Commit Graph

409 Commits

Author SHA1 Message Date
manu
1b0d8e317f Display SOCK_SEQPACKET local sockets in sockstat and netstat 2011-05-29 04:45:08 +00:00
drochner
0a8dabda40 pull in AES-GCM/GMAC support from OpenBSD
This is still somewhat experimental. Tested between 2 similar boxes
so far. There is much potential for performance improvement. For now,
I've changed the gmac code to accept any data alignment, as the "char *"
pointer suggests. As the code is practically used, 32-bit alignment
can be assumed, at the cost of data copies. I don't know whether
bytewise access or copies are worse performance-wise. For efficient
implementations using SSE2 instructions on x86, even stricter
alignment requirements might arise.
2011-05-26 21:50:02 +00:00
joerg
a216da57a6 Default to -Wno-sign-compare -Wno-pointer-sign for clang.
Push -Wno-array-bounds down to the cases that depend on it.
Selectively disable warnings for 3rd party software or non-trivial
issues to be reviewed later to get clang -Werror to build most of the
tree.
2011-05-26 12:56:24 +00:00
drochner
ebc232a582 copy AES-XCBC-MAC support from KAME IPSEC to FAST_IPSEC
For this to fit, an API change in cryptosoft was adopted from OpenBSD
(addition of a "Setkey" method to hashes) which was done for GCM/GMAC
support there, so it might be useful in the future anyway.
tested against KAME IPSEC
AFAICT, FAST_IPSEC now supports as much as KAME.
2011-05-24 19:10:08 +00:00
spz
5f1fd2312c RA flood mitigation via a limit on accepted routes:
- introduce a limit for the routes accepted via IPv6 Router Advertisement:
  a common 2 interface client will have 6, the default limit is 100 and
  can be adjusted via sysctl
- report the current number of routes installed via RA via sysctl
- count discarded route additions. Note that one RA message is two routes.
  This is at present only across all interfaces even though per-interface
  would be more useful, since the per-interface structure complies to RFC2466
- bump kernel version due to the previous change
- adjust netstat to use the new value (with netstat -p icmp6)
2011-05-24 18:07:11 +00:00
drochner
cfdc35650d report aes-ctr statistic counter by name 2011-05-23 14:29:55 +00:00
dyoung
0d0dd0e146 Suppress whitespace at EOL to fix lib/librumphijack/t_tcpip. 2011-05-11 22:21:59 +00:00
drochner
4f6bdd19b5 use getmicrouptime(9) rather than microtime(9) for TIME_WAIT duration
calculation, because this doesn't get confused by system time changes,
and uses less CPU cycles
reviewed by dyoung
2011-05-11 15:08:59 +00:00
enami
dd41556bdf Use ptrdiff_t to hold pointer difference to avoid coredump on LP64 system. 2011-05-10 04:40:16 +00:00
drochner
3e2a0f5f49 decode camellia-cbc in stats histogram 2011-05-05 17:49:47 +00:00
pgoyette
38b438f332 Use %zx for _both_ size_t formats! 2011-05-04 03:43:30 +00:00
dyoung
fe23a102a6 On second thought, make a more conservative change: use %zx instead of
%x for size_t.
2011-05-04 01:31:40 +00:00
dyoung
6392073d00 Use %zu format for size_t instead of %x. 2011-05-04 01:30:01 +00:00
dyoung
7957556091 Always try to open kmem, do not always set use_sysctl to 1, and do not
fail if opening kmem fails unless !use_sysctl.  Fixes netstat(1) options
such as -s.
2011-05-04 01:13:35 +00:00
dyoung
7135b6c6f4 Access the kvm_t using get_kvmd(), only. 2011-05-04 01:11:29 +00:00
dyoung
fea546afcb Don't use type qualifier 'register'. 2011-05-04 00:55:19 +00:00
dyoung
7f40ffb8aa Do not display expired or reclaimed vestigial TIME_WAIT entries. 2011-05-03 23:36:26 +00:00
dyoung
c2e43be1c5 Reduces the resources demanded by TCP sessions in TIME_WAIT-state using
methods called Vestigial Time-Wait (VTW) and Maximum Segment Lifetime
Truncation (MSLT).

MSLT and VTW were contributed by Coyote Point Systems, Inc.

