Take advantage of RSS based flowid if possible, instead of local
calculated hash string. If not, use the popular hash API for it.
Also print the list of flow ids instead of tcp/ip connection tuples
in the tail note.
Details
tested in Emulab test bed
cc@s1:~ % sudo sysctl net.inet.siftr
net.inet.siftr.port_filter: 5001
net.inet.siftr.ppl: 1
net.inet.siftr.logfile: /var/log/siftr.log
net.inet.siftr.enabled: 0
cc@s1:~ % sudo sysctl net.inet.siftr.enabled=1
net.inet.siftr.enabled: 0 -> 1
cc@s1:~ % iperf -c r1 -me -n 1k
Client connecting to r1, TCP port 5001 with pid 3038 (1 flows)
Write buffer size: 131072 Byte
MSS size 536 bytes
TOS set to 0x0 (Nagle on)
TCP window size: 32.0 KByte (default)
[  1] local 10.1.1.2%bce1 port 49751 connected with 10.1.1.3 port 5001 (sock=3) on 2023-05-12 06:03:58.011 (MDT)
[ ID] Interval        Transfer    Bandwidth       Write/Err
[  1] 0.00-0.01 sec  1000 Bytes   729 Kbits/sec  1/0
cc@s1:~ % sudo sysctl net.inet.siftr.enabled=0
net.inet.siftr.enabled: 1 -> 0
cc@s1:~ % sudo sysctl net.inet.siftr.enabled=1
net.inet.siftr.enabled: 0 -> 1
cc@s1:~ %
cc@s1:~ % iperf -Vc fd00::3 -n 1k
Client connecting to fd00::3, TCP port 5001
TCP window size: 32.0 KByte (default)
[  1] local fd00::2 port 32274 connected with fd00::3 port 5001
[ ID] Interval       Transfer     Bandwidth
[  1] 0.00-0.01 sec  1000 Bytes   743 Kbits/sec
cc@s1:~ % sudo sysctl net.inet.siftr.enabled=0
net.inet.siftr.enabled: 1 -> 0
cc@s1:~ % cat /var/log/siftr.log
enable_time_secs=1683893030	enable_time_usecs=658975	siftrver=1.3.0	sysname=FreeBSD	sysver=1400088	ipmode=6
o,1683893038.011990,10.1.1.2,49751,10.1.1.3,5001,1073725440,1073725440,2,0,0,0,0,2,536,0,1,672,1000000,32768,0,65536,0,0,0,3885349007,63
i,1683893038.012176,10.1.1.2,49751,10.1.1.3,5001,1073725440,1073725440,2,0,0,0,0,2,536,0,1,672,1000000,32768,0,65536,0,1,0,3885349007,63
o,1683893038.012185,10.1.1.2,49751,10.1.1.3,5001,1073725440,14480,2,65160,65700,7,9,4,1460,2000,1,16778209,230000,33580,0,65700,0,0,0,2761274398,130
o,1683893038.012595,10.1.1.2,49751,10.1.1.3,5001,1073725440,14480,2,65160,65700,7,9,4,1460,2000,1,16778208,230000,33580,60,65700,0,0,0,2761274398,130
o,1683893038.012625,10.1.1.2,49751,10.1.1.3,5001,1073725440,14480,2,65160,65700,7,9,6,1460,2000,1,16778208,230000,33580,1000,65700,0,60,0,2761274398,130
i,1683893038.012743,10.1.1.2,49751,10.1.1.3,5001,1073725440,14480,2,65160,65700,7,9,6,1460,2000,1,16778224,230000,33580,1000,65700,0,1001,0,2761274398,130
i,1683893038.012810,10.1.1.2,49751,10.1.1.3,5001,1073725440,14540,2,65152,66048,7,9,6,1460,1750,1,1008,230000,33580,940,65700,0,941,0,2761274398,130
i,1683893038.012955,10.1.1.2,49751,10.1.1.3,5001,1073725440,15481,2,64256,66048,7,9,9,1460,1531,1,1008,230000,33580,0,65700,0,0,0,2761274398,130
i,1683893038.023565,10.1.1.2,49751,10.1.1.3,5001,1073725440,15481,1026,64256,66048,7,9,9,1460,1531,1,1008,230000,33580,0,65700,0,0,0,2761274398,130
o,1683893038.023570,10.1.1.2,49751,10.1.1.3,5001,1073725440,15481,1026,64256,66020,7,9,10,1460,1531,1,1009,230000,33580,0,65700,0,0,0,2761274398,130
disable_time_secs=1683893041	disable_time_usecs=157123	num_inbound_tcp_pkts=5	num_outbound_tcp_pkts=5	total_tcp_pkts=10	num_inbound_skipped_pkts_malloc=0	num_outbound_skipped_pkts_malloc=0	num_inbound_skipped_pkts_tcpcb=0	num_outbound_skipped_pkts_tcpcb=0	num_inbound_skipped_pkts_inpcb=0	num_outbound_skipped_pkts_inpcb=0	total_skipped_tcp_pkts=0	flowid_list=2761274398,3885349007,
