From dada@balu.kfunigraz.ac.at Sun Jul 11 06:10:30 1999
Return-Path: <dada@balu.kfunigraz.ac.at>
Received: from kaa.kfunigraz.ac.at (KAA16.kfunigraz.ac.at [143.50.16.17])
	by hub.freebsd.org (Postfix) with ESMTP id 2095814E38
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 11 Jul 1999 06:10:27 -0700 (PDT)
	(envelope-from dada@balu.kfunigraz.ac.at)
Received: from balu.kfunigraz.ac.at (balu [143.50.16.16])
	by kaa.kfunigraz.ac.at (8.9.2/8.9.2) with ESMTP id PAA11021
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 11 Jul 1999 15:09:58 +0200 (MDT)
Received: from localhost.kfunigraz.ac.at (IDENT:K5G43lt5u140qKNiXJ5L6z0Joc8c93xE@BONLINEA22.kfunigraz.ac.at [143.50.36.22])
	by balu.kfunigraz.ac.at (8.9.2/8.9.2) with ESMTP id PAA10350
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 11 Jul 1999 15:10:46 +0200 (MDT)
Received: (from dada@localhost)
	by localhost.kfunigraz.ac.at (8.8.8/x.y.z) id PAA00670;
	Sun, 11 Jul 1999 15:08:12 +0200 (CEST)
	(envelope-from dada)
Message-Id: <199907111308.PAA00670@localhost.kfunigraz.ac.at>
Date: Sun, 11 Jul 1999 15:08:12 +0200 (CEST)
From: dada@sbox.tu-graz.ac.at
Sender: dada@balu.kfunigraz.ac.at
Reply-To: dada@sbox.tu-graz.ac.at
To: FreeBSD-gnats-submit@freebsd.org
Subject: wrong sysctl descriptions
X-Send-Pr-Version: 3.2

>Number:         12594
>Category:       kern
>Synopsis:       wrong sysctl descriptions
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    wollman
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jul 11 06:20:01 PDT 1999
>Closed-Date:    Mon Dec 20 03:52:12 PST 1999
>Last-Modified:  Mon Dec 20 03:52:39 PST 1999
>Originator:     Martin Kammerhofer
>Release:        FreeBSD-current
>Organization:
Graz University of Technology
>Environment:
>Description:

Some of the description strings for network related sysctls
are wrong:

--- src/sys/netinet/tcp_usrreq.c        1999/05/03 23:57:32     1.43
! SYSCTL_INT(_net_inet_tcp, TCPCTL_SENDSPACE, sendspace, CTLFLAG_RW, 
!     &tcp_sendspace , 0, "Maximum outgoing TCP datagram size");
  u_long        tcp_recvspace = 1024*16;
! SYSCTL_INT(_net_inet_tcp, TCPCTL_RECVSPACE, recvspace, CTLFLAG_RW, 
!     &tcp_recvspace , 0, "Maximum incoming TCP datagram size");

These are default WINDOW sizes, not segment sizes. (In other words:
the TCP socket reserves this much space.)
It is definitely NOT the MSS (maximum segment size).

Using the term 'datagram' for a TCP socket might lead to confusion,
because most people associate 'datagram' with 'UDP'.



--- src/sys/netinet/udp_usrreq.c        1999/05/03 23:57:32     1.51
  static int log_in_vain = 0;
  SYSCTL_INT(_net_inet_udp, OID_AUTO, log_in_vain, CTLFLAG_RW, 
!     &log_in_vain, 0, "Log all incoming UDP packets");

Logs only those where nobody is listening at the local port, obviously
does NOT log ALL datagrams.


  SYSCTL_INT(_net_inet_udp, UDPCTL_MAXDGRAM, maxdgram, CTLFLAG_RW,
!     &udp_sendspace, 0, "Maximum outgoing UDP datagram size");
  
  static u_long udp_recvspace = 40 * (1024 + sizeof(struct sockaddr_in));
  SYSCTL_INT(_net_inet_udp, UDPCTL_RECVSPACE, recvspace, CTLFLAG_RW,
!     &udp_recvspace, 0, "Maximum incoming UDP datagram size");

This is NOT the max datagram size, it is the socketspace again here.
(In practice much less UDP data can be queued if the datagram sizes to
not fit mbufs/mclusters well).



--- src/sys/netinet/raw_ip.c    1999/05/03 23:57:30     1.59

! SYSCTL_INT(_net_inet_raw, OID_AUTO, maxdgram, CTLFLAG_RW, 
!     &rip_sendspace, 0, "Maximum outgoing raw IP datagram size");
! SYSCTL_INT(_net_inet_raw, OID_AUTO, recvspace, CTLFLAG_RW, 
!     &rip_recvspace, 0, "Maximum incoming raw IP datagram size");

Same problem here: Description suggests it's a per-packet quantity,
but it's about the socket queues.


