aboutsummaryrefslogtreecommitdiff
path: root/usr.bin/netstat
Commit message (Collapse)AuthorAgeFilesLines
* netstat: reduce use of historical Internet classesMike Karels2021-11-091-17/+6
| | | | | | | | | | | | When attempting to characterize bound addresses, netstat was checking for host 0 on a (historical) net using inet_lnaof(). Such addresses are not normally bound, as they would not work, with the exception of the unspecified address, INADDR_ANY. Check for that explicitly. Similarly, don't check bound addresses for a match to a network name. MFC after: 1 month Reviewed by: tuexen Differential Revision: https://reviews.freebsd.org/D32714
* netstat: split ipsec and ipsec6 statistics in libxoMateusz Guzik2021-10-051-6/+7
| | | | | | | | In particular fixes --libxo json PR: 254673 Reported by: j.vandeville@gmail.com Sponsored by: Rubicon Communications, LLC ("Netgate")
* tcp: Make dsack stats available in netstat and also make sure its aware of ↵Randall Stewart2021-10-011-0/+6
| | | | | | | | | | | | | | | | | TLP's. DSACK accounting has been for quite some time under a NETFLIX_STATS ifdef. Statistics on DSACKs however are very useful in figuring out how much bad retransmissions you are doing. This is further complicated, however, by stacks that do TLP. A TLP when discovering a lost ack in the reverse path will cause the generation of a DSACK. For this situation we introduce a new dsack-tlp-bytes as well as the more traditional dsack-bytes and dsack-packets. These will now all display in netstat -p tcp -s. This also updates all stacks that are currently built to keep track of these stats. Reviewed by: tuexen Sponsored by: Netflix Inc. Differential Revision: https://reviews.freebsd.org/D32158
* netstat: Fix typoStefan Eßer2021-07-021-1/+1
| | | | | | | | Correct spelling of "received packers" to "received packets". PR: 256926 Reported by: ghuckriede@blackberry.com MFC after: 3 days
* ip_mroute: refactor bw_meter APIWojciech Macek2021-05-211-3/+12
| | | | | | | | | | | | | | | | | | | | | | API should work as following: - periodicaly report Lower-or-EQual bandwidth (LEQ) connections over kernel socket, if user application registered for such per-flow notifications - report Grater-or-EQual (GEQ) bandwidth as soon as it reaches specified value in configured time window Custom implementation of callouts was removed. There is no point of doing calout-wheel here as generic callouts are doing exactly the same. The performance is not critical for such reporting, so the biggest concern should be to have a code which can be easily maintained. This is ia preparation for locking rework which is highly inefficient. Approved by: mw Sponsored by: Stormshield Obtained from: Semihalf Differential Revision: https://reviews.freebsd.org/D30210
* netstat: fix typo from 0471a8c73402Richard Scheffenegger2021-05-101-1/+1
|
* tcp: SACK Lost Retransmission Detection (LRD)Richard Scheffenegger2021-05-101-0/+2
| | | | | | | | | | Recover from excessive losses without reverting to a retransmission timeout (RTO). Disabled by default, enable with sysctl net.inet.tcp.do_lrd=1 Reviewed By: #transport, rrs, tuexen, #manpages Sponsored by: Netapp, Inc. Differential Revision: https://reviews.freebsd.org/D28931
* usr.bin/netstat: use roundup2 when rounding up to power of 2.Xin LI2021-05-022-3/+3
| | | | MFC after: 2 weeks
* tcp: add support for TCP over UDPMichael Tuexen2021-04-181-0/+4
| | | | | | | | | | | | Adding support for TCP over UDP allows communication with TCP stacks which can be implemented in userspace without requiring special priviledges or specific support by the OS. This is joint work with rrs. Reviewed by: rrs Sponsored by: Netflix, Inc. MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D29469
* Fix `netstat -rs` reporting.Alexander V. Chernikov2021-03-312-13/+1
| | | | | | | | | rttrash (unused but not yet delete entries) were eliminated during routing rework. Remove reading these symbols from the kernel. PR: 254681 Reported by: rashey@superbox.pl MFC after: immediately
* icmp6: Count packets dropped due to an invalid hop limitMark Johnston2020-10-191-0/+2
