Jeff Largent wrote: > > > I'll let you correct me if I'm wrong, but isn't ip filtering also a > > > memory requirement? I'm thinks specifically of connection tracking. > > > > All of them have memory requirements. Connection tracking is probably > > going to be the least significant of those, although, unlike > > user-space daemons, it requires physical RAM rather than swap. Even > > so, connection tracking needs an extra few bytes per connection, > > whereas a daemon which forks for each connection may require a few > > hundred Kb or more per connection. > > Thats good to know, for some reason I have always been under the > impression that connection tracking could have a significant memory > requirement. It's potentially significant for a *router* which may be tracking a substantial number of connections with minimal RAM. Bear in mind that a basic router (or a router with only stateless filtering) requires zero bytes per connection: routers deal with packets rather than connections, and once a packet has been sent, it (and any memory associated with it) is gone for good. In that sense, even a few bytes per connection is an increase by a factor of infinity over zero bytes per connection. But, unless you're talking about a router which might have to track tens of thousands of outstanding connections, or one which has very little RAM, then it probably isn't significant. -- Glynn Clements <glynn.clements@xxxxxxxxxx> - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
