diff options
| author | Eric Dumazet <eric.dumazet@gmail.com> | 2011-08-30 03:21:44 +0000 |
|---|---|---|
| committer | Andreas Blaesius <skate4life@gmx.de> | 2017-06-07 16:50:08 +0200 |
| commit | 8394256bda828376f50e2c333eb38c743e9a4f69 (patch) | |
| tree | b2a3fb11f64daaedae82eeef8882073d235e33a6 /include | |
| parent | 524c55b2e35b43861b1c02d6dddfa6c604a9e61d (diff) | |
| download | kernel_samsung_espresso10-8394256bda828376f50e2c333eb38c743e9a4f69.zip kernel_samsung_espresso10-8394256bda828376f50e2c333eb38c743e9a4f69.tar.gz kernel_samsung_espresso10-8394256bda828376f50e2c333eb38c743e9a4f69.tar.bz2 | |
tcp: Change possible SYN flooding messages
"Possible SYN flooding on port xxxx " messages can fill logs on servers.
Change logic to log the message only once per listener, and add two new
SNMP counters to track :
TCPReqQFullDoCookies : number of times a SYNCOOKIE was replied to client
TCPReqQFullDrop : number of times a SYN request was dropped because
syncookies were not enabled.
Based on a prior patch from Tom Herbert, and suggestions from David.
Change-Id: I18f2f1593b13d1273ba4c67c92367b0221cab405
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Tom Herbert <therbert@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/snmp.h | 2 | ||||
| -rw-r--r-- | include/net/request_sock.h | 3 | ||||
| -rw-r--r-- | include/net/tcp.h | 3 |
3 files changed, 7 insertions, 1 deletions
diff --git a/include/linux/snmp.h b/include/linux/snmp.h index 10360c7..1067930 100644 --- a/include/linux/snmp.h +++ b/include/linux/snmp.h @@ -232,6 +232,8 @@ enum LINUX_MIB_TCPTIMEWAITOVERFLOW, /* TCPTimeWaitOverflow */ LINUX_MIB_TCPCHALLENGEACK, /* TCPChallengeACK */ LINUX_MIB_TCPSYNCHALLENGE, /* TCPSYNChallenge */ + LINUX_MIB_TCPREQQFULLDOCOOKIES, /* TCPReqQFullDoCookies */ + LINUX_MIB_TCPREQQFULLDROP, /* TCPReqQFullDrop */ __LINUX_MIB_MAX }; diff --git a/include/net/request_sock.h b/include/net/request_sock.h index 99e6e19..4c0766e 100644 --- a/include/net/request_sock.h +++ b/include/net/request_sock.h @@ -96,7 +96,8 @@ extern int sysctl_max_syn_backlog; */ struct listen_sock { u8 max_qlen_log; - /* 3 bytes hole, try to use */ + u8 synflood_warned; + /* 2 bytes hole, try to use */ int qlen; int qlen_young; int clock_hand; diff --git a/include/net/tcp.h b/include/net/tcp.h index 8667435..26d653da 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -456,6 +456,9 @@ extern int tcp_write_wakeup(struct sock *); extern void tcp_send_fin(struct sock *sk); extern void tcp_send_active_reset(struct sock *sk, gfp_t priority); extern int tcp_send_synack(struct sock *); +extern int tcp_syn_flood_action(struct sock *sk, + const struct sk_buff *skb, + const char *proto); extern void tcp_push_one(struct sock *, unsigned int mss_now); extern void tcp_send_ack(struct sock *sk); extern void tcp_send_delayed_ack(struct sock *sk); |