--- src/sys/netinet/tcp_input.c 1999/05/03 23:57:30     1.85

  static int log_in_vain = 0;
  SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_in_vain, CTLFLAG_RW, 
!     &log_in_vain, 0, "Log all incoming TCP connections");

Same as with udp: Logs only those where nobody is listening.
Btw log_in_vain has no rate limiting whatsoever. Enabling logging
makes a machine vulnerable to a easy D.O.S. attack - just port
scan it! :-\
(BTW, both log_in_vain varieties will NOT catch stealth scanning,
i.e. scanning with other than SYN packets.)


Please make those sysctl knobs clear and unambigous. Thinking a
few seconds about good descriptions could avoid later questions
and much frustration from confused users.

>How-To-Repeat:
grep -1 SYSCTL /src/sys/netinet/*.c | more

>Fix:
	
Put in correct descriptions.

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: sheldonh 
State-Changed-When: Mon Jul 12 07:17:22 PDT 1999 
State-Changed-Why:  
Thanks for your feedback. Since you've put so much effort into reporting 
the problem, don't you want to go the extra step and submit a patch? You 
seem to have more than enough of a handle on the situation. 


Responsible-Changed-From-To: freebsd-bugs->sheldonh 
Responsible-Changed-By: sheldonh 
Responsible-Changed-When: Mon Jul 12 07:17:22 PDT 1999 
Responsible-Changed-Why:  
I'll take this one. 

From: Martin Kammerhofer <dada@sbox.tu-graz.ac.at>
To: FreeBSD problems <freebsd-gnats-submit@freebsd.org>
Cc: sheldonh@freebsd.org
Subject: Re: kern/12594: wrong sysctl descriptions
Date: Tue, 24 Aug 1999 19:07:38 +0200 (CEST)

 Allright - here is a patch with (hopefully) somewhat clearer desriptions.
 Currently it is only for documentation of the code because those
 descriptions are not stored in any way (other than in the source code
 files) yet.
 (Since sysctl(8) has a documented ``-d'' Option, I assume that sysctl
 descriptions will be available in the future.) 
 
 diff -u netinet/tcp_input.c /usr/src/sys/netinet/tcp_input.c
 --- netinet/tcp_input.c	Thu Aug 19 07:22:12 1999
 +++ /usr/src/sys/netinet/tcp_input.c	Tue Aug 24 18:56:17 1999
 @@ -82,7 +82,7 @@
  
  static int log_in_vain = 0;
  SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_in_vain, CTLFLAG_RW, 
 -    &log_in_vain, 0, "Log all incoming TCP connections");
 +    &log_in_vain, 0, "Log all refused TCP connections");
  
  static int blackhole = 0;
  SYSCTL_INT(_net_inet_tcp, OID_AUTO, blackhole, CTLFLAG_RW,
 
 diff -u netinet/tcp_usrreq.c /usr/src/sys/netinet/tcp_usrreq.c
 --- netinet/tcp_usrreq.c	Fri Jun  4 04:27:06 1999
 +++ /usr/src/sys/netinet/tcp_usrreq.c	Tue Aug 24 18:34:36 1999
 @@ -701,10 +701,10 @@
   */
  u_long	tcp_sendspace = 1024*16;
  SYSCTL_INT(_net_inet_tcp, TCPCTL_SENDSPACE, sendspace, CTLFLAG_RW, 
 -    &tcp_sendspace , 0, "Maximum outgoing TCP datagram size");
 +    &tcp_sendspace , 0, "TCP socket send buffer size");
  u_long	tcp_recvspace = 1024*16;
  SYSCTL_INT(_net_inet_tcp, TCPCTL_RECVSPACE, recvspace, CTLFLAG_RW, 
 -    &tcp_recvspace , 0, "Maximum incoming TCP datagram size");
 +    &tcp_recvspace , 0, "TCP socket receive buffer size");
  
  /*
   * Attach TCP protocol to socket, allocating
 
 diff -u netinet/udp_usrreq.c /usr/src/sys/netinet/udp_usrreq.c
 --- netinet/udp_usrreq.c	Thu Aug 19 07:22:12 1999
 +++ /usr/src/sys/netinet/udp_usrreq.c	Tue Aug 24 18:55:31 1999
 @@ -76,7 +76,7 @@
  
  static int log_in_vain = 0;
  SYSCTL_INT(_net_inet_udp, OID_AUTO, log_in_vain, CTLFLAG_RW, 
 -    &log_in_vain, 0, "Log all incoming UDP packets");
 +    &log_in_vain, 0, "Log all refused UDP connects");
  
  static int blackhole = 0;
  SYSCTL_INT(_net_inet_udp, OID_AUTO, blackhole, CTLFLAG_RW,
 @@ -594,7 +594,7 @@
  
  static u_long	udp_recvspace = 40 * (1024 + sizeof(struct sockaddr_in));
  SYSCTL_INT(_net_inet_udp, UDPCTL_RECVSPACE, recvspace, CTLFLAG_RW,
 -    &udp_recvspace, 0, "Maximum incoming UDP datagram size");
 +    &udp_recvspace, 0, "UDP socket receive buffer size");
  
  static int
  udp_abort(struct socket *so)
 
 

From: Martin Kammerhofer <dada@sbox.tu-graz.ac.at>
To: FreeBSD problems <freebsd-gnats-submit@freebsd.org>
Cc: sheldonh@freebsd.org
Subject: Re: kern/12594: wrong sysctl descriptions
Date: Tue, 24 Aug 1999 19:07:38 +0200 (CEST)

 Allright - here is a patch with (hopefully) somewhat clearer desriptions.
 Currently it is only for documentation of the code because those
 descriptions are not stored in any way (other than in the source code
 files) yet.
 (Since sysctl(8) has a documented ``-d'' Option, I assume that sysctl
 descriptions will be available in the future.) 
 
 diff -u netinet/tcp_input.c /usr/src/sys/netinet/tcp_input.c
 --- netinet/tcp_input.c	Thu Aug 19 07:22:12 1999
 +++ /usr/src/sys/netinet/tcp_input.c	Tue Aug 24 18:56:17 1999
 @@ -82,7 +82,7 @@
  
  static int log_in_vain = 0;
  SYSCTL_INT(_net_inet_tcp, OID_AUTO, log_in_vain, CTLFLAG_RW, 
 -    &log_in_vain, 0, "Log all incoming TCP connections");
 +    &log_in_vain, 0, "Log all refused TCP connections");
  
  static int blackhole = 0;
  SYSCTL_INT(_net_inet_tcp, OID_AUTO, blackhole, CTLFLAG_RW,
 
 diff -u netinet/tcp_usrreq.c /usr/src/sys/netinet/tcp_usrreq.c
 --- netinet/tcp_usrreq.c	Fri Jun  4 04:27:06 1999
 +++ /usr/src/sys/netinet/tcp_usrreq.c	Tue Aug 24 18:34:36 1999
 @@ -701,10 +701,10 @@
   */
  u_long	tcp_sendspace = 1024*16;
  SYSCTL_INT(_net_inet_tcp, TCPCTL_SENDSPACE, sendspace, CTLFLAG_RW, 
 -    &tcp_sendspace , 0, "Maximum outgoing TCP datagram size");
 +    &tcp_sendspace , 0, "TCP socket send buffer size");
  u_long	tcp_recvspace = 1024*16;
  SYSCTL_INT(_net_inet_tcp, TCPCTL_RECVSPACE, recvspace, CTLFLAG_RW, 
 -    &tcp_recvspace , 0, "Maximum incoming TCP datagram size");
 +    &tcp_recvspace , 0, "TCP socket receive buffer size");
  
  /*
   * Attach TCP protocol to socket, allocating
 
 diff -u netinet/udp_usrreq.c /usr/src/sys/netinet/udp_usrreq.c
 --- netinet/udp_usrreq.c	Thu Aug 19 07:22:12 1999
 +++ /usr/src/sys/netinet/udp_usrreq.c	Tue Aug 24 18:55:31 1999
 @@ -76,7 +76,7 @@
  
  static int log_in_vain = 0;
  SYSCTL_INT(_net_inet_udp, OID_AUTO, log_in_vain, CTLFLAG_RW, 
 -    &log_in_vain, 0, "Log all incoming UDP packets");
 +    &log_in_vain, 0, "Log all refused UDP connects");
  
  static int blackhole = 0;
  SYSCTL_INT(_net_inet_udp, OID_AUTO, blackhole, CTLFLAG_RW,
 @@ -594,7 +594,7 @@
  
  static u_long	udp_recvspace = 40 * (1024 + sizeof(struct sockaddr_in));
  SYSCTL_INT(_net_inet_udp, UDPCTL_RECVSPACE, recvspace, CTLFLAG_RW,
 -    &udp_recvspace, 0, "Maximum incoming UDP datagram size");
 +    &udp_recvspace, 0, "UDP socket receive buffer size");
  
  static int
  udp_abort(struct socket *so)
 
 

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: Martin Kammerhofer <dada@sbox.tu-graz.ac.at>
Cc: FreeBSD problems <freebsd-gnats-submit@freebsd.org>,
	Garrett Wollman <wollman@FreeBSD.org>
Subject: Re: kern/12594: wrong sysctl descriptions 
Date: Wed, 25 Aug 1999 09:57:45 +0200

 On Tue, 24 Aug 1999 19:07:38 +0200, Martin Kammerhofer wrote:
 
 > Allright - here is a patch with (hopefully) somewhat clearer
 > desriptions.
 
