From owner-svn-src-head@freebsd.org Tue Jul 10 10:50:44 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3D69D103ED71; Tue, 10 Jul 2018 10:50:44 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D94538FE26; Tue, 10 Jul 2018 10:50:43 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BA1C422EF2; Tue, 10 Jul 2018 10:50:43 +0000 (UTC) (envelope-from tuexen@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w6AAohft084640; Tue, 10 Jul 2018 10:50:43 GMT (envelope-from tuexen@FreeBSD.org) Received: (from tuexen@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w6AAohxh084639; Tue, 10 Jul 2018 10:50:43 GMT (envelope-from tuexen@FreeBSD.org) Message-Id: <201807101050.w6AAohxh084639@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: tuexen set sender to tuexen@FreeBSD.org using -f From: Michael Tuexen Date: Tue, 10 Jul 2018 10:50:43 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r336168 - head/sys/netinet X-SVN-Group: head X-SVN-Commit-Author: tuexen X-SVN-Commit-Paths: head/sys/netinet X-SVN-Commit-Revision: 336168 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jul 2018 10:50:44 -0000 Author: tuexen Date: Tue Jul 10 10:50:43 2018 New Revision: 336168 URL: https://svnweb.freebsd.org/changeset/base/336168 Log: Add support for printing the TCP FO client-side cookie cache via the sysctl interface. This is similar to the TCP host cache. Reviewed by: pkelsey@, kbowling@ Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D14554 Modified: head/sys/netinet/tcp_fastopen.c Modified: head/sys/netinet/tcp_fastopen.c ============================================================================== --- head/sys/netinet/tcp_fastopen.c Tue Jul 10 10:42:48 2018 (r336167) +++ head/sys/netinet/tcp_fastopen.c Tue Jul 10 10:50:43 2018 (r336168) @@ -81,6 +81,9 @@ * (RDTUN, default TCP_FASTOPEN_CCACHE_BUCKETS_DEFAULT) * The number of client cookie cache buckets. * + * net.inet.tcp.fastopen.ccache_list (RO) + * Print the client cookie cache. + * * net.inet.tcp.fastopen.client_enable (RW, default 0) * When zero, no new active (i.e., client) TFO connections can be * created. On the transition from enabled to disabled, the client @@ -166,11 +169,14 @@ __FBSDID("$FreeBSD$"); #include "opt_inet.h" #include +#include #include #include #include #include +#include #include +#include #include #include #include @@ -343,6 +349,12 @@ SYSCTL_PROC(_net_inet_tcp_fastopen, OID_AUTO, setpsk, &sysctl_net_inet_tcp_fastopen_setpsk, "", "Install a new pre-shared key"); +static int sysctl_net_inet_tcp_fastopen_ccache_list(SYSCTL_HANDLER_ARGS); +SYSCTL_PROC(_net_inet_tcp_fastopen, OID_AUTO, ccache_list, + CTLFLAG_VNET | CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_SKIP, NULL, 0, + sysctl_net_inet_tcp_fastopen_ccache_list, "A", + "List of all client cookie cache entries"); + static VNET_DEFINE(struct rmlock, tcp_fastopen_keylock); #define V_tcp_fastopen_keylock VNET(tcp_fastopen_keylock) @@ -1133,5 +1145,81 @@ tcp_fastopen_ccache_entry_drop(struct tcp_fastopen_cca TAILQ_REMOVE(&ccb->ccb_entries, cce, cce_link); ccb->ccb_num_entries--; uma_zfree(V_tcp_fastopen_ccache.zone, cce); +} + +static int +sysctl_net_inet_tcp_fastopen_ccache_list(SYSCTL_HANDLER_ARGS) +{ + struct sbuf sb; + struct tcp_fastopen_ccache_bucket *ccb; + struct tcp_fastopen_ccache_entry *cce; + sbintime_t now, duration, limit; + const int linesize = 128; + int i, error, num_entries; + unsigned int j; +#ifdef INET6 + char clt_buf[INET6_ADDRSTRLEN], srv_buf[INET6_ADDRSTRLEN]; +#else + char clt_buf[INET_ADDRSTRLEN], srv_buf[INET_ADDRSTRLEN]; +#endif + + if (jailed_without_vnet(curthread->td_ucred) != 0) + return (EPERM); + + /* Only allow root to read the client cookie cache */ + if (curthread->td_ucred->cr_uid != 0) + return (EPERM); + + num_entries = 0; + for (i = 0; i < V_tcp_fastopen_ccache.buckets; i++) { + ccb = &V_tcp_fastopen_ccache.base[i]; + CCB_LOCK(ccb); + if (ccb->ccb_num_entries > 0) + num_entries += ccb->ccb_num_entries; + CCB_UNLOCK(ccb); + } + sbuf_new(&sb, NULL, linesize * (num_entries + 1), SBUF_INCLUDENUL); + + sbuf_printf(&sb, + "\nLocal IP address Remote IP address Port MSS" + " Disabled Cookie\n"); + + now = getsbinuptime(); + limit = (sbintime_t)V_tcp_fastopen_path_disable_time << 32; + for (i = 0; i < V_tcp_fastopen_ccache.buckets; i++) { + ccb = &V_tcp_fastopen_ccache.base[i]; + CCB_LOCK(ccb); + TAILQ_FOREACH(cce, &ccb->ccb_entries, cce_link) { + if (cce->disable_time != 0) { + duration = now - cce->disable_time; + if (limit >= duration) + duration = limit - duration; + else + duration = 0; + } else + duration = 0; + sbuf_printf(&sb, + "%-20s %-20s %5u %5u ", + inet_ntop(cce->af, &cce->cce_client_ip, + clt_buf, sizeof(clt_buf)), + inet_ntop(cce->af, &cce->cce_server_ip, + srv_buf, sizeof(srv_buf)), + ntohs(cce->server_port), + cce->server_mss); + if (duration > 0) + sbuf_printf(&sb, "%7ds ", sbintime_getsec(duration)); + else + sbuf_printf(&sb, "%8s ", "No"); + for (j = 0; j < cce->cookie_len; j++) + sbuf_printf(&sb, "%02x", cce->cookie[j]); + sbuf_putc(&sb, '\n'); + } + CCB_UNLOCK(ccb); + } + error = sbuf_finish(&sb); + if (error == 0) + error = SYSCTL_OUT(req, sbuf_data(&sb), sbuf_len(&sb)); + sbuf_delete(&sb); + return (error); }