From owner-freebsd-net@FreeBSD.ORG Thu Aug 16 14:51:59 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B77D816A418 for ; Thu, 16 Aug 2007 14:51:59 +0000 (UTC) (envelope-from is@rambler-co.ru) Received: from relay0.rambler.ru (relay0.rambler.ru [81.19.66.187]) by mx1.freebsd.org (Postfix) with ESMTP id 7469B13C46B for ; Thu, 16 Aug 2007 14:51:59 +0000 (UTC) (envelope-from is@rambler-co.ru) Received: from relay0.rambler.ru (localhost [127.0.0.1]) by relay0.rambler.ru (Postfix) with ESMTP id 89B7B6084 for ; Thu, 16 Aug 2007 18:24:33 +0400 (MSD) Received: from localhost (is1.park.rambler.ru [81.19.64.121]) by relay0.rambler.ru (Postfix) with ESMTP id 68E976052 for ; Thu, 16 Aug 2007 18:24:33 +0400 (MSD) Date: Thu, 16 Aug 2007 18:24:31 +0400 From: Igor Sysoev To: freebsd-net@freebsd.org Message-ID: <20070816142431.GO57126@rambler-co.ru> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="rS8CxjVDS/+yyDmU" Content-Disposition: inline User-Agent: Mutt/1.5.13 (2006-08-11) X-Virus-Scanned: No virus found Subject: syncookie in 6.x and 7.x X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Aug 2007 14:51:59 -0000 --rS8CxjVDS/+yyDmU Content-Type: text/plain; charset=koi8-r Content-Disposition: inline During testing 7.0-CURRENT I have found that it always sends syncookies while on early FreeBSD versions "netstat -s -p tcp" always shows: 0 cookies sent 0 cookies received I have looked sources and found that in early versions the sent counter was simply not incremented at all. The patch attached. After the patch has been applied I have found that 6 always sends syncookies too, however, 6 unlike 7 never receives them. Why ? Here is 6 statistics: 1046714 syncache entries added 28395 retransmitted 32879 dupsyn 0 dropped 1038153 completed 0 bucket overflow 0 cache overflow 4201 reset 3972 stale 0 aborted 0 badack 254 unreach 0 zone failures 1046714 cookies sent 0 cookies received Here is 7 statistics: 76018 syncache entries added 2536 retransmitted 2574 dupsyn 0 dropped 75114 completed 0 bucket overflow 0 cache overflow 456 reset 267 stale 0 aborted 0 badack 20 unreach 0 zone failures 76018 cookies sent 24 cookies received -- Igor Sysoev http://sysoev.ru/en/ --rS8CxjVDS/+yyDmU Content-Type: text/x-diff; charset=koi8-r Content-Disposition: attachment; filename="syncookie.patch" --- sys/netinet/tcp_syncache.c 2006-02-16 04:06:22.000000000 +0300 +++ sys/netinet/tcp_syncache.c 2007-08-15 13:55:25.000000000 +0400 @@ -1323,6 +1323,7 @@ MD5Final((u_char *)&md5_buffer, &syn_ctx); data ^= (md5_buffer[0] & ~SYNCOOKIE_WNDMASK); *flowid = md5_buffer[1]; + tcpstat.tcps_sc_sendcookie++; return (data); } --rS8CxjVDS/+yyDmU--