Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp6725723rwb; Tue, 15 Nov 2022 02:52:28 -0800 (PST) X-Google-Smtp-Source: AA0mqf7bDlVF0Twop4SbvQMz7L+qd+7U/DdRuQ0bE/Wqf304mB4Co8BwhoqRBqr9xMHzhxJcwFbZ X-Received: by 2002:a05:6402:2d2:b0:459:4c7b:e852 with SMTP id b18-20020a05640202d200b004594c7be852mr14743231edx.347.1668509548290; Tue, 15 Nov 2022 02:52:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668509548; cv=none; d=google.com; s=arc-20160816; b=ZZxLSI2sOH6PgLi8hMIHbRNXgqYqwWmUvM2+676ihjeN5D4A2tPUVaFTFmLeggwvG/ HTP/Rp4hfNjP9hmH7SpIMd+t6WmfjUKub6mjAGOCnsdTQZQGQGZbmusXfsTwVJXjneta f7qcJqEe0GDga+ANXg8uyID/IGQFONpWhOD1DrgFtzQXSeKZUIH97X35YndQwjxv3z7N hbJNEgvqeuFiDDKVFm9t9Unjre4VSL5wchlOOTYoMEtjCt7gi9NmTFrVxR7lzNkzG5sT Wy3YV0a3WqUV7oeyA6dX0kn4dAd1u2oSXuNKOtw4fI5C2VUhhr0jj/ee0k2/OANXffNd nyag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version; bh=zyWvwU9qjTDyVNHbJm/iJ/vqWlCu7gf1x9mYXMP0o0s=; b=WUc2O5z+gFDRCRY7zYM0kaIn917Z+04eJaGE31CPaz3rymGvwnyxCPqYoL8jOeFy8/ EpGShKuQdJb6yfdnHCDf+dJbCiQv5w7QbZFEmpn+F1AGPxuBM4lPW6Km5kl87z0lL4ZU hR+LZK/0haC/LTHX5Y56sDxePROLXg2K63UV7FRB61A29khmiI62HPBEk7RXB5X2EHKc tVWDtxhVCaV+Tq+ndtagmRu4412Q1mxf96zjyk+IBDa83X4yrIC9jyTgVNG78KlYCRpp PpP5cOG4lb84YKSc+GwjwL/dkeS0ibDquwOa30dJJAnWHLCGcD6AkLboSPdhaTNpRVn6 WtEg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ju12-20020a17090798ac00b007ae0e8f697fsi8926329ejc.652.2022.11.15.02.51.59; Tue, 15 Nov 2022 02:52:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232761AbiKOK3b (ORCPT + 90 others); Tue, 15 Nov 2022 05:29:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45674 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230015AbiKOK31 (ORCPT ); Tue, 15 Nov 2022 05:29:27 -0500 Received: from mail-qv1-f50.google.com (mail-qv1-f50.google.com [209.85.219.50]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A9F9D1D0D3; Tue, 15 Nov 2022 02:29:26 -0800 (PST) Received: by mail-qv1-f50.google.com with SMTP id w10so9532079qvr.3; Tue, 15 Nov 2022 02:29:26 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=zyWvwU9qjTDyVNHbJm/iJ/vqWlCu7gf1x9mYXMP0o0s=; b=U1gV9147mao2eWxw/DJT6PSoHL0HYZR5mE90ZaJVYYM9PtKPuiQlXgaAwVg3iEEFKr 8ajiepuZ5CD89iSP/+QKt5qEih+TroXpxqIycInG83cyozLJyiN68GaYpvLD1oXZ81JP fVDFKcSR5KeSCJq9DRUusBcJIe1XxUcq3kOS11gg8XpV1NQohnrrYkSLO6tGG4uZRpvN nMtWyZHI+SYbHsTR7aQ9ZTU1laXQjthqQOUr/FDZy5NqDxhweOllQB07jlakd5QeneLh uxKmWohGehz4jUjEhucfAy2bmBHaUZOeG3ZFekNrrElLx1CHLnNEistB8M7g4TBjJsWo FdrQ== X-Gm-Message-State: ANoB5pkK3CjbOeiXFEuYBXJdz/5cFjnQ4DXvlkFQQvcYcOGEmRVJwAxG ufgFS/WRPKn48XO1znkCItK8IO6IGuQO/Q== X-Received: by 2002:a05:6214:2dc7:b0:4bb:754f:e974 with SMTP id nc7-20020a0562142dc700b004bb754fe974mr16089739qvb.2.1668508165617; Tue, 15 Nov 2022 02:29:25 -0800 (PST) Received: from mail-yb1-f176.google.com (mail-yb1-f176.google.com. [209.85.219.176]) by smtp.gmail.com with ESMTPSA id i18-20020a05620a405200b006fa84082b6dsm8119048qko.128.2022.11.15.02.29.24 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 15 Nov 2022 02:29:25 -0800 (PST) Received: by mail-yb1-f176.google.com with SMTP id 136so1019384ybn.1; Tue, 15 Nov 2022 02:29:24 -0800 (PST) X-Received: by 2002:a25:18c5:0:b0:6de:6183:c5c3 with SMTP id 188-20020a2518c5000000b006de6183c5c3mr16199179yby.89.1668508164385; Tue, 15 Nov 2022 02:29:24 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Geert Uytterhoeven Date: Tue, 15 Nov 2022 11:29:12 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] tcp: Add listening address to SYN flood message To: Andrew Lunn Cc: Jamie