IPFW SACK options
Justin Robertson
justin at sk1llz.net
Wed Mar 7 21:47:24 UTC 2007
Chuck Swiger wrote:
> On Mar 7, 2007, at 12:54 PM, Justin Robertson wrote:
> [ ... ]
>> Due to the nature of the current performance disparity between 6.x (I
>> assume this is due to the work on making processes thread friendly?) and
>> 4.11 (still kicking arse) I'm sticking with the 4.11 branch - and
>> here comes
>> my question. If someone is interested, could you work up an option to
>> allow
>> removal of the sackOK (sack permitted negotiation) on SYN packets,
>> and then
>> pass the SYN packet on with the tcpoption for sack stripped?
>
> Perhaps trying:
>
> sysctl net.inet.tcp.sack.enable=0
>
> ...will do what you are looking for?
>
> ---Chuck
>
>
No (this only works in 6.x, btw) - setting sack.enable=0 simply tells
the system not to send selective acks itself, this doesn't stop a host
from sending selective acks inbound, and processing them still causes
the system to bog and die. What I'm looking for here, is a patch to ipfw
to allow one to set a flag to strip the tcpoption sack from syn packets.
--
Justin
More information about the freebsd-ipfw
mailing list