diff options
| author | Ilya Mashchenko <ilya@netdata.cloud> | 2021-09-28 15:40:37 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-28 15:40:37 +0300 |
| commit | 59f17d921e71aeb649135b28a45b414e97e65ea8 (patch) | |
| tree | 497263ec8492821c222ea4af72112f3b44c92023 /web | |
| parent | 16cef702482ffa33c2e828a7132c992f2ba52a55 (diff) | |
add proc_net_stat_synproxy charts info (#11581)
Diffstat (limited to 'web')
| -rw-r--r-- | web/gui/dashboard_info.js | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/web/gui/dashboard_info.js b/web/gui/dashboard_info.js index fe5b6ff70e..e0130f8d75 100644 --- a/web/gui/dashboard_info.js +++ b/web/gui/dashboard_info.js @@ -770,7 +770,15 @@ netdataDashboard.submenu = { 'netfilter.synproxy': { title: 'DDoS protection', - info: 'DDoS protection performance metrics. <a href="https://github.com/firehol/firehol/wiki/Working-with-SYNPROXY" target="_blank">SYNPROXY</a> is a TCP SYN packets proxy. It is used to protect any TCP server (like a web server) from SYN floods and similar DDoS attacks. It is a netfilter module, in the Linux kernel (since version 3.12). It is optimized to handle millions of packets per second utilizing all CPUs available without any concurrency locking between the connections. It can be used for any kind of TCP traffic (even encrypted), since it does not interfere with the content itself.' + info: 'DDoS protection performance metrics. <a href="https://github.com/firehol/firehol/wiki/Working-with-SYNPROXY" target="_blank">SYNPROXY</a> '+ + 'is a TCP SYN packets proxy. '+ + 'It is used to protect any TCP server (like a web server) from SYN floods and similar DDoS attacks. '+ + 'SYNPROXY intercepts new TCP connections and handles the initial 3-way handshake using syncookies '+ + 'instead of conntrack to establish the connection. '+ + 'It is optimized to handle millions of packets per second utilizing all CPUs available without '+ + 'any concurrency locking between the connections. '+ + 'It can be used for any kind of TCP traffic (even encrypted), '+ + 'since it does not interfere with the content itself.' }, 'ipfw.dynamic_rules': { @@ -1929,6 +1937,21 @@ netdataDashboard.context = { '<b>EarlyDrop</b> - dropped conntrack entries to make room for new ones, if maximum table size was reached.</p>' }, + 'netfilter.synproxy_syn_received': { + info: 'The number of initial TCP SYN packets received from clients.' + }, + + 'netfilter.synproxy_conn_reopened': { + info: 'The number of reopened connections by new TCP SYN packets directly from the TIME-WAIT state.' + }, + + 'netfilter.synproxy_cookies': { + info: '<p>SYNPROXY cookie statistics.</p>'+ + '<p><b>Valid</b>, <b>Invalid</b> - result of cookie validation in TCP ACK packets received from clients. '+ + '<b>Retransmits</b> - TCP SYN packets retransmitted to the server. '+ + 'It happens when the client repeats TCP ACK and the connection to the server is not yet established.</p>' + }, + // ------------------------------------------------------------------------ // APPS |