From patchwork Mon Nov 14 01:00:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jamie Bainbridge X-Patchwork-Id: 19493 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp1900427wru; Sun, 13 Nov 2022 17:07:09 -0800 (PST) X-Google-Smtp-Source: AA0mqf4aH2NeEpoAk/ae7tCc0N9mWYC1BW6lsRRZKxEu5qneDjCPG8O9WqYNJqlTAfSHpPe1WQGy X-Received: by 2002:a62:6283:0:b0:56e:989d:7410 with SMTP id w125-20020a626283000000b0056e989d7410mr11968920pfb.1.1668388029611; Sun, 13 Nov 2022 17:07:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668388029; cv=none; d=google.com; s=arc-20160816; b=RwyNHwmAC4rmZ7AVjNPAN1Wt/XZYSgklQ/Ucm+hclpJQHWz7+J4ad9O0mkoVroQfyD SQlahQGD+juI/bVW6YCa3GTivyDbmWuK/JjPYbGG49vzFZ6oSgGYBKbDcEqv8McHNZ9D aGdx9lN/EEBVCtC70gh9M5NRXOySp4CZ3FKStG9O22/GRbLX8J0ftwc3pRb1fQ8lxbES lBVr8sBxxXpymq2cNVdbL6O73qEUMHfUHkpYf6BWzEhRNCjVhTWVva5AbeXbJ/kthd93 KxUfQcEbnAvzDXZdhwlXYDQqcTRKsYfDhUJnRcYZHKA+iYrBeliP/0SWmyQyYbAjFz0h MYCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=Sxm0v4ki9XH0i93sKSXzV9I8SQkMNsVCRGZp4tRqchU=; b=FmyVvYHjkPwlxmLkFaJB//rSpafx4LdARR3hfTITuJAumTqDLtqYtVJ8WW9OAjMRTi U2REcTyMnJVv++rm0gE0WNFY9T2iU/yxxoGVZYVQiui701XEG2Q3d0W2g10LvR5bQI92 w+vxpXl9oUUa33VOZ8wFmLwLDA722ItEPkEYkF6RpOyA+R4BRyXcZ2Pf9pb9r8Iv0PL4 761zFCLbmhzvsxF0iSWuWeE74JFKgiWQbEgUO5n4RfwCQUvbRGjD+t+8zxD59IhL6ido Rh50boxGa6fZGjzAXd7sKcKVErYyvTV7d/qCstMU6lCJ5rQo8x2V3qfPvMXeMaRiG5sj 7/ug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=gDcUauMn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q8-20020a17090a2e0800b001fd70129092si7804586pjd.15.2022.11.13.17.06.46; Sun, 13 Nov 2022 17:07:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=gDcUauMn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235638AbiKNBAV (ORCPT + 99 others); Sun, 13 Nov 2022 20:00:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40980 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233069AbiKNBAT (ORCPT ); Sun, 13 Nov 2022 20:00:19 -0500 Received: from mail-pf1-x42d.google.com (mail-pf1-x42d.google.com [IPv6:2607:f8b0:4864:20::42d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A936FCE08; Sun, 13 Nov 2022 17:00:18 -0800 (PST) Received: by mail-pf1-x42d.google.com with SMTP id y203so9667254pfb.4; Sun, 13 Nov 2022 17:00:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=Sxm0v4ki9XH0i93sKSXzV9I8SQkMNsVCRGZp4tRqchU=; b=gDcUauMnLRDVoMQppoMjGo5pQxvTnfAb8QxYhVyzyYjl1PoGmSsU0ipmvAUn8skJRD DYeUf1hNZAhOtnIr6Ecq4I5i/pUNLPyS17ZtBopqB5motUzw14wcn4w6WWn1f7wOy8XH +1AOfqW8wUdCVpoMohFYiUB4MK3/Y7lQvAKNpyJb3+hOAqL40Kj2ABPEXgYDavlakPx0 jBcZxtChJXYwm73O12yLS/5bBavqNHB45FmnRvLKRTpo+OpIj8bVH0EeeXk04UngrI+v CwLMnDUAtoXDEYl8toKbNUViKLgP6Zw7acyYsOHzo1d9xMiL8pExzHSoqlGcaijabZlD C9MA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Sxm0v4ki9XH0i93sKSXzV9I8SQkMNsVCRGZp4tRqchU=; b=NP2FurV6rl8Z9Chtt1WOXTTBOweozOMBSauAQl+vie32VRTrO8v6gZHiMjuQzdHMyW 4ZB5HEQnylHQdchtIdnrGfFYFz1OPFkug500sq7LYDdJfoXlaJ4qDFLADKKg9FDMbFKN X6RLMkbwrFpWygrbWmG4wD5iUH+PC767DtE0ZTyYJP2VtJoc1YSqrxMV11V0vfKPs9iu gMpu5Gnr2qAiSzzy48sb0cV72jG8S0+XwEBsLhVRjVho214tTIUmQ29SCHqr+K9wASRH