TCP information

Les Biffle les at ns3.safety.net
Thu Sep 18 09:17:40 PDT 2003


> In the last episode (Sep 18), Terry Lambert said:

**snip**

> tcpcb is currently 236 bytes though, and I don't imagine adding another
> 8 bytes for an unsigned long "dropped packets" counter is going to kill
> him.
> 
> Deepak: if you really want stats, try adding a struct tcpstat to tcpcb
> and hack all the netinet/tcp* code to update those whenever the global
> tcpstat gets updated.

We spent a lot of effort doing this for our 3.5-based NAT/firewall
products, putting the SEQ/ACK numbers and related re-transission counts
in the struct we used for transient connection objects, and logged them
when the connection closed.  With 10K simultaneous connections active,
it added less than 640K of malloc'd memory, so it's not a big hit.

We didn't find the statistics we gathered to be meaningful, BTW.  Transient
errors (congestion and routing loops) were infrequent, and most of what
looked like errors turned out to be generated by the stack at the other
end (gratuitous back-to-back ACKs and packet retransmission before any
possible timeout could occur).

For us, a waste of time.  If you have more interesting results, please
let me know.  I figured it would be a great tool.

-Les

-- 
Les Biffle
CISSP               Information Systems Security Consultant
(480) 585-4099   les at safety.net  http://www.les.biffle.org/
Network Safety,  PO Box 14461,   Scottsdale, AZ 85267


More information about the freebsd-hackers mailing list