| | | | | | | | | | | | | | | Pad the icmp6stat structure so that we can add more counters in the future without breaking compatibility again, last done in r358620. Annotate the rarely executed error paths with __predict_false while here. Reviewed by: bz, melifaro Sponsored by: NetApp, Inc. Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D26578 Notes: svn path=/head/; revision=366842
* Extend netstat to display TCP stack and detailed congestion stateRichard Scheffenegger2020-10-094-10/+67
| | | | | | | | | | | | | | | | | Adding the "-c" option used to show detailed per-connection congestion control state for TCP sessions. This is one summary patch, which adds the relevant variables into xtcpcb. As previous "spare" space is used, these changes are ABI compatible. Reviewed by: tuexen MFC after: 2 weeks Sponsored by: NetApp, Inc. Differential Revision: https://reviews.freebsd.org/D26518 Notes: svn path=/head/; revision=366566
* Introduce scalable route multipath.Alexander V. Chernikov2020-10-036-20/+413
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change is based on the nexthop objects landed in D24232. The change introduces the concept of nexthop groups. Each group contains the collection of nexthops with their relative weights and a dataplane-optimized structure to enable efficient nexthop selection. Simular to the nexthops, nexthop groups are immutable. Dataplane part gets compiled during group creation and is basically an array of nexthop pointers, compiled w.r.t their weights. With this change, `rt_nhop` field of `struct rtentry` contains either nexthop or nexthop group. They are distinguished by the presense of NHF_MULTIPATH flag. All dataplane lookup functions returns pointer to the nexthop object, leaving nexhop groups details inside routing subsystem. User-visible changes: The change is intended to be backward-compatible: all non-mpath operations should work as before with ROUTE_MPATH and net.route.multipath=1. All routes now comes with weight, default weight is 1, maximum is 2^24-1. Current maximum multipath group width is statically set to 64. This will become sysctl-tunable in the followup changes. Using functionality: * Recompile kernel with ROUTE_MPATH * set net.route.multipath to 1 route add -6 2001:db8::/32 2001:db8::2 -weight 10 route add -6 2001:db8::/32 2001:db8::3 -weight 20 netstat -6On Nexthop groups data Internet6: GrpIdx NhIdx Weight Slots Gateway Netif Refcnt 1 ------- ------- ------- --------------------------------------- --------- 1 13 10 1 2001:db8::2 vlan2 14 20 2 2001:db8::3 vlan2 Next steps: * Land outbound hashing for locally-originated routes ( D26523 ). * Fix net/bird multipath (net/frr seems to work fine) * Add ROUTE_MPATH to GENERIC * Set net.route.multipath=1 by default Tested by: olivier Reviewed by: glebius Relnotes: yes Differential Revision: https://reviews.freebsd.org/D26449 Notes: svn path=/head/; revision=366390
* Add a -C option to netstat to display the congestion control forMichael Tuexen2020-09-134-7/+23
| | | | | | | | | | | | TCP connections. Reviewed by: rscheff MFC after: 1 week Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D26414 Notes: svn path=/head/; revision=365688
* netstat(1): Add EXAMPLES sectionFernando Apesteguía2020-07-211-2/+23
| | | | | | | | | | | | * Add small EXAMPLES section * Fix warning reported by mandoc (./netstat.1:747:2: WARNING: skipping paragraph macro: Pp before Ss) Approved by: manpages (gbe) Differential Revision: https://reviews.freebsd.org/D25212 Notes: svn path=/head/; revision=363396
* Refer to AES-CBC as "aes-cbc" rather than "rijndael-cbc" for IPsec.John Baldwin2020-06-041-1/+1
| | | | | | | | | | | | | | At this point, AES is the more common name for Rijndael128. setkey(8) will still accept the old name, and old constants remain for compatiblity. Reviewed by: cem, bcr (manpages) MFC after: 2 weeks Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D24964 Notes: svn path=/head/; revision=361810
