Commit 785957d3e8c6fb37b18bf671923a76dbd8240025

Authored by David S. Miller
1 parent 8d50b53d66

tcp: MD5: Use MIB counter instead of warning for MD5 mismatch.

From a report by Matti Aarnio, and preliminary patch by Adam Langley.

Signed-off-by: David S. Miller <davem@davemloft.net>

Showing 4 changed files with 14 additions and 27 deletions Side-by-side Diff

include/linux/snmp.h
... ... @@ -214,6 +214,8 @@
214 214 LINUX_MIB_TCPDSACKIGNOREDOLD, /* TCPSACKIgnoredOld */
215 215 LINUX_MIB_TCPDSACKIGNOREDNOUNDO, /* TCPSACKIgnoredNoUndo */
216 216 LINUX_MIB_TCPSPURIOUSRTOS, /* TCPSpuriousRTOs */
  217 + LINUX_MIB_TCPMD5NOTFOUND, /* TCPMD5NotFound */
  218 + LINUX_MIB_TCPMD5UNEXPECTED, /* TCPMD5Unexpected */
217 219 __LINUX_MIB_MAX
218 220 };
219 221  
... ... @@ -232,6 +232,8 @@
232 232 SNMP_MIB_ITEM("TCPDSACKIgnoredOld", LINUX_MIB_TCPDSACKIGNOREDOLD),
233 233 SNMP_MIB_ITEM("TCPDSACKIgnoredNoUndo", LINUX_MIB_TCPDSACKIGNOREDNOUNDO),
234 234 SNMP_MIB_ITEM("TCPSpuriousRTOs", LINUX_MIB_TCPSPURIOUSRTOS),
  235 + SNMP_MIB_ITEM("TCPMD5NotFound", LINUX_MIB_TCPMD5NOTFOUND),
  236 + SNMP_MIB_ITEM("TCPMD5Unexpected", LINUX_MIB_TCPMD5UNEXPECTED),
235 237 SNMP_MIB_SENTINEL
236 238 };
237 239  
... ... @@ -1116,18 +1116,12 @@
1116 1116 return 0;
1117 1117  
1118 1118 if (hash_expected && !hash_location) {
1119   - LIMIT_NETDEBUG(KERN_INFO "MD5 Hash expected but NOT found "
1120   - "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n",
1121   - NIPQUAD(iph->saddr), ntohs(th->source),
1122   - NIPQUAD(iph->daddr), ntohs(th->dest));
  1119 + NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
1123 1120 return 1;
1124 1121 }
1125 1122  
1126 1123 if (!hash_expected && hash_location) {
1127   - LIMIT_NETDEBUG(KERN_INFO "MD5 Hash NOT expected but found "
1128   - "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n",
1129   - NIPQUAD(iph->saddr), ntohs(th->source),
1130   - NIPQUAD(iph->daddr), ntohs(th->dest));
  1124 + NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
1131 1125 return 1;
1132 1126 }
1133 1127  
... ... @@ -849,28 +849,17 @@
849 849 hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);
850 850 hash_location = tcp_parse_md5sig_option(th);
851 851  
852   - /* do we have a hash as expected? */
853   - if (!hash_expected) {
854   - if (!hash_location)
855   - return 0;
856   - if (net_ratelimit()) {
857   - printk(KERN_INFO "MD5 Hash NOT expected but found "
858   - "(" NIP6_FMT ", %u)->"
859   - "(" NIP6_FMT ", %u)\n",
860   - NIP6(ip6h->saddr), ntohs(th->source),
861   - NIP6(ip6h->daddr), ntohs(th->dest));
862   - }
  852 + /* We've parsed the options - do we have a hash? */
  853 + if (!hash_expected && !hash_location)
  854 + return 0;
  855 +
  856 + if (hash_expected && !hash_location) {
  857 + NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);
863 858 return 1;
864 859 }
865 860  
866   - if (!hash_location) {
867   - if (net_ratelimit()) {
868   - printk(KERN_INFO "MD5 Hash expected but NOT found "
869   - "(" NIP6_FMT ", %u)->"
870   - "(" NIP6_FMT ", %u)\n",
871   - NIP6(ip6h->saddr), ntohs(th->source),
872   - NIP6(ip6h->daddr), ntohs(th->dest));
873   - }
  861 + if (!hash_expected && hash_location) {
  862 + NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);
874 863 return 1;
875 864 }
876 865