diff options
author | Eric Dumazet <eric.dumazet@gmail.com> | 2011-08-30 03:21:44 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2011-09-15 14:49:43 -0400 |
commit | 946cedccbd7387488d2cee5da92cdfeb28d2e670 (patch) | |
tree | fbb0d9c8dc11d6efee64e2a077a4951831932058 /net/ipv4/proc.c | |
parent | 27e95a8c670e0c587990ec5b9a87a7ea17873d28 (diff) | |
download | linux-rpi3-946cedccbd7387488d2cee5da92cdfeb28d2e670.tar.gz linux-rpi3-946cedccbd7387488d2cee5da92cdfeb28d2e670.tar.bz2 linux-rpi3-946cedccbd7387488d2cee5da92cdfeb28d2e670.zip |
tcp: Change possible SYN flooding messages
"Possible SYN flooding on port xxxx " messages can fill logs on servers.
Change logic to log the message only once per listener, and add two new
SNMP counters to track :
TCPReqQFullDoCookies : number of times a SYNCOOKIE was replied to client
TCPReqQFullDrop : number of times a SYN request was dropped because
syncookies were not enabled.
Based on a prior patch from Tom Herbert, and suggestions from David.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Tom Herbert <therbert@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/proc.c')
-rw-r--r-- | net/ipv4/proc.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c index b14ec7d03b6e..4bfad5da94f4 100644 --- a/net/ipv4/proc.c +++ b/net/ipv4/proc.c @@ -254,6 +254,8 @@ static const struct snmp_mib snmp4_net_list[] = { SNMP_MIB_ITEM("TCPDeferAcceptDrop", LINUX_MIB_TCPDEFERACCEPTDROP), SNMP_MIB_ITEM("IPReversePathFilter", LINUX_MIB_IPRPFILTER), SNMP_MIB_ITEM("TCPTimeWaitOverflow", LINUX_MIB_TCPTIMEWAITOVERFLOW), + SNMP_MIB_ITEM("TCPReqQFullDoCookies", LINUX_MIB_TCPREQQFULLDOCOOKIES), + SNMP_MIB_ITEM("TCPReqQFullDrop", LINUX_MIB_TCPREQQFULLDROP), SNMP_MIB_SENTINEL }; |