Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1254651rwb; Thu, 10 Nov 2022 13:29:30 -0800 (PST) X-Google-Smtp-Source: AMsMyM5HArEDiR6siGjOykLKtnJdARtppgZIcHGWrGfl8qmLdT56Z/ASB8IDN16Q53tGkiLWZmC2 X-Received: by 2002:a17:906:4c47:b0:7ad:9892:91e8 with SMTP id d7-20020a1709064c4700b007ad989291e8mr4030441ejw.620.1668115769948; Thu, 10 Nov 2022 13:29:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668115769; cv=none; d=google.com; s=arc-20160816; b=Q+z7o05mwkCwOCOuvaNk5q1WAZwskCIMEwFfN/KDvNxaZ5Du0p3qw0htoqW3jCkLM0 2PTv0JyuR5dgh9rIkZZHuxBGa8rMw/xML5ujZEDXlQ/VUt95YIexw6JkFFugpU8AlNde oRs95OPPHlfmeoxqBoXHyEV/YIDCtrImwRZlXGxTj1TzVawMZluzbXRj+BgjmiyvLRzO 08fhw1qOE8Zj9L+UswURLsqEbs5rUcXycOMJWwdNbr1G9TApM5zPZihE2HmDDB7mhljc dC+/PyU/SQktv1idN96jX6Spgc3KL84YBiXFls4wnz6WSsIn6pX5GB3oxyASRdHqIxKF 3irA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=EqwM4gwAeNfGSn+/i30R0momCaUlYOIuUeVEKpk6Aqw=; b=ssBkgE1BsENn5NpIVGuObDx4ALYQGQKru31FRVc3BZdYw+s0V5xCFANq3fKkkKYtOg d5xCd4bBLBVMNZg6BGMz5OLs98lDWf2zC3WNSr5atmJ72emL7AAPNxv6PYpi5Th77vZk SALE0EzWuWI3KRhaQCZDaklROgiE7QUqIWQCoB4r6BLru7Jb32FF6aLkkc0Y+7jOHN+J 7kSxOiEnY5NFCIgG0AQA6O/j+IOzwYKg43BidI7NgW/jIDOHzY7WqOkwViP8y9FJ6oEC nHi45iVaz6Fsz0NTnpggTrPumr8MsXDo6xmV8NinR6sUtimudZ4k9DaBJ0h75VxsfNGA /u2g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=lFA8i0GG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u18-20020aa7d552000000b0046277d2cb0csi520640edr.470.2022.11.10.13.29.08; Thu, 10 Nov 2022 13:29:29 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=lFA8i0GG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231825AbiKJVUg (ORCPT + 92 others); Thu, 10 Nov 2022 16:20:36 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39342 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231670AbiKJVUe (ORCPT ); Thu, 10 Nov 2022 16:20:34 -0500 Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 63C7657B4B; Thu, 10 Nov 2022 13:20:30 -0800 (PST) Received: by mail-pf1-x429.google.com with SMTP id y203so3163192pfb.4; Thu, 10 Nov 2022 13:20:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=EqwM4gwAeNfGSn+/i30R0momCaUlYOIuUeVEKpk6Aqw=; b=lFA8i0GGzeYM4wrmg5464SiWgnCaVDIe63FDXcjVFkKLT3hUN4RSN/krm4vWh4+Ef2 IVv86gAn+c6kvVFUKiNleko3mRjq0Ozh6uzDTWDNfUCw1Sc4iWlereD5QrvAOwYYMpx8 x6BJSAWrBXpYlC0bdIr9YF+kmYSiixd54c6HGRVbZufmXQ4st20bmPrNuiu1qy7LlNZ9 pnx1ZL8h+ixmUANnnPysjB7lWUXdtyMlhy876AxHdFNT6lkzPALTS7ANgqNMznvtN1qx WdHbI+F2Y9hLDLN7XJpZQMM8X6fRrMor9zi7LpQVRCcqYM1Q+U34Fe+JzdV8Jrl+F1lx WNHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=EqwM4gwAeNfGSn+/i30R0momCaUlYOIuUeVEKpk6Aqw=; b=4j7Rgoqz7iW5VFNUZwCKFn8AWsHZ9iAvdiRoKIvEwmLNX8gk3SvyeoiSI9XDkyV2Th spAWwmuAxtqSCiUo6mNw2yJwm+NS0glzrewsRzI25j4ZgNTCRl0e8f6ce0ScAbQeDkRX mTNrogLzrexh8sCcrbPkzGt1SPQPGYuFT6KXrx5YmTW8B5F/UERAHUEst7D8mFFTKJsS ZSbr9BdY0d0wp87QcyWTSno3lxP7mdsm9qecW1Vo7mkL8I59YpW9bSn6ECWYo7X7VmIw RuHrQvD7HDnyKmKe4MV0mfwWclseS8efGqTTb8G4kQawfeNR/4AFQqJFNVv8RXHG7WjR aybA== X-Gm-Message-State: ACrzQf0im49oLOQ4M8s6WKm+ZF6+/+amaIDxupNSCkbrUgAVoZb9iTk8 ffVK9yYwNEkzbMOAkOzRccJdNbZc6owhjGTVRE4= X-Received: by 2002:a63:1314:0:b0:46e:bb92:3de1 with SMTP id i20-20020a631314000000b0046ebb923de1mr3322351pgl.240.1668115229756; Thu, 10 Nov 2022 13:20:29 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Jamie Bainbridge Date: Fri, 11 Nov 2022 08:20:18 +1100 Message-ID: Subject: Re: [PATCH] tcp: Add listening address to SYN flood message To: Andrew Lunn Cc: Eric Dumazet , "David S. Miller" , Hideaki YOSHIFUJI , David Ahern , Jakub Kicinski , Paolo Abeni , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 11 Nov 2022 at 00:51, Andrew Lunn wrote: > > On Thu, Nov 10, 2022 at 09:21:06PM +1100, Jamie Bainbridge wrote: > > The SYN flood message prints the listening port number, but on a system > > with many processes bound to the same port on different IPs, it's > > impossible to tell which socket is the problem. > > > > Add the listen IP address to the SYN flood message. It might have been > > nicer to print the address first, but decades of monitoring tools are > > watching for the string "SYN flooding on port" so don't break that. > > > > Tested with each protcol's "any" address and a host address: > > > > Possible SYN flooding on port 9001. IP 0.0.0.0. > > Possible SYN flooding on port 9001. IP 127.0.0.1. > > Possible SYN flooding on port 9001. IP ::. > > Possible SYN flooding on port 9001. IP fc00::1. > > > > Signed-off-by: Jamie Bainbridge > > --- > > net/ipv4/tcp_input.c | 16 +++++++++++++--- > > 1 file changed, 13 insertions(+), 3 deletions(-) > > > > diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c > > index 0640453fce54b6daae0861d948f3db075830daf6..fb86056732266fedc8ad574bbf799dbdd7a425a3 100644 > > --- a/net/ipv4/tcp_input.c > > +++ b/net/ipv4/tcp_input.c > > @@ -6831,9 +6831,19 @@ static bool tcp_syn_flood_action(const struct sock *sk, const char *proto) > > __NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPREQQFULLDROP); > > > > if (!queue->synflood_warned && syncookies != 2 && > > - xchg(&queue->synflood_warned, 1) == 0) > > - net_info_ratelimited("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n", > > - proto, sk->sk_num, msg); > > + xchg(&queue->synflood_warned, 1) == 0) { > > +#if IS_ENABLED(CONFIG_IPV6) > > + if (sk->sk_family == AF_INET6) { > > Can the IS_ENABLED() go inside the if? You get better build testing > that way. > > Andrew Are you sure? Why would the IS_ENABLED() be inside of a condition which isn't compiled in? If IPv6 isn't compiled in then the condition would never evaluate as true, so seems pointless a pointless comparison to make? People not compiling in IPv6 have explicitly asked *not* to have their kernel filled with a bunch of "if (family == AF_INET6)" haven't they? There are many other examples of this pattern of "IS_ENABLED()" first and "if (family == AF_INET6)" inside it, but I can't see any of the inverse which I think you're suggesting, see: grep -C1 -ERHn "IS_ENABLED\(CONFIG_IPV6\)" net | grep -C1 "family == AF_INET6" Please let me know if I've misunderstood? Jamie