* Remove support for IPsec algorithms deprecated in r348205 and r360202.John Baldwin2020-05-021-9/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Examples of depecrated algorithms in manual pages and sample configs are updated where relevant. I removed the one example of combining ESP and AH (vs using a cipher and auth in ESP) as RFC 8221 says this combination is NOT RECOMMENDED. Specifically, this removes support for the following ciphers: - des-cbc - 3des-cbc - blowfish-cbc - cast128-cbc - des-deriv - des-32iv - camellia-cbc This also removes support for the following authentication algorithms: - hmac-md5 - keyed-md5 - keyed-sha1 - hmac-ripemd160 Reviewed by: cem, gnn (older verisons) Relnotes: yes Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D24342 Notes: svn path=/head/; revision=360557
* Fix string format error missed in r359823.Alexander V. Chernikov2020-04-121-1/+1
| | | | Notes: svn path=/head/; revision=359824
* Introduce nexthop objects and new routing KPI.Alexander V. Chernikov2020-04-127-79/+700
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is the foundational change for the routing subsytem rearchitecture. More details and goals are available in https://reviews.freebsd.org/D24141 . This patch introduces concept of nexthop objects and new nexthop-based routing KPI. Nexthops are objects, containing all necessary information for performing the packet output decision. Output interface, mtu, flags, gw address goes there. For most of the cases, these objects will serve the same role as the struct rtentry is currently serving. Typically there will be low tens of such objects for the router even with multiple BGP full-views, as these objects will be shared between routing entries. This allows to store more information in the nexthop. New KPI: struct nhop_object *fib4_lookup(uint32_t fibnum, struct in_addr dst, uint32_t scopeid, uint32_t flags, uint32_t flowid); struct nhop_object *fib6_lookup(uint32_t fibnum, const struct in6_addr *dst6, uint32_t scopeid, uint32_t flags, uint32_t flowid); These 2 function are intended to replace all all flavours of <in_|in6_>rtalloc[1]<_ign><_fib>, mpath functions and the previous fib[46]-generation functions. Upon successful lookup, they return nexthop object which is guaranteed to exist within current NET_EPOCH. If longer lifetime is desired, one can specify NHR_REF as a flag and get a referenced version of the nexthop. Reference semantic closely resembles rtentry one, allowing sed-style conversion. Additionally, another 2 functions are introduced to support uRPF functionality inside variety of our firewalls. Their primary goal is to hide the multipath implementation details inside the routing subsystem, greatly simplifying firewalls implementation: int fib4_lookup_urpf(uint32_t fibnum, struct in_addr dst, uint32_t scopeid, uint32_t flags, const struct ifnet *src_if); int fib6_lookup_urpf(uint32_t fibnum, const struct in6_addr *dst6, uint32_t scopeid, uint32_t flags, const struct ifnet *src_if); All functions have a separate scopeid argument, paving way to eliminating IPv6 scope embedding and allowing to support IPv4 link-locals in the future. Structure changes: * rtentry gets new 'rt_nhop' pointer, slightly growing the overall size. * rib_head gets new 'rnh_preadd' callback pointer, slightly growing overall sz. Old KPI: During the transition state old and new KPI will coexists. As there are another 4-5 decent-sized conversion patches, it will probably take a couple of weeks. To support both KPIs, fields not required by the new KPI (most of rtentry) has to be kept, resulting in the temporary size increase. Once conversion is finished, rtentry will notably shrink. More details: * architectural overview: https://reviews.freebsd.org/D24141 * list of the next changes: https://reviews.freebsd.org/D24232 Reviewed by: ae,glebius(initial version) Differential Revision: https://reviews.freebsd.org/D24232 Notes: svn path=/head/; revision=359823
* Fix an issue of net.inet.igmp.stats handler.Hiroki Sato2020-03-071-0/+16
| | | | | | | | | | | The header of (struct igmpstat) could be cleared by sysctl(3). This can be reproduced by "netstat -s -z -p igmp". PR: 244584 MFC after: 1 week Notes: svn path=/head/; revision=358730
* Add new ICMPv6 counters for Anti-DoS limits.Bjoern A. Zeeb2020-03-041-0/+8
