Re: tcp syn cache random reseed

Sun, 20 Mar 2016 11:55:03 -0700 

On Sat, Mar 19, 2016 at 10:41:06PM +0100, Alexander Bluhm wrote:
> Perhaps the tcps_sc_seedrandom counter with a netstat -s line should
> be commited anyway to show the problem.

ok?

bluhm

Index: sys/netinet/tcp_input.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_input.c,v
retrieving revision 1.314
diff -u -p -r1.314 tcp_input.c
--- sys/netinet/tcp_input.c     7 Mar 2016 18:44:00 -0000       1.314
+++ sys/netinet/tcp_input.c     19 Mar 2016 20:09:25 -0000
@@ -3371,8 +3371,10 @@ syn_cache_insert(struct syn_cache *sc, s
         * If there are no entries in the hash table, reinitialize
         * the hash secrets.
         */
-       if (tcp_syn_cache_count == 0)
+       if (tcp_syn_cache_count == 0) {
                arc4random_buf(tcp_syn_hash, sizeof(tcp_syn_hash));
+               tcpstat.tcps_sc_seedrandom++;
+       }
 
        SYN_HASHALL(sc->sc_hash, &sc->sc_src.sa, &sc->sc_dst.sa);
        sc->sc_bucketidx = sc->sc_hash % tcp_syn_cache_size;
Index: sys/netinet/tcp_var.h
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_var.h,v
retrieving revision 1.109
diff -u -p -r1.109 tcp_var.h
--- sys/netinet/tcp_var.h       27 Aug 2015 20:56:16 -0000      1.109
+++ sys/netinet/tcp_var.h       19 Mar 2016 20:53:39 -0000
@@ -440,6 +440,7 @@ struct      tcpstat {
        u_int64_t tcps_sc_dropped;      /* # of SYNs dropped (no route/mem) */
        u_int64_t tcps_sc_collisions;   /* # of hash collisions */
        u_int64_t tcps_sc_retransmitted;/* # of retransmissions */
+       u_int64_t tcps_sc_seedrandom;   /* # of syn cache seeds with random */
 
        u_int64_t tcps_conndrained;     /* # of connections drained */
 
Index: usr.bin/netstat/inet.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/usr.bin/netstat/inet.c,v
retrieving revision 1.144
diff -u -p -r1.144 inet.c
--- usr.bin/netstat/inet.c      20 Aug 2015 22:32:41 -0000      1.144
+++ usr.bin/netstat/inet.c      20 Mar 2016 18:25:55 -0000
@@ -455,6 +455,7 @@ tcp_stats(char *name)
        p(tcps_sc_dupesyn, "\t%qd duplicate SYN%s received for entries "
                "already in the cache\n");
        p(tcps_sc_dropped, "\t%qd SYN%s dropped (no route or no space)\n");
+       p(tcps_sc_seedrandom, "\t%qd SYN cache seed%s with new random\n");
 
        p(tcps_sack_recovery_episode, "\t%qd SACK recovery episode%s\n");
        p(tcps_sack_rexmits,

Reply via email to