From patchwork Wed Mar 25 22:08:47 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Dumazet X-Patchwork-Id: 454805 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id E4F3614011D for ; Thu, 26 Mar 2015 09:08:54 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="verification failed; unprotected key" header.d=gmail.com header.i=@gmail.com header.b=Nmbp7hT1; dkim-adsp=none (unprotected policy); dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751185AbbCYWIv (ORCPT ); Wed, 25 Mar 2015 18:08:51 -0400 Received: from mail-ig0-f175.google.com ([209.85.213.175]:37175 "EHLO mail-ig0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750809AbbCYWIt (ORCPT ); Wed, 25 Mar 2015 18:08:49 -0400 Received: by igcxg11 with SMTP id xg11so38556737igc.0 for ; Wed, 25 Mar 2015 15:08:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:subject:from:to:cc:date:content-type:mime-version :content-transfer-encoding; bh=Jejeabrl3fCX7r5+8M0sKtnjymT2BDJ5u0SqjMbu3yM=; b=Nmbp7hT1eq20B0O16PbNPj8vsWSjlr3OLcVAOgWTTllPwOk+w+O+Pyk3pln1jJjNYx nWiesdLxElUazDUVK4a7qZCnwhYuEF/Ih67HdGckKkvKQEQxzxX4qmSncA1rD4oCXwYG /y5h+crCtICvwFEsC2xJ+oxeOLcC8OCwSuxfz0g3UOqIttMXR9ImliZZPva0Yub2jJIn QhFkkv2HvnNprtwO2pWS04kCRXXMfCFMSN0hVPcigw2DniJ8hya93082Okkon+uM1+9d NabFo8+O57YVYjFRtaYEp/g5zgNPdA4PDY5aNtk+XYgGotMpocCNADhhL9B2tGMc34G4 +ERQ== X-Received: by 10.50.225.72 with SMTP id ri8mr32789742igc.48.1427321328705; Wed, 25 Mar 2015 15:08:48 -0700 (PDT) Received: from ?IPv6:2620:0:1000:3e02:b50f:d3c0:5623:ea06? ([2620:0:1000:3e02:b50f:d3c0:5623:ea06]) by mx.google.com with ESMTPSA id t5sm10969002ign.12.2015.03.25.15.08.47 (version=TLSv1.2 cipher=AES128-GCM-SHA256 bits=128/128); Wed, 25 Mar 2015 15:08:47 -0700 (PDT) Message-ID: <1427321327.25985.124.camel@edumazet-glaptop2.roam.corp.google.com> Subject: [PATCH net-next] tcp: tcp_syn_flood_action() can be static From: Eric Dumazet To: David Miller Cc: netdev , Octavian Purdila Date: Wed, 25 Mar 2015 15:08:47 -0700 X-Mailer: Evolution 3.10.4-0ubuntu2 Mime-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Eric Dumazet After commit 1fb6f159fd21 ("tcp: add tcp_conn_request"), tcp_syn_flood_action() is no longer used from IPv6. We can make it static, by moving it above tcp_conn_request() Signed-off-by: Eric Dumazet Reviewed-by: Octavian Purdila --- include/net/tcp.h | 2 -- net/ipv4/tcp_input.c | 29 +++++++++++++++++++++++++++++ net/ipv4/tcp_ipv4.c | 29 ----------------------------- 3 files changed, 29 insertions(+), 31 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/include/net/tcp.h b/include/net/tcp.h index 42690daa924e4db6415856eadc80f3e7117a415d..963303fb96ae227263e648fb0c8dbafdc9cbc945 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -529,8 +529,6 @@ int tcp_write_wakeup(struct sock *); void tcp_send_fin(struct sock *sk); void tcp_send_active_reset(struct sock *sk, gfp_t priority); int tcp_send_synack(struct sock *); -bool tcp_syn_flood_action(struct sock *sk, const struct sk_buff *skb, - const char *proto); void tcp_push_one(struct sock *, unsigned int mss_now); void tcp_send_ack(struct sock *sk); void tcp_send_delayed_ack(struct sock *sk); diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 023196f7ec37a616346bbbef54adea72b7f3269e..18b80e8bc5336564560b7897a939bbbb2d83e5ed 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -5987,6 +5987,35 @@ struct request_sock *inet_reqsk_alloc(const struct request_sock_ops *ops, } EXPORT_SYMBOL(inet_reqsk_alloc); +/* + * Return true if a syncookie should be sent + */ +static bool tcp_syn_flood_action(struct sock *sk, + const struct sk_buff *skb, + const char *proto) +{ + const char *msg = "Dropping request"; + bool want_cookie = false; + struct listen_sock *lopt; + +#ifdef CONFIG_SYN_COOKIES + if (sysctl_tcp_syncookies) { + msg = "Sending cookies"; + want_cookie = true; + NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPREQQFULLDOCOOKIES); + } else +#endif + NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPREQQFULLDROP); + + lopt = inet_csk(sk)->icsk_accept_queue.listen_opt; + if (!lopt->synflood_warned && sysctl_tcp_syncookies != 2) { + lopt->synflood_warned = 1; + pr_info("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n", + proto, ntohs(tcp_hdr(skb)->dest), msg); + } + return want_cookie; +} + int tcp_conn_request(struct request_sock_ops *rsk_ops, const struct tcp_request_sock_ops *af_ops, struct sock *sk, struct sk_buff *skb) diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index e073517b2cc727afdbde9161ce4305810a7e9bb4..5aababa20a212068d7ef5acf74c85ddb3d99f61f 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -856,35 +856,6 @@ static void tcp_v4_reqsk_destructor(struct request_sock *req) kfree(inet_rsk(req)->opt); } -/* - * Return true if a syncookie should be sent - */ -bool tcp_syn_flood_action(struct sock *sk, - const struct sk_buff *skb, - const char *proto) -{ - const char *msg = "Dropping request"; - bool want_cookie = false; - struct listen_sock *lopt; - -#ifdef CONFIG_SYN_COOKIES - if (sysctl_tcp_syncookies) { - msg = "Sending cookies"; - want_cookie = true; - NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPREQQFULLDOCOOKIES); - } else -#endif - NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPREQQFULLDROP); - - lopt = inet_csk(sk)->icsk_accept_queue.listen_opt; - if (!lopt->synflood_warned && sysctl_tcp_syncookies != 2) { - lopt->synflood_warned = 1; - pr_info("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n", - proto, ntohs(tcp_hdr(skb)->dest), msg); - } - return want_cookie; -} -EXPORT_SYMBOL(tcp_syn_flood_action); #ifdef CONFIG_TCP_MD5SIG /*