| Message ID | 4fedab7ce54a389aeadbdc639f6b4f4988e9d2d7.1668386107.git.jamie.bainbridge@gmail.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp1900427wru;
Sun, 13 Nov 2022 17:07:09 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf4aH2NeEpoAk/ae7tCc0N9mWYC1BW6lsRRZKxEu5qneDjCPG8O9WqYNJqlTAfSHpPe1WQGy
X-Received: by 2002:a62:6283:0:b0:56e:989d:7410 with SMTP id
w125-20020a626283000000b0056e989d7410mr11968920pfb.1.1668388029611;
Sun, 13 Nov 2022 17:07:09 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668388029; cv=none;
d=google.com; s=arc-20160816;
b=RwyNHwmAC4rmZ7AVjNPAN1Wt/XZYSgklQ/Ucm+hclpJQHWz7+J4ad9O0mkoVroQfyD
SQlahQGD+juI/bVW6YCa3GTivyDbmWuK/JjPYbGG49vzFZ6oSgGYBKbDcEqv8McHNZ9D
aGdx9lN/EEBVCtC70gh9M5NRXOySp4CZ3FKStG9O22/GRbLX8J0ftwc3pRb1fQ8lxbES
lBVr8sBxxXpymq2cNVdbL6O73qEUMHfUHkpYf6BWzEhRNCjVhTWVva5AbeXbJ/kthd93
KxUfQcEbnAvzDXZdhwlXYDQqcTRKsYfDhUJnRcYZHKA+iYrBeliP/0SWmyQyYbAjFz0h
MYCw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=Sxm0v4ki9XH0i93sKSXzV9I8SQkMNsVCRGZp4tRqchU=;
b=FmyVvYHjkPwlxmLkFaJB//rSpafx4LdARR3hfTITuJAumTqDLtqYtVJ8WW9OAjMRTi
U2REcTyMnJVv++rm0gE0WNFY9T2iU/yxxoGVZYVQiui701XEG2Q3d0W2g10LvR5bQI92
w+vxpXl9oUUa33VOZ8wFmLwLDA722ItEPkEYkF6RpOyA+R4BRyXcZ2Pf9pb9r8Iv0PL4
761zFCLbmhzvsxF0iSWuWeE74JFKgiWQbEgUO5n4RfwCQUvbRGjD+t+8zxD59IhL6ido
Rh50boxGa6fZGjzAXd7sKcKVErYyvTV7d/qCstMU6lCJ5rQo8x2V3qfPvMXeMaRiG5sj
7/ug==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@gmail.com header.s=20210112 header.b=gDcUauMn;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
q8-20020a17090a2e0800b001fd70129092si7804586pjd.15.2022.11.13.17.06.46;
Sun, 13 Nov 2022 17:07:09 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@gmail.com header.s=20210112 header.b=gDcUauMn;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S235638AbiKNBAV (ORCPT <rfc822;winker.wchi@gmail.com>
+ 99 others); Sun, 13 Nov 2022 20:00:21 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40980 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S233069AbiKNBAT (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Sun, 13 Nov 2022 20:00:19 -0500
Received: from mail-pf1-x42d.google.com (mail-pf1-x42d.google.com
[IPv6:2607:f8b0:4864:20::42d])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A936FCE08;
Sun, 13 Nov 2022 17:00:18 -0800 (PST)
Received: by mail-pf1-x42d.google.com with SMTP id y203so9667254pfb.4;
Sun, 13 Nov 2022 17:00:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=Sxm0v4ki9XH0i93sKSXzV9I8SQkMNsVCRGZp4tRqchU=;
b=gDcUauMnLRDVoMQppoMjGo5pQxvTnfAb8QxYhVyzyYjl1PoGmSsU0ipmvAUn8skJRD
DYeUf1hNZAhOtnIr6Ecq4I5i/pUNLPyS17ZtBopqB5motUzw14wcn4w6WWn1f7wOy8XH
+1AOfqW8wUdCVpoMohFYiUB4MK3/Y7lQvAKNpyJb3+hOAqL40Kj2ABPEXgYDavlakPx0
jBcZxtChJXYwm73O12yLS/5bBavqNHB45FmnRvLKRTpo+OpIj8bVH0EeeXk04UngrI+v
