On 2011-08-16, Quentin Aebischer quentin.aebisc...@usherbrooke.ca wrote:
Hello everyone,
I'm currently a master degree student, and I'd like to benchmark
packet filter over the number of tcp sessions per seconds it can handle.
So I've got a very basic setup working, consisting of one
There is not much to tweak, performance-wise. OpenBSD avoids such
buttons like the plague, and besides: benchmarks should be run with a
stock install, which is what 99% of users are going to be doing as well.
You can try looking at the output of 'pfctl -si' and see if any of those
is increasing a
Thx for the reply. Well I've already increased the state table size to
15 entries, 1 was not enough (there was up to 7
simultaneous state entries during the test). Hardware wise, I'm using
a xeon 2.4 GHz monocore with 1 GB of RAM. Since this server is used as
firewall only,
Just to clarify a bit, I would not be surprised if IPTables performs
more quickly than PF in this particular test, for a couple of reasons:
- PF uses a red-black tree for the session tracking, while iptables uses
a hash table. The red-black tree means performance scales smoothly as
the number
Thx for the reply. Well I've already increased the state table size to
15 entries, 1 was not enough (there was up to 7
simultaneous state entries during the test). Hardware wise, I'm using
a xeon 2.4 GHz monocore with 1 GB of RAM. Since this server is used as
firewall
5 matches
Mail list logo