Date: Wed, 27 Nov 1996 09:00:28 -0600 (CST) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: narvi@haldjas.folklore.ee (Narvi) Cc: freebsd-hackers@freebsd.org Subject: Re: Netstat broken or two many bytes? Message-ID: <199611271500.JAA19115@brasil.moneng.mei.com> In-Reply-To: <Pine.BSF.3.95.961127132034.2468C-100000@haldjas.folklore.ee> from "Narvi" at Nov 27, 96 01:25:18 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> So is the statistics broken (this is 2.1.5-RELEASE) or is something else
> amiss in my computer? I really don't like these negative inbytes...
There is nothing wrong, you are seeing an overflow :-)
> And it has been up for only about a month (uptime 29 days + something). If
> it is just the statistics, could we make the wrap-around value bigger (use
> 64 bity numbers for example)?
>
> Name Mtu Network Address Ipkts Ierrs Ibytes Opkts Oerrs Obytes Coll
> ed0 1500 <Link>00.c0.6c.55.50.00 12844801 577 -1765725048 19673776 0 1959771210 5908886
> ed0 1500 172.17.1/24 localhost 12844801 577 -1765725048 19673776 0 1959771210 5908886
> lp0* 1500 <Link> 0 0 0 0 0 0 0
> lo0 16384 <Link> 130938 0 8103328 130938 0 8103328 0
> lo0 16384 your-net localhost 130938 0 8103328 130938 0 8103328 0
> sl0* 552 <Link> 0 0 0 0 0 0 0
> tun0* 1500 <Link> 0 0 0 0 0 0 0
I routinely see this, many of my interfaces see 5Mpkts/day.
"UTSL!"
The printf()'s in netstat/if.c +204 are signed:
printf("%8d %5d ",
ifnet.if_ipackets, ifnet.if_ierrors);
if (bflag)
printf("%10d ", ifnet.if_ibytes);
printf("%8d %5d ",
ifnet.if_opackets, ifnet.if_oerrors);
if (bflag)
printf("%10d ", ifnet.if_obytes);
printf("%5d", ifnet.if_collisions);
This is contrary to the definition of ifnet, sys/net/if.h +111, where the
variables are declared u_long:
u_long ifi_ipackets; /* packets received on interface */
u_long ifi_ierrors; /* input errors on interface */
u_long ifi_opackets; /* packets sent on interface */
u_long ifi_oerrors; /* output errors on interface */
u_long ifi_collisions; /* collisions on csma interfaces */
u_long ifi_ibytes; /* total number of octets received */
u_long ifi_obytes; /* total number of octets sent */
It may certainly be reasonable to correct netstat... unless (unlikely)
the negative sign is intentional to let you know an overflow condition is
near (someone doing before/after automated testing could check for a sign
change, which would happen twice as often as an overflow) but I think that
would be dense.
I do not know if it is a good idea to change these to quad_t (is there
such a thing as a u_quad_t?). There would surely be at least a small
performance penalty.
On the other hand, it would be cool to say "Yeah, in the last 200 days,
this machine has routed 1.2 terabytes of data without a crash, here's
the 'netstat -i -b' to prove it" :-)
... JG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611271500.JAA19115>