diff options
author | Eric Dumazet <eric.dumazet@gmail.com> | 2011-08-30 03:21:44 (GMT) |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2011-09-15 18:49:43 (GMT) |
commit | 946cedccbd7387488d2cee5da92cdfeb28d2e670 (patch) | |
tree | fbb0d9c8dc11d6efee64e2a077a4951831932058 /include/net/tcp.h | |
parent | 27e95a8c670e0c587990ec5b9a87a7ea17873d28 (diff) | |
download | linux-946cedccbd7387488d2cee5da92cdfeb28d2e670.tar.xz |
tcp: Change possible SYN flooding messages
"Possible SYN flooding on port xxxx " messages can fill logs on servers.
Change logic to log the message only once per listener, and add two new
SNMP counters to track :
TCPReqQFullDoCookies : number of times a SYNCOOKIE was replied to client
TCPReqQFullDrop : number of times a SYN request was dropped because
syncookies were not enabled.
Based on a prior patch from Tom Herbert, and suggestions from David.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Tom Herbert <therbert@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/tcp.h')
-rw-r--r-- | include/net/tcp.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/include/net/tcp.h b/include/net/tcp.h index 149a415..e9b48b0 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -460,6 +460,9 @@ extern int tcp_write_wakeup(struct sock *); extern void tcp_send_fin(struct sock *sk); extern void tcp_send_active_reset(struct sock *sk, gfp_t priority); extern int tcp_send_synack(struct sock *); +extern int tcp_syn_flood_action(struct sock *sk, + const struct sk_buff *skb, + const char *proto); extern void tcp_push_one(struct sock *, unsigned int mss_now); extern void tcp_send_ack(struct sock *sk); extern void tcp_send_delayed_ack(struct sock *sk); |