Commit Graph

83 Commits

Author SHA1 Message Date
drochner
364a06bb29 remove KAME IPSEC, replaced by FAST_IPSEC 2012-03-22 20:34:37 +00:00
matt
d34c2845b8 Use C89 function definitions 2012-03-20 20:34:57 +00:00
joerg
6818646ac8 Use __dead 2011-09-16 15:39:25 +00:00
njoly
58b2cc408f Use errx() to display kvm_openfiles error message, the provided buffer
already has it.
2011-07-17 10:22:07 +00:00
dyoung
7957556091 Always try to open kmem, do not always set use_sysctl to 1, and do not
fail if opening kmem fails unless !use_sysctl.  Fixes netstat(1) options
such as -s.
2011-05-04 01:13:35 +00:00
dyoung
c2e43be1c5 Reduces the resources demanded by TCP sessions in TIME_WAIT-state using
methods called Vestigial Time-Wait (VTW) and Maximum Segment Lifetime
Truncation (MSLT).

MSLT and VTW were contributed by Coyote Point Systems, Inc.

Even after a TCP session enters the TIME_WAIT state, its corresponding
socket and protocol control blocks (PCBs) stick around until the TCP
Maximum Segment Lifetime (MSL) expires.  On a host whose workload
necessarily creates and closes down many TCP sockets, the sockets & PCBs
for TCP sessions in TIME_WAIT state amount to many megabytes of dead
weight in RAM.

Maximum Segment Lifetimes Truncation (MSLT) assigns each TCP session to
a class based on the nearness of the peer.  Corresponding to each class
is an MSL, and a session uses the MSL of its class.  The classes are
loopback (local host equals remote host), local (local host and remote
host are on the same link/subnet), and remote (local host and remote
host communicate via one or more gateways).  Classes corresponding to
nearer peers have lower MSLs by default: 2 seconds for loopback, 10
seconds for local, 60 seconds for remote.  Loopback and local sessions
expire more quickly when MSLT is used.

Vestigial Time-Wait (VTW) replaces a TIME_WAIT session's PCB/socket
dead weight with a compact representation of the session, called a
"vestigial PCB".  VTW data structures are designed to be very fast and
memory-efficient: for fast insertion and lookup of vestigial PCBs,
the PCBs are stored in a hash table that is designed to minimize the
number of cacheline visits per lookup/insertion.  The memory both
for vestigial PCBs and for elements of the PCB hashtable come from
fixed-size pools, and linked data structures exploit this to conserve
memory by representing references with a narrow index/offset from the
start of a pool instead of a pointer.  When space for new vestigial PCBs
runs out, VTW makes room by discarding old vestigial PCBs, oldest first.
VTW cooperates with MSLT.

It may help to think of VTW as a "FIN cache" by analogy to the SYN
cache.

A 2.8-GHz Pentium 4 running a test workload that creates TIME_WAIT
sessions as fast as it can is approximately 17% idle when VTW is active
versus 0% idle when VTW is inactive.  It has 103 megabytes more free RAM
when VTW is active (approximately 64k vestigial PCBs are created) than
when it is inactive.
2011-05-03 18:28:44 +00:00
pooka
f2ee316255 Add netstat rump client. For now, it always sets -X, i.e. will
use only sysctl and no kvm (implementing /dev/mem for a rump kernel
would probably not be hard, but still a non-zero effort).

Note: since there is absolutely no network activity in a fresh rump
kernel, rump.netstat usually displays exactly nothing when invoked
without parameters.  Arguments like -r, -bi, -p icmp etc. produce
more stuff.
2010-12-13 21:15:30 +00:00
kefren
0e9c730672 Add mpls into family address list 2010-06-29 12:38:12 +00:00
kefren
a58bbf2771 Add -T flag, that shows tags in route output 2010-06-27 06:52:37 +00:00
pooka
bc1cf39b94 Add -h, which makes output of bytes counts "humanized" (e.g. -bih)
(netstat had -h some 15 years ago, but since then it has been just
a fancy way of calling usage())
2010-02-24 11:00:27 +00:00
degroote
2d48ac808c Import pfsync support from OpenBSD 4.2
Pfsync interface exposes change in the pf(4) over a pseudo-interface, and can
be used to synchronise different pf.

This work was part of my 2009 GSoC

No objection on tech-net@
2009-09-14 10:36:48 +00:00
elad
a363352277 Checkin work in progress to make netstat use sysctl rather than kvm(3).
This commit mostly adds code written by Claudio Jeker for OpenBSD to
support sysctl in the interface printing parts (-i, -I, -w). The port has
been ported to NetBSD with tiny adjustments -- of course all bugs etc.
are mine.

Also add and document a -X flag to force sysctl usage. The documentation
notes this flag may be removed at any time and its presence should not be
relied on.

Some misc. comments/#ifdef changes/code snippet moves as well.

Please note that no functionality should change as the routing and
interface printing code is still not fully supported.

