Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp4929856rwb; Sun, 13 Nov 2022 17:27:00 -0800 (PST) X-Google-Smtp-Source: AA0mqf69e4yBFYzQVPFvEuNki9MMC/SAluOA17UNOXrySfqTt6YVmlaN3Z/Sfxayf9trUN79Gxdu X-Received: by 2002:a05:6402:22f2:b0:467:60fa:b629 with SMTP id dn18-20020a05640222f200b0046760fab629mr9024138edb.281.1668389220094; Sun, 13 Nov 2022 17:27:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668389220; cv=none; d=google.com; s=arc-20160816; b=noheYC/OBb7+IgpWwpVJtifK/u8wELeE9JJV1TVgqis3V7lv+CIufuQQ4GBM/b4i+l nNUtIwRx4IYBoaq//GeHwlbDgOAfnOkKNEm1X/u/mR0ghe0My3Gxw6Ll1j4DDIKoqMxK qj4nsdg9i3rtBhiMV1MLtMHXZ1KVvrj1e0JiK34FVRQ0aTT0EsDZV2hUI9JIyF8zrYPB gA30U5ubkEAT948ZjvJk98PP4gtN5K3KPuU1nQIpF2sjYQKz4rYxRSSl5dBBMiXUVz7E C26mJnAX+BlO8el6DSNimZqlyeskVijUo/kSFDkRmtI9DIyCJfpcUGLghIj9lQ7bUnp2 +L5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=Sxm0v4ki9XH0i93sKSXzV9I8SQkMNsVCRGZp4tRqchU=; b=FmyVvYHjkPwlxmLkFaJB//rSpafx4LdARR3hfTITuJAumTqDLtqYtVJ8WW9OAjMRTi U2REcTyMnJVv++rm0gE0WNFY9T2iU/yxxoGVZYVQiui701XEG2Q3d0W2g10LvR5bQI92 w+vxpXl9oUUa33VOZ8wFmLwLDA722ItEPkEYkF6RpOyA+R4BRyXcZ2Pf9pb9r8Iv0PL4 761zFCLbmhzvsxF0iSWuWeE74JFKgiWQbEgUO5n4RfwCQUvbRGjD+t+8zxD59IhL6ido Rh50boxGa6fZGjzAXd7sKcKVErYyvTV7d/qCstMU6lCJ5rQo8x2V3qfPvMXeMaRiG5sj 7/ug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=gDcUauMn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id cr16-20020a170906d55000b0078def5c29e6si5865643ejc.531.2022.11.13.17.26.38; Sun, 13 Nov 2022 17:27:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=gDcUauMn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235638AbiKNBAV (ORCPT + 90 others); Sun, 13 Nov 2022 20:00:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40980 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233069AbiKNBAT (ORCPT ); Sun, 13 Nov 2022 20:00:19 -0500 Received: from mail-pf1-x42d.google.com (mail-pf1-x42d.google.com [IPv6:2607:f8b0:4864:20::42d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A936FCE08; Sun, 13 Nov 2022 17:00:18 -0800 (PST) Received: by mail-pf1-x42d.google.com with SMTP id y203so9667254pfb.4; Sun, 13 Nov 2022 17:00:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=Sxm0v4ki9XH0i93sKSXzV9I8SQkMNsVCRGZp4tRqchU=; b=gDcUauMnLRDVoMQppoMjGo5pQxvTnfAb8QxYhVyzyYjl1PoGmSsU0ipmvAUn8skJRD DYeUf1hNZAhOtnIr6Ecq4I5i/pUNLPyS17ZtBopqB5motUzw14wcn4w6WWn1f7wOy8XH +1AOfqW8wUdCVpoMohFYiUB4MK3/Y7lQvAKNpyJb3+hOAqL40Kj2ABPEXgYDavlakPx0 jBcZxtChJXYwm73O12yLS/5bBavqNHB45FmnRvLKRTpo+OpIj8bVH0EeeXk04UngrI+v CwLMnDUAtoXDEYl8toKbNUViKLgP6Zw7acyYsOHzo1d9xMiL8pExzHSoqlGcaijabZlD C9MA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Sxm0v4ki9XH0i93sKSXzV9I8SQkMNsVCRGZp4tRqchU=; b=NP2FurV6rl8Z9Chtt1WOXTTBOweozOMBSauAQl+vie32VRTrO8v6gZHiMjuQzdHMyW 4ZB5HEQnylHQdchtIdnrGfFYFz1OPFkug500sq7LYDdJfoXlaJ4qDFLADKKg9FDMbFKN X6RLMkbwrFpWygrbWmG4wD5iUH+PC767DtE0ZTyYJP2VtJoc1YSqrxMV11V0vfKPs9iu gMpu5Gnr2qAiSzzy48sb0cV72jG8S0+XwEBsLhVRjVho214tTIUmQ29SCHqr+K9wASRH zxMNOq+q6B2x5l9aBaVP8rpefcWIm3ncgkNQ2xTTo/64McB8pWnGpxsL7h86pz9roU6f DKXw== X-Gm-Message-State: ANoB5pkgiydo41PRdBWa8/Z9KL2mfOXkMw5SvMu4Xgjbj78q946TplsF hM/1Ea/6pSyO6alau8o9FHQ= X-Received: by 2002:a63:d156:0:b0:46e:beb0:9d2c with SMTP id c22-20020a63d156000000b0046ebeb09d2cmr10307426pgj.117.1668387618213; Sun, 13 Nov 2022 17:00:18 -0800 (PST) Received: from localhost.localdomain ([181.41.202.223]) by smtp.gmail.com with ESMTPSA id r17-20020a170903411100b00186c3727294sm5780740pld.270.2022.11.13.17.00.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Nov 2022 17:00:17 -0800 (PST) From: Jamie Bainbridge To: Eric Dumazet , "David S. Miller" , Hideaki YOSHIFUJI , David Ahern , Jakub Kicinski , Paolo Abeni Cc: Jamie Bainbridge , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3] tcp: Add listening address to SYN flood message Date: Mon, 14 Nov 2022 12:00:08 +1100 Message-Id: <4fedab7ce54a389aeadbdc639f6b4f4988e9d2d7.1668386107.git.jamie.bainbridge@gmail.com> X-Mailer: git-send-email 2.38.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The SYN flood message prints the listening port number, but with many processes bound to the same port on different IPs, it's impossible to tell which socket is the problem. Add the listen IP address to the SYN flood message. For IPv6 use "[IP]:port" as per RFC-5952 and to provide ease of copy-paste to "ss" filters. For IPv4 use "IP:port" to match. Each protcol's "any" address and a host address now look like: Possible SYN flooding on port 0.0.0.0:9001. Possible SYN flooding on port 127.0.0.1:9001. Possible SYN flooding on port [::]:9001. Possible SYN flooding on port [fc00::1]:9001. Signed-off-by: Jamie Bainbridge --- v2: Place IS_ENABLED() inside if condition c/o Andrew Lunn. Change port printf to unsigned c/o Stephen Hemminger. Remove long and unhelpful "Check SNMP counters" c/o Stephen H. v3: Use "IP:port" format c/o Eric Duamzet and Stephen H. --- net/ipv4/tcp_input.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 0640453fce54b6daae0861d948f3db075830daf6..6e51d8eefe19075721ec6d31036ecae9b6e0d698 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -6831,9 +6831,17 @@ static bool tcp_syn_flood_action(const struct sock *sk, const char *proto) __NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPREQQFULLDROP); if (!queue->synflood_warned && syncookies != 2 && - xchg(&queue->synflood_warned, 1) == 0) - net_info_ratelimited("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n", - proto, sk->sk_num, msg); + xchg(&queue->synflood_warned, 1) == 0) { + if (IS_ENABLED(CONFIG_IPV6) && sk->sk_family == AF_INET6) { + net_info_ratelimited("%s: Possible SYN flooding on port [%pI6c]:%u. %s.\n", + proto, &sk->sk_v6_rcv_saddr, + sk->sk_num, msg); + } else { + net_info_ratelimited("%s: Possible SYN flooding on port %pI4:%u. %s.\n", + proto, &sk->sk_rcv_saddr, + sk->sk_num, msg); + } + } return want_cookie; } -- 2.38.1