Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp4925516rwb; Sun, 13 Nov 2022 17:20:24 -0800 (PST) X-Google-Smtp-Source: AA0mqf6UAlxRtePRONWtij6nZ/6GTTDcIldvDdYXeUXXuGa59KWHLSVf6JzKO6LthHAKcbgN/W+c X-Received: by 2002:a17:906:48f:b0:78d:4ba6:f65a with SMTP id f15-20020a170906048f00b0078d4ba6f65amr8826712eja.186.1668388823827; Sun, 13 Nov 2022 17:20:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668388823; cv=none; d=google.com; s=arc-20160816; b=qq3r5mP1vVjDGOIVav4lJCW3hx5HVabpSky9NWaeQQjAacns8u3T4yasC5tG3Atqh5 sDRKgVJw8zVEiuXONNIeGJVZjOVC1AE5FIHBI+VALAzmc9UxT/dk9jRKkYT68xy4LpnH G5zlshH1gyeErKLPtdwTSdEqY8m40nPYIjuBjzatRm/icORNz1M/46InTv0qhXIhEIGD TqZE5B5f3qOUW7dRRBq3EJihKHG/s3MbL4+Zzx4BQjuiGkRcTudy7fUNK+lvC/SL9Jvx r0lUugIYgWAdM+9hFsb6/R7NYsS4xJI3Tmel7dtquT2RZ/TrTTAjklQD49SwH8vEoe9B Y+Ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=5UY/Q6C2fq/bjN/a67GjfDWWNNwphWU/lYcCBI/HwL0=; b=Q7jlkQcWeVDpl7Qwn+Xvv7j5xYc76Xz/WOw7AOYP//KVA1186ZYJGyY/cFMi2oq6ho 7umqUhhmJheQCtlzbPjxp5HoWeJ952p4iqJnk3sDY7/70lrd8pM9M9s8vj/DhHmjPjMP d3iU63ccJXuIVUHXsoX7OAH1TTTJhipf5TIMAMSk4+7NdCzmkvZEtRs2Ledr98iydtEf yOSIaKON5USY6n69w4CDX+xINCBvQRmfr3Dr6R+JpKno7v+uKXT83Q35CwjfB9Tsxf3c UuwpLujOsDnr7Dj6yp+g3wQoNwB2Ke1uOviv5Paa31CMeI4NAdFqvS2vwcvB4WBGlEX9 JoZw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=J2H3fe3g; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q26-20020a50cc9a000000b0045c3f6adb7csi7464950edi.215.2022.11.13.17.20.02; Sun, 13 Nov 2022 17:20:23 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=J2H3fe3g; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235492AbiKNAhy (ORCPT + 89 others); Sun, 13 Nov 2022 19:37:54 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36126 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231252AbiKNAhw (ORCPT ); Sun, 13 Nov 2022 19:37:52 -0500 Received: from mail-oi1-x22a.google.com (mail-oi1-x22a.google.com [IPv6:2607:f8b0:4864:20::22a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 286EFE0A1; Sun, 13 Nov 2022 16:37:51 -0800 (PST) Received: by mail-oi1-x22a.google.com with SMTP id n205so10068498oib.1; Sun, 13 Nov 2022 16:37:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=5UY/Q6C2fq/bjN/a67GjfDWWNNwphWU/lYcCBI/HwL0=; b=J2H3fe3gO/vA3TI8LwOFu6t5Ll/lmzpJKzKC3pnYOaIr5HSl9yJDXmTbE3y/9HSo7+ GbPsOhEgzhdrOr9+M+sZAILvMKqtIR8zZvDIO/ikx+xwmOQKouvqS8q/VY05WTcVHZbf winj4I7ajqlyIqdoxScwGFg/Zr1LcZftg4PWTwtjR3UigLhlpjBIrT3Phx0bYp9CsjT2 KRsae2UZa4vvOnstfxCOOCLfVVnhGM6w2T4Xal1NEVEyE7fxpgjyZFej6TgmE9e10Dhy 5yxWZUabfrlZVlZUNF4tNXk7uKgYhAVKa4RFL6KCS5dS+Y64zrQTSiRItGzEz3xq3W5P LFLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=5UY/Q6C2fq/bjN/a67GjfDWWNNwphWU/lYcCBI/HwL0=; b=vtakt/cSJpkQHK5P4AzZyhba0vwKGa2FZvBZhfyshu3jQ5+l1K5dD54ZL/V5NUoMop bhq8VRpNxDNUN56VrT8nYXWzSGSwWFFzkKYfMwOOoRXVBYYiltS/FMzIYs4zrn0bwRvu