Mailing list reference:

    http://mail-index.netbsd.org/tech-userlevel/2009/09/09/msg002604.html
2009-09-13 02:53:17 +00:00
lukem
d5a0caad3b Fix many WARNS=4 issues (-Wshadow -Wcast-qual -Wsign-compare).
Fix probable bug with numeric printing of anon ports when using sysctl.
2009-04-12 16:08:37 +00:00
lukem
98e5374ccb Remove the \n and tabs from the __COPYRIGHT() strings.
Tweak to use a consistent format.
2008-07-21 14:19:20 +00:00
thorpej
9af7365b12 Make note of a few things no longer available via kvm. 2008-04-24 03:46:25 +00:00
thorpej
2654d13326 netns is no longer in the tree; completely purge it from netstat(1). 2008-04-23 15:35:37 +00:00
thorpej
d2d995427e Make DDP stats per-cpu. While here, bump the counters to 64-bit and
make them available by sysctl.
2008-04-23 15:17:42 +00:00
thorpej
02f63fe1bf PF_KEY stats for IPSEC and FAST_IPSEC are now per-CPU. 2008-04-23 07:29:47 +00:00
thorpej
6144958d8f ARP and IGMP stats are now available by sysctl. 2008-04-15 16:06:28 +00:00
mlelstv
0de32b854f Fall back to kvm interface for protocols that do not yet
offer a sysctl interface. Fixes PR bin/36210.
2007-04-27 18:37:53 +00:00
elad
26e33be266 PR/35056: Keiichi Shima: netstat does not compile in crunched environment
Patch applied, thanks!
2006-11-15 11:55:00 +00:00
elad
c136b6cd0d Refactor code a bit so we only use kmem when we really need it. 2006-10-13 16:33:57 +00:00
elad
65305bdc98 Good intentions are still intentions. If we can't open kvm, but we still
have sysctl, it's still not enough for -P. A groveler is a groveler is
a groveler.

On a different note, this code needs a rewrite.
2006-09-27 12:51:43 +00:00
christos
32f8a691e7 - Back to using kvm if we have access to it, since the sysctl stats do not
yet support all the fields we need.
- Don't core-dump if we could not open the kvm file.
2006-09-14 20:43:50 +00:00
matt
a5db205458 Conditionalize XNS support. No longer enabled. 2006-08-26 15:33:20 +00:00
christos
c10a5d302a well, the || needed to be an && and the operand order needed to be changed.
XXX: There are still things like interface printing that need kvm.
2006-08-22 20:06:17 +00:00
christos
ed6a70d32a Fix another && || confusion, from Kurt Schreiner, thanks! 2006-08-21 18:31:24 +00:00
christos
a49f247028 Don't use || if you need &&. 2006-08-17 22:23:07 +00:00
elad
fb101b952c another netstat fix, Kurt Schreiner. thanx! 2006-06-04 22:39:33 +00:00
elad
e7a2ce04a1 fix logic; from Kurt Schreiner 2006-06-04 20:01:14 +00:00
elad
5d7aa1a613 Make netstat use sysctl when dumping routing tables/stats.
Heavily based on similar code from Claudio Jeker (at OpenBSD).

While here, fix inet/inet6 sysctl stuff commited previously to
actually work, and some other nits to make netstat more sysctl
friendly.

One step closer to losing setgid kmem on this one...
2006-05-28 16:51:40 +00:00
liamjfoy
4876c304b1 Integrate Common Address Redundancy Procotol (CARP) from OpenBSD
'pseudo-device	carp'

Thanks to: joerg@ christos@ riz@ and others who tested
Ok: core@
2006-05-18 09:05:49 +00:00
drochner
360dbbc86f make bpf stats #ifndef SMALL,
fixes build of x_netstat
2005-09-14 15:35:26 +00:00
rpaulo
d65009381e Request process information using sysctl(3) and not kvm(3) since bpf(4)
statistics and peers are only available using the former.
2005-09-02 22:23:13 +00:00
rpaulo
66daeed445 Implemented the userland part of the BPF statistics and BPF peers,
net.bpf.stats and net.bpf.peers sysctls respectively. netstat(1) now
has an additional syntax:
	netstat [-s] [-B] [-I Interface]

Only the super user can see a list of BPF peers with the following command:
# netstat -B
Active BPF peers
PID     Int     Recv     Drop     Capt     Flags  Bufsize  Comm
4941    lo0     0        0        0        I--S-  262144   tcpdump
252     ex0     19668    0        5        I-RS-  32768    dhclient

And every user can see the BPF statistics with:
$ netstat -s -B
bpf:
        19669 total packets received
        5 total packets captured
        0 total packets dropped

This idea came from FreeBSD (Christian S.J. Peron) but, currently, they
doen't have a userland utility in the base system to read the sysctls.

