Commit 785957d3e8c6fb37b18bf671923a76dbd8240025
1 parent
8d50b53d66
Exists in
master
and in
7 other branches
tcp: MD5: Use MIB counter instead of warning for MD5 mismatch.
From a report by Matti Aarnio, and preliminary patch by Adam Langley. Signed-off-by: David S. Miller <davem@davemloft.net>
Showing 4 changed files with 14 additions and 27 deletions Side-by-side Diff
include/linux/snmp.h
... | ... | @@ -214,6 +214,8 @@ |
214 | 214 | LINUX_MIB_TCPDSACKIGNOREDOLD, /* TCPSACKIgnoredOld */ |
215 | 215 | LINUX_MIB_TCPDSACKIGNOREDNOUNDO, /* TCPSACKIgnoredNoUndo */ |
216 | 216 | LINUX_MIB_TCPSPURIOUSRTOS, /* TCPSpuriousRTOs */ |
217 | + LINUX_MIB_TCPMD5NOTFOUND, /* TCPMD5NotFound */ | |
218 | + LINUX_MIB_TCPMD5UNEXPECTED, /* TCPMD5Unexpected */ | |
217 | 219 | __LINUX_MIB_MAX |
218 | 220 | }; |
219 | 221 |
net/ipv4/proc.c
... | ... | @@ -232,6 +232,8 @@ |
232 | 232 | SNMP_MIB_ITEM("TCPDSACKIgnoredOld", LINUX_MIB_TCPDSACKIGNOREDOLD), |
233 | 233 | SNMP_MIB_ITEM("TCPDSACKIgnoredNoUndo", LINUX_MIB_TCPDSACKIGNOREDNOUNDO), |
234 | 234 | SNMP_MIB_ITEM("TCPSpuriousRTOs", LINUX_MIB_TCPSPURIOUSRTOS), |
235 | + SNMP_MIB_ITEM("TCPMD5NotFound", LINUX_MIB_TCPMD5NOTFOUND), | |
236 | + SNMP_MIB_ITEM("TCPMD5Unexpected", LINUX_MIB_TCPMD5UNEXPECTED), | |
235 | 237 | SNMP_MIB_SENTINEL |
236 | 238 | }; |
237 | 239 |
net/ipv4/tcp_ipv4.c
... | ... | @@ -1116,18 +1116,12 @@ |
1116 | 1116 | return 0; |
1117 | 1117 | |
1118 | 1118 | if (hash_expected && !hash_location) { |
1119 | - LIMIT_NETDEBUG(KERN_INFO "MD5 Hash expected but NOT found " | |
1120 | - "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n", | |
1121 | - NIPQUAD(iph->saddr), ntohs(th->source), | |
1122 | - NIPQUAD(iph->daddr), ntohs(th->dest)); | |
1119 | + NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND); | |
1123 | 1120 | return 1; |
1124 | 1121 | } |
1125 | 1122 | |
1126 | 1123 | if (!hash_expected && hash_location) { |
1127 | - LIMIT_NETDEBUG(KERN_INFO "MD5 Hash NOT expected but found " | |
1128 | - "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n", | |
1129 | - NIPQUAD(iph->saddr), ntohs(th->source), | |
1130 | - NIPQUAD(iph->daddr), ntohs(th->dest)); | |
1124 | + NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED); | |
1131 | 1125 | return 1; |
1132 | 1126 | } |
1133 | 1127 |
net/ipv6/tcp_ipv6.c
... | ... | @@ -849,28 +849,17 @@ |
849 | 849 | hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr); |
850 | 850 | hash_location = tcp_parse_md5sig_option(th); |
851 | 851 | |
852 | - /* do we have a hash as expected? */ | |
853 | - if (!hash_expected) { | |
854 | - if (!hash_location) | |
855 | - return 0; | |
856 | - if (net_ratelimit()) { | |
857 | - printk(KERN_INFO "MD5 Hash NOT expected but found " | |
858 | - "(" NIP6_FMT ", %u)->" | |
859 | - "(" NIP6_FMT ", %u)\n", | |
860 | - NIP6(ip6h->saddr), ntohs(th->source), | |
861 | - NIP6(ip6h->daddr), ntohs(th->dest)); | |
862 | - } | |
852 | + /* We've parsed the options - do we have a hash? */ | |
853 | + if (!hash_expected && !hash_location) | |
854 | + return 0; | |
855 | + | |
856 | + if (hash_expected && !hash_location) { | |
857 | + NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND); | |
863 | 858 | return 1; |
864 | 859 | } |
865 | 860 | |
866 | - if (!hash_location) { | |
867 | - if (net_ratelimit()) { | |
868 | - printk(KERN_INFO "MD5 Hash expected but NOT found " | |
869 | - "(" NIP6_FMT ", %u)->" | |
870 | - "(" NIP6_FMT ", %u)\n", | |
871 | - NIP6(ip6h->saddr), ntohs(th->source), | |
872 | - NIP6(ip6h->daddr), ntohs(th->dest)); | |
873 | - } | |
861 | + if (!hash_expected && hash_location) { | |
862 | + NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED); | |
874 | 863 | return 1; |
875 | 864 | } |
876 | 865 |