enable_time_secs=1683893084	enable_time_usecs=915323	siftrver=1.3.0	sysname=FreeBSD	sysver=1400088	ipmode=6
o,1683893089.524521,fd00:0:0:0:0:0:0:2,32274,fd00:0:0:0:0:0:0:3,5001,1073725440,1073725440,2,0,0,0,0,2,1220,0,1,672,1000000,32768,0,65536,0,0,0,1150638799,191
i,1683893089.524725,fd00:0:0:0:0:0:0:2,32274,fd00:0:0:0:0:0:0:3,5001,1073725440,1073725440,2,0,0,0,0,2,1220,0,1,672,1000000,32768,0,65536,0,1,0,1150638799,191
o,1683893089.524737,fd00:0:0:0:0:0:0:2,32274,fd00:0:0:0:0:0:0:3,5001,1073725440,14280,2,64260,66240,7,9,4,1440,1000,1,993,230000,33120,0,66240,0,0,0,2332058011,132
o,1683893089.525150,fd00:0:0:0:0:0:0:2,32274,fd00:0:0:0:0:0:0:3,5001,1073725440,14280,2,64260,66240,7,9,4,1440,1000,1,992,230000,33120,60,66240,0,0,0,2332058011,132
o,1683893089.525182,fd00:0:0:0:0:0:0:2,32274,fd00:0:0:0:0:0:0:3,5001,1073725440,14280,2,64260,66240,7,9,6,1440,1000,1,992,230000,33120,1000,66240,0,60,0,2332058011,132
i,1683893089.525320,fd00:0:0:0:0:0:0:2,32274,fd00:0:0:0:0:0:0:3,5001,1073725440,14280,2,64260,66240,7,9,6,1440,1000,1,1008,230000,33120,1000,66240,0,1001,0,2332058011,132
i,1683893089.525387,fd00:0:0:0:0:0:0:2,32274,fd00:0:0:0:0:0:0:3,5001,1073725440,14340,2,64256,66560,7,9,6,1440,875,1,1008,230000,33120,940,66240,0,941,0,2332058011,132
i,1683893089.535909,fd00:0:0:0:0:0:0:2,32274,fd00:0:0:0:0:0:0:3,5001,1073725440,15281,2,64128,66560,7,9,9,1440,781,1,1008,230000,33120,0,66240,0,0,0,2332058011,132
i,1683893089.535913,fd00:0:0:0:0:0:0:2,32274,fd00:0:0:0:0:0:0:3,5001,1073725440,15281,1026,64128,66560,7,9,9,1440,781,1,1008,230000,33120,0,66240,28,0,0,2332058011,132
o,1683893089.535917,fd00:0:0:0:0:0:0:2,32274,fd00:0:0:0:0:0:0:3,5001,1073725440,15281,1026,64128,66532,7,9,10,1440,781,1,1009,230000,33120,0,66240,0,0,0,2332058011,132
disable_time_secs=1683893092	disable_time_usecs=234118	num_inbound_tcp_pkts=5	num_outbound_tcp_pkts=5	total_tcp_pkts=10	num_inbound_skipped_pkts_malloc=0	num_outbound_skipped_pkts_malloc=0	num_inbound_skipped_pkts_tcpcb=0	num_outbound_skipped_pkts_tcpcb=0	num_inbound_skipped_pkts_inpcb=0	num_outbound_skipped_pkts_inpcb=0	total_skipped_tcp_pkts=0	flowid_list=1150638799,2332058011,
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
- Lint Passed 
- Unit
- No Test Coverage 
- Build Status
- Buildable 51465 - Build 48356: arc lint + arc unit 
Event Timeline
Changing the algorithm is one thing I agree with. But why change the output in the summary from IP addresses / port numbers to flow IDs? For me the IP addresses and port numbers are easier to read and more helpful.
| sys/netinet/siftr.c | ||
|---|---|---|
| 691 | I would ise inp->inp_flowid == 0 here, since inp->inp_flowid is not used as a booloean. | |
Save the space as much as possible. Such IP/port tuples can be found by a flowid, and can be done easily in a script. Read just the IP address/port tuples in this summary won't bring much benefits, I think. Or what is the benefit?
Alternatively, I am also open to remove this flow list summary completely, as the records already have such info.
| sys/netinet/siftr.c | ||
|---|---|---|
| 691 | I agree. Seen such style many times. I will change this style of usage. | |
If keep the flowlist of the footnote summary, I have to rework the code to keep ip/port tuples when use flowid as the key.