Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 785957d3 authored by David S. Miller's avatar David S. Miller
Browse files

tcp: MD5: Use MIB counter instead of warning for MD5 mismatch. 



From a report by Matti Aarnio, and preliminary patch by Adam Langley.

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 8d50b53d

include/linux/snmp.h

+2 −0
Original line number Diff line number Diff line
@@ -214,6 +214,8 @@ enum 
	LINUX_MIB_TCPDSACKIGNOREDOLD,		/* TCPSACKIgnoredOld */

	LINUX_MIB_TCPDSACKIGNOREDNOUNDO,	/* TCPSACKIgnoredNoUndo */

	LINUX_MIB_TCPSPURIOUSRTOS,		/* TCPSpuriousRTOs */

	LINUX_MIB_TCPMD5NOTFOUND,		/* TCPMD5NotFound */

	LINUX_MIB_TCPMD5UNEXPECTED,		/* TCPMD5Unexpected */

	__LINUX_MIB_MAX

};

net/ipv4/proc.c

+2 −0
Original line number Diff line number Diff line
@@ -232,6 +232,8 @@ static const struct snmp_mib snmp4_net_list[] = { 
	SNMP_MIB_ITEM("TCPDSACKIgnoredOld", LINUX_MIB_TCPDSACKIGNOREDOLD),

	SNMP_MIB_ITEM("TCPDSACKIgnoredNoUndo", LINUX_MIB_TCPDSACKIGNOREDNOUNDO),

	SNMP_MIB_ITEM("TCPSpuriousRTOs", LINUX_MIB_TCPSPURIOUSRTOS),

	SNMP_MIB_ITEM("TCPMD5NotFound", LINUX_MIB_TCPMD5NOTFOUND),

	SNMP_MIB_ITEM("TCPMD5Unexpected", LINUX_MIB_TCPMD5UNEXPECTED),

	SNMP_MIB_SENTINEL

};

net/ipv4/tcp_ipv4.c

+2 −8
Original line number Diff line number Diff line
@@ -1116,18 +1116,12 @@ static int tcp_v4_inbound_md5_hash(struct sock *sk, struct sk_buff *skb) 
		return 0;



	if (hash_expected && !hash_location) {

		LIMIT_NETDEBUG(KERN_INFO "MD5 Hash expected but NOT found "

			       "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n",

			       NIPQUAD(iph->saddr), ntohs(th->source),

			       NIPQUAD(iph->daddr), ntohs(th->dest));

		NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);

		return 1;

	}



	if (!hash_expected && hash_location) {

		LIMIT_NETDEBUG(KERN_INFO "MD5 Hash NOT expected but found "

			       "(" NIPQUAD_FMT ", %d)->(" NIPQUAD_FMT ", %d)\n",

			       NIPQUAD(iph->saddr), ntohs(th->source),

			       NIPQUAD(iph->daddr), ntohs(th->dest));

		NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);

		return 1;

	}

net/ipv6/tcp_ipv6.c

+8 −19
Original line number Diff line number Diff line
@@ -849,28 +849,17 @@ static int tcp_v6_inbound_md5_hash (struct sock *sk, struct sk_buff *skb) 
	hash_expected = tcp_v6_md5_do_lookup(sk, &ip6h->saddr);

	hash_location = tcp_parse_md5sig_option(th);



	/* do we have a hash as expected? */

	if (!hash_expected) {

		if (!hash_location)

	/* We've parsed the options - do we have a hash? */

	if (!hash_expected && !hash_location)

		return 0;

		if (net_ratelimit()) {

			printk(KERN_INFO "MD5 Hash NOT expected but found "

			       "(" NIP6_FMT ", %u)->"

			       "(" NIP6_FMT ", %u)\n",

			       NIP6(ip6h->saddr), ntohs(th->source),

			       NIP6(ip6h->daddr), ntohs(th->dest));

		}



	if (hash_expected && !hash_location) {

		NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5NOTFOUND);

		return 1;

	}



	if (!hash_location) {

		if (net_ratelimit()) {

			printk(KERN_INFO "MD5 Hash expected but NOT found "

			       "(" NIP6_FMT ", %u)->"

			       "(" NIP6_FMT ", %u)\n",

			       NIP6(ip6h->saddr), ntohs(th->source),

			       NIP6(ip6h->daddr), ntohs(th->dest));

		}

	if (!hash_expected && hash_location) {

		NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPMD5UNEXPECTED);

		return 1;

	}