tcp: Change possible SYN flooding messages
"Possible SYN flooding on port xxxx " messages can fill logs on servers. Change logic to log the message only once per listener, and add two new SNMP counters to track : TCPReqQFullDoCookies : number of times a SYNCOOKIE was replied to client TCPReqQFullDrop : number of times a SYN request was dropped because syncookies were not enabled. Based on a prior patch from Tom Herbert, and suggestions from David. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> CC: Tom Herbert <therbert@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Eric Dumazet
David S. Miller
parent
27e95a8c67
commit
946cedccbd
6 changed files with 40 additions and 50 deletions
|
|
@ -231,6 +231,8 @@ enum
|
|||
LINUX_MIB_TCPDEFERACCEPTDROP,
|
||||
LINUX_MIB_IPRPFILTER, /* IP Reverse Path Filter (rp_filter) */
|
||||
LINUX_MIB_TCPTIMEWAITOVERFLOW, /* TCPTimeWaitOverflow */
|
||||
LINUX_MIB_TCPREQQFULLDOCOOKIES, /* TCPReqQFullDoCookies */
|
||||
LINUX_MIB_TCPREQQFULLDROP, /* TCPReqQFullDrop */
|
||||
__LINUX_MIB_MAX
|
||||
};
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue