> In the last episode (Sep 18), Terry Lambert said: **snip**
> tcpcb is currently 236 bytes though, and I don't imagine adding another > 8 bytes for an unsigned long "dropped packets" counter is going to kill > him. > > Deepak: if you really want stats, try adding a struct tcpstat to tcpcb > and hack all the netinet/tcp* code to update those whenever the global > tcpstat gets updated. We spent a lot of effort doing this for our 3.5-based NAT/firewall products, putting the SEQ/ACK numbers and related re-transission counts in the struct we used for transient connection objects, and logged them when the connection closed. With 10K simultaneous connections active, it added less than 640K of malloc'd memory, so it's not a big hit. We didn't find the statistics we gathered to be meaningful, BTW. Transient errors (congestion and routing loops) were infrequent, and most of what looked like errors turned out to be generated by the stack at the other end (gratuitous back-to-back ACKs and packet retransmission before any possible timeout could occur). For us, a waste of time. If you have more interesting results, please let me know. I figured it would be a great tool. -Les -- Les Biffle CISSP Information Systems Security Consultant (480) 585-4099 [EMAIL PROTECTED] http://www.les.biffle.org/ Network Safety, PO Box 14461, Scottsdale, AZ 85267 _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