Even after a TCP session enters the TIME_WAIT state, its corresponding
socket and protocol control blocks (PCBs) stick around until the TCP
Maximum Segment Lifetime (MSL) expires.  On a host whose workload
necessarily creates and closes down many TCP sockets, the sockets & PCBs
for TCP sessions in TIME_WAIT state amount to many megabytes of dead
weight in RAM.

Maximum Segment Lifetimes Truncation (MSLT) assigns each TCP session to
a class based on the nearness of the peer.  Corresponding to each class
is an MSL, and a session uses the MSL of its class.  The classes are
loopback (local host equals remote host), local (local host and remote
host are on the same link/subnet), and remote (local host and remote
host communicate via one or more gateways).  Classes corresponding to
nearer peers have lower MSLs by default: 2 seconds for loopback, 10
seconds for local, 60 seconds for remote.  Loopback and local sessions
expire more quickly when MSLT is used.

Vestigial Time-Wait (VTW) replaces a TIME_WAIT session's PCB/socket
dead weight with a compact representation of the session, called a
"vestigial PCB".  VTW data structures are designed to be very fast and
memory-efficient: for fast insertion and lookup of vestigial PCBs,
the PCBs are stored in a hash table that is designed to minimize the
number of cacheline visits per lookup/insertion.  The memory both
for vestigial PCBs and for elements of the PCB hashtable come from
fixed-size pools, and linked data structures exploit this to conserve
memory by representing references with a narrow index/offset from the
start of a pool instead of a pointer.  When space for new vestigial PCBs
runs out, VTW makes room by discarding old vestigial PCBs, oldest first.
VTW cooperates with MSLT.

It may help to think of VTW as a "FIN cache" by analogy to the SYN
cache.

A 2.8-GHz Pentium 4 running a test workload that creates TIME_WAIT
sessions as fast as it can is approximately 17% idle when VTW is active
versus 0% idle when VTW is inactive.  It has 103 megabytes more free RAM
when VTW is active (approximately 64k vestigial PCBs are created) than
when it is inactive.
2011-05-03 18:28:44 +00:00
drochner
ab862eb3da fix some labels for ipcomp counters which didn't make sense at all 2011-04-19 18:34:39 +00:00
dyoung
9863fc9961 Use __arraycount() and PRIu64. Delete unnecessary casts to unsigned
long long.
2011-03-02 19:52:03 +00:00
dyoung
439199a3fb Pull pfsync_stats() out of inet.c and into pfsync.c so that inet.c does
not have to #include PF header files that pollute the global namespace
by #defining v4 and v6 (sheesh).
2011-03-01 19:01:59 +00:00
martin
82fe9809af Use RT_ROUNDUP() and friends from sys/route.h instead of homegrown
variants.
2011-02-04 14:31:23 +00:00
matt
4d5d6d9aa5 Add a new AF/PF_ROUTE which is 64-bit clean which makes the routing socket
interface (and its associated sysctls) act identically for both 32 and 64 bit
programs.  The old unclean one remains for backward compatibility.
2011-02-01 01:39:19 +00:00
pooka
3c577ba703 Deal with crunch the standard way. 2010-12-15 11:22:41 +00:00
he
c4e8d271ce Make this build with CRUNCHEDPROG defined, and default to the sysctl()
method of fetching information.  Apparently we can't simply not define
the prog_ops struct in this program.
2010-12-15 09:15:05 +00:00
pooka
f2ee316255 Add netstat rump client. For now, it always sets -X, i.e. will
use only sysctl and no kvm (implementing /dev/mem for a rump kernel
would probably not be hard, but still a non-zero effort).

Note: since there is absolutely no network activity in a fresh rump
kernel, rump.netstat usually displays exactly nothing when invoked
without parameters.  Arguments like -r, -bi, -p icmp etc. produce
more stuff.
2010-12-13 21:15:30 +00:00
pooka
13358eb8c2 Insert word "mbuf" to description of -m (so you can search for it).
No functional change.
2010-12-06 09:28:38 +00:00
enami
4964ac468f Line up total numbers again. 2010-07-09 07:04:30 +00:00
wiz
fbb846b2d3 Bump date for previous (mpls). 2010-06-30 07:30:16 +00:00
kefren
0e9c730672 Add mpls into family address list 2010-06-29 12:38:12 +00:00
kefren
a58bbf2771 Add -T flag, that shows tags in route output 2010-06-27 06:52:37 +00:00
kefren
92b0c8320e add MPLS clue for showing routes 2010-06-26 14:30:31 +00:00
plunky
f183cc477b no need to forward declare struct uio and proc before including
<sys/file.h> as it does that internally, and don't continue the
_KERNEL definition afterwards as it causes some other problems
with pcc relating to unreferenced symbols in unused static
inline functions which gcc optimises away.
2010-04-22 14:37:06 +00:00
plunky
cb88fa41a4 it is not [any longer] necessary to #define _KERNEL while including
<net/route.h> so remove it.