OlkA4Iw7B030bC3iljyzzlcyiMeNdM9KbcSo18n80L6n2kIgsxaUnWe7SN2ARkCn64+C st/ATDKdTinmGTAcp2uHAg4XsjWKOyorT1Rcnp7v+gtriaNCYWs43/LdBoU5g4OOi7+J MEnv9AmTdhUB5wFMSvXBaakr1R8j19iBGrZl5HTSEoztsmHvT5nyuJUVJTBLKQC0+Y+I DbCw== X-Gm-Message-State: ANoB5pkLx0OFGiqNImEykDQ4XsSwAt9W2zXQuj8c5fqDRabNj8S2siBf /b6l5TQG2kC9KHQYtM+tKViGEqDhMUA2sP98ktI= X-Received: by 2002:a05:6808:3ab:b0:35a:8bcb:1b30 with SMTP id n11-20020a05680803ab00b0035a8bcb1b30mr4716677oie.88.1668386270465; Sun, 13 Nov 2022 16:37:50 -0800 (PST) MIME-Version: 1.0 References: <7ccd58e8e26bcdd82e66993cbd53ff59eebe3949.1668139105.git.jamie.bainbridge@gmail.com> <20221111092047.7d33bcd3@hermes.local> <20221111161120.770b9db2@hermes.local> In-Reply-To: From: Jamie Bainbridge Date: Mon, 14 Nov 2022 10:37:39 +1000 Message-ID: Subject: Re: [PATCH v2] tcp: Add listening address to SYN flood message To: Eric Dumazet Cc: Stephen Hemminger , "David S. Miller" , Hideaki YOSHIFUJI , David Ahern , Jakub Kicinski , Paolo Abeni , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 12 Nov 2022 at 10:14, Eric Dumazet wrote: > > On Fri, Nov 11, 2022 at 4:11 PM Stephen Hemminger > wrote: > > > > On Sat, 12 Nov 2022 10:59:52 +1100 > > Jamie Bainbridge wrote: > > > > > On Sat, 12 Nov 2022 at 04:20, Stephen Hemminger > > > wrote: > > > > > > > > On Fri, 11 Nov 2022 14:59:32 +1100 > > > > Jamie Bainbridge wrote: > > > > > > > > > + xchg(&queue->synflood_warned, 1) == 0) { > > > > > + if (IS_ENABLED(CONFIG_IPV6) && sk->sk_family == AF_INET6) { > > > > > + net_info_ratelimited("%s: Possible SYN flooding on port %pI6c.%u. %s.\n", > > > > > + proto, &sk->sk_v6_rcv_saddr, > > > > > + sk->sk_num, msg); > > > > > + } else { > > > > > + net_info_ratelimited("%s: Possible SYN flooding on port %pI4.%u. %s.\n", > > > > > + proto, &sk->sk_rcv_saddr, > > > > > + sk->sk_num, msg); > > > > > > > > Minor nit, the standard format for printing addresses would be to use colon seperator before port > > > > > > > > if (IS_ENABLED(CONFIG_IPV6) && sk->sk_family == AF_INET6) { > > > > net_info_ratelimited("%s: Possible SYN flooding on [%pI6c]:%u. %s.\n", > > > > proto, &sk->sk_v6_rcv_saddr, sk->sk_num, msg); > > > > } else { > > > > net_info_ratelimited("%s: Possible SYN flooding on %pI4:%u. %s.\n", > > > > proto, &sk->sk_rcv_saddr, sk->sk_num, msg); > > > > > > I considered this too, though Eric suggested "IP.port" to match tcpdump. > > > > That works, if it happens I doubt it matters. > > Note that "ss dst" really needs the [] notation for IPv6 > > ss -t dst "[::1]" > State Recv-Q Send-Q > Local Address:Port Peer Address:Port > Process > CLOSE-WAIT 1 0 > [::1]:50584 [::1]:ipp > > So we have inconsistency anyway... > > As you said, no strong opinion. Following an RFC and ss filter paste is a good reason, I'll do a v3. Jamie