Bainbridge , Eric Dumazet , "David S. Miller" , Hideaki YOSHIFUJI , David Ahern , Jakub Kicinski , Paolo Abeni , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Andrew, On Thu, Nov 10, 2022 at 11:42 PM Andrew Lunn wrote: > On Fri, Nov 11, 2022 at 08:20:18AM +1100, Jamie Bainbridge wrote: > > On Fri, 11 Nov 2022 at 00:51, Andrew Lunn wrote: > > > On Thu, Nov 10, 2022 at 09:21:06PM +1100, Jamie Bainbridge wrote: > > > > The SYN flood message prints the listening port number, but on a system > > > > with many processes bound to the same port on different IPs, it's > > > > impossible to tell which socket is the problem. > > > > > > > > Add the listen IP address to the SYN flood message. It might have been > > > > nicer to print the address first, but decades of monitoring tools are > > > > watching for the string "SYN flooding on port" so don't break that. > > > > > > > > Tested with each protcol's "any" address and a host address: > > > > > > > > Possible SYN flooding on port 9001. IP 0.0.0.0. > > > > Possible SYN flooding on port 9001. IP 127.0.0.1. > > > > Possible SYN flooding on port 9001. IP ::. > > > > Possible SYN flooding on port 9001. IP fc00::1. > > > > > > > > Signed-off-by: Jamie Bainbridge > > > > --- > > > > net/ipv4/tcp_input.c | 16 +++++++++++++--- > > > > 1 file changed, 13 insertions(+), 3 deletions(-) > > > > > > > > diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c > > > > index 0640453fce54b6daae0861d948f3db075830daf6..fb86056732266fedc8ad574bbf799dbdd7a425a3 100644 > > > > --- a/net/ipv4/tcp_input.c > > > > +++ b/net/ipv4/tcp_input.c > > > > @@ -6831,9 +6831,19 @@ static bool tcp_syn_flood_action(const struct sock *sk, const char *proto) > > > > __NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPREQQFULLDROP); > > > > > > > > if (!queue->synflood_warned && syncookies != 2 && > > > > - xchg(&queue->synflood_warned, 1) == 0) > > > > - net_info_ratelimited("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n", > > > > - proto, sk->sk_num, msg); > > > > + xchg(&queue->synflood_warned, 1) == 0) { > > > > +#if IS_ENABLED(CONFIG_IPV6) > > > > + if (sk->sk_family == AF_INET6) { > > > > > > Can the IS_ENABLED() go inside the if? You get better build testing > > > that way. > > > > > > Andrew > > > > Are you sure? Why would the IS_ENABLED() be inside of a condition > > which isn't compiled in? If IPv6 isn't compiled in then the condition > > would never evaluate as true, so seems pointless a pointless > > comparison to make? People not compiling in IPv6 have explicitly asked > > *not* to have their kernel filled with a bunch of "if (family == > > AF_INET6)" haven't they? > > > > There are many other examples of this pattern of "IS_ENABLED()" first > > and "if (family == AF_INET6)" inside it, but I can't see any of the > > inverse which I think you're suggesting, see: > > > > grep -C1 -ERHn "IS_ENABLED\(CONFIG_IPV6\)" net | grep -C1 "family == AF_INET6" > > > > Please let me know if I've misunderstood? > > So what i'm suggesting is > > if (IS_ENABLED(CONFIG_IPV6) && sk->sk_family == AF_INET6) { > net_info_ratelimited("%s: Possible SYN flooding on port %d. IP %pI6c. %s. Check SNMP counters.\n", > proto, sk->sk_num, > &sk->sk_v6_rcv_saddr, msg); > } Unfortunately the IPv6-specific members are not defined if CONFIG_IPV6=n. Patch sent. https://lore.kernel.org/netdev/d1ecf500f07e063d4e8e34f4045ddca55416c686.1668507036.git.geert+renesas@glider.be Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds