diff options
Diffstat (limited to 'net/ipv4/tcp_input.c')
| -rw-r--r-- | net/ipv4/tcp_input.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 4c2dd9f863f7..47e08c1b5bc3 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c | |||
| @@ -6009,11 +6009,13 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb) | |||
| 6009 | if (th->fin) | 6009 | if (th->fin) |
| 6010 | goto discard; | 6010 | goto discard; |
| 6011 | /* It is possible that we process SYN packets from backlog, | 6011 | /* It is possible that we process SYN packets from backlog, |
| 6012 | * so we need to make sure to disable BH right there. | 6012 | * so we need to make sure to disable BH and RCU right there. |
| 6013 | */ | 6013 | */ |
| 6014 | rcu_read_lock(); | ||
| 6014 | local_bh_disable(); | 6015 | local_bh_disable(); |
| 6015 | acceptable = icsk->icsk_af_ops->conn_request(sk, skb) >= 0; | 6016 | acceptable = icsk->icsk_af_ops->conn_request(sk, skb) >= 0; |
| 6016 | local_bh_enable(); | 6017 | local_bh_enable(); |
| 6018 | rcu_read_unlock(); | ||
| 6017 | 6019 | ||
| 6018 | if (!acceptable) | 6020 | if (!acceptable) |
| 6019 | return 1; | 6021 | return 1; |
| @@ -6367,8 +6369,8 @@ static bool tcp_syn_flood_action(const struct sock *sk, | |||
| 6367 | if (!queue->synflood_warned && | 6369 | if (!queue->synflood_warned && |
| 6368 | net->ipv4.sysctl_tcp_syncookies != 2 && | 6370 | net->ipv4.sysctl_tcp_syncookies != 2 && |
| 6369 | xchg(&queue->synflood_warned, 1) == 0) | 6371 | xchg(&queue->synflood_warned, 1) == 0) |
| 6370 | pr_info("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n", | 6372 | net_info_ratelimited("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n", |
| 6371 | proto, ntohs(tcp_hdr(skb)->dest), msg); | 6373 | proto, ntohs(tcp_hdr(skb)->dest), msg); |
| 6372 | 6374 | ||
| 6373 | return want_cookie; | 6375 | return want_cookie; |
| 6374 | } | 6376 | } |