From patchwork Fri Nov 11 03:59:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jamie Bainbridge X-Patchwork-Id: 18443 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp527742wru; Thu, 10 Nov 2022 20:06:27 -0800 (PST) X-Google-Smtp-Source: AA0mqf6hHWRlk7sAhqe1ITkDnz5xTAlCrW/oKVdeYihDF5V+/X4aBBbAbzFObXkffBiStUtSrohF X-Received: by 2002:a17:906:3e96:b0:78d:8bb6:ba7f with SMTP id a22-20020a1709063e9600b0078d8bb6ba7fmr544944ejj.100.1668139587801; Thu, 10 Nov 2022 20:06:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668139587; cv=none; d=google.com; s=arc-20160816; b=UZpoi2LPU2ay/9WrdvOZQbJunXB6X8fzAyBIJp5Khabv3uYVnwO5t6xik1gIOSub7D AITNgc+0aJDTlisxKFbtchJwRbrsRAd5PLSvHfiAcOZP+dKcFuQ6pOV7ZYEoAEtZKHfZ X55Js+yk2pAOJBdodvVW39blh3uqAf+di3jeaa9x1+Y91KKnFRYfyMJ9tzhXV/msgB6J jVdp69U5lEygUxSBMwUEjOuPRQje/nsWaXpRJSf50P8Sn8kVTqtuh5ZTKxuN+7f0PMQW jWd9RhjvLBxUXn/zic0JXmfdHjpEP/RhtRs7c1KbFOZ5TcB/cUsIGhNkuKZbLq43pLed S1iw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=BWnTIIQeoks9JfmRMbsiRNYxrY/7LOgk1YEB5MJbrY4=; b=CX74kn4V2roHysZl/bRy0LOVAUS5+HUH34lTIYMCpfNYDtDzXBXcWmPPoONEO+irYu Y8ZQEkE2iDVDEFbbxSxh37YmHiP/Q7ArNs9uZrxsZeyGKh2/szuZoo9dzafNlPCj83mq rrsn3p0qhp8yMsAhG/JFtQZXiZFntDD7YVwM28aRUV8ySZaI3navjCaIxEkRsNQsWS70 36Xr5GpCOdr1/zxLL1g2n8SdChP8fcGJj8vI/2s+u8j7g9QrL6MMl0Db1v5xco3aRKG3 QInjoPrm6rtB12pXpP/rP6jhAsHsbeh/5MmL4qwB/lUk0jE+f5kFv0Pbjc3NoTO+zgvx yoPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=R+zS9sgm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v14-20020a1709064e8e00b007973c84ba55si837759eju.298.2022.11.10.20.06.04; Thu, 10 Nov 2022 20:06:27 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=R+zS9sgm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230183AbiKKEDN (ORCPT + 99 others); Thu, 10 Nov 2022 23:03:13 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52480 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232728AbiKKECi (ORCPT ); Thu, 10 Nov 2022 23:02:38 -0500 Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 80B3F6BDDE; Thu, 10 Nov 2022 20:01:02 -0800 (PST) Received: by mail-pf1-x436.google.com with SMTP id y203so3880592pfb.4; Thu, 10 Nov 2022 20:01:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=BWnTIIQeoks9JfmRMbsiRNYxrY/7LOgk1YEB5MJbrY4=; b=R+zS9sgm9JYzIh8VWXJ3esOJ75LGdDqWGdcsMdrYjo5gF5dtVtB7TIGhhO/fsxaWUN CPuCD3Jb/30Z9q1QQmGqwrDhGBxl79hW530Zb84WGvIToP8eTGroJq7Npq3RDhKjR8+I zaSkECDr2nCb/esq7hF091xrJXqWAOGw+JA0ki2CPQn6TyHeN7NjjK/0josBSJZtfgMH fcv9ifbJcojN9alevhDNg88Cv67iwP+OF1S4u32cMaesEwC9T7RTjEdcgXnHmFexo9hK /0HTAJzjjQ/VQYSjutzKFHeFmhgHNoBiFiGpiewk0h8m8TYL4aeo10uffG2oE49U87YA fNrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=BWnTIIQeoks9JfmRMbsiRNYxrY/7LOgk1YEB5MJbrY4=; b=eCZ+EeaCQu0bqogl70AkLiAPVfrgsLbJG7xVZaQjtB4BQVc6zsi3/xAd662xmC9jsS x0K91/jzycVNn0VxVICWGnRyMo7nXySO4KDXqEVq7rMdFzqfmkkv33ohJCFO9kxmjHMj PQhSEUiAsLccloiICjAtvZo9J8ML2BSzsMjFhVYqpLKI6KC8L5rPJRFjJYFtOb4wml6P