diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2021-08-29 13:54:50 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2021-09-08 07:32:46 +0000 |
| commit | 253d1f4e316127def53919bbd65696123253483d (patch) | |
| tree | 8ca2fed44fe7b8fa611ec2aa8b9f8d6fed8ad20d /sys/netpfil/pf/pf.h | |
| parent | 498854e31daa87f3cf38aff855105a8e7c1e98fe (diff) | |
pf: Add counters for syncookies
Count when we send a syncookie, receive a valid syncookie or detect a
synflood.
Reviewed by: kbowling
MFC after: 1 week
Sponsored by: Modirum MDPay
Differential Revision: https://reviews.freebsd.org/D31713
(cherry picked from commit 4cab80a8dfecdf16333a1113513e046b9f4dd7f6)
Diffstat (limited to 'sys/netpfil/pf/pf.h')
| -rw-r--r-- | sys/netpfil/pf/pf.h | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/sys/netpfil/pf/pf.h b/sys/netpfil/pf/pf.h index 319cd8164d8d..cc6edc774da0 100644 --- a/sys/netpfil/pf/pf.h +++ b/sys/netpfil/pf/pf.h @@ -161,6 +161,11 @@ enum { PF_ADDR_ADDRMASK, PF_ADDR_NOROUTE, PF_ADDR_DYNIFTL, #define LCNT_OVERLOAD_TABLE 5 /* entry added to overload table */ #define LCNT_OVERLOAD_FLUSH 6 /* state entries flushed */ #define LCNT_MAX 7 /* total+1 */ +/* Only available via the nvlist-based API */ +#define KLCNT_SYNFLOODS 7 /* synfloods detected */ +#define KLCNT_SYNCOOKIES_SENT 8 /* syncookies sent */ +#define KLCNT_SYNCOOKIES_VALID 9 /* syncookies validated */ +#define KLCNT_MAX 10 /* total+1 */ #define LCNT_NAMES { \ "max states per rule", \ @@ -172,6 +177,19 @@ enum { PF_ADDR_ADDRMASK, PF_ADDR_NOROUTE, PF_ADDR_DYNIFTL, "overload flush states", \ NULL \ } +#define KLCNT_NAMES { \ + "max states per rule", \ + "max-src-states", \ + "max-src-nodes", \ + "max-src-conn", \ + "max-src-conn-rate", \ + "overload table insertion", \ + "overload flush states", \ + "synfloods detected", \ + "syncookies sent", \ + "syncookies validated", \ + NULL \ +} /* state operation counters */ #define FCNT_STATE_SEARCH 0 |