[Networking Lab : faculty] : California Institute of Technology

S mall things we don't care about!

Sanjay Hegde

Printk messeages how it wotks?

Printk without any loglevel will be assigned to loglevel 4 which is defined in kernel/printk.c

#define DEFAULT_MESSAGE_LOGLEVEL 4 /* KERN_WARNING */

Kernel will show all the messages which is greater than the DEFAULT_CONSOLE_LOGLEVEL. Currently it has been set to 7 by the kernel/printk.c

#define DEFAULT_CONSOLE_LOGLEVEL 7 /* anything MORE serious than KERN_DEBUG */

/etc/syslog.conf - seggregate different types of messages. You can mention the filename etc. You can set different rules for logging.
For example,

*.info;mail.none;authpriv.none;cron.none /var/log/messages

That means all the messages info and above will be pushed to /var/log/messages file and messages which use mail/cron/authpriv facility will not be logged to /var/log/messages.

If we want our FAST printk messages to put into some file say, /var/log/fast_messages then Kern.warn;kern.!err /var/log/fast_messages (All messages with kernel.warn loglevel upto(not including) kernel.err
loglevel will be put into /var/log/fast_messages).

Sources: man syslog.conf

What is inside /proc/tcp_mem - WEB100 Auto tuning problem

The tcp_mem variable defines how the TCP stack should behave when it comes to memory usage. It consists of three values, just as the tcp_wmem and tcp_rmem variables. The values are measured in memory pages (in short, pages). The size of each memory page differs depending on hardware and configuration options in the kernel, but on standard i386 computers, this is 4 kilobyte or 4096 bytes. On some newer hardware, this is set to 16, 32 or even 64 kilobytes. All of these values have no real default value since it is calculated at boottime by the kernel, and should in most cases be good for you and most usages you may encounter.

The first value specified in the tcp_mem variable tells the kernel the low threshold. Below this point, the TCP stack do not bother at all about putting any pressure on the memory usage by different TCP sockets.

The second value tells the kernel at which point to start pressuring memory usage down. This so called memory pressure mode is continued until the memory usage enters the lower threshold again, and at which point it enters the default behaviour of the low threshold again. The memory pressure mode presses down the TCP receive and send buffers for all the sockets as much as possible, until the low mark is reached again.

The final value tells the kernel how many memory pages it may use maximally. If this value is reached, TCP streams and packets start getting dropped until we reach a lower memory usage again. This value includes all TCP sockets currently in use.

Problem with the Memory page settings. : Web100 autotuning sometime doesn't work with 4K pages.. you have increase it to 16K.

a) echo "4096 33554432 33554432" > /proc/sys/net/ipv4/tcp_mem -- Stop
b) echo "16384 33554432 33554432" > /proc/sys/net/ipv4/tcp_mem

Source:http: ipsysctl.html

ipfrag_secret_interval: (secrest value can cost more than we expected)!

In fragment reassembly module, an array of lists of partially received packets is kept indexed by a hash of their parameters (IP id, source address, destination address, protocol, and a randomly chosen secret number).

When a fragment is received, this allows it to find the rest of the previously received fragments by hashing these parameters and seeking through the corresponding list found in the array at that index.

An attacker could guess the secret value used in the hash, and spoof a large number of fragments that matched a specific hash (by making all the packets use IDs that fell into the same hash with the other parameters).

The ipfrag_secret_rebuild() function first finds a new secret number to work into the hash. It then traverses all the previously encountered partial packets, re-calculates the new hashes, and places them back in the array where they now belong (very time consuming task).

The ipfrag_secret_rebuild() is called periodically, every ipfrag_secret_interval

By default it is set to 600(in jiffies). This ip reassembling can cause data loss due to reassembly timeout and must be disabled by setting it to a big value(60000)

Source : Galli.ppt