lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20130128144006.GQ4608@sociomantic.com>
Date:	Mon, 28 Jan 2013 15:40:06 +0100
From:	Leandro Lucarella <leandro.lucarella@...iomantic.com>
To:	Vijay Subramanian <subramanian.vijay@...il.com>
Cc:	Nivedita Singhvi <niveditasinghvi@...il.com>,
	Rick Jones <rick.jones2@...com>,
	Eric Dumazet <eric.dumazet@...il.com>, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: Doubts about listen backlog and tcp_max_syn_backlog

On Sun, Jan 27, 2013 at 09:21:32PM -0800, Vijay Subramanian wrote:
> > +    { "ListenDrops", N_("%u SYNs to LISTEN sockets dropped"), opt_number },
> >
> > (see the file debian/patches/CVS-20081003-statistics.c_sync.patch
> >  in the net-tools src)
> >
> > i.e., the netstat pkg is printing the value of the TCPEXT MIB counter
> > that's counting TCPExtListenDrops.
> >
> > Theoretically, that number should be the same as that printed by nstat,
> > as they are getting it from the same kernel stats counter. I have not
> > looked at nstat code (I actually almost always dump the counters from
> > /proc/net/{netstat + snmp} via a simple prettyprint script (will send
> > you that offline).
> 
> nstat pretty much does what you describe which is to parse the
> /proc/net files(s) and print the contents. This is one advantage of
> nstat over netstat. When you add a new MIB, you do not need to update
> nstat.

Well, something seems to be broken in the nstat I have because using the
script to parse the start instead I get the the same values as with
netstat.

[2 minutes later, and after observing the values of nstat changed in the
same server]

OK, it looks like nstat is showing some transcient values, using nstat
-a I get the "absolute values of counters" (as stated in the man page).
By default it seems to print the values for the last 60 seconds, so
mistery solved.

-- 
Leandro Lucarella
sociomantic labs GmbH
http://www.sociomantic.com
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