makes me wonder. The panic errors are fairly obvious in that they point to various "normalization" or "frag" issues. I'm going to turn off scrub entirely to see if that helps, but I thought I'd ping (excuse the pun) you with this anyway. One other item. The pf.conf manpage suggests that I should be able to specify protocol options in the normalization rules, but pfctl is spitting out syntax errors. Is this a future feature? Again, sorry if this is the stupidest question you've ever heard. -J.