| | | | | | | | | | | | | | | | | Add four new counters for ND6 related Anti-DoS measures. We split these out into a separate upfront commit so that we only change the struct size one time. Implementations using them will follow. PR: 157410 Reviewed by: melifaro MFC after: 2 weeks X-MFC: cannot really MFC this without breaking netstat Sponsored by: Netflix (initially) Differential Revision: https://reviews.freebsd.org/D22711 Notes: svn path=/head/; revision=358620
* Convert routing statistics to VNET_PCPUSTAT.Gleb Smirnoff2019-12-171-6/+6
| | | | | | | | | Submitted by: ocochard Reviewed by: melifaro, glebius Differential Revision: https://reviews.freebsd.org/D22834 Notes: svn path=/head/; revision=355840
* Update Makefile.depend filesSimon J. Gerraty2019-12-111-2/+0
| | | | | | | | | | | | | Update a bunch of Makefile.depend files as a result of adding Makefile.depend.options files Reviewed by: bdrewery MFC after: 1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D22494 Notes: svn path=/head/; revision=355617
* Add Makefile.depend.optionsSimon J. Gerraty2019-12-111-0/+8
| | | | | | | | | | | | | | | | | | | | Leaf directories that have dependencies impacted by options need a Makefile.depend.options file to avoid churn in Makefile.depend DIRDEPS for cases such as OPENSSL, TCP_WRAPPERS etc can be set in local.dirdeps-options.mk which can add to those set in Makefile.depend.options See share/mk/dirdeps-options.mk Reviewed by: bdrewery MFC after: 1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D22469 Notes: svn path=/head/; revision=355616
* Fix: netstat -rsBaptiste Daroussin2019-12-091-0/+3
| | | | | | | | | | | | Routing statistics requires somes symbols that are only loaded when not running live. Load them only in that specific case PR: 242423 Submitted by: olivier MFC after: 3 days Notes: svn path=/head/; revision=355554
* netstat: igmp stats, error on unexpected information, not only warnBjoern A. Zeeb2019-11-121-0/+2
| | | | | | | | | | | | | | | | The igmp stats tend to print two lines of warning for an unexpected version and length. Despite an invalid version and struct size it continues to try to do something with the data. Do not try to parse the remainder of the struct and error on warning. Note the underlying issue of the data not being available properly is still there and needs to be fixed seperately. Reported by: test cases, lwhsu MFC after: 3 weeks Notes: svn path=/head/; revision=354639
* Fix netstat -gs with ip_mroute module and/or vnetMike Karels2019-11-121-6/+4
| | | | | | | | | | | | | | | | | | | | The code for "netstat -gs -f inet" failed if the kernel namelist did not include the _mrtstat symbol. However, that symbol is not in a standard kernel even with the ip_mroute module loaded, where the functionality is available. It is also not in a kernel with MROUTING but also VIMAGE, as there can be multiple sets of stats. However, when running the command on a live system, the symbol is not used; a sysctl is used. Go ahead and try the sysctl in any case, and complain that IPv4 MROUTING is not present only if the sysctl fails with ENOENT. Also fail if _mrtstat is not defined when running on a core file; netstat doesn't know about vnets, so can only work if MROUTING was included, and VIMAGE was not. Reviewed by: bz MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D22311 Notes: svn path=/head/; revision=354633
* Restore description of packets dropped due to full reassembly queue.John Baldwin2019-10-031-2/+2
| | | | | | | | | | | r265408 renamed tcps_rcvmemdrop to tcps_rcvreassfull and gave it a more specific description. r279122 (libxo-ification) reverted that change. This commit brings it back, but with a small tweak to the description. MFC after: 2 weeks Notes: svn path=/head/; revision=353059
* Tidy up the list of auth and encryption algorithms for IPsec stats.John Baldwin2019-08-071-24/+5
| | | | | | | | | | | | | | | - Use keyed-md5 and keyed_sha1 instead of md5 and sha1 to match the names accepted by setkey and to also avoid confusion since these are not "plain" MD5 or SHA1. - Remove always-true #ifdef's to make the source a bit easier to read. - Add missing mappings for tcp-md5, camellia-cbc, and aes-gmac. MFC after: 2 weeks Sponsored by: Chelsio Communications Notes: svn path=/head/; revision=350666
