Page MenuHomeFreeBSD

sockstat(1): skip inpcbs that doesn't have socket
AbandonedPublic

Authored by glebius on Jul 6 2022, 9:20 AM.
Tags
None
Referenced Files
F107290290: D35723.diff
Sun, Jan 12, 1:45 AM
Unknown Object (File)
Dec 12 2024, 7:26 PM
Unknown Object (File)
Sep 30 2024, 12:24 AM
Unknown Object (File)
Sep 23 2024, 7:04 AM
Unknown Object (File)
Sep 18 2024, 5:10 PM
Unknown Object (File)
Sep 9 2024, 4:11 AM
Unknown Object (File)
Sep 8 2024, 1:35 AM
Unknown Object (File)
Sep 4 2024, 9:37 AM
Subscribers

Details

Reviewers
tuexen
Group Reviewers
network
Summary

Per name and documentation the utility isn't supposed to print all pcbs,
rather it should print all sockets and map them to pcbs. A valid pcb
without a socket is possible only for TCP. With current implementation
all these connections fell into the same hash slot and were printed at
the end of the output with first columns as "?".

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 46279
Build 43168: arc lint + arc unit

Event Timeline

I (mis)use sockstat to look at TCP endpoints not having a socket. Especially, to figure out what the inp_gencnt is by using the -i option.
If that is not possible anymore, we need to teach another tool (probably netstat) to provide this functionality.

I (mis)use sockstat to look at TCP endpoints not having a socket. Especially, to figure out what the inp_gencnt is by using the -i option.
If that is not possible anymore, we need to teach another tool (probably netstat) to provide this functionality.

Let me guess, you are seeking them to later feed to tcpsso :) But such pcbs will not be able to do setsockopt() as they don't have a socket.

I (mis)use sockstat to look at TCP endpoints not having a socket. Especially, to figure out what the inp_gencnt is by using the -i option.
If that is not possible anymore, we need to teach another tool (probably netstat) to provide this functionality.

Let me guess, you are seeking them to later feed to tcpsso :) But such pcbs will not be able to do setsockopt() as they don't have a socket.

You guess correctly... Which TCP endpoints don't have a socket anymore? Only the ones in TIME_WAIT?

You guess correctly... Which TCP endpoints don't have a socket anymore? Only the ones in TIME_WAIT?

AFAIU, yes.

You guess correctly... Which TCP endpoints don't have a socket anymore? Only the ones in TIME_WAIT?

AFAIU, yes.

And this will still be true after your cleanup of TIME_WAIT state?

And this will still be true after your cleanup of TIME_WAIT state?

This is the current plan. We will keep the inpcb, but free the socket (since it is a separate chunk of memory anyway, no benefit in delaying its free) and free file descriptor (to save fd space of a process).

And this will still be true after your cleanup of TIME_WAIT state?

This is the current plan. We will keep the inpcb, but free the socket (since it is a separate chunk of memory anyway, no benefit in delaying its free) and free file descriptor (to save fd space of a process).

If you will have the full tcb, we would need to tweak tcpsso to allow to switch the TCP stack for those endpoints...

But that is future stuff.

So with the proposed change I can still use tcpsso as before, that is not an issue.

Then I would propose to add a note to the man-page that it is no longer possible to use sockstat anymore to audit the state of the TCP stack.

You will need to use sockstat for all TCP endpoints in states other than TIME_WAIT and then run netstat and filter the ones in the TIME_WAIT state. I bit less convenient, but possible. Just make it clear that some functionality has been removed.

I think to satisfy your use case we just need netstat(1) to print inp_gencnt and that's it.

The sockstat(1) utility was initially designed to work with file descriptors, not pcbs. And documentation 100% reflects that. The original version built a list of descriptors and then looped over them, mapping descriptor to a pcb if there was any. The later implementation in C has changed to loop over pcbs and map them to file descriptors if any. At this point it started to print non-socket pcbs (see ca007d917231), as well as kernel side socket pcbs (e.g. NFS). I see it as a long live bug, at least for non-sockets. For kernel side sockets that's a separate question.

What about netstat(1) printing inp_gencnt when run with -A? This format is already for developers, not for a production use, we can extend it. I can do that, if you agree.

I think to satisfy your use case we just need netstat(1) to print inp_gencnt and that's it.

I think I was not clear enough, sorry for that:

  1. I can get inp_gencnt for all relevant TCP endpoints. So that is fine.
  1. I was referring to a different usecase: I want to audit what is going on in relation to TCP. I can just use sockstat to figure out which application uses which TCP connection. And I can also see which TCP connections are in TIME_WAIT. This is important, since it gives me a hint what was going on and what can result in problems when trying to establish new connections.

With this change, I can't do the audit anymore with sockstat. I need to use sockstat to figure out what is going on with TCP connections not being in the TIME_WAIT state. Then I need to run netstat and concentrate on the TCP connections in TIME_WAIT.

I'm just asking for documenting that sockstat can't be used anymore as a single tool for inspecting all TCP connections. People might expecting the behaviour you call a bug... The reduction of functionality should be document, I think. To be honest, I might be the only person using sockstat for inspecting the TCP stack. Not sure what others do...

The sockstat(1) utility was initially designed to work with file descriptors, not pcbs. And documentation 100% reflects that. The original version built a list of descriptors and then looped over them, mapping descriptor to a pcb if there was any. The later implementation in C has changed to loop over pcbs and map them to file descriptors if any. At this point it started to print non-socket pcbs (see ca007d917231), as well as kernel side socket pcbs (e.g. NFS). I see it as a long live bug, at least for non-sockets. For kernel side sockets that's a separate question.

For me it was a feature... Just document that it goes away...

Understood. I will work on keeping TIME-WAITs in sockstat(1).

What about netstat(1) printing inp_gencnt when run with -A? This format is already for developers, not for a production use, we can extend it. I can do that, if you agree.

Is this needed? Right now, this change does not affect using it to print the inp_gencnt, or am I missing something?

I'm only concerned about other users expecting to see TCP connections in TIME_WAIT and not seeing them anymore. Just document that this functionality has been removed.

Understood. I will work on keeping TIME-WAITs in sockstat(1).

Thanks. If this results in major problems for your TIME_WAIT redesign, bring it up again. Then we can reconsider it, of course.