sUxxG2K5m7BarwweSMV8p7JZHexDkyVJopWahT6nsSj3KbkkDW2DVVYsxXHHWBoxc+Sq gxdof5svcdwhl2hmk/GQyejTQMu2JrzT6vbEbmnm4SvHuAM2zXYWT26UpGgVKagb+31k DUZg== X-Gm-Message-State: ANoB5pkbGic72OkIJ8huzm5cPPARY/iNl2skJqq4k78usmLL8xs8KQEv jM2SdSJNOzYPakGd5E0+UHY= X-Received: by 2002:a62:1494:0:b0:56d:4670:6e2a with SMTP id 142-20020a621494000000b0056d46706e2amr683601pfu.77.1668139260816; Thu, 10 Nov 2022 20:01:00 -0800 (PST) Received: from localhost.localdomain ([110.147.198.134]) by smtp.gmail.com with ESMTPSA id t2-20020a170902b20200b00186fa988a13sm486875plr.166.2022.11.10.20.00.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Nov 2022 20:01:00 -0800 (PST) From: Jamie Bainbridge To: Eric Dumazet , "David S. Miller" , Hideaki YOSHIFUJI , David Ahern , Jakub Kicinski , Paolo Abeni Cc: Jamie Bainbridge , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2] tcp: Add listening address to SYN flood message Date: Fri, 11 Nov 2022 14:59:32 +1100 Message-Id: <7ccd58e8e26bcdd82e66993cbd53ff59eebe3949.1668139105.git.jamie.bainbridge@gmail.com> X-Mailer: git-send-email 2.38.1 MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749104619682077667?= X-GMAIL-MSGID: =?utf-8?q?1749171136355963136?= The SYN flood message prints the listening port number, but with many processes bound to the same port on different IPs, it's impossible to tell which socket is the problem. Add the listen IP address to the SYN flood message in the "IP.port" format like most other tools (eg: tcpdump). Each protcol's "any" address and a host address now look like: Possible SYN flooding on port 0.0.0.0.9001. Possible SYN flooding on port 127.0.0.1.9001. Possible SYN flooding on port ::.9001. Possible SYN flooding on port fc00::1.9001. Signed-off-by: Jamie Bainbridge --- v2: Place IS_ENABLED() inside if condition c/o Andrew Lunn. Change port printf to unsigned c/o Stephen Hemminger. Remove long and unhelpful "Check SNMP counters" c/o Stephen. Use IP.port format c/o Eric Dumazet. --- net/ipv4/tcp_input.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 0640453fce54b6daae0861d948f3db075830daf6..5b156dfc13b3d45c20e4fe6a45af7c42f39b2c66 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -6831,9 +6831,17 @@ static bool tcp_syn_flood_action(const struct sock *sk, const char *proto) __NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPREQQFULLDROP); if (!queue->synflood_warned && syncookies != 2 && - xchg(&queue->synflood_warned, 1) == 0) - net_info_ratelimited("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n", - proto, sk->sk_num, msg); + xchg(&queue->synflood_warned, 1) == 0) { + if (IS_ENABLED(CONFIG_IPV6) && sk->sk_family == AF_INET6) { + net_info_ratelimited("%s: Possible SYN flooding on port %pI6c.%u. %s.\n", + proto, &sk->sk_v6_rcv_saddr, + sk->sk_num, msg); + } else { + net_info_ratelimited("%s: Possible SYN flooding on port %pI4.%u. %s.\n", + proto, &sk->sk_rcv_saddr, + sk->sk_num, msg); + } + } return want_cookie; }