1 files changed, 29 insertions, 0 deletions

diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 023196f7ec37..18b80e8bc533 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -5987,6 +5987,35 @@ struct request_sock *inet_reqsk_alloc(const struct request_sock_ops *ops,
 }
 EXPORT_SYMBOL(inet_reqsk_alloc);
 
+/*
+ * Return true if a syncookie should be sent
+ */
+static bool tcp_syn_flood_action(struct sock *sk,
+                                 const struct sk_buff *skb,
+                                 const char *proto)
+{
+        const char *msg = "Dropping request";
+        bool want_cookie = false;
+        struct listen_sock *lopt;
+
+#ifdef CONFIG_SYN_COOKIES
+        if (sysctl_tcp_syncookies) {
+                msg = "Sending cookies";
+                want_cookie = true;
+                NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPREQQFULLDOCOOKIES);
+        } else
+#endif
+                NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPREQQFULLDROP);
+
+        lopt = inet_csk(sk)->icsk_accept_queue.listen_opt;
+        if (!lopt->synflood_warned && sysctl_tcp_syncookies != 2) {
+                lopt->synflood_warned = 1;
+                pr_info("%s: Possible SYN flooding on port %d. %s.  Check SNMP counters.\n",
+                        proto, ntohs(tcp_hdr(skb)->dest), msg);
+        }
+        return want_cookie;
+}
+
 int tcp_conn_request(struct request_sock_ops *rsk_ops,
                      const struct tcp_request_sock_ops *af_ops,
                      struct sock *sk, struct sk_buff *skb)