 Thanks for following up on this. :-)
 
 > -    &log_in_vain, 0, "Log all incoming TCP connections");
 > +    &log_in_vain, 0, "Log all refused TCP connections");
 
 The word "refused" became confusing with the advent of integrated TCP
 Wrappers, even though folks in the know would realize that wrapping
 doesn't happen this deep. I'd prefer the new comment from
 src/etc/defaults/rc.conf:
 
 	"Log TCP connection attempts to ports without listeners"
 
 > -    &log_in_vain, 0, "Log all incoming UDP packets");
 > +    &log_in_vain, 0, "Log all refused UDP connects");
 
 	"Log UDP connection attempts to ports without listeners"
 
 For the rest of your descriptions, let's ask Garrett Wollman for his
 comments, since he's Mr Networking.
 
 Ciao,
 Sheldon.
 
From: Martin Kammerhofer <dada@localhost.tu-graz.ac.at>
Reply-To: Martin Kammerhofer <dada@sbox.tu-graz.ac.at>
To: FreeBSD problems <FreeBSD-GNATS-submit@freebsd.org>
Subject: Re: PR kern/12594 (sysctl descriptions)
Date: Mon, 6 Sep 1999 19:03:30 +0200 (CEST)

 Not exactly _misleading_ descriptions, but _missing_ ones instead.
 Since it's so related I follow up to my original PR.
 
 --- /usr/src/sys/netinet/tcp_timer.c	Wed Sep  1 19:02:52 1999
 +++ ./tcp_timer.c	Mon Sep  6 18:55:53 1999
 @@ -85,15 +85,15 @@
  
  int	tcp_keepinit;
  SYSCTL_PROC(_net_inet_tcp, TCPCTL_KEEPINIT, keepinit, CTLTYPE_INT|CTLFLAG_RW,
 -    &tcp_keepinit, 0, sysctl_msec_to_ticks, "I", "");
 +    &tcp_keepinit, 0, sysctl_msec_to_ticks, "I", "Timeout for connection attempts");
  
  int	tcp_keepidle;
  SYSCTL_PROC(_net_inet_tcp, TCPCTL_KEEPIDLE, keepidle, CTLTYPE_INT|CTLFLAG_RW,
 -    &tcp_keepidle, 0, sysctl_msec_to_ticks, "I", "");
 +    &tcp_keepidle, 0, sysctl_msec_to_ticks, "I", "Idle time before keepalive probes begin");
  
  int	tcp_keepintvl;
  SYSCTL_PROC(_net_inet_tcp, TCPCTL_KEEPINTVL, keepintvl, CTLTYPE_INT|CTLFLAG_RW,
 -    &tcp_keepintvl, 0, sysctl_msec_to_ticks, "I", "");
 +    &tcp_keepintvl, 0, sysctl_msec_to_ticks, "I", "Time between keepalive probes");
  
  int	tcp_delacktime;
  SYSCTL_PROC(_net_inet_tcp, TCPCTL_DELACKTIME, delacktime,
 
Responsible-Changed-From-To: sheldonh->wollman 
Responsible-Changed-By: sheldonh 
Responsible-Changed-When: Fri Oct 1 04:51:41 PDT 1999 
Responsible-Changed-Why:  
Over to Mr Networking. 
State-Changed-From-To: feedback->open 
State-Changed-By: sheldonh 
State-Changed-When: Fri Oct 1 04:52:33 PDT 1999 
State-Changed-Why:  
Duh, I should have changed state at the same time. It's not in feedback 
any more... Martin's provided diffs. :-) 
State-Changed-From-To: open->closed 
State-Changed-By: sheldonh 
State-Changed-When: Mon Dec 20 03:52:12 PST 1999 
State-Changed-Why:  
The person whom we consider responsible for this aspect of FreeBSD 
is unable to use of the GNATS Problem Report system.  Please contact 
him directly at:        Garrett Wollman <wollman@FreeBSD.org> 

Because this person is unable to commit any changes which your report 
may necessitate, he may send a new problem report himself, after 
reviewing yours. 
>Unformatted:
