tcp: Change possible SYN flooding messages "Possible SYN flooding on port xxxx " messages can fill logs on servers. Change logic to log the message only once per listener, and add two new SNMP counters to track : TCPReqQFullDoCookies : number of times a SYNCOOKIE was replied to client TCPReqQFullDrop : number of times a SYN request was dropped because syncookies were not enabled. Based on a prior patch from Tom Herbert, and suggestions from David. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> CC: Tom Herbert <therbert@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 946cedccbd7387488d2cee5da92cdfeb28d2e670 [log] [tgz]
author: Eric Dumazet <eric.dumazet@gmail.com> Tue Aug 30 03:21:44 2011 +0000
committer: David S. Miller <davem@davemloft.net> Thu Sep 15 14:49:43 2011 -0400
tree: fbb0d9c8dc11d6efee64e2a077a4951831932058
parent: 27e95a8c670e0c587990ec5b9a87a7ea17873d28 [diff] [blame]
diff --git a/include/linux/snmp.h b/include/linux/snmp.h
index 12b2b18..e16557a 100644
--- a/include/linux/snmp.h
+++ b/include/linux/snmp.h

@@ -231,6 +231,8 @@
 	LINUX_MIB_TCPDEFERACCEPTDROP,
 	LINUX_MIB_IPRPFILTER, /* IP Reverse Path Filter (rp_filter) */
 	LINUX_MIB_TCPTIMEWAITOVERFLOW,		/* TCPTimeWaitOverflow */
+	LINUX_MIB_TCPREQQFULLDOCOOKIES,		/* TCPReqQFullDoCookies */
+	LINUX_MIB_TCPREQQFULLDROP,		/* TCPReqQFullDrop */
 	__LINUX_MIB_MAX
 };
commit	946cedccbd7387488d2cee5da92cdfeb28d2e670	[log] [tgz]
author	Eric Dumazet <eric.dumazet@gmail.com>	Tue Aug 30 03:21:44 2011 +0000
committer	David S. Miller <davem@davemloft.net>	Thu Sep 15 14:49:43 2011 -0400
tree	fbb0d9c8dc11d6efee64e2a077a4951831932058
parent	27e95a8c670e0c587990ec5b9a87a7ea17873d28 [diff] [blame]