From bw@yui.desync.com  Wed Jun 13 03:01:58 2007
Return-Path: <bw@yui.desync.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 93A0616A400
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 13 Jun 2007 03:01:58 +0000 (UTC)
	(envelope-from bw@yui.desync.com)
Received: from yui.desync.com (yui.desync.com [64.157.15.117])
	by mx1.freebsd.org (Postfix) with ESMTP id 4836213C468
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 13 Jun 2007 03:01:58 +0000 (UTC)
	(envelope-from bw@yui.desync.com)
Received: from yui (localhost [127.0.0.1])
	by yui (8.14.1/8.14.1) with ESMTP id l5BF0erV032121
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 11 Jun 2007 15:00:40 GMT
	(envelope-from bw@yui)
Received: (from bw@localhost)
	by yui (8.14.1/8.14.1/Submit) id l5BF0Z8p032120;
	Mon, 11 Jun 2007 15:00:35 GMT
	(envelope-from bw)
Message-Id: <200706111500.l5BF0Z8p032120@yui>
Date: Mon, 11 Jun 2007 15:00:35 GMT
From: Ben Wilber <ben@desync.com>
Reply-To: Ben Wilber <ben@desync.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: -CURRENT logs too much TCP information
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         113639
>Category:       kern
>Synopsis:       [netinet] [patch] -CURRENT logs too much TCP information
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 13 03:10:03 GMT 2007
>Closed-Date:    Fri Nov 16 08:04:31 UTC 2007
>Last-Modified:  Fri Nov 16 08:04:31 UTC 2007
>Originator:     Ben Wilber
>Release:        FreeBSD 7.0-CURRENT amd64
>Organization:
>Environment:
System: FreeBSD yui 7.0-CURRENT FreeBSD 7.0-CURRENT #3: Fri Jun 8 01:01:22 UTC 2007 bw@yui:/usr/obj/usr/src/sys/IKARI amd64


>Description:
	The recent logging changes in the TCP stack send too much information to syslog by default.  On high-traffic machines or in denial of service situations, this logging saturates the disks and CPU.
>How-To-Repeat:
	Install recent -CURRENT, tail syslog.
>Fix:
	My crunch time solution was to add a net.inet.tcp.verbose sysctl.

--- sys/netinet/tcp_subr.c.old	Sun May 27 17:02:54 2007
+++ sys/netinet/tcp_subr.c	Mon Jun 11 14:57:44 2007
@@ -2064,6 +2064,11 @@
     CTLTYPE_STRUCT|CTLFLAG_WR|CTLFLAG_SKIP, NULL,
     0, sysctl_drop, "", "Drop TCP connection");
 
+static int tcp_verbose = 0;
+SYSCTL_INT(_net_inet_tcp, OID_AUTO, verbose, CTLFLAG_RW,
+	&tcp_verbose, 0,
+	"Send additional TCP information to syslog");
+
 /*
  * Generate a standardized TCP log line for use throughout the
  * tcp subsystem.  Memory allocation is done with M_NOWAIT to
@@ -2088,6 +2093,9 @@
 	ip6 = (struct ip6_hdr *)ip6hdr;
 #endif /* INET6 */
 	ip = (struct ip *)ip4hdr;
+
+	if (!tcp_verbose)
+		return (NULL);
 
 	/*
 	 * The log line looks like this:

>Release-Note:
>Audit-Trail:

From: Andrey Chernov <ache@nagual.pp.ru>
To: Ben Wilber <ben@desync.com>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: kern/113639: -CURRENT logs too much TCP information
Date: Wed, 13 Jun 2007 07:39:16 +0400

 On Mon, Jun 11, 2007 at 03:00:35PM +0000, Ben Wilber wrote:
 > >Description:
 > 	The recent logging changes in the TCP stack send too much information to syslog by default.  On high-traffic machines or in denial of service situations, this logging saturates the disks and CPU.
 > >How-To-Repeat:
 > 	Install recent -CURRENT, tail syslog.
 > >Fix:
 > 	My crunch time solution was to add a net.inet.tcp.verbose sysctl.
 
 I agree - verbosity is too high for real httpd server.
 But solution can be another, f.e. log every 100-th event.
 
 -- 
 http://ache.pp.ru/
State-Changed-From-To: open->closed 
State-Changed-By: kmacy 
State-Changed-When: Fri Nov 16 08:04:05 UTC 2007 
State-Changed-Why:  

Verbose TCP logging is now disabled by default. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=113639 
>Unformatted:
