Bug 963 - Realtime and historic "Tcp SYN drop" statistics for individual virtual service

Review Request #452 — Created Sept. 12, 2024 and updated

Information
kevin.poh
APV10
rel_apv_10_7
963
Reviewers
timlai, weikai 
6 new parameters need to be added to the "Virtual Services" to meet reporting requirements. 

These parameters are derived from the command /ca/bin/anetstat -p tcp. 

After reviewing the original structure of the Virtual Services, defined in struct slb_vs (located in slb.h).


File edited:

1. usr\src\sys\click\app\slb\slb.h

(Add the 6 new parameters to the related struct)

2. usr\src\sys\click\netinet\click_input.c

(Add the count for the related parameters)

3. usr\src\sys\click\netinet6\click6_input.c

(Add the count for the related parameters)

4. usr\src\sys\click\app\slb\slb_vs_policy.c

(Display the 6 parameters based on the CLI command : show slb virtual all)
Using the python script below to test the corresponding parameters.

However only 3 out of 6 are able to verify.

    uint64_t tcps_syndrop_oursinuse;

    uint64_t tcps_syndrop_maxconnection;  // verified

    uint64_t tcps_syndrop_getmss;

    uint64_t tcps_syndrop_badmss;         // verified

    uint64_t tcps_syndrop_eroute;

    uint64_t tcps_synroutebsd;            // verified


Import Scapy's all functions


from scapy.all import *


Define the target IP and port


target_ip = "192.168.10.92"  # Replace with the target IP address

target_port = 80          # Replace with the target port

target_mac  = "fc:e1:fb:80:00:1e" # mac address of the target APV




Function to send SYN packets


def send_syn(packet):

    send(packet)


Test 1: Drop SYNs by "ours in use"


def test_ours_in_use():

    print("Testing: Drop SYNs by ours in use")

    for i in range(1000):  # Send multiple SYN packets

        syn_packet = Ether(dst=target_mac) / IP(dst=target_ip) / TCP(dport=target_port, flags="S")

        send_syn(syn_packet)


Test 2: Drop SYNs by "over max connection"


def test_over_max_connection():

    print("Testing: Drop SYNs by over max connection")

    for i in range(5):  # Send more packets to exceed max connections

        syn_packet = Ether(dst=target_mac) / IP(dst=target_ip) / TCP(dport=target_port, flags="S")

        send_syn(syn_packet)


Test 3: Drop SYNs by "get MSS error"


def test_get_mss_error():

    print("Testing: Drop SYNs by get MSS error adfdadf")

    invalid_mss = 10000 # Example of an invalid MSS value

    syn_packet = IP(dst=target_ip) / TCP(dport=target_port, flags="S", options=[('MSS', invalid_mss)])

    send_syn(syn_packet)


Test 4: Drop SYNs by "bad MSS size"


def test_bad_mss_size():

    print("Testing: Drop SYNs by bad MSS size")

    bad_mss_size = 0  # Example of a bad MSS size

    syn_packet = IP(dst=target_ip) / TCP(dport=target_port, flags="S", options=[('MSS', bad_mss_size)])

    send_syn(syn_packet)


Test 5: Drop SYNs by "eroute error"


def test_eroute_error():

    print("Testing: Drop SYNs by eroute error")

    bogus_ip = "155.10.0.255"  # Example of a bogus IP unlikely to be routed

    syn_packet = IP(src=bogus_ip, dst=target_ip) / TCP(dport=target_port, flags="S")

    send_syn(syn_packet)


Test 6: Route SYNs to system stack


def test_route_to_system_stack():

    print("Testing: Route SYNs to system stack")

    syn_packet = IP(dst=target_ip) / TCP(dport=target_port, flags="S")

    send_syn(syn_packet)


Uncomment the test you want to run


test_ours_in_use()


test_over_max_connection()


test_get_mss_error()


test_bad_mss_size()


test_eroute_error()


test_route_to_system_stack()
Loading...