Reduces the resources demanded by TCP sessions in TIME_WAIT-state using
methods called Vestigial Time-Wait (VTW) and Maximum Segment Lifetime
Truncation (MSLT).
MSLT and VTW were contributed by Coyote Point Systems, Inc.
Even after a TCP session enters the TIME_WAIT state, its corresponding
socket and protocol control blocks (PCBs) stick around until the TCP
Maximum Segment Lifetime (MSL) expires. On a host whose workload
necessarily creates and closes down many TCP sockets, the sockets & PCBs
for TCP sessions in TIME_WAIT state amount to many megabytes of dead
weight in RAM.
Maximum Segment Lifetimes Truncation (MSLT) assigns each TCP session to
a class based on the nearness of the peer. Corresponding to each class
is an MSL, and a session uses the MSL of its class. The classes are
loopback (local host equals remote host), local (local host and remote
host are on the same link/subnet), and remote (local host and remote
host communicate via one or more gateways). Classes corresponding to
nearer peers have lower MSLs by default: 2 seconds for loopback, 10
seconds for local, 60 seconds for remote. Loopback and local sessions
expire more quickly when MSLT is used.
Vestigial Time-Wait (VTW) replaces a TIME_WAIT session's PCB/socket
dead weight with a compact representation of the session, called a
"vestigial PCB". VTW data structures are designed to be very fast and
memory-efficient: for fast insertion and lookup of vestigial PCBs,
the PCBs are stored in a hash table that is designed to minimize the
number of cacheline visits per lookup/insertion. The memory both
for vestigial PCBs and for elements of the PCB hashtable come from
fixed-size pools, and linked data structures exploit this to conserve
memory by representing references with a narrow index/offset from the
start of a pool instead of a pointer. When space for new vestigial PCBs
runs out, VTW makes room by discarding old vestigial PCBs, oldest first.
VTW cooperates with MSLT.
It may help to think of VTW as a "FIN cache" by analogy to the SYN
cache.
A 2.8-GHz Pentium 4 running a test workload that creates TIME_WAIT
sessions as fast as it can is approximately 17% idle when VTW is active
versus 0% idle when VTW is inactive. It has 103 megabytes more free RAM
when VTW is active (approximately 64k vestigial PCBs are created) than
when it is inactive.
2011-05-03 22:28:44 +04:00
|
|
|
# $NetBSD: Makefile,v 1.34 2011/05/03 18:28:46 dyoung Exp $
|
1994-05-13 12:08:09 +04:00
|
|
|
# from: @(#)Makefile 8.1 (Berkeley) 6/12/93
|
1993-03-21 21:04:42 +03:00
|
|
|
|
2002-09-18 18:00:33 +04:00
|
|
|
.include <bsd.own.mk>
|
|
|
|
|
Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry. RedHat has
evidently built all "core system packages" with this option for some time.
This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.
This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros. Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.
Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 16:06:17 +04:00
|
|
|
USE_FORT?= yes # setgid
|
|
|
|
|
2010-12-14 00:15:30 +03:00
|
|
|
RUMPPRG=netstat
|
2005-08-04 23:40:00 +04:00
|
|
|
SRCS= atalk.c bpf.c fast_ipsec.c if.c inet.c inet6.c ipsec.c iso.c \
|
2011-03-01 22:01:59 +03:00
|
|
|
main.c mbuf.c mroute.c mroute6.c pfsync.c show.c route.c tp_astring.c \
|
Reduces the resources demanded by TCP sessions in TIME_WAIT-state using
methods called Vestigial Time-Wait (VTW) and Maximum Segment Lifetime
Truncation (MSLT).
MSLT and VTW were contributed by Coyote Point Systems, Inc.
Even after a TCP session enters the TIME_WAIT state, its corresponding
socket and protocol control blocks (PCBs) stick around until the TCP
Maximum Segment Lifetime (MSL) expires. On a host whose workload
necessarily creates and closes down many TCP sockets, the sockets & PCBs
for TCP sessions in TIME_WAIT state amount to many megabytes of dead
weight in RAM.
Maximum Segment Lifetimes Truncation (MSLT) assigns each TCP session to
a class based on the nearness of the peer. Corresponding to each class
is an MSL, and a session uses the MSL of its class. The classes are
loopback (local host equals remote host), local (local host and remote
host are on the same link/subnet), and remote (local host and remote
host communicate via one or more gateways). Classes corresponding to
nearer peers have lower MSLs by default: 2 seconds for loopback, 10
seconds for local, 60 seconds for remote. Loopback and local sessions
expire more quickly when MSLT is used.
Vestigial Time-Wait (VTW) replaces a TIME_WAIT session's PCB/socket
dead weight with a compact representation of the session, called a
"vestigial PCB". VTW data structures are designed to be very fast and
memory-efficient: for fast insertion and lookup of vestigial PCBs,
the PCBs are stored in a hash table that is designed to minimize the
number of cacheline visits per lookup/insertion. The memory both
for vestigial PCBs and for elements of the PCB hashtable come from
fixed-size pools, and linked data structures exploit this to conserve
memory by representing references with a narrow index/offset from the
start of a pool instead of a pointer. When space for new vestigial PCBs
runs out, VTW makes room by discarding old vestigial PCBs, oldest first.
VTW cooperates with MSLT.
It may help to think of VTW as a "FIN cache" by analogy to the SYN
cache.
A 2.8-GHz Pentium 4 running a test workload that creates TIME_WAIT
sessions as fast as it can is approximately 17% idle when VTW is active
versus 0% idle when VTW is inactive. It has 103 megabytes more free RAM
when VTW is active (approximately 64k vestigial PCBs are created) than
when it is inactive.
2011-05-03 22:28:44 +04:00
|
|
|
unix.c vtw.c
|
2009-09-14 14:36:48 +04:00
|
|
|
.PATH: ${NETBSDSRCDIR}/sys/netiso
|
1993-03-21 21:04:42 +03:00
|
|
|
BINGRP= kmem
|
|
|
|
BINMODE=2555
|
1994-01-28 03:48:33 +03:00
|
|
|
LDADD= -lkvm
|
|
|
|
DPADD= ${LIBKVM}
|
2005-01-10 05:58:58 +03:00
|
|
|
CPPFLAGS+= -DIPSEC
|
2009-09-14 14:36:48 +04:00
|
|
|
CPPFLAGS+= -I${NETBSDSRCDIR}/sys/dist/pf
|
2005-01-10 05:58:58 +03:00
|
|
|
|
2010-12-14 00:15:30 +03:00
|
|
|
.PATH: ${.CURDIR}/../../lib/libc/gen
|
|
|
|
.PATH: ${.CURDIR}/../../lib/libc/net
|
|
|
|
CPPFLAGS+= -DRUMP_ACTION
|
|
|
|
RUMPSRCS+= sysctlbyname.c sysctlgetmibinfo.c sysctlnametomib.c
|
|
|
|
RUMPSRCS+= if_indextoname.c getifaddrs.c
|
|
|
|
|
2005-01-10 05:58:58 +03:00
|
|
|
.if (${USE_INET6} != "no")
|
|
|
|
CPPFLAGS+= -DINET6
|
|
|
|
.endif
|
1993-03-21 21:04:42 +03:00
|
|
|
|
|
|
|
.include <bsd.prog.mk>
|