tcp: MD5: Use MIB counter instead of warning for MD5 mismatch.

From a report by Matti Aarnio, and preliminary patch by Adam Langley.

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller 2008-07-30 03:03:15 -07:00
Родитель 8d50b53d66
Коммит 785957d3e8
4 изменённых файлов: 14 добавлений и 27 удалений

Просмотреть файл

@ -214,6 +214,8 @@ enum
LINUX_MIB_TCPDSACKIGNOREDOLD, /* TCPSACKIgnoredOld */
LINUX_MIB_TCPDSACKIGNOREDNOUNDO, /* TCPSACKIgnoredNoUndo */
LINUX_MIB_TCPSPURIOUSRTOS, /* TCPSpuriousRTOs */
LINUX_MIB_TCPMD5NOTFOUND, /* TCPMD5NotFound */
LINUX_MIB_TCPMD5UNEXPECTED, /* TCPMD5Unexpected */
__LINUX_MIB_MAX
};

Просмотреть файл

@ -232,6 +232,8 @@ static const struct snmp_mib snmp4_net_list[] = {
SNMP_MIB_ITEM("TCPDSACKIgnoredOld", LINUX_MIB_TCPDSACKIGNOREDOLD),
SNMP_MIB_ITEM("TCPDSACKIgnoredNoUndo", LINUX_MIB_TCPDSACKIGNOREDNOUNDO),
SNMP_MIB_ITEM("TCPSpuriousRTOs", LINUX_MIB_TCPSPURIOUSRTOS),
SNMP_MIB_ITEM("TCPMD5NotFound", LINUX_MIB_TCPMD5NOTFOUND),
SNMP_MIB_ITEM("TCPMD5Unexpected", LINUX_MIB_TCPMD5UNEXPECTED),
SNMP_MIB_SENTINEL
};

Просмотреть файл

@ -1116,18 +1116,12 @@ static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb)
return 0;
if (hash_expected && !hash_location) {
LIMIT_NETDEBUG(KERN_INFO "MD5 Hash expected but NOT found "
"(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n",
NIPQUAD(iph->saddr), ntohs(th->source),
NIPQUAD(iph->daddr), ntohs(th->dest));
NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
return 1;
}
if (!hash_expected && hash_location) {
LIMIT_NETDEBUG(KERN_INFO "MD5 Hash NOT expected but found "
"(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n",
NIPQUAD(iph->saddr), ntohs(th->source),
NIPQUAD(iph->daddr), ntohs(th->dest));
NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
return 1;
}

Просмотреть файл

@ -849,28 +849,17 @@ static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb)
hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
hash_location = tcp_parse_md5sig_option(th);
/* do we have a hash as expected? */
if (!hash_expected) {
if (!hash_location)
/* We've parsed the options - do we have a hash? */
if (!hash_expected && !hash_location)
return 0;
if (net_ratelimit()) {
printk(KERN_INFO "MD5 Hash NOT expected but found "
"(" NIP6_FMT ", %u)->"
"(" NIP6_FMT ", %u)\n",
NIP6(ip6h->saddr), ntohs(th->source),
NIP6(ip6h->daddr), ntohs(th->dest));
}
if (hash_expected && !hash_location) {
NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
return 1;
}
if (!hash_location) {
if (net_ratelimit()) {
printk(KERN_INFO "MD5 Hash expected but NOT found "
"(" NIP6_FMT ", %u)->"
"(" NIP6_FMT ", %u)\n",
NIP6(ip6h->saddr), ntohs(th->source),
NIP6(ip6h->daddr), ntohs(th->dest));
}
if (!hash_expected && hash_location) {
NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
return 1;
}