From 773673c133e361022bbc6c87f7fdfb3c18d5022f Mon Sep 17 00:00:00 2001 From: Andre Oppermann Date: Sat, 28 Jul 2007 12:20:39 +0000 Subject: [PATCH] Provide a sysctl to toggle reporting of TCP debug logging: sys.net.inet.tcp.log_debug = 1 It defaults to enabled for the moment and is to be turned off for the next release like other diagnostics from development branches. It is important to note that sysctl sys.net.inet.tcp.log_in_vain uses the same logging function as log_debug. Enabling of the former also causes the latter to engage, but not vice versa. Use consistent terminology in tcp log messages: "ignored" means a segment contains invalid flags/information and is dropped without changing state or issuing a reply. "rejected" means a segments contains invalid flags/information but is causing a reply (usually RST) and may cause a state change. Approved by: re (rwatson) --- sys/netinet/tcp_input.c | 26 ++++++++++++++++++-------- sys/netinet/tcp_subr.c | 8 ++++++++ sys/netinet/tcp_var.h | 1 + 3 files changed, 27 insertions(+), 8 deletions(-) diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 81918e0235be..42d8147b3d34 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -57,6 +57,8 @@ #include #include +#define TCPSTATES /* for logging */ + #include #include #include @@ -98,7 +100,7 @@ struct tcpstat tcpstat; SYSCTL_STRUCT(_net_inet_tcp, TCPCTL_STATS, stats, CTLFLAG_RW, &tcpstat , tcpstat, "TCP statistics (struct tcpstat, netinet/tcp_var.h)"); -static int tcp_log_in_vain = 0; +int tcp_log_in_vain = 0; SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_in_vain, CTLFLAG_RW, &tcp_log_in_vain, 0, "Log all incoming TCP segments to closed ports"); @@ -662,7 +664,7 @@ tcp_input(struct mbuf *m, int off0) if ((thflags & TH_SYN) == 0) { if ((s = tcp_log_addrs(&inc, th, NULL, NULL))) log(LOG_DEBUG, "%s; %s: Listen socket: " - "SYN is missing, segment rejected\n", + "SYN is missing, segment ignored\n", s, __func__); tcpstat.tcps_badsyn++; goto dropunlock; @@ -694,7 +696,7 @@ tcp_input(struct mbuf *m, int off0) if ((thflags & TH_FIN) && drop_synfin) { if ((s = tcp_log_addrs(&inc, th, NULL, NULL))) log(LOG_DEBUG, "%s; %s: Listen socket: " - "SYN|FIN segment rejected (based on " + "SYN|FIN segment ignored (based on " "sysctl setting)\n", s, __func__); tcpstat.tcps_badsyn++; goto dropunlock; @@ -771,7 +773,7 @@ tcp_input(struct mbuf *m, int off0) if ((s = tcp_log_addrs(&inc, th, NULL, NULL))) log(LOG_DEBUG, "%s; %s: Listen socket: " "Connection attempt from broad- or multicast " - "link layer address rejected\n", s, __func__); + "link layer address ignored\n", s, __func__); goto dropunlock; } if (isipv6) { @@ -781,7 +783,7 @@ tcp_input(struct mbuf *m, int off0) if ((s = tcp_log_addrs(&inc, th, NULL, NULL))) log(LOG_DEBUG, "%s; %s: Listen socket: " "Connection attempt to/from self " - "rejected\n", s, __func__); + "ignored\n", s, __func__); goto dropunlock; } if (IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst) || @@ -789,7 +791,7 @@ tcp_input(struct mbuf *m, int off0) if ((s = tcp_log_addrs(&inc, th, NULL, NULL))) log(LOG_DEBUG, "%s; %s: Listen socket: " "Connection attempt from/to multicast " - "address rejected\n", s, __func__); + "address ignored\n", s, __func__); goto dropunlock; } #endif @@ -799,7 +801,7 @@ tcp_input(struct mbuf *m, int off0) if ((s = tcp_log_addrs(&inc, th, NULL, NULL))) log(LOG_DEBUG, "%s; %s: Listen socket: " "Connection attempt from/to self " - "rejected\n", s, __func__); + "ignored\n", s, __func__); goto dropunlock; } if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) || @@ -809,7 +811,7 @@ tcp_input(struct mbuf *m, int off0) if ((s = tcp_log_addrs(&inc, th, NULL, NULL))) log(LOG_DEBUG, "%s; %s: Listen socket: " "Connection attempt from/to broad- " - "or multicast address rejected\n", + "or multicast address ignored\n", s, __func__); goto dropunlock; } @@ -1566,8 +1568,16 @@ tcp_do_segment(struct mbuf *m, struct tcphdr *th, struct socket *so, */ if ((so->so_state & SS_NOFDREF) && tp->t_state > TCPS_CLOSE_WAIT && tlen) { + char *s; + KASSERT(headlocked, ("%s: trimthenstep6: tcp_close.3: head " "not locked", __func__)); + if ((s = tcp_log_addrs(&tp->t_inpcb->inp_inc, th, NULL, NULL))) { + log(LOG_DEBUG, "%s; %s: %s: Received data after socket " + "was closed, sending RST and removing tcpcb\n", + s, __func__, tcpstates[tp->t_state]); + free(s, M_TCPLOG); + } tp = tcp_close(tp); tcpstat.tcps_rcvafterclose++; rstreason = BANDLIM_UNLIMITED; diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 16d4d92d5074..963563d36b3e 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -133,6 +133,10 @@ int tcp_do_rfc1323 = 1; SYSCTL_INT(_net_inet_tcp, TCPCTL_DO_RFC1323, rfc1323, CTLFLAG_RW, &tcp_do_rfc1323, 0, "Enable rfc1323 (high performance TCP) extensions"); +static int tcp_log_debug = 1; +SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_debug, CTLFLAG_RW, + &tcp_log_debug, 0, "Log errors caused by incoming TCP segments"); + static int tcp_tcbhashsize = 0; SYSCTL_INT(_net_inet_tcp, OID_AUTO, tcbhashsize, CTLFLAG_RDTUN, &tcp_tcbhashsize, 0, "Size of TCP control-block hashtable"); @@ -2094,6 +2098,10 @@ tcp_log_addrs(struct in_conninfo *inc, struct tcphdr *th, void *ip4hdr, 2 * INET_ADDRSTRLEN; #endif /* INET6 */ + /* Is logging enabled? */ + if (tcp_log_debug == 0 && tcp_log_in_vain == 0) + return (NULL); + s = malloc(size, M_TCPLOG, M_ZERO|M_NOWAIT); if (s == NULL) return (NULL); diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h index 68c432257bb8..5a471af9c91c 100644 --- a/sys/netinet/tcp_var.h +++ b/sys/netinet/tcp_var.h @@ -494,6 +494,7 @@ MALLOC_DECLARE(M_TCPLOG); extern struct inpcbhead tcb; /* head of queue of active tcpcb's */ extern struct inpcbinfo tcbinfo; extern struct tcpstat tcpstat; /* tcp statistics */ +extern int tcp_log_in_vain; extern int tcp_mssdflt; /* XXX */ extern int tcp_minmss; extern int tcp_delack_enabled;