* [PATCH net-next] tcp: md5: add LINUX_MIB_TCPMD5FAILURE counter
@ 2016-08-24 16:01 Eric Dumazet
2016-08-24 17:35 ` Stephen Hemminger
2016-08-25 23:43 ` David Miller
0 siblings, 2 replies; 4+ messages in thread
From: Eric Dumazet @ 2016-08