* IPv6 cleanup: netstatBjoern A. Zeeb2019-08-011-4/+4
| | | | | | | | | | | | | Rename the variable for the in6_addr from in6p to ia6 to follow the convention generally used in FreeBSD. No functional changes. MFC after: 3 months Sponsored by: Netflix Notes: svn path=/head/; revision=350522
* Add stat counter for ipv6 atomic fragmentsTom Jones2019-04-191-0/+2
| | | | | | | | | | | | | | | | Add a stat counter to track ipv6 atomic fragments. Atomic fragments can be generated in response to invalid path MTU values, but are also a potential attack vector and considered harmful (see RFC6946 and RFC8021). While here add tracking of the atomic fragment counter to netstat and systat. Reviewed by: tuexen, jtl, bz Approved by: jtl (mentor), bz (mentor) Event: Aberdeen hackathon 2019 Differential Revision: https://reviews.freebsd.org/D17511 Notes: svn path=/head/; revision=346398
* Improve ARP logging.Bjoern A. Zeeb2019-03-091-0/+1
| | | | | | | | | | | | | | | | | | r344504 added an extra ARP_LOG() call in case of an if_output() failure. It turns out IPv4 can be noisy. In order to not spam the console by default: (a) add a counter for these events so people can keep better track of how often it happens, and (b) add a sysctl to select the default ARP_LOG log level and set it to INFO avoiding the one (the new) DEBUG level by default. Claim a spare (1st one after 10 years since the stats were added) in order to not break netstat from FreeBSD 12->13 updates in the future. Reviewed by: karels Differential Revision: https://reviews.freebsd.org/D19490 Notes: svn path=/head/; revision=344954
* Fix compilation of world with WITHOUT_{INET,INET6}_SUPPORT or both set.Bjoern A. Zeeb2019-03-031-5/+24
| | | | | | | | | | | | | | Buildworld failed when both WITHOUT_INET6_SUPPORT and INET equivalent were set. Fix netstat and syslogd by applying appropriate #ifdef INET/INET6 to make world compile again. Reviewed by: ngie, hrs, ume Welcomed by: Michael Dexter (D17040) MFC after: 3 days Differential Revision: https://reviews.freebsd.org/D19418 Notes: svn path=/head/; revision=344740
* Use uintptr_t alone when assigning to kvaddr_t variables.Brooks Davis2018-07-102-3/+3
| | | | | | | Suggested by: jhb Notes: svn path=/head/; revision=336170
* Work around lame warnings in ancient gcc on 32-bit platforms.Brooks Davis2018-07-052-3/+3
| | | | | | | Fixes r335979. Notes: svn path=/head/; revision=336002
* Make struct xinpcb and friends word-size independent.Brooks Davis2018-07-052-3/+3
| | | | | | | | | | | | | | | | | | | | | Replace size_t members with ksize_t (uint64_t) and pointer members (never used as pointers in userspace, but instead as unique idenitifiers) with kvaddr_t (uint64_t). This makes the structs identical between 32-bit and 64-bit ABIs. On 64-bit bit systems, the ABI is maintained. On 32-bit systems, this is an ABI breaking change. The ABI of most of these structs was previously broken in r315662. This also imposes a small API change on userspace consumers who must handle kernel pointers becoming virtual addresses. PR: 228301 (exp-run by antoine) Reviewed by: jtl, kib, rwatson (various versions) Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D15386 Notes: svn path=/head/; revision=335979
* Add a SPD cache to speed up lookups.Fabien Thomas2018-05-221-4/+7
| | | | | | | | | | | | | | | | | | | | | | | | When large SPDs are used, we face two problems: - too many CPU cycles are spent during the linear searches in the SPD for each packet - too much contention on multi socket systems, since we use a single shared lock. Main changes: - added the sysctl tree 'net.key.spdcache' to control the SPD cache (disabled by default). - cache the sp indexes that are used to perform SP lookups. - use a range of dedicated mutexes to protect the cache lines. Submitted by: Emeric Poupon <emeric.poupon@stormshield.eu> Reviewed by: ae Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D15050 Notes: svn path=/head/; revision=334054
* Bump netstat.1's .Dd after r331347.Jonathan T. Looney2018-03-221-1/+1
| | | | Notes: svn path=/head/; revision=331348
