diff options
author | Henning Brauer <henning@cvs.openbsd.org> | 2007-05-29 00:50:42 +0000 |
---|---|---|
committer | Henning Brauer <henning@cvs.openbsd.org> | 2007-05-29 00:50:42 +0000 |
commit | d7117e3a3eb409851b4bea2d7e0d8884ed8f3f16 (patch) | |
tree | de500307759c09f574f5f7a4ea6b8737058687b7 /usr.sbin | |
parent | dfd8bbac808cce90fc4b9aca8ecff32ff71491bd (diff) |
gain us another 10+% of performance.
boring details:
long time ago (in r1.313) code was added to handle protocol checksums:
> Check protocol (TCP/UDP/ICMP/ICMP6) checksums of all incoming packets,
> and drop packets with invalid checksums. Without such a check, pf would
> return RST/ICMP errors even for packets with invalid checksums, which
> could be used to detect the presence of the firewall, reported by
> "Ed White" in http://www.phrack.org/phrack/60/p60-0x0c.txt.
that meant we did the checksumming for each and every packet traversing pf.
now only do the checksumming right before we send an RST back, so in all
other cases we save that work.
ok bob theo
Diffstat (limited to 'usr.sbin')
0 files changed, 0 insertions, 0 deletions