CwLMnDUAtoXDEYl8toKbNUViKLgP6Zw7acyYsOHzo1d9xMiL8pExzHSoqlGcaijabZlD
C9MA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=content-transfer-encoding:mime-version:message-id:date:subject:cc
:to:from:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=Sxm0v4ki9XH0i93sKSXzV9I8SQkMNsVCRGZp4tRqchU=;
b=NP2FurV6rl8Z9Chtt1WOXTTBOweozOMBSauAQl+vie32VRTrO8v6gZHiMjuQzdHMyW
4ZB5HEQnylHQdchtIdnrGfFYFz1OPFkug500sq7LYDdJfoXlaJ4qDFLADKKg9FDMbFKN
X6RLMkbwrFpWygrbWmG4wD5iUH+PC767DtE0ZTyYJP2VtJoc1YSqrxMV11V0vfKPs9iu
gMpu5Gnr2qAiSzzy48sb0cV72jG8S0+XwEBsLhVRjVho214tTIUmQ29SCHqr+K9wASRH
zxMNOq+q6B2x5l9aBaVP8rpefcWIm3ncgkNQ2xTTo/64McB8pWnGpxsL7h86pz9roU6f
DKXw==
X-Gm-Message-State: ANoB5pkgiydo41PRdBWa8/Z9KL2mfOXkMw5SvMu4Xgjbj78q946TplsF
hM/1Ea/6pSyO6alau8o9FHQ=
X-Received: by 2002:a63:d156:0:b0:46e:beb0:9d2c with SMTP id
c22-20020a63d156000000b0046ebeb09d2cmr10307426pgj.117.1668387618213;
Sun, 13 Nov 2022 17:00:18 -0800 (PST)
Received: from localhost.localdomain ([181.41.202.223])
by smtp.gmail.com with ESMTPSA id
r17-20020a170903411100b00186c3727294sm5780740pld.270.2022.11.13.17.00.14
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sun, 13 Nov 2022 17:00:17 -0800 (PST)
From: Jamie Bainbridge <jamie.bainbridge@gmail.com>
To: Eric Dumazet <edumazet@google.com>,
"David S. Miller" <davem@davemloft.net>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
David Ahern <dsahern@kernel.org>,
Jakub Kicinski <kuba@kernel.org>,
Paolo Abeni <pabeni@redhat.com>
Cc: Jamie Bainbridge <jamie.bainbridge@gmail.com>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v3] tcp: Add listening address to SYN flood message
Date: Mon, 14 Nov 2022 12:00:08 +1100
Message-Id:
<4fedab7ce54a389aeadbdc639f6b4f4988e9d2d7.1668386107.git.jamie.bainbridge@gmail.com>
X-Mailer: git-send-email 2.38.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1749104619682077667?=
X-GMAIL-MSGID: =?utf-8?q?1749431646534724063?=
|
| Series |
[v3] tcp: Add listening address to SYN flood message
|
|
Commit Message
Jamie Bainbridge
Nov. 14, 2022, 1 a.m. UTC
The SYN flood message prints the listening port number, but with many
processes bound to the same port on different IPs, it's impossible to
tell which socket is the problem.
Add the listen IP address to the SYN flood message.
For IPv6 use "[IP]:port" as per RFC-5952 and to provide ease of
copy-paste to "ss" filters. For IPv4 use "IP:port" to match.
Each protcol's "any" address and a host address now look like:
Possible SYN flooding on port 0.0.0.0:9001.
Possible SYN flooding on port 127.0.0.1:9001.
Possible SYN flooding on port [::]:9001.
Possible SYN flooding on port [fc00::1]:9001.
Signed-off-by: Jamie Bainbridge <jamie.bainbridge@gmail.com>
---
v2: Place IS_ENABLED() inside if condition c/o Andrew Lunn.
Change port printf to unsigned c/o Stephen Hemminger.