* Add the "TCP Blackbox Recorder" which we discussed at the developerJonathan T. Looney2018-03-224-5/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | summits at BSDCan and BSDCam in 2017. The TCP Blackbox Recorder allows you to capture events on a TCP connection in a ring buffer. It stores metadata with the event. It optionally stores the TCP header associated with an event (if the event is associated with a packet) and also optionally stores information on the sockets. It supports setting a log ID on a TCP connection and using this to correlate multiple connections that share a common log ID. You can log connections in different modes. If you are doing a coordinated test with a particular connection, you may tell the system to put it in mode 4 (continuous dump). Or, if you just want to monitor for errors, you can put it in mode 1 (ring buffer) and dump all the ring buffers associated with the connection ID when we receive an error signal for that connection ID. You can set a default mode that will be applied to a particular ratio of incoming connections. You can also manually set a mode using a socket option. This commit includes only basic probes. rrs@ has added quite an abundance of probes in his TCP development work. He plans to commit those soon. There are user-space programs which we plan to commit as ports. These read the data from the log device and output pcapng files, and then let you analyze the data (and metadata) in the pcapng files. Reviewed by: gnn (previous version) Obtained from: Netflix, Inc. Relnotes: yes Differential Revision: https://reviews.freebsd.org/D11085 Notes: svn path=/head/; revision=331347
* various: general adoption of SPDX licensing ID tags.Pedro F. Giffuni2017-11-272-0/+4
| | | | | | | | | | | | | | | | | Mainly focus on files that use BSD 2-Clause license, however the tool I was using misidentified many licenses so this was mostly a manual - error prone - task. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. No functional change intended. Notes: svn path=/head/; revision=326276
* General further adoption of SPDX licensing ID tags.Pedro F. Giffuni2017-11-209-0/+18
| | | | | | | | | | | | | | | | | Mainly focus on files that use BSD 3-Clause license. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. Special thanks to Wind River for providing access to "The Duke of Highlander" tool: an older (2014) run over FreeBSD tree was useful as a starting point. Notes: svn path=/head/; revision=326025
* spdx: initial adoption of licensing ID tags.Pedro F. Giffuni2017-11-183-0/+6
| | | | | | | | | | | | | | | | | | | | The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. Special thanks to Wind River for providing access to "The Duke of Highlander" tool: an older (2014) run over FreeBSD tree was useful as a starting point. Initially, only tag files that use BSD 4-Clause "Original" license. RelNotes: yes Differential Revision: https://reviews.freebsd.org/D13133 Notes: svn path=/head/; revision=325966
* DIRDEPS_BUILD: Update dependencies.Bryan Drewery2017-10-311-1/+0
| | | | | | | Sponsored by: Dell EMC Isilon Notes: svn path=/head/; revision=325188
* Hide struct socket and struct unpcb from the userland.Gleb Smirnoff2017-10-023-15/+13
| | | | | | | | | | | | | | | | | | | Violators may define _WANT_SOCKET and _WANT_UNPCB respectively and are not guaranteed for stability of the structures. The violators list is the the usual one: libprocstat(3) and netstat(1) internally and lsof in ports. In struct xunpcb remove the inclusion of kernel structure and add a bunch of spare fields. The xsocket already has socket not included, but add there spares as well. Embed xsockbuf into xsocket. Sort declarations in sys/socketvar.h to separate kernel only from userland available ones. PR: 221820 (exp-run) Notes: svn path=/head/; revision=324227
* The combination of IPv6 and SCTP is also supported.Michael Tuexen2017-09-091-2/+2
| | | | | | | MFC after: 1 week Notes: svn path=/head/; revision=323352
* Don't call kresolv_list() if using netstat on live kernelBaptiste Daroussin2017-08-301-3/+2
