Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp746035rwb; Thu, 10 Nov 2022 07:00:06 -0800 (PST) X-Google-Smtp-Source: AMsMyM7qP06HMGmpT+VWZYmLUhAplWnaVh/bPnYGyQuBSWMyeoJHokjaM9Z8nbCYp6mQSeoOBiEM X-Received: by 2002:a05:6402:351:b0:461:ac11:2df6 with SMTP id r17-20020a056402035100b00461ac112df6mr2392879edw.284.1668092406098; Thu, 10 Nov 2022 07:00:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668092406; cv=none; d=google.com; s=arc-20160816; b=hT5hkDPKIcW7SK/cLPKncK0zq2itm8OV1Hd82hkUTFr15ppDPwbeikFLvD9ZtKVDlB JvUO9By4+R2LjbhPjOECpn/cHdwAkReFT8uGDNRiqZ10iGg1/BKmbGlw6zqqlgaFqdIw wIPXR2J0lZOvwwgR+aIhdQK8I4Akncxd5fGCwdG+mpgyGd1v2x6sw1CCbLuZXuMp+9V1 fmPap6vEOV4q7b82UlPsZtSHUu8n/MOis/1Zm5LzWXPSXfzYME+t4MhktI6uN01DwyBJ 7RXasDAcqQhnAF9fzXGqzBeayi3MchQbpEodn96NczDr6ywllE3vId9LXVzfiTAiUsxV ejrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=KLBqLgMW/J+kUYh//78nQLqBYL/YSG7r5+kbe5pMFp8=; b=k0RwVtiqz7vb2TR4+aPgPcvIjyMT3bCg6CLGPbjqZxbE09LalUwLf/O3aVD6shomFA H2ETHmy8iU4rp4Ju46vuDdJqtNXRjZS0bbCcf4kx38BpYzyY3PahbTgdEQwa5OZ5Mh4F jBQBshp6YW8MhwZFJZhsWUApSq49x29a0APZQJWxd+gB3nlS9jOQU5BLpgQdak1SfsZB kjqcyfnVojjTFyxpUOXkEiHcESqDJQ4gAuxXJSx4XXKLTM0hCOElniOVBa3lxzGhppBh PtvlEZXTAOUQQ2cmVaDr/VxeM7ccRJC509+1prkSdho9GN9qgEmcsC4eoBqoWfkENyz5 k2kg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lunn.ch header.s=20171124 header.b=wuATyY99; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=lunn.ch Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id sg11-20020a170907a40b00b0078db5170767si19752130ejc.18.2022.11.10.06.59.42; Thu, 10 Nov 2022 07:00:06 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@lunn.ch header.s=20171124 header.b=wuATyY99; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=lunn.ch Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231243AbiKJNvY (ORCPT + 92 others); Thu, 10 Nov 2022 08:51:24 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35894 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231235AbiKJNvV (ORCPT ); Thu, 10 Nov 2022 08:51:21 -0500 Received: from vps0.lunn.ch (vps0.lunn.ch [156.67.10.101]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DD4151743E; Thu, 10 Nov 2022 05:51:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lunn.ch; s=20171124; h=In-Reply-To:Content-Disposition:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:From:Sender:Reply-To:Subject: Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Content-Disposition:In-Reply-To:References; bh=KLBqLgMW/J+kUYh//78nQLqBYL/YSG7r5+kbe5pMFp8=; b=wuATyY99/h3XOViGQ7CGKdEiNZ oKj4Zk1EbyxMWcbViXKJVsYI+Z4UPKps8HBv8ztC0XMlXpOsg+KOceQxTQ7N8BJwn/6OiyA4lNRsW A8kTMh0Tc+bB9gah9K5+Zf7/xO7l9ZfTKnomM81333QScgsq8t3Fp8O1D14ZljBW3u3s=; Received: from andrew by vps0.lunn.ch with local (Exim 4.94.2) (envelope-from ) id 1ot7xN-0022Le-Tn; Thu, 10 Nov 2022 14:51:01 +0100 Date: Thu, 10 Nov 2022 14:51:01 +0100 From: Andrew Lunn To: Jamie Bainbridge Cc: Eric Dumazet , "David S. Miller" , Hideaki YOSHIFUJI , David Ahern , Jakub Kicinski , Paolo Abeni , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] tcp: Add listening address to SYN flood message Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Nov 10, 2022 at 09:21:06PM +1100, Jamie Bainbridge wrote: > The SYN flood message prints the listening port number, but on a system > with many processes bound to the same port on different IPs, it's > impossible to tell which socket is the problem. > > Add the listen IP address to the SYN flood message. It might have been > nicer to print the address first, but decades of monitoring tools are > watching for the string "SYN flooding on port" so don't break that. > > Tested with each protcol's "any" address and a host address: > > Possible SYN flooding on port 9001. IP 0.0.0.0. > Possible SYN flooding on port 9001. IP 127.0.0.1. > Possible SYN flooding on port 9001. IP ::. > Possible SYN flooding on port 9001. IP fc00::1. > > Signed-off-by: Jamie Bainbridge > --- > net/ipv4/tcp_input.c | 16 +++++++++++++--- > 1 file changed, 13 insertions(+), 3 deletions(-) > > diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c > index 0640453fce54b6daae0861d948f3db075830daf6..fb86056732266fedc8ad574bbf799dbdd7a425a3 100644 > --- a/net/ipv4/tcp_input.c > +++ b/net/ipv4/tcp_input.c > @@ -6831,9 +6831,19 @@ static bool tcp_syn_flood_action(const struct sock *sk, const char *proto) > __NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPREQQFULLDROP); > > if (!queue->synflood_warned && syncookies != 2 && > - xchg(&queue->synflood_warned, 1) == 0) > - net_info_ratelimited("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n", > - proto, sk->sk_num, msg); > + xchg(&queue->synflood_warned, 1) == 0) { > +#if IS_ENABLED(CONFIG_IPV6) > + if (sk->sk_family == AF_INET6) { Can the IS_ENABLED() go inside the if? You get better build testing that way. Andrew