methods called Vestigial Time-Wait (VTW) and Maximum Segment Lifetime
Truncation (MSLT).
MSLT and VTW were contributed by Coyote Point Systems, Inc.
Even after a TCP session enters the TIME_WAIT state, its corresponding
socket and protocol control blocks (PCBs) stick around until the TCP
Maximum Segment Lifetime (MSL) expires. On a host whose workload
necessarily creates and closes down many TCP sockets, the sockets & PCBs
for TCP sessions in TIME_WAIT state amount to many megabytes of dead
weight in RAM.
Maximum Segment Lifetimes Truncation (MSLT) assigns each TCP session to
a class based on the nearness of the peer. Corresponding to each class
is an MSL, and a session uses the MSL of its class. The classes are
loopback (local host equals remote host), local (local host and remote
host are on the same link/subnet), and remote (local host and remote
host communicate via one or more gateways). Classes corresponding to
nearer peers have lower MSLs by default: 2 seconds for loopback, 10
seconds for local, 60 seconds for remote. Loopback and local sessions
expire more quickly when MSLT is used.
Vestigial Time-Wait (VTW) replaces a TIME_WAIT session's PCB/socket
dead weight with a compact representation of the session, called a
"vestigial PCB". VTW data structures are designed to be very fast and
memory-efficient: for fast insertion and lookup of vestigial PCBs,
the PCBs are stored in a hash table that is designed to minimize the
number of cacheline visits per lookup/insertion. The memory both
for vestigial PCBs and for elements of the PCB hashtable come from
fixed-size pools, and linked data structures exploit this to conserve
memory by representing references with a narrow index/offset from the
start of a pool instead of a pointer. When space for new vestigial PCBs
runs out, VTW makes room by discarding old vestigial PCBs, oldest first.
VTW cooperates with MSLT.
It may help to think of VTW as a "FIN cache" by analogy to the SYN
cache.
A 2.8-GHz Pentium 4 running a test workload that creates TIME_WAIT
sessions as fast as it can is approximately 17% idle when VTW is active
versus 0% idle when VTW is inactive. It has 103 megabytes more free RAM
when VTW is active (approximately 64k vestigial PCBs are created) than
when it is inactive.
use only sysctl and no kvm (implementing /dev/mem for a rump kernel
would probably not be hard, but still a non-zero effort).
Note: since there is absolutely no network activity in a fresh rump
kernel, rump.netstat usually displays exactly nothing when invoked
without parameters. Arguments like -r, -bi, -p icmp etc. produce
more stuff.
Pfsync interface exposes change in the pf(4) over a pseudo-interface, and can
be used to synchronise different pf.
This work was part of my 2009 GSoC
No objection on tech-net@
This commit mostly adds code written by Claudio Jeker for OpenBSD to
support sysctl in the interface printing parts (-i, -I, -w). The port has
been ported to NetBSD with tiny adjustments -- of course all bugs etc.
are mine.
Also add and document a -X flag to force sysctl usage. The documentation
notes this flag may be removed at any time and its presence should not be
relied on.
Some misc. comments/#ifdef changes/code snippet moves as well.
Please note that no functionality should change as the routing and
interface printing code is still not fully supported.
Mailing list reference:
http://mail-index.netbsd.org/tech-userlevel/2009/09/09/msg002604.html
Heavily based on similar code from Claudio Jeker (at OpenBSD).
While here, fix inet/inet6 sysctl stuff commited previously to
actually work, and some other nits to make netstat more sysctl
friendly.
One step closer to losing setgid kmem on this one...
net.bpf.stats and net.bpf.peers sysctls respectively. netstat(1) now
has an additional syntax:
netstat [-s] [-B] [-I Interface]
Only the super user can see a list of BPF peers with the following command:
# netstat -B
Active BPF peers
PID Int Recv Drop Capt Flags Bufsize Comm
4941 lo0 0 0 0 I--S- 262144 tcpdump
252 ex0 19668 0 5 I-RS- 32768 dhclient
And every user can see the BPF statistics with:
$ netstat -s -B
bpf:
19669 total packets received
5 total packets captured
0 total packets dropped
This idea came from FreeBSD (Christian S.J. Peron) but, currently, they
doen't have a userland utility in the base system to read the sysctls.
Reviewed by: christos@
1. Pass the caller-supplied protocol name down through ipsec_switch().
2. Remove my poor attempt to print fast-ipsec stats automagically for
`netstat -s'. The previous code would print (fast)IPsec per-protocol
stats even for 'netstat', which is just wrong.
A better fix would be to enumerate the sub-"protocols" under IPsec;
but first lets fix the broken behaviour now, for a pullup to 2.0.
Do a little mbuf rework while here. Change all uses of MGET*(*, M_WAIT, *)
to m_get*(M_WAIT, *). These are not performance critical and making them
call m_get saves considerable space. Add m_clget analogue of MCLGET and
make corresponding change for M_WAIT uses.
Modify netinet, gem, fxp, tulip, nfs to support MBUFTRACE.
Begin to change netstat to use sysctl.
