Hi,
To tune the TCP syn cache we need more information. Print the
relevant counters with netstat -s -p tcp.
1 SYN cache seed with new random
293 hash bucket array size in current SYN cache
199 entries in current SYN cache, limit is 10255
3 longest bucket length in current SYN cache, limit is 105
99800 uses of current SYN cache left
ok?
bluhm
Index: sys/netinet/tcp_usrreq.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_usrreq.c,v
retrieving revision 1.133
diff -u -p -r1.133 tcp_usrreq.c
--- sys/netinet/tcp_usrreq.c 20 Jul 2016 09:15:28 -0000 1.133
+++ sys/netinet/tcp_usrreq.c 20 Jul 2016 09:59:41 -0000
@@ -936,6 +936,24 @@ tcp_sysctl(name, namelen, oldp, oldlenp,
case TCPCTL_STATS:
if (newp != NULL)
return (EPERM);
+ {
+ struct syn_cache_set *set;
+ int i;
+
+ set = &tcp_syn_cache[tcp_syn_cache_active];
+ tcpstat.tcps_sc_hash_size = set->scs_size;
+ tcpstat.tcps_sc_entry_count = set->scs_count;
+ tcpstat.tcps_sc_entry_limit = tcp_syn_cache_limit;
+ tcpstat.tcps_sc_bucket_maxlen = 0;
+ for (i = 0; i < set->scs_size; i++) {
+ if (tcpstat.tcps_sc_bucket_maxlen <
+ set->scs_buckethead[i].sch_length)
+ tcpstat.tcps_sc_bucket_maxlen =
+ set->scs_buckethead[i].sch_length;
+ }
+ tcpstat.tcps_sc_bucket_limit = tcp_syn_bucket_limit;
+ tcpstat.tcps_sc_uses_left = set->scs_use;
+ }
return (sysctl_struct(oldp, oldlenp, newp, newlen,
&tcpstat, sizeof(tcpstat)));
Index: sys/netinet/tcp_var.h
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_var.h,v
retrieving revision 1.114
diff -u -p -r1.114 tcp_var.h
--- sys/netinet/tcp_var.h 20 Jul 2016 09:15:28 -0000 1.114
+++ sys/netinet/tcp_var.h 20 Jul 2016 09:32:27 -0000
@@ -454,6 +454,12 @@ struct tcpstat {
u_int64_t tcps_sc_collisions; /* # of hash collisions */
u_int64_t tcps_sc_retransmitted;/* # of retransmissions */
u_int64_t tcps_sc_seedrandom; /* # of syn cache seeds with random */
+ u_int64_t tcps_sc_hash_size; /* hash buckets in current syn cache */
+ u_int64_t tcps_sc_entry_count; /* # of entries in current syn cache */
+ u_int64_t tcps_sc_entry_limit; /* limit of syn cache entries */
+ u_int64_t tcps_sc_bucket_maxlen;/* maximum # of entries in any bucket */
+ u_int64_t tcps_sc_bucket_limit; /* limit of syn cache bucket list */
+ u_int64_t tcps_sc_uses_left; /* use counter of current syn cache */
u_int64_t tcps_conndrained; /* # of connections drained */
@@ -584,6 +590,7 @@ extern int tcp_syn_cache_limit; /* max e
extern int tcp_syn_bucket_limit;/* max entries per hash bucket */
extern int tcp_syn_use_limit; /* number of uses before reseeding hash */
extern struct syn_cache_set tcp_syn_cache[];
+extern int tcp_syn_cache_active; /* active syn cache, may be 0 or 1 */
int tcp_attach(struct socket *);
void tcp_canceltimers(struct tcpcb *);
Index: usr.bin/netstat/inet.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/usr.bin/netstat/inet.c,v
retrieving revision 1.146
diff -u -p -r1.146 inet.c
--- usr.bin/netstat/inet.c 26 Apr 2016 22:24:10 -0000 1.146
+++ usr.bin/netstat/inet.c 20 Jul 2016 10:28:29 -0000
@@ -367,8 +367,14 @@ tcp_stats(char *name)
printf(m, tcpstat.f1, plural(tcpstat.f1), tcpstat.f2,
plural(tcpstat.f2))
#define p2a(f1, f2, m) if (tcpstat.f1 || tcpstat.f2 || sflag <= 1) \
printf(m, tcpstat.f1, plural(tcpstat.f1), tcpstat.f2)
-#define p3(f, m) if (tcpstat.f || sflag <= 1) \
+#define p2b(f1, f2, m) if (tcpstat.f1 || sflag <= 1) \
