tcp: count two previously ignored kinds of syncookie failures

Reviewed by:		tuexen
Differential Revision:	https://reviews.freebsd.org/D50899
This commit is contained in:
Gleb Smirnoff
2025-06-17 08:50:29 -07:00
parent 0809d26de2
commit 1396e87a37
3 changed files with 10 additions and 1 deletions
+3
View File
@@ -1097,6 +1097,7 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
*/
if (locked && !V_tcp_syncookies) {
SCH_UNLOCK(sch);
TCPSTAT_INC(tcps_sc_spurcookie);
if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
log(LOG_DEBUG, "%s; %s: Spurious ACK, "
"segment rejected (syncookies disabled)\n",
@@ -1106,6 +1107,7 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
if (locked && !V_tcp_syncookiesonly &&
sch->sch_last_overflow < time_uptime - SYNCOOKIE_LIFETIME) {
SCH_UNLOCK(sch);
TCPSTAT_INC(tcps_sc_spurcookie);
if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
log(LOG_DEBUG, "%s; %s: Spurious ACK, "
"segment rejected (no syncache entry)\n",
@@ -1119,6 +1121,7 @@ syncache_expand(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
sc = &scs;
TCPSTAT_INC(tcps_sc_recvcookie);
} else {
TCPSTAT_INC(tcps_sc_failcookie);
if ((s = tcp_log_addrs(inc, th, NULL, NULL)))
log(LOG_DEBUG, "%s; %s: Segment failed "
"SYNCOOKIE authentication, segment rejected "
+2
View File
@@ -1015,6 +1015,8 @@ struct tcpstat {
uint64_t tcps_sc_zonefail; /* zalloc() failed */
uint64_t tcps_sc_sendcookie; /* SYN cookie sent */
uint64_t tcps_sc_recvcookie; /* SYN cookie received */
uint64_t tcps_sc_spurcookie; /* SYN cookie spurious, rejected */
uint64_t tcps_sc_failcookie; /* SYN cookie failed, rejected */
uint64_t tcps_hc_added; /* entry added to hostcache */
uint64_t tcps_hc_bucketoverflow;/* hostcache per bucket limit hit */
+5 -1
View File
@@ -768,8 +768,12 @@ tcp_stats(u_long off, const char *name, int af1 __unused, int proto __unused)
p1a(tcps_sc_unreach, "\t\t{:unreachable/%ju} {N:/unreach}\n");
p(tcps_sc_zonefail, "\t\t{:zone-failures/%ju} {N:/zone failure%s}\n");
p(tcps_sc_sendcookie, "\t{:sent-cookies/%ju} {N:/cookie%s sent}\n");
p(tcps_sc_recvcookie, "\t{:receivd-cookies/%ju} "
p(tcps_sc_recvcookie, "\t{:received-cookies/%ju} "
"{N:/cookie%s received}\n");
p(tcps_sc_spurcookie, "\t{:spurious-cookies/%ju} "
"{N:/spurious cookie%s rejected}\n");
p(tcps_sc_failcookie, "\t{:failed-cookies/%ju} "
"{N:/failed cookie%s rejected}\n");
xo_close_container("syncache");