aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2008-07-30 06:03:15 -0400
committerDavid S. Miller <davem@davemloft.net>2008-07-30 06:27:25 -0400
commit785957d3e8c6fb37b18bf671923a76dbd8240025 (patch)
tree59f089e4bd109ad9d896c6e6a0f1699f42a34136
parent8d50b53d66a8a6ae41bafbdcabe401467803f33a (diff)
tcp: MD5: Use MIB counter instead of warning for MD5 mismatch.
From a report by Matti Aarnio, and preliminary patch by Adam Langley. Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/linux/snmp.h2
-rw-r--r--net/ipv4/proc.c2
-rw-r--r--net/ipv4/tcp_ipv4.c10
-rw-r--r--net/ipv6/tcp_ipv6.c27
4 files changed, 14 insertions, 27 deletions
diff --git a/include/linux/snmp.h b/include/linux/snmp.h
index 5df62ef1280c..7a6e6bba4a71 100644
--- a/include/linux/snmp.h
+++ b/include/linux/snmp.h
@@ -214,6 +214,8 @@ enum
214 LINUX_MIB_TCPDSACKIGNOREDOLD, /* TCPSACKIgnoredOld */ 214 LINUX_MIB_TCPDSACKIGNOREDOLD, /* TCPSACKIgnoredOld */
215 LINUX_MIB_TCPDSACKIGNOREDNOUNDO, /* TCPSACKIgnoredNoUndo */ 215 LINUX_MIB_TCPDSACKIGNOREDNOUNDO, /* TCPSACKIgnoredNoUndo */
216 LINUX_MIB_TCPSPURIOUSRTOS, /* TCPSpuriousRTOs */ 216 LINUX_MIB_TCPSPURIOUSRTOS, /* TCPSpuriousRTOs */
217 LINUX_MIB_TCPMD5NOTFOUND, /* TCPMD5NotFound */
218 LINUX_MIB_TCPMD5UNEXPECTED, /* TCPMD5Unexpected */
217 __LINUX_MIB_MAX 219 __LINUX_MIB_MAX
218}; 220};
219 221
diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c
index 834356ea99df..8f5a403f6f6b 100644
--- a/net/ipv4/proc.c
+++ b/net/ipv4/proc.c
@@ -232,6 +232,8 @@ static const struct snmp_mib snmp4_net_list[] = {
232 SNMP_MIB_ITEM("TCPDSACKIgnoredOld", LINUX_MIB_TCPDSACKIGNOREDOLD), 232 SNMP_MIB_ITEM("TCPDSACKIgnoredOld", LINUX_MIB_TCPDSACKIGNOREDOLD),
233 SNMP_MIB_ITEM("TCPDSACKIgnoredNoUndo", LINUX_MIB_TCPDSACKIGNOREDNOUNDO), 233 SNMP_MIB_ITEM("TCPDSACKIgnoredNoUndo", LINUX_MIB_TCPDSACKIGNOREDNOUNDO),
234 SNMP_MIB_ITEM("TCPSpuriousRTOs", LINUX_MIB_TCPSPURIOUSRTOS), 234 SNMP_MIB_ITEM("TCPSpuriousRTOs", LINUX_MIB_TCPSPURIOUSRTOS),
235 SNMP_MIB_ITEM("TCPMD5NotFound", LINUX_MIB_TCPMD5NOTFOUND),
236 SNMP_MIB_ITEM("TCPMD5Unexpected", LINUX_MIB_TCPMD5UNEXPECTED),
235 SNMP_MIB_SENTINEL 237 SNMP_MIB_SENTINEL
236}; 238};
237 239
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index a2b06d0cc26b..b3875c0d83c7 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1116,18 +1116,12 @@ static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb)
1116 return 0; 1116 return 0;
1117 1117
1118 if (hash_expected && !hash_location) { 1118 if (hash_expected && !hash_location) {
1119 LIMIT_NETDEBUG(KERN_INFO "MD5 Hash expected but NOT found " 1119 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
1120 "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n",
1121 NIPQUAD(iph->saddr), ntohs(th->source),
1122 NIPQUAD(iph->daddr), ntohs(th->dest));
1123 return 1; 1120 return 1;
1124 } 1121 }
1125 1122
1126 if (!hash_expected && hash_location) { 1123 if (!hash_expected && hash_location) {
1127 LIMIT_NETDEBUG(KERN_INFO "MD5 Hash NOT expected but found " 1124 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
1128 "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n",
1129 NIPQUAD(iph->saddr), ntohs(th->source),
1130 NIPQUAD(iph->daddr), ntohs(th->dest));
1131 return 1; 1125 return 1;
1132 } 1126 }
1133 1127
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index cff778b23a7f..1db45216b232 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -849,28 +849,17 @@ static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
849 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr); 849 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
850 hash_location = tcp_parse_md5sig_option(th); 850 hash_location = tcp_parse_md5sig_option(th);
851 851
852 /* do we have a hash as expected? */ 852 /* We've parsed the options - do we have a hash? */
853 if (!hash_expected) { 853 if (!hash_expected && !hash_location)
854 if (!hash_location) 854 return 0;
855 return 0; 855
856 if (net_ratelimit()) { 856 if (hash_expected && !hash_location) {
857 printk(KERN_INFO "MD5 Hash NOT expected but found " 857 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
858 "(" NIP6_FMT ", %u)->"
859 "(" NIP6_FMT ", %u)\n",
860 NIP6(ip6h->saddr), ntohs(th->source),
861 NIP6(ip6h->daddr), ntohs(th->dest));
862 }
863 return 1; 858 return 1;
864 } 859 }
865 860
866 if (!hash_location) { 861 if (!hash_expected && hash_location) {
867 if (net_ratelimit()) { 862 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
868 printk(KERN_INFO "MD5 Hash expected but NOT found "
869 "(" NIP6_FMT ", %u)->"
870 "(" NIP6_FMT ", %u)\n",
871 NIP6(ip6h->saddr), ntohs(th->source),
872 NIP6(ip6h->daddr), ntohs(th->dest));
873 }
874 return 1; 863 return 1;
875 } 864 }
876 865