diff options
author | David S. Miller <davem@davemloft.net> | 2008-07-30 06:03:15 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-07-30 06:27:25 -0400 |
commit | 785957d3e8c6fb37b18bf671923a76dbd8240025 (patch) | |
tree | 59f089e4bd109ad9d896c6e6a0f1699f42a34136 | |
parent | 8d50b53d66a8a6ae41bafbdcabe401467803f33a (diff) |
tcp: MD5: Use MIB counter instead of warning for MD5 mismatch.
From a report by Matti Aarnio, and preliminary patch by Adam Langley.
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/linux/snmp.h | 2 | ||||
-rw-r--r-- | net/ipv4/proc.c | 2 | ||||
-rw-r--r-- | net/ipv4/tcp_ipv4.c | 10 | ||||
-rw-r--r-- | net/ipv6/tcp_ipv6.c | 27 |
4 files changed, 14 insertions, 27 deletions
diff --git a/include/linux/snmp.h b/include/linux/snmp.h index 5df62ef1280c..7a6e6bba4a71 100644 --- a/include/linux/snmp.h +++ b/include/linux/snmp.h | |||
@@ -214,6 +214,8 @@ enum | |||
214 | LINUX_MIB_TCPDSACKIGNOREDOLD, /* TCPSACKIgnoredOld */ | 214 | LINUX_MIB_TCPDSACKIGNOREDOLD, /* TCPSACKIgnoredOld */ |
215 | LINUX_MIB_TCPDSACKIGNOREDNOUNDO, /* TCPSACKIgnoredNoUndo */ | 215 | LINUX_MIB_TCPDSACKIGNOREDNOUNDO, /* TCPSACKIgnoredNoUndo */ |
216 | LINUX_MIB_TCPSPURIOUSRTOS, /* TCPSpuriousRTOs */ | 216 | LINUX_MIB_TCPSPURIOUSRTOS, /* TCPSpuriousRTOs */ |
217 | LINUX_MIB_TCPMD5NOTFOUND, /* TCPMD5NotFound */ | ||
218 | LINUX_MIB_TCPMD5UNEXPECTED, /* TCPMD5Unexpected */ | ||
217 | __LINUX_MIB_MAX | 219 | __LINUX_MIB_MAX |
218 | }; | 220 | }; |
219 | 221 | ||
diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c index 834356ea99df..8f5a403f6f6b 100644 --- a/net/ipv4/proc.c +++ b/net/ipv4/proc.c | |||
@@ -232,6 +232,8 @@ static const struct snmp_mib snmp4_net_list[] = { | |||
232 | SNMP_MIB_ITEM("TCPDSACKIgnoredOld", LINUX_MIB_TCPDSACKIGNOREDOLD), | 232 | SNMP_MIB_ITEM("TCPDSACKIgnoredOld", LINUX_MIB_TCPDSACKIGNOREDOLD), |
233 | SNMP_MIB_ITEM("TCPDSACKIgnoredNoUndo", LINUX_MIB_TCPDSACKIGNOREDNOUNDO), | 233 | SNMP_MIB_ITEM("TCPDSACKIgnoredNoUndo", LINUX_MIB_TCPDSACKIGNOREDNOUNDO), |
234 | SNMP_MIB_ITEM("TCPSpuriousRTOs", LINUX_MIB_TCPSPURIOUSRTOS), | 234 | SNMP_MIB_ITEM("TCPSpuriousRTOs", LINUX_MIB_TCPSPURIOUSRTOS), |
235 | SNMP_MIB_ITEM("TCPMD5NotFound", LINUX_MIB_TCPMD5NOTFOUND), | ||
236 | SNMP_MIB_ITEM("TCPMD5Unexpected", LINUX_MIB_TCPMD5UNEXPECTED), | ||
235 | SNMP_MIB_SENTINEL | 237 | SNMP_MIB_SENTINEL |
236 | }; | 238 | }; |
237 | 239 | ||
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index a2b06d0cc26b..b3875c0d83c7 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c | |||
@@ -1116,18 +1116,12 @@ static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb) | |||
1116 | return 0; | 1116 | return 0; |
1117 | 1117 | ||
1118 | if (hash_expected && !hash_location) { | 1118 | if (hash_expected && !hash_location) { |
1119 | LIMIT_NETDEBUG(KERN_INFO "MD5 Hash expected but NOT found " | 1119 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND); |
1120 | "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n", | ||
1121 | NIPQUAD(iph->saddr), ntohs(th->source), | ||
1122 | NIPQUAD(iph->daddr), ntohs(th->dest)); | ||
1123 | return 1; | 1120 | return 1; |
1124 | } | 1121 | } |
1125 | 1122 | ||
1126 | if (!hash_expected && hash_location) { | 1123 | if (!hash_expected && hash_location) { |
1127 | LIMIT_NETDEBUG(KERN_INFO "MD5 Hash NOT expected but found " | 1124 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED); |
1128 | "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n", | ||
1129 | NIPQUAD(iph->saddr), ntohs(th->source), | ||
1130 | NIPQUAD(iph->daddr), ntohs(th->dest)); | ||
1131 | return 1; | 1125 | return 1; |
1132 | } | 1126 | } |
1133 | 1127 | ||
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index cff778b23a7f..1db45216b232 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c | |||
@@ -849,28 +849,17 @@ static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb) | |||
849 | hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr); | 849 | hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr); |
850 | hash_location = tcp_parse_md5sig_option(th); | 850 | hash_location = tcp_parse_md5sig_option(th); |
851 | 851 | ||
852 | /* do we have a hash as expected? */ | 852 | /* We've parsed the options - do we have a hash? */ |
853 | if (!hash_expected) { | 853 | if (!hash_expected && !hash_location) |
854 | if (!hash_location) | 854 | return 0; |
855 | return 0; | 855 | |
856 | if (net_ratelimit()) { | 856 | if (hash_expected && !hash_location) { |
857 | printk(KERN_INFO "MD5 Hash NOT expected but found " | 857 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND); |
858 | "(" NIP6_FMT ", %u)->" | ||
859 | "(" NIP6_FMT ", %u)\n", | ||
860 | NIP6(ip6h->saddr), ntohs(th->source), | ||
861 | NIP6(ip6h->daddr), ntohs(th->dest)); | ||
862 | } | ||
863 | return 1; | 858 | return 1; |
864 | } | 859 | } |
865 | 860 | ||
866 | if (!hash_location) { | 861 | if (!hash_expected && hash_location) { |
867 | if (net_ratelimit()) { | 862 | NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED); |
868 | printk(KERN_INFO "MD5 Hash expected but NOT found " | ||
869 | "(" NIP6_FMT ", %u)->" | ||
870 | "(" NIP6_FMT ", %u)\n", | ||
871 | NIP6(ip6h->saddr), ntohs(th->source), | ||
872 | NIP6(ip6h->daddr), ntohs(th->dest)); | ||
873 | } | ||
874 | return 1; | 863 | return 1; |
875 | } | 864 | } |
876 | 865 | ||