Add support to print the TCP fast open client-side cache via the sysctl interface. This is similar to the TCP host cache.
Details
Details
- Reviewers
pkelsey kbowling - Group Reviewers
transport - Commits
- rS336168: Add support for printing the TCP FO client-side cookie cache via the
Diff Detail
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Skipped - Unit
Tests Skipped - Build Status
Buildable 15354
Event Timeline
| sys/netinet/tcp_fastopen.c | ||
|---|---|---|
| 144 | It is not a connection cache, it is the client-side cache of TFO cookies. I think this should read "Print the client cookie cache." Also, please maintain the alphabetical sort of sysctls in this documentation block. | |
| 356 | "List of all client cookie cache entries" | |
| 1155 | I think we should also only allow root to list the contents. I think allowing any user to list the client cookie cache lowers the bar on initiating TFO attacks that require obtaining valid TFO cookies for known {client, server} tuples. | |
| 1166 | Is there any reason not to keep it simple, skip the estimated entry count and just use an auto-extending sbuf here? | |
| 1178 | Wouldn't it be simpler to just use inet_ntop(cce->af, cce->client_ip, clt_buf), and the same approach for the server address? | |
| 1194 | I think it would be useful also to show the current value of the disable time in seconds when the state is disabled. | |
| sys/netinet/tcp_fastopen.c | ||
|---|---|---|
| 144 | I updated to comment and moved it to the correct place. | |
| 356 | Fixed. | |
| 1155 | OK, I added that restriction. | |
| 1166 | The problem is that WITNESS then complains about using the uma allocator while holding a non-sleepable lock (the CCB_LOCK). So I kept it this way. | |
| 1178 | Done. | |
| 1194 | I added that. Changed the column title from "Status" to "Disabled". | |