Date: Thu, 16 Aug 2007 18:24:31 +0400 From: Igor Sysoev <is@rambler-co.ru> To: freebsd-net@freebsd.org Subject: syncookie in 6.x and 7.x Message-ID: <20070816142431.GO57126@rambler-co.ru>
next in thread | raw e-mail | index | archive | help
--rS8CxjVDS/+yyDmU
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
During testing 7.0-CURRENT I have found that it always sends syncookies
while on early FreeBSD versions "netstat -s -p tcp" always shows:
0 cookies sent
0 cookies received
I have looked sources and found that in early versions the sent counter
was simply not incremented at all. The patch attached.
After the patch has been applied I have found that 6 always sends
syncookies too, however, 6 unlike 7 never receives them. Why ?
Here is 6 statistics:
1046714 syncache entries added
28395 retransmitted
32879 dupsyn
0 dropped
1038153 completed
0 bucket overflow
0 cache overflow
4201 reset
3972 stale
0 aborted
0 badack
254 unreach
0 zone failures
1046714 cookies sent
0 cookies received
Here is 7 statistics:
76018 syncache entries added
2536 retransmitted
2574 dupsyn
0 dropped
75114 completed
0 bucket overflow
0 cache overflow
456 reset
267 stale
0 aborted
0 badack
20 unreach
0 zone failures
76018 cookies sent
24 cookies received
--
Igor Sysoev
http://sysoev.ru/en/
--rS8CxjVDS/+yyDmU
Content-Type: text/x-diff; charset=koi8-r
Content-Disposition: attachment; filename="syncookie.patch"
--- sys/netinet/tcp_syncache.c 2006-02-16 04:06:22.000000000 +0300
+++ sys/netinet/tcp_syncache.c 2007-08-15 13:55:25.000000000 +0400
@@ -1323,6 +1323,7 @@
MD5Final((u_char *)&md5_buffer, &syn_ctx);
data ^= (md5_buffer[0] & ~SYNCOOKIE_WNDMASK);
*flowid = md5_buffer[1];
+ tcpstat.tcps_sc_sendcookie++;
return (data);
}
--rS8CxjVDS/+yyDmU--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070816142431.GO57126>