From owner-cvs-src@FreeBSD.ORG Thu May 24 09:26:46 2007 Return-Path: X-Original-To: cvs-src@FreeBSD.org Delivered-To: cvs-src@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4F4AF16A41F; Thu, 24 May 2007 09:26:46 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.64.130]) by mx1.freebsd.org (Postfix) with ESMTP id A898B13C44B; Thu, 24 May 2007 09:26:45 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.1/8.14.1) with ESMTP id l4O9QiZ1041186; Thu, 24 May 2007 13:26:44 +0400 (MSD) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.1/8.14.1/Submit) id l4O9QiDa041185; Thu, 24 May 2007 13:26:44 +0400 (MSD) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Thu, 24 May 2007 13:26:44 +0400 From: Gleb Smirnoff To: Andre Oppermann Message-ID: <20070524092643.GC89017@FreeBSD.org> References: <200705182113.l4ILD2qb044650@repoman.freebsd.org> <20070521073544.GP89017@FreeBSD.org> <4654D011.5040309@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <4654D011.5040309@freebsd.org> User-Agent: Mutt/1.5.15 (2007-04-06) Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet tcp_syncache.c X-BeenThere: cvs-src@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 May 2007 09:26:46 -0000 On Thu, May 24, 2007 at 01:36:49AM +0200, Andre Oppermann wrote: A> Yes, these logs can be triggered remotely. Broken packets and spoofed A> packets may cause them. We're interested in the former. A> A> I'll do some benchmarks on the impact of the logging and then decide A> whether to put it under a sysctl. A> A> The reason it is unconditionally enabled is to see if non-compliant A> TCP stacks are out there that fail the very strong (but fully RFC and A> TCP-secure conform) checks. A> A> W/o logging we have no way of really knowing. Before we were possibly A> accepting stuff we shouldn't have (spoofing and attacks). Now we may A> drop stuff we perhaps should accept anyway. W/o logging diagnosing a A> TCP problem was very difficult and would need a lot cooperation with A> the PR submitter, if it was submitted at all. We normally only got a A> report of TCP 'not working'. Figuring out what went wrong was pretty A> much doing iterative shots into the dark and see if something squeaks. A> A> With logging I want to make things much more obvious and simpler to A> diagnose. Plus we get information in cases (from admins reading the A> logs) that were totally lost in the noise or not even attempted to A> be debugged. A> A> For our TCP maintainers (mostly I at the moment) and also 3rd parties A> this makes TCP trouble diagnosis much more accessible. Based on a A> log report and the OS name/version of the remote end we can pretty A> much tell right away what went wrong. This saves an order of a A> magnitude in debugging and fault analysis time. From many hours and A> email round trips to mere minutes and one or two information requests. I completely understand that this logging is very important in the process of refactoring the TCP code. I just think that the performance impact should be measured before merging this logging to RELENG_6. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE