tcp: MD5: Use MIB counter instead of warning for MD5 mismatch.
From a report by Matti Aarnio, and preliminary patch by Adam Langley. Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Родитель
8d50b53d66
Коммит
785957d3e8
|
@ -214,6 +214,8 @@ enum
|
|||
LINUX_MIB_TCPDSACKIGNOREDOLD, /* TCPSACKIgnoredOld */
|
||||
LINUX_MIB_TCPDSACKIGNOREDNOUNDO, /* TCPSACKIgnoredNoUndo */
|
||||
LINUX_MIB_TCPSPURIOUSRTOS, /* TCPSpuriousRTOs */
|
||||
LINUX_MIB_TCPMD5NOTFOUND, /* TCPMD5NotFound */
|
||||
LINUX_MIB_TCPMD5UNEXPECTED, /* TCPMD5Unexpected */
|
||||
__LINUX_MIB_MAX
|
||||
};
|
||||
|
||||
|
|
|
@ -232,6 +232,8 @@ static const struct snmp_mib snmp4_net_list[] = {
|
|||
SNMP_MIB_ITEM("TCPDSACKIgnoredOld", LINUX_MIB_TCPDSACKIGNOREDOLD),
|
||||
SNMP_MIB_ITEM("TCPDSACKIgnoredNoUndo", LINUX_MIB_TCPDSACKIGNOREDNOUNDO),
|
||||
SNMP_MIB_ITEM("TCPSpuriousRTOs", LINUX_MIB_TCPSPURIOUSRTOS),
|
||||
SNMP_MIB_ITEM("TCPMD5NotFound", LINUX_MIB_TCPMD5NOTFOUND),
|
||||
SNMP_MIB_ITEM("TCPMD5Unexpected", LINUX_MIB_TCPMD5UNEXPECTED),
|
||||
SNMP_MIB_SENTINEL
|
||||
};
|
||||
|
||||
|
|
|
@ -1116,18 +1116,12 @@ static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb)
|
|||
return 0;
|
||||
|
||||
if (hash_expected && !hash_location) {
|
||||
LIMIT_NETDEBUG(KERN_INFO "MD5 Hash expected but NOT found "
|
||||
"(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n",
|
||||
NIPQUAD(iph->saddr), ntohs(th->source),
|
||||
NIPQUAD(iph->daddr), ntohs(th->dest));
|
||||
NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (!hash_expected && hash_location) {
|
||||
LIMIT_NETDEBUG(KERN_INFO "MD5 Hash NOT expected but found "
|
||||
"(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n",
|
||||
NIPQUAD(iph->saddr), ntohs(th->source),
|
||||
NIPQUAD(iph->daddr), ntohs(th->dest));
|
||||
NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
|
@ -849,28 +849,17 @@ static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
|
|||
hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
|
||||
hash_location = tcp_parse_md5sig_option(th);
|
||||
|
||||
/* do we have a hash as expected? */
|
||||
if (!hash_expected) {
|
||||
if (!hash_location)
|
||||
/* We've parsed the options - do we have a hash? */
|
||||
if (!hash_expected && !hash_location)
|
||||
return 0;
|
||||
if (net_ratelimit()) {
|
||||
printk(KERN_INFO "MD5 Hash NOT expected but found "
|
||||
"(" NIP6_FMT ", %u)->"
|
||||
"(" NIP6_FMT ", %u)\n",
|
||||
NIP6(ip6h->saddr), ntohs(th->source),
|
||||
NIP6(ip6h->daddr), ntohs(th->dest));
|
||||
}
|
||||
|
||||
if (hash_expected && !hash_location) {
|
||||
NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (!hash_location) {
|
||||
if (net_ratelimit()) {
|
||||
printk(KERN_INFO "MD5 Hash expected but NOT found "
|
||||
"(" NIP6_FMT ", %u)->"
|
||||
"(" NIP6_FMT ", %u)\n",
|
||||
NIP6(ip6h->saddr), ntohs(th->source),
|
||||
NIP6(ip6h->daddr), ntohs(th->dest));
|
||||
}
|
||||
if (!hash_expected && hash_location) {
|
||||
NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче