Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1627858rwb; Thu, 10 Nov 2022 20:24:12 -0800 (PST) X-Google-Smtp-Source: AA0mqf6538/EOaiby/4vRHizb7BN+ASOTutk2EaxzwVU8hALeObrGXVIip94MPjbU0cdVUi1/6Cx X-Received: by 2002:a17:907:9a8c:b0:7a0:948d:80ae with SMTP id km12-20020a1709079a8c00b007a0948d80aemr466967ejc.658.1668140651781; Thu, 10 Nov 2022 20:24:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668140651; cv=none; d=google.com; s=arc-20160816; b=vzANC6t83shdrSDVWlX0B/aJwllS0XyxRFXjXjfVm5nRXeS+HKYk/8My41wVg6+wbk 3MmJ93ghvZYuGq2GOmoxos+Ejh+DJ3n2OJRVBvmmy/mhROeINbF4iNFqnCr9u1ulNoKs fsYG9aqkaq8kcJ4IcPZ+IjzPMg66X+SLH46xmgE7JHdlth84i7HRndumyZ+LaZlyjABN 0mmHLF3kpsw3KSJxN7ylZwK5GMA7X+lUPTqiovo7qMH1/GeH31TL5YlYdYFD3/a+ANCX UfV81rBKF6DIc2bmlaxC22U57dXxzO8uQ8zsxiXWQANrr+XsSNgw4WaAwzkS7HyemGXC WQjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=BWnTIIQeoks9JfmRMbsiRNYxrY/7LOgk1YEB5MJbrY4=; b=CX74kn4V2roHysZl/bRy0LOVAUS5+HUH34lTIYMCpfNYDtDzXBXcWmPPoONEO+irYu Y8ZQEkE2iDVDEFbbxSxh37YmHiP/Q7ArNs9uZrxsZeyGKh2/szuZoo9dzafNlPCj83mq rrsn3p0qhp8yMsAhG/JFtQZXiZFntDD7YVwM28aRUV8ySZaI3navjCaIxEkRsNQsWS70 36Xr5GpCOdr1/zxLL1g2n8SdChP8fcGJj8vI/2s+u8j7g9QrL6MMl0Db1v5xco3aRKG3 QInjoPrm6rtB12pXpP/rP6jhAsHsbeh/5MmL4qwB/lUk0jE+f5kFv0Pbjc3NoTO+zgvx yoPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=R+zS9sgm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id sg38-20020a170907a42600b007adcf0dd301si1176602ejc.747.2022.11.10.20.23.49; Thu, 10 Nov 2022 20:24:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=R+zS9sgm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230183AbiKKEDN (ORCPT + 93 others); Thu, 10 Nov 2022 23:03:13 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52480 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232728AbiKKECi (ORCPT ); Thu, 10 Nov 2022 23:02:38 -0500 Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 80B3F6BDDE; Thu, 10 Nov 2022 20:01:02 -0800 (PST) Received: by mail-pf1-x436.google.com with SMTP id y203so3880592pfb.4; Thu, 10 Nov 2022 20:01:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=BWnTIIQeoks9JfmRMbsiRNYxrY/7LOgk1YEB5MJbrY4=; b=R+zS9sgm9JYzIh8VWXJ3esOJ75LGdDqWGdcsMdrYjo5gF5dtVtB7TIGhhO/fsxaWUN CPuCD3Jb/30Z9q1QQmGqwrDhGBxl79hW530Zb84WGvIToP8eTGroJq7Npq3RDhKjR8+I zaSkECDr2nCb/esq7hF091xrJXqWAOGw+JA0ki2CPQn6TyHeN7NjjK/0josBSJZtfgMH fcv9ifbJcojN9alevhDNg88Cv67iwP+OF1S4u32cMaesEwC9T7RTjEdcgXnHmFexo9hK /0HTAJzjjQ/VQYSjutzKFHeFmhgHNoBiFiGpiewk0h8m8TYL4aeo10uffG2oE49U87YA fNrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=BWnTIIQeoks9JfmRMbsiRNYxrY/7LOgk1YEB5MJbrY4=; b=eCZ+EeaCQu0bqogl70AkLiAPVfrgsLbJG7xVZaQjtB4BQVc6zsi3/xAd662xmC9jsS x0K91/jzycVNn0VxVICWGnRyMo7nXySO4KDXqEVq7rMdFzqfmkkv33ohJCFO9kxmjHMj PQhSEUiAsLccloiICjAtvZo9J8ML2BSzsMjFhVYqpLKI6KC8L5rPJRFjJYFtOb4wml6P sUxxG2K5m7BarwweSMV8p7JZHexDkyVJopWahT6nsSj3KbkkDW2DVVYsxXHHWBoxc+Sq gxdof5svcdwhl2hmk/GQyejTQMu2JrzT6vbEbmnm4SvHuAM2zXYWT26UpGgVKagb+31k DUZg== X-Gm-Message-State: ANoB5pkbGic72OkIJ8huzm5cPPARY/iNl2skJqq4k78usmLL8xs8KQEv jM2SdSJNOzYPakGd5E0+UHY= X-Received: by 2002:a62:1494:0:b0:56d:4670:6e2a with SMTP id 142-20020a621494000000b0056d46706e2amr683601pfu.77.1668139260816; Thu, 10 Nov 2022 20:01:00 -0800 (PST) Received: from localhost.localdomain ([110.147.198.134]) by smtp.gmail.com with ESMTPSA id t2-20020a170902b20200b00186fa988a13sm486875plr.166.2022.11.10.20.00.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Nov 2022 20:01:00 -0800 (PST) From: Jamie Bainbridge To: Eric Dumazet , "David S. Miller" , Hideaki YOSHIFUJI , David Ahern , Jakub Kicinski , Paolo Abeni Cc: Jamie Bainbridge , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2] tcp: Add listening address to SYN flood message Date: Fri, 11 Nov 2022 14:59:32 +1100 Message-Id: <7ccd58e8e26bcdd82e66993cbd53ff59eebe3949.1668139105.git.jamie.bainbridge@gmail.com> X-Mailer: git-send-email 2.38.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The SYN flood message prints the listening port number, but with many processes bound to the same port on different IPs, it's impossible to tell which socket is the problem. Add the listen IP address to the SYN flood message in the "IP.port" format like most other tools (eg: tcpdump). Each protcol's "any" address and a host address now look like: Possible SYN flooding on port 0.0.0.0.9001. Possible SYN flooding on port 127.0.0.1.9001. Possible SYN flooding on port ::.9001. Possible SYN flooding on port fc00::1.9001. Signed-off-by: Jamie Bainbridge --- v2: Place IS_ENABLED() inside if condition c/o Andrew Lunn. Change port printf to unsigned c/o Stephen Hemminger. Remove long and unhelpful "Check SNMP counters" c/o Stephen. Use IP.port format c/o Eric Dumazet. --- net/ipv4/tcp_input.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 0640453fce54b6daae0861d948f3db075830daf6..5b156dfc13b3d45c20e4fe6a45af7c42f39b2c66 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -6831,9 +6831,17 @@ static bool tcp_syn_flood_action(const struct sock *sk, const char *proto) __NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPREQQFULLDROP); if (!queue->synflood_warned && syncookies != 2 && - xchg(&queue->synflood_warned, 1) == 0) - net_info_ratelimited("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n", - proto, sk->sk_num, msg); + xchg(&queue->synflood_warned, 1) == 0) { + if (IS_ENABLED(CONFIG_IPV6) && sk->sk_family == AF_INET6) { + net_info_ratelimited("%s: Possible SYN flooding on port %pI6c.%u. %s.\n", + proto, &sk->sk_v6_rcv_saddr, + sk->sk_num, msg); + } else { + net_info_ratelimited("%s: Possible SYN flooding on port %pI4.%u. %s.\n", + proto, &sk->sk_rcv_saddr, + sk->sk_num, msg); + } + } return want_cookie; } -- 2.38.1