Re: tcp syn cache random reseed

Mon, 21 Mar 2016 05:37:30 -0700 

On Sun, Mar 20, 2016 at 07:28:45PM +0100, Alexander Bluhm wrote:
> On Sat, Mar 19, 2016 at 10:41:06PM +0100, Alexander Bluhm wrote:
> > Perhaps the tcps_sc_seedrandom counter with a netstat -s line should
> > be commited anyway to show the problem.
> 
> ok?

OK claudio@
 
> bluhm
> 
> Index: sys/netinet/tcp_input.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_input.c,v
> retrieving revision 1.314
> diff -u -p -r1.314 tcp_input.c
> --- sys/netinet/tcp_input.c   7 Mar 2016 18:44:00 -0000       1.314
> +++ sys/netinet/tcp_input.c   19 Mar 2016 20:09:25 -0000
> @@ -3371,8 +3371,10 @@ syn_cache_insert(struct syn_cache *sc, s
>        * If there are no entries in the hash table, reinitialize
>        * the hash secrets.
>        */
> -     if (tcp_syn_cache_count == 0)
> +     if (tcp_syn_cache_count == 0) {
>               arc4random_buf(tcp_syn_hash, sizeof(tcp_syn_hash));
> +             tcpstat.tcps_sc_seedrandom++;
> +     }
>  
>       SYN_HASHALL(sc->sc_hash, &sc->sc_src.sa, &sc->sc_dst.sa);
>       sc->sc_bucketidx = sc->sc_hash % tcp_syn_cache_size;
> Index: sys/netinet/tcp_var.h
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_var.h,v
> retrieving revision 1.109
> diff -u -p -r1.109 tcp_var.h
> --- sys/netinet/tcp_var.h     27 Aug 2015 20:56:16 -0000      1.109
> +++ sys/netinet/tcp_var.h     19 Mar 2016 20:53:39 -0000
> @@ -440,6 +440,7 @@ struct    tcpstat {
>       u_int64_t tcps_sc_dropped;      /* # of SYNs dropped (no route/mem) */
>       u_int64_t tcps_sc_collisions;   /* # of hash collisions */
>       u_int64_t tcps_sc_retransmitted;/* # of retransmissions */
> +     u_int64_t tcps_sc_seedrandom;   /* # of syn cache seeds with random */
>  
>       u_int64_t tcps_conndrained;     /* # of connections drained */
>  
> Index: usr.bin/netstat/inet.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/usr.bin/netstat/inet.c,v
> retrieving revision 1.144
> diff -u -p -r1.144 inet.c
> --- usr.bin/netstat/inet.c    20 Aug 2015 22:32:41 -0000      1.144
> +++ usr.bin/netstat/inet.c    20 Mar 2016 18:25:55 -0000
> @@ -455,6 +455,7 @@ tcp_stats(char *name)
>       p(tcps_sc_dupesyn, "\t%qd duplicate SYN%s received for entries "
>               "already in the cache\n");
>       p(tcps_sc_dropped, "\t%qd SYN%s dropped (no route or no space)\n");
> +     p(tcps_sc_seedrandom, "\t%qd SYN cache seed%s with new random\n");
>  
>       p(tcps_sack_recovery_episode, "\t%qd SACK recovery episode%s\n");
>       p(tcps_sack_rexmits,
> 

-- 
:wq Claudio

Reply via email to