Commit 0297c1c2 authored Sep 09, 2018 by Willem de Bruijn Committed by David S. Miller Sep 11, 2018

tcp: rate limit synflood warnings further



Convert pr_info to net_info_ratelimited to limit the total number of
synflood warnings.

Commit 946cedcc ("tcp: Change possible SYN flooding messages")
rate limits synflood warnings to one per listener.

Workloads that open many listener sockets can still see a high rate of
log messages. Syzkaller is one frequent example.

Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 2d946e5b

net/ipv4/tcp_input.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -6367,7 +6367,7 @@ static bool tcp_syn_flood_action(const struct sock *sk,
		if (!queue->synflood_warned &&
		net->ipv4.sysctl_tcp_syncookies != 2 &&
		xchg(&queue->synflood_warned, 1) == 0)
		pr_info("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n",
		net_info_ratelimited("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n",
		proto, ntohs(tcp_hdr(skb)->dest), msg);

		return want_cookie;