Date: Mon, 20 Aug 2007 10:12:54 +0400 From: Igor Sysoev <is@rambler-co.ru> To: Mike Silbersack <silby@silby.com> Cc: freebsd-net@freebsd.org, robert <robert@fledge.watson.org> Subject: Re: syncookie in 6.x and 7.x Message-ID: <20070820061254.GB11540@rambler-co.ru> In-Reply-To: <20070819043748.I921@odysseus.silby.com> References: <20070816142431.GO57126@rambler-co.ru> <20070819043748.I921@odysseus.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Aug 19, 2007 at 04:42:51AM -0500, Mike Silbersack wrote:
> On Thu, 16 Aug 2007, Igor Sysoev wrote:
>
> >I have looked sources and found that in early versions the sent counter
> >was simply not incremented at all. The patch attached.
>
> The patch looks ready to commit to me. Do you want me to commit or, or do
> you have another committer lined up?
Feel free to commit.
> >After the patch has been applied I have found that 6 always sends
> >syncookies too, however, 6 unlike 7 never receives them. Why ?
>
> Have you tried patching 6 so that the syncache is non-functional and
> forced it to rely on syncookies? Last I checked (which was a long time
> ago), syncookies worked on 6. Adding a sysctl like 7's
> net.inet.tcp.syncookies_only to 6 might not be a bad idea, as long as it's
> behind #ifdef DIAGNOSTIC or INVARIANTS.
No, I have not tried.
> The question you may really be asking is: Why does 7 *think* that it is
> receiving syncookies all the time? :)
>
> I haven't tried to answer that question yet.
I have found two 4.8's:
17460166 syncache entries added
106312 retransmitted
90435 dupsyn
0 dropped
17424177 completed
465 bucket overflow
0 cache overflow
21526 reset
13725 stale
0 aborted
0 badack
279 unreach
0 zone failures
0 cookies sent
6 cookies received
1671768 syncache entries added
63163 retransmitted
37566 dupsyn
0 dropped
1645430 completed
248 bucket overflow
0 cache overflow
13144 reset
12888 stale
0 aborted
0 badack
174 unreach
0 zone failures
0 cookies sent
116 cookies received
and 4.11's:
5643772 syncache entries added
45993 retransmitted
41452 dupsyn
0 dropped
5630013 completed
298 bucket overflow
0 cache overflow
7374 reset
6030 stale
0 aborted
0 badack
93 unreach
0 zone failures
0 cookies sent
36 cookies received
141791272 syncache entries added
280354 retransmitted
273529 dupsyn
0 dropped
141703800 completed
206 bucket overflow
0 cache overflow
9847 reset
35570 stale
36034 aborted
0 badack
5854 unreach
0 zone failures
0 cookies sent
40 cookies received
I have found one 6.1-PRERELEASE with 298 uptime:
2672792190 syncache entries added
83640383 retransmitted
77727918 dupsyn
282 dropped
2645872801 completed
0 bucket overflow
0 cache overflow
10974940 reset
15657014 stale
91 aborted
52 badack
287259 unreach
0 zone failures
0 cookies sent
8 cookies received
4.x have uptimes from week to month.
On other 6.x with small uptime and do not see received cookies.
And I have no 5.x at all.
Anyway, 7 receives cookies much more - here is statistics from 3 days uptime:
52175610 syncache entries added
2092809 retransmitted
2021384 dupsyn
0 dropped
51681903 completed
0 bucket overflow
0 cache overflow
181311 reset
258220 stale
4 aborted
0 badack
18384 unreach
0 zone failures
52175610 cookies sent
16238 cookies received
I have found that in 7 received cookies correlate with unreach.
--
Igor Sysoev
http://sysoev.ru/en/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070820061254.GB11540>