+ printf(m, tcpstat.f1, tcpstat.f2)
+#define p2bys(f1, f2, m) if (tcpstat.f1 || sflag <= 1) \
+ printf(m, tcpstat.f1, pluralys(tcpstat.f1), tcpstat.f2)
+#define pes(f, m) if (tcpstat.f || sflag <= 1) \
printf(m, tcpstat.f, plurales(tcpstat.f))
+#define pys(f, m) if (tcpstat.f || sflag <= 1) \
+ printf(m, tcpstat.f, pluralys(tcpstat.f))
p(tcps_sndtotal, "\t%u packet%s sent\n");
p2(tcps_sndpack,tcps_sndbyte,
@@ -427,7 +433,7 @@ tcp_stats(char *name)
p(tcps_keepdrops, "\t\t%u connection%s dropped by keepalive\n");
p(tcps_predack, "\t%u correct ACK header prediction%s\n");
p(tcps_preddat, "\t%u correct data packet header prediction%s\n");
- p3(tcps_pcbhashmiss, "\t%u PCB cache miss%s\n");
+ pes(tcps_pcbhashmiss, "\t%u PCB cache miss%s\n");
p1(tcps_noport, "\t%u dropped due to no socket\n");
p(tcps_ecn_accepts, "\t%u ECN connection%s accepted\n");
@@ -443,7 +449,7 @@ tcp_stats(char *name)
p(tcps_badsyn, "\t%u bad connection attempt%s\n");
p(tcps_dropsyn, "\t%u SYN packet%s dropped due to queue or memory
full\n");
- p1(tcps_sc_added, "\t%qd SYN cache entries added\n");
+ pys(tcps_sc_added, "\t%qd SYN cache entr%s added\n");
p(tcps_sc_collisions, "\t\t%qd hash collision%s\n");
p1(tcps_sc_completed, "\t\t%qd completed\n");
p1(tcps_sc_aborted, "\t\t%qd aborted (no space to build PCB)\n");
@@ -454,9 +460,16 @@ tcp_stats(char *name)
p1(tcps_sc_unreach, "\t\t%qd dropped due to ICMP unreachable\n");
p(tcps_sc_retransmitted, "\t%qd SYN,ACK%s retransmitted\n");
p(tcps_sc_dupesyn, "\t%qd duplicate SYN%s received for entries "
- "already in the cache\n");
+ "already in the cache\n");
p(tcps_sc_dropped, "\t%qd SYN%s dropped (no route or no space)\n");
p(tcps_sc_seedrandom, "\t%qd SYN cache seed%s with new random\n");
+ p1(tcps_sc_hash_size, "\t%qd hash bucket array size in current "
+ "SYN cache\n");
+ p2bys(tcps_sc_entry_count, tcps_sc_entry_limit,
+ "\t%qd entr%s in current SYN cache, limit is %qd\n");
+ p2b(tcps_sc_bucket_maxlen, tcps_sc_bucket_limit,
+ "\t%qd longest bucket length in current SYN cache, limit is %qd\n");
+ p(tcps_sc_uses_left, "\t%qd use%s of current SYN cache left\n");
p(tcps_sack_recovery_episode, "\t%qd SACK recovery episode%s\n");
p(tcps_sack_rexmits,
@@ -471,7 +484,10 @@ tcp_stats(char *name)
#undef p1
#undef p2
#undef p2a
-#undef p3
+#undef p2b
+#undef p2bys
+#undef pes
+#undef pys
}
/*
Index: usr.bin/netstat/main.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/usr.bin/netstat/main.c,v
retrieving revision 1.109
diff -u -p -r1.109 main.c
--- usr.bin/netstat/main.c 1 Jan 2016 17:38:45 -0000 1.109
+++ usr.bin/netstat/main.c 20 Jul 2016 09:33:15 -0000
@@ -388,6 +388,12 @@ plurales(u_int64_t n)
return (n != 1 ? "es" : "");
}
+char *
+pluralys(u_int64_t n)
+{
+ return (n != 1 ? "ies" : "y");
+}
+
/*
* Find the protox for the given "well-known" name.
*/
Index: usr.bin/netstat/netstat.h
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/usr.bin/netstat/netstat.h,v
retrieving revision 1.69
diff -u -p -r1.69 netstat.h
--- usr.bin/netstat/netstat.h 11 Sep 2015 19:35:37 -0000 1.69
+++ usr.bin/netstat/netstat.h 20 Jul 2016 09:34:26 -0000
@@ -72,6 +72,7 @@ extern char *__progname; /* program name
int kread(u_long addr, void *buf, int size);
char *plural(u_int64_t);
char *plurales(u_int64_t);
+char *pluralys(u_int64_t);
void protopr(kvm_t *, u_long, u_int, int);