| | | | | | | | | | | | | | kresolve_list() is calling many kldsym(2). Removing that call on when collecting stats for the running kernel improves the startup time and CPU usage. Submitted by: Nikita Kozlov (nikita.kozlov@blade-group.com) Reviewed by: cem MFC after: 2 weeks Sponsored by: blade Differential Revision: https://reviews.freebsd.org/D12151 Notes: svn path=/head/; revision=323016
* Use counter(9) for PLPMTUD counters.Sean Bruno2017-08-251-1/+13
| | | | | | | | | | | | | | Remove unused PLPMTUD sysctl counters. Bump UPDATING and FreeBSD Version to indicate a rebuild is required. Submitted by: kevin.bowling@kev009.com Reviewed by: jtl Sponsored by: Limelight Networks Differential Revision: https://reviews.freebsd.org/D12003 Notes: svn path=/head/; revision=322900
* After inpcb route caching was put back in place there is no need forBjoern A. Zeeb2017-07-274-91/+1
| | | | | | | | | | | flowtable anymore (as flowtable was never considered to be useful in the forwarding path). Reviewed by: np Differential Revision: https://reviews.freebsd.org/D11448 Notes: svn path=/head/; revision=321618
* Listening sockets improvements.Gleb Smirnoff2017-06-081-6/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | o Separate fields of struct socket that belong to listening from fields that belong to normal dataflow, and unionize them. This shrinks the structure a bit. - Take out selinfo's from the socket buffers into the socket. The first reason is to support braindamaged scenario when a socket is added to kevent(2) and then listen(2) is cast on it. The second reason is that there is future plan to make socket buffers pluggable, so that for a dataflow socket a socket buffer can be changed, and in this case we also want to keep same selinfos through the lifetime of a socket. - Remove struct struct so_accf. Since now listening stuff no longer affects struct socket size, just move its fields into listening part of the union. - Provide sol_upcall field and enforce that so_upcall_set() may be called only on a dataflow socket, which has buffers, and for listening sockets provide solisten_upcall_set(). o Remove ACCEPT_LOCK() global. - Add a mutex to socket, to be used instead of socket buffer lock to lock fields of struct socket that don't belong to a socket buffer. - Allow to acquire two socket locks, but the first one must belong to a listening socket. - Make soref()/sorele() to use atomic(9). This allows in some situations to do soref() without owning socket lock. There is place for improvement here, it is possible to make sorele() also to lock optionally. - Most protocols aren't touched by this change, except UNIX local sockets. See below for more information. o Reduce copy-and-paste in kernel modules that accept connections from listening sockets: provide function solisten_dequeue(), and use it in the following modules: ctl(4), iscsi(4), ng_btsocket(4), ng_ksocket(4), infiniband, rpc. o UNIX local sockets. - Removal of ACCEPT_LOCK() global uncovered several races in the UNIX local sockets. Most races exist around spawning a new socket, when we are connecting to a local listening socket. To cover them, we need to hold locks on both PCBs when spawning a third one. This means holding them across sonewconn(). This creates a LOR between pcb locks and unp_list_lock. - To fix the new LOR, abandon the global unp_list_lock in favor of global unp_link_lock. Indeed, separating these two locks didn't provide us any extra parralelism in the UNIX sockets. - Now call into uipc_attach() may happen with unp_link_lock hold if, we are accepting, or without unp_link_lock in case if we are just creating a socket. - Another problem in UNIX sockets is that uipc_close() basicly did nothing for a listening socket. The vnode remained opened for connections. This is fixed by removing vnode in uipc_close(). Maybe the right way would be to do it for all sockets (not only listening), simply move the vnode teardown from uipc_detach() to uipc_close()? Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D9770 Notes: svn path=/head/; revision=319722
* Add descriptions for AES-GCM IPSec authentication (AH) counters.John Baldwin2017-05-271-0/+9
| | | | | | | | MFC after: 1 week Sponsored by: Chelsio Communications Notes: svn path=/head/; revision=318996