aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2010-06-02 20:43:12 -0400
committerDavid S. Miller <davem@davemloft.net>2010-06-05 05:23:14 -0400
commit2a1d4bd46047efff513600d7ff422bc344f540a6 (patch)
treede7fc60152e12530c4159809a00560f60d284b25
parent87eb743b943a472eb90ac2cbf7f4a132773de77f (diff)
syncookies: make v4/v6 synflood warning behaviour the same
both syn_flood_warning functions print a message, but ipv4 version only prints a warning if CONFIG_SYN_COOKIES=y. Make the v4 one behave like the v6 one. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv4/tcp_ipv4.c24
1 files changed, 13 insertions, 11 deletions
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 202cf09c4cd4..a13f881e5037 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -793,19 +793,20 @@ static void tcp_v4_reqsk_destructor(struct request_sock *req)
793 kfree(inet_rsk(req)->opt); 793 kfree(inet_rsk(req)->opt);
794} 794}
795 795
796#ifdef CONFIG_SYN_COOKIES 796static void syn_flood_warning(const struct sk_buff *skb)
797static void syn_flood_warning(struct sk_buff *skb)
798{ 797{
799 static unsigned long warntime; 798 const char *msg;
800 799
801 if (time_after(jiffies, (warntime + HZ * 60))) { 800#ifdef CONFIG_SYN_COOKIES
802 warntime = jiffies; 801 if (sysctl_tcp_syncookies)
803 printk(KERN_INFO 802 msg = "Sending cookies";
804 "possible SYN flooding on port %d. Sending cookies.\n", 803 else
805 ntohs(tcp_hdr(skb)->dest));
806 }
807}
808#endif 804#endif
805 msg = "Dropping request";
806
807 pr_info("TCP: Possible SYN flooding on port %d. %s.\n",
808 ntohs(tcp_hdr(skb)->dest), msg);
809}
809 810
810/* 811/*
811 * Save and compile IPv4 options into the request_sock if needed. 812 * Save and compile IPv4 options into the request_sock if needed.
@@ -1243,6 +1244,8 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1243 * evidently real one. 1244 * evidently real one.
1244 */ 1245 */
1245 if (inet_csk_reqsk_queue_is_full(sk) && !isn) { 1246 if (inet_csk_reqsk_queue_is_full(sk) && !isn) {
1247 if (net_ratelimit())
1248 syn_flood_warning(skb);
1246#ifdef CONFIG_SYN_COOKIES 1249#ifdef CONFIG_SYN_COOKIES
1247 if (sysctl_tcp_syncookies) { 1250 if (sysctl_tcp_syncookies) {
1248 want_cookie = 1; 1251 want_cookie = 1;
@@ -1328,7 +1331,6 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1328 1331
1329 if (want_cookie) { 1332 if (want_cookie) {
1330#ifdef CONFIG_SYN_COOKIES 1333#ifdef CONFIG_SYN_COOKIES
1331 syn_flood_warning(skb);
1332 req->cookie_ts = tmp_opt.tstamp_ok; 1334 req->cookie_ts = tmp_opt.tstamp_ok;
1333#endif 1335#endif
1334 isn = cookie_v4_init_sequence(sk, skb, &req->mss); 1336 isn = cookie_v4_init_sequence(sk, skb, &req->mss);