zxMNOq+q6B2x5l9aBaVP8rpefcWIm3ncgkNQ2xTTo/64McB8pWnGpxsL7h86pz9roU6f DKXw== X-Gm-Message-State: ANoB5pkgiydo41PRdBWa8/Z9KL2mfOXkMw5SvMu4Xgjbj78q946TplsF hM/1Ea/6pSyO6alau8o9FHQ= X-Received: by 2002:a63:d156:0:b0:46e:beb0:9d2c with SMTP id c22-20020a63d156000000b0046ebeb09d2cmr10307426pgj.117.1668387618213; Sun, 13 Nov 2022 17:00:18 -0800 (PST) Received: from localhost.localdomain ([181.41.202.223]) by smtp.gmail.com with ESMTPSA id r17-20020a170903411100b00186c3727294sm5780740pld.270.2022.11.13.17.00.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Nov 2022 17:00:17 -0800 (PST) From: Jamie Bainbridge To: Eric Dumazet , "David S. Miller" , Hideaki YOSHIFUJI , David Ahern , Jakub Kicinski , Paolo Abeni Cc: Jamie Bainbridge , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3] tcp: Add listening address to SYN flood message Date: Mon, 14 Nov 2022 12:00:08 +1100 Message-Id: <4fedab7ce54a389aeadbdc639f6b4f4988e9d2d7.1668386107.git.jamie.bainbridge@gmail.com> X-Mailer: git-send-email 2.38.1 MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749104619682077667?= X-GMAIL-MSGID: =?utf-8?q?1749431646534724063?= The SYN flood message prints the listening port number, but with many processes bound to the same port on different IPs, it's impossible to tell which socket is the problem. Add the listen IP address to the SYN flood message. For IPv6 use "[IP]:port" as per RFC-5952 and to provide ease of copy-paste to "ss" filters. For IPv4 use "IP:port" to match. Each protcol's "any" address and a host address now look like: Possible SYN flooding on port 0.0.0.0:9001. Possible SYN flooding on port 127.0.0.1:9001. Possible SYN flooding on port [::]:9001. Possible SYN flooding on port [fc00::1]:9001. Signed-off-by: Jamie Bainbridge Reviewed-by: Eric Dumazet Reviewed-by: Stephen Hemminger --- v2: Place IS_ENABLED() inside if condition c/o Andrew Lunn. Change port printf to unsigned c/o Stephen Hemminger. Remove long and unhelpful "Check SNMP counters" c/o Stephen H. v3: Use "IP:port" format c/o Eric Duamzet and Stephen H. --- net/ipv4/tcp_input.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 0640453fce54b6daae0861d948f3db075830daf6..6e51d8eefe19075721ec6d31036ecae9b6e0d698 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -6831,9 +6831,17 @@ static bool tcp_syn_flood_action(const struct sock *sk, const char *proto) __NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPREQQFULLDROP); if (!queue->synflood_warned && syncookies != 2 && - xchg(&queue->synflood_warned, 1) == 0) - net_info_ratelimited("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n", - proto, sk->sk_num, msg); + xchg(&queue->synflood_warned, 1) == 0) { + if (IS_ENABLED(CONFIG_IPV6) && sk->sk_family == AF_INET6) { + net_info_ratelimited("%s: Possible SYN flooding on port [%pI6c]:%u. %s.\n", + proto, &sk->sk_v6_rcv_saddr, + sk->sk_num, msg); + } else { + net_info_ratelimited("%s: Possible SYN flooding on port %pI4:%u. %s.\n", + proto, &sk->sk_rcv_saddr, + sk->sk_num, msg); + } + } return want_cookie; }