Reviewed by: christos@
2005-08-04 19:39:40 +00:00
dsl
dfdc37e2fe Add (unsigned char) cast to ctype functions 2004-10-30 20:56:20 +00:00
manu
753bcaf581 IPv4 PIM support, from the submission of Pavlin Radoslavov on tech-net@ 2004-09-04 23:35:43 +00:00
jonathan
f8aeaf6223 Fix two stupid bugs I introduced with stats for fast-ipsec:
1. Pass the caller-supplied protocol name down through ipsec_switch().

2. Remove my poor attempt to print fast-ipsec stats automagically for
`netstat -s'.  The previous code would print (fast)IPsec per-protocol
stats even for 'netstat', which is just wrong.

A better fix would be to enumerate the sub-"protocols" under IPsec;
but first lets fix the broken behaviour now, for a pullup to 2.0.
2004-06-27 01:10:53 +00:00
christos
45a11d4b25 Temporary hack to fix ipsec stats lossage. Atatat, are you listening? 2004-06-06 17:11:48 +00:00
jonathan
85b3ba5bf1 Redo net.inet.* sysctl subtree for fast-ipsec from scratch.
Attach FAST-IPSEC statistics with 64-bit counters to new sysctl MIB.
Rework netstat to show FAST_IPSEC statistics, via sysctl,  for
netstat -p ipsec.

New kernel files:
	sys/netipsec/Makefile		(new file; install *_var.h includes)
	sys/netipsec/ipsec_var.h	(new 64-bit mib counter struct)

Changed kernel files:
	sys/Makefile			(recurse into sys/netipsec/)
	sys/netinet/in.h		(fake IP_PROTO name for fast_ipsec
					sysctl subtree.)
	sys/netipsec/ipsec.h		(minimal userspace inclusion)
	sys/netipsec/ipsec_osdep.h	(minimal userspace inclusion)
	sys/netipsec/ipsec_netbsd.c	(redo sysctl subtree from scratch)
	sys/netipsec/key*.c		(fix broken net.key subtree)

	sys/netipsec/ah_var.h		(increase all counters to 64 bits)
	sys/netipsec/esp_var.h		(increase all counters to 64 bits)
	sys/netipsec/ipip_var.h		(increase all counters to 64 bits)
	sys/netipsec/ipcomp_var.h	(increase all counters to 64 bits)

	sys/netipsec/ipsec.c		(add #include netipsec/ipsec_var.h)
	sys/netipsec/ipsec_mbuf.c	(add #include netipsec/ipsec_var.h)
	sys/netipsec/ipsec_output.c	(add #include netipsec/ipsec_var.h)

	sys/netinet/raw_ip.c		(add #include netipsec/ipsec_var.h)
	sys/netinet/tcp_input.c		(add #include netipsec/ipsec_var.h)
	sys/netinet/udp_usrreq.c	(add #include netipsec/ipsec_var.h)

Changes to usr.bin/netstat to print the new fast-ipsec sysctl tree
for "netstat -s -p ipsec":

New file:
	usr.bin/netstat/fast_ipsec.c	(print fast-ipsec counters)

Changed files:
	usr.bin/netstat/Makefile	(add fast_ipsec.c)
	usr.bin/netstat/netstat.h	(declarations for fast_ipsec.c)
	usr.bin/netstat/main.c		(call KAME-vs-fast-ipsec dispatcher)
2004-05-07 00:55:14 +00:00
itojun
0162be23d0 synchronize w/ inpcb/in6pcb change 2003-09-04 09:23:35 +00:00
agc
89aaa1bb64 Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22365, verified by myself.
2003-08-07 11:13:06 +00:00
lukem
ef83aa34d9 clear errno before strto(u)l() if we're going to test it for ERANGE afterwards 2003-04-18 03:21:00 +00:00
matt
65e5548a17 Add MBUFTRACE kernel option.
Do a little mbuf rework while here.  Change all uses of MGET*(*, M_WAIT, *)
to m_get*(M_WAIT, *).  These are not performance critical and making them
call m_get saves considerable space.  Add m_clget analogue of MCLGET and
make corresponding change for M_WAIT uses.
Modify netinet, gem, fxp, tulip, nfs to support MBUFTRACE.
Begin to change netstat to use sysctl.
2003-02-26 06:31:08 +00:00
thorpej
9abf2fa449 Update for callout changes, and show TCP timers in relative, rather
than absolute ticks.
2003-02-04 01:22:08 +00:00
enami
0512a0df7f Add more software intrq. 2002-07-23 23:34:39 +00:00
enami
54a4e901f8 Introduce -q flag to print some information (like number of packets dropped
due to queue full) about software interrupt queues such as ipintrq.
2002-07-03 01:42:59 +00:00
soren
81abc60321 Sync SYNOPSIS and usage() with reality. 2002-07-02 21:34:18 +00:00
itojun
f51456c273 err/errx/warn/warnx do not need \n at the end 2002-06-11 06:06:18 +00:00
itojun
c868e666a2 print rip6stat. sync with kame 2001-10-18 09:26:16 +00:00