tcp: count two previously ignored kinds of syncookie failures
Reviewed by: tuexen Differential Revision: https://reviews.freebsd.org/D50899
This commit is contained in:
@@ -1097,6 +1097,7 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
|
||||
*/
|
||||
if (locked && !V_tcp_syncookies) {
|
||||
SCH_UNLOCK(sch);
|
||||
TCPSTAT_INC(tcps_sc_spurcookie);
|
||||
if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
|
||||
log(LOG_DEBUG, "%s; %s: Spurious ACK, "
|
||||
"segment rejected (syncookies disabled)\n",
|
||||
@@ -1106,6 +1107,7 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
|
||||
if (locked && !V_tcp_syncookiesonly &&
|
||||
sch->sch_last_overflow < time_uptime - SYNCOOKIE_LIFETIME) {
|
||||
SCH_UNLOCK(sch);
|
||||
TCPSTAT_INC(tcps_sc_spurcookie);
|
||||
if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
|
||||
log(LOG_DEBUG, "%s; %s: Spurious ACK, "
|
||||
"segment rejected (no syncache entry)\n",
|
||||
@@ -1119,6 +1121,7 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
|
||||
sc = &scs;
|
||||
TCPSTAT_INC(tcps_sc_recvcookie);
|
||||
} else {
|
||||
TCPSTAT_INC(tcps_sc_failcookie);
|
||||
if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
|
||||
log(LOG_DEBUG, "%s; %s: Segment failed "
|
||||
"SYNCOOKIE authentication, segment rejected "
|
||||
|
||||
@@ -1015,6 +1015,8 @@ struct tcpstat {
|
||||
uint64_t tcps_sc_zonefail; /* zalloc() failed */
|
||||
uint64_t tcps_sc_sendcookie; /* SYN cookie sent */
|
||||
uint64_t tcps_sc_recvcookie; /* SYN cookie received */
|
||||
uint64_t tcps_sc_spurcookie; /* SYN cookie spurious, rejected */
|
||||
uint64_t tcps_sc_failcookie; /* SYN cookie failed, rejected */
|
||||
|
||||
uint64_t tcps_hc_added; /* entry added to hostcache */
|
||||
uint64_t tcps_hc_bucketoverflow;/* hostcache per bucket limit hit */
|
||||
|
||||
@@ -768,8 +768,12 @@ tcp_stats(u_long off, const char *name, int af1 __unused, int proto __unused)
|
||||
p1a(tcps_sc_unreach, "\t\t{:unreachable/%ju} {N:/unreach}\n");
|
||||
p(tcps_sc_zonefail, "\t\t{:zone-failures/%ju} {N:/zone failure%s}\n");
|
||||
p(tcps_sc_sendcookie, "\t{:sent-cookies/%ju} {N:/cookie%s sent}\n");
|
||||
p(tcps_sc_recvcookie, "\t{:receivd-cookies/%ju} "
|
||||
p(tcps_sc_recvcookie, "\t{:received-cookies/%ju} "
|
||||
"{N:/cookie%s received}\n");
|
||||
p(tcps_sc_spurcookie, "\t{:spurious-cookies/%ju} "
|
||||
"{N:/spurious cookie%s rejected}\n");
|
||||
p(tcps_sc_failcookie, "\t{:failed-cookies/%ju} "
|
||||
"{N:/failed cookie%s rejected}\n");
|
||||
|
||||
xo_close_container("syncache");
|
||||
|
||||
|
||||
Reference in New Issue
Block a user