Remove long and unhelpful "Check SNMP counters" c/o Stephen H.
v3: Use "IP:port" format c/o Eric Duamzet and Stephen H.
---
net/ipv4/tcp_input.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
Comments
On Sun, Nov 13, 2022 at 5:00 PM Jamie Bainbridge <jamie.bainbridge@gmail.com> wrote: > > The SYN flood message prints the listening port number, but with many > processes bound to the same port on different IPs, it's impossible to > tell which socket is the problem. > > Add the listen IP address to the SYN flood message. > > For IPv6 use "[IP]:port" as per RFC-5952 and to provide ease of > copy-paste to "ss" filters. For IPv4 use "IP:port" to match. > > Each protcol's "any" address and a host address now look like: > > Possible SYN flooding on port 0.0.0.0:9001. > Possible SYN flooding on port 127.0.0.1:9001. > Possible SYN flooding on port [::]:9001. > Possible SYN flooding on port [fc00::1]:9001. > > Signed-off-by: Jamie Bainbridge <jamie.bainbridge@gmail.com> > --- Reviewed-by: Eric Dumazet <edumazet@google.com>
On Mon, 14 Nov 2022 09:31:38 -0800 Eric Dumazet <edumazet@google.com> wrote: > On Sun, Nov 13, 2022 at 5:00 PM Jamie Bainbridge > <jamie.bainbridge@gmail.com> wrote: > > > > The SYN flood message prints the listening port number, but with many > > processes bound to the same port on different IPs, it's impossible to > > tell which socket is the problem. > > > > Add the listen IP address to the SYN flood message. > > > > For IPv6 use "[IP]:port" as per RFC-5952 and to provide ease of > > copy-paste to "ss" filters. For IPv4 use "IP:port" to match. > > > > Each protcol's "any" address and a host address now look like: > > > > Possible SYN flooding on port 0.0.0.0:9001. > > Possible SYN flooding on port 127.0.0.1:9001. > > Possible SYN flooding on port [::]:9001. > > Possible SYN flooding on port [fc00::1]:9001. > > > > Signed-off-by: Jamie Bainbridge <jamie.bainbridge@gmail.com> > > --- > > Reviewed-by: Eric Dumazet <edumazet@google.com> Thanks for cleaning this up. Reviewed-by: Stephen Hemminger <stephen@networkplumber.org>
Hello: This patch was applied to netdev/net-next.git (master) by Jakub Kicinski <kuba@kernel.org>: On Mon, 14 Nov 2022 12:00:08 +1100 you wrote: > The SYN flood message prints the listening port number, but with many > processes bound to the same port on different IPs, it's impossible to > tell which socket is the problem. > > Add the listen IP address to the SYN flood message. > > For IPv6 use "[IP]:port" as per RFC-5952 and to provide ease of > copy-paste to "ss" filters. For IPv4 use "IP:port" to match. > > [...] Here is the summary with links: - [v3] tcp: Add listening address to SYN flood message https://git.kernel.org/netdev/net-next/c/d9282e48c608 You are awesome, thank you!
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 0640453fce54b6daae0861d948f3db075830daf6..6e51d8eefe19075721ec6d31036ecae9b6e0d698 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -6831,9 +6831,17 @@ static bool tcp_syn_flood_action(const struct sock *sk, const char *proto) __NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPREQQFULLDROP); if (!queue->synflood_warned && syncookies != 2 && - xchg(&queue->synflood_warned, 1) == 0) - net_info_ratelimited("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n", - proto, sk->sk_num, msg); + xchg(&queue->synflood_warned, 1) == 0) { + if (IS_ENABLED(CONFIG_IPV6) && sk->sk_family == AF_INET6) { + net_info_ratelimited("%s: Possible SYN flooding on port [%pI6c]:%u. %s.\n", + proto, &sk->sk_v6_rcv_saddr, + sk->sk_num, msg); + } else { + net_info_ratelimited("%s: Possible SYN flooding on port %pI4:%u. %s.\n", + proto, &sk->sk_rcv_saddr, + sk->sk_num, msg); + } + } return want_cookie; }