diff options
author | Florian Westphal <fw@strlen.de> | 2010-06-02 20:43:12 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-06-05 05:23:14 -0400 |
commit | 2a1d4bd46047efff513600d7ff422bc344f540a6 (patch) | |
tree | de7fc60152e12530c4159809a00560f60d284b25 | |
parent | 87eb743b943a472eb90ac2cbf7f4a132773de77f (diff) |
syncookies: make v4/v6 synflood warning behaviour the same
both syn_flood_warning functions print a message, but
ipv4 version only prints a warning if CONFIG_SYN_COOKIES=y.
Make the v4 one behave like the v6 one.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/ipv4/tcp_ipv4.c | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 202cf09c4cd4..a13f881e5037 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c | |||
@@ -793,19 +793,20 @@ static void tcp_v4_reqsk_destructor(struct request_sock *req) | |||
793 | kfree(inet_rsk(req)->opt); | 793 | kfree(inet_rsk(req)->opt); |
794 | } | 794 | } |
795 | 795 | ||
796 | #ifdef CONFIG_SYN_COOKIES | 796 | static void syn_flood_warning(const struct sk_buff *skb) |
797 | static void syn_flood_warning(struct sk_buff *skb) | ||
798 | { | 797 | { |
799 | static unsigned long warntime; | 798 | const char *msg; |
800 | 799 | ||
801 | if (time_after(jiffies, (warntime + HZ * 60))) { | 800 | #ifdef CONFIG_SYN_COOKIES |
802 | warntime = jiffies; | 801 | if (sysctl_tcp_syncookies) |
803 | printk(KERN_INFO | 802 | msg = "Sending cookies"; |
804 | "possible SYN flooding on port %d. Sending cookies.\n", | 803 | else |
805 | ntohs(tcp_hdr(skb)->dest)); | ||
806 | } | ||
807 | } | ||
808 | #endif | 804 | #endif |
805 | msg = "Dropping request"; | ||
806 | |||
807 | pr_info("TCP: Possible SYN flooding on port %d. %s.\n", | ||
808 | ntohs(tcp_hdr(skb)->dest), msg); | ||
809 | } | ||
809 | 810 | ||
810 | /* | 811 | /* |
811 | * Save and compile IPv4 options into the request_sock if needed. | 812 | * Save and compile IPv4 options into the request_sock if needed. |
@@ -1243,6 +1244,8 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb) | |||
1243 | * evidently real one. | 1244 | * evidently real one. |
1244 | */ | 1245 | */ |
1245 | if (inet_csk_reqsk_queue_is_full(sk) && !isn) { | 1246 | if (inet_csk_reqsk_queue_is_full(sk) && !isn) { |
1247 | if (net_ratelimit()) | ||
1248 | syn_flood_warning(skb); | ||
1246 | #ifdef CONFIG_SYN_COOKIES | 1249 | #ifdef CONFIG_SYN_COOKIES |
1247 | if (sysctl_tcp_syncookies) { | 1250 | if (sysctl_tcp_syncookies) { |
1248 | want_cookie = 1; | 1251 | want_cookie = 1; |
@@ -1328,7 +1331,6 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb) | |||
1328 | 1331 | ||
1329 | if (want_cookie) { | 1332 | if (want_cookie) { |
1330 | #ifdef CONFIG_SYN_COOKIES | 1333 | #ifdef CONFIG_SYN_COOKIES |
1331 | syn_flood_warning(skb); | ||
1332 | req->cookie_ts = tmp_opt.tstamp_ok; | 1334 | req->cookie_ts = tmp_opt.tstamp_ok; |
1333 | #endif | 1335 | #endif |
1334 | isn = cookie_v4_init_sequence(sk, skb, &req->mss); | 1336 | isn = cookie_v4_init_sequence(sk, skb, &req->mss); |