Re: cwnd and sstresh monitor

Alin-Adrian Anton wrote:

I used it now, and with a small patch it shows exactly what I need (seq, ack, timestamp, cwnd and ssthresh). I just added my knob to trpt.c .

I also modified the iptime() function to provide microsecond resolution instead of miliseconds, because most of the packets have the same timestamp attached. Still, a decent number of packets have the same timestamp. I'm looking at them only on one side of the connection (the transmitter), I wonder if there is any better solution then timestamping them on both sides - and mixing the values.

Thanks guys for the precious information, it helped a lot!


Actually the method above had issues, packets not being logged in the debug buffer (which is limited and gets discarded quickly).

Using trpt -f did solve this problem, at the cost of duplicate entries.

So what finally did the job was a small "patch" of tcp_debug.c to print on console and print only what is needed (FreeBSD 6.0 won't allow "options TCPCONSDEBUG"), and /var/log/messages was parsed to extract the values.

Cheers,
--
Alin-Adrian Anton
GPG keyID 0x183087BA (B129 E8F4 7B34 15A9 0785  2F7C 5823 ABA0 1830 87BA)
gpg --keyserver pgp.mit.edu --recv-keys 0x183087BA

"It is dangerous to be right when the government is wrong." - Voltaire
_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • [REVS] TCP Timestamp and Advanced Fingerprinting
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... current and average uptime of specific operating systems running on the ... By grabbing the value of timestamp of such operating system ... TCP timestamps values are inserted in many TCP packets (such as SYN, ...
    (Securiteam)
  • RE: [PATCH] Add ioctl to disable bpf timestamping
    ... packets and has the snap length set to get the whole packet. ... With no timestamp I can get 200 kpps. ... I think an ioctl is the right way to do it, ... realtime inspection like Snort may not care about timestamps while ...
    (freebsd-net)
  • Re: time stamping 802.11n miniport tx packets
    ... NdisGetCurrentSystemTimefunction should be used to timestamp packets. ... However the documentation also indicates that NdisGetCurrentSystemTimeis ... Can a miniport driver make this call and still pass WHQL? ...
    (microsoft.public.development.device.drivers)
  • TCP timestamp & advanced fingerprinting
    ... attached is a paper from one of our students about using the TCP ... analysis of various operating systems should reveal how analyzing timestamps ... the timestamp value of one point each 500 milliseconds. ... value in their SYN packets, but Windows-based operating systems does not. ...
    (Bugtraq)
  • Re: cwnd and sstresh monitor
    ... (kernel patch, kernel module, etc?), and how would this be done best? ... but there is a TCPDEBUG kernel option that gathers TCP state information for debugging and tracing purposes. ... I also modified the iptimefunction to provide microsecond resolution instead of miliseconds, because most of the packets have the same timestamp attached. ...
    (freebsd-hackers)