This fixes a build problem with pcc which is not as clever as gcc
when optimising away unused static inline functions which refer to
unknown symbols (eg sockaddr_dup).
2010-04-22 14:32:30 +00:00
pooka
bc1cf39b94 Add -h, which makes output of bytes counts "humanized" (e.g. -bih)
(netstat had -h some 15 years ago, but since then it has been just
a fancy way of calling usage())
2010-02-24 11:00:27 +00:00
christos
8f7e9f408c PR/42243: Yasuoka Masahiko: Add support for "net.inet.icmp.bmcastecho" support.
Print the current status.
2009-12-07 18:48:45 +00:00
plunky
98f75b5b42 protecting sockaddr_in6 with -DINET6 2009-09-27 18:19:18 +00:00
degroote
2d48ac808c Import pfsync support from OpenBSD 4.2
Pfsync interface exposes change in the pf(4) over a pseudo-interface, and can
be used to synchronise different pf.

This work was part of my 2009 GSoC

No objection on tech-net@
2009-09-14 10:36:48 +00:00
pgoyette
ca6d65ecdd Use PRIu64 for printf'ing stuff. Fixes build breakage on part-amd64
introduced in rev 1.64 (and reverts a partial fix provided in rev 1.65)
2009-09-13 21:46:23 +00:00
elad
dc553b0f9c Put some unsigned long long casts (as was in the original printing code).
Should fix build breakage noticed by pgoyette@ on current-users@:

    http://mail-index.netbsd.org/current-users/2009/09/13/msg010554.html

(sorry, don't have an amd64 anymore!)
2009-09-13 19:04:29 +00:00
wiz
76e34094ac Fix section for sysctl xref (it is 3, not 2). 2009-09-13 09:17:26 +00:00
elad
a363352277 Checkin work in progress to make netstat use sysctl rather than kvm(3).
This commit mostly adds code written by Claudio Jeker for OpenBSD to
support sysctl in the interface printing parts (-i, -I, -w). The port has
been ported to NetBSD with tiny adjustments -- of course all bugs etc.
are mine.

Also add and document a -X flag to force sysctl usage. The documentation
notes this flag may be removed at any time and its presence should not be
relied on.

Some misc. comments/#ifdef changes/code snippet moves as well.

Please note that no functionality should change as the routing and
interface printing code is still not fully supported.

Mailing list reference:

    http://mail-index.netbsd.org/tech-userlevel/2009/09/09/msg002604.html
2009-09-13 02:53:17 +00:00
dholland
69388abb04 Fix typo 2009-06-28 19:02:46 +00:00
christos
3b9e5891ba fix typo (Silas Silva) 2009-05-28 14:57:42 +00:00
lukem
d5a0caad3b Fix many WARNS=4 issues (-Wshadow -Wcast-qual -Wsign-compare).
Fix probable bug with numeric printing of anon ports when using sysctl.
2009-04-12 16:08:37 +00:00
joerg
c094012060 Fix markup 2009-03-11 13:54:05 +00:00
dholland
e203f53315 Make netstat handle -a properly; that is, don't show unconnected
listener sockets unless -a was given. (It was checking the local
address instead of the remote address for being INADDR_ANY or
equivalent.)

PR 38093 from Dieter Roelants; I adjusted the patch a little.

This needs pullups for both -4 and -5.
2009-02-22 07:43:01 +00:00
wiz
3ca38c6b62 Sort option descriptions, and options in usage.
Covers PR 40627.
2009-02-14 11:08:17 +00:00
christos
72b21d3647 fix for 64 bit time_t 2008-12-29 01:33:03 +00:00
lukem
98e5374ccb Remove the \n and tabs from the __COPYRIGHT() strings.
Tweak to use a consistent format.
2008-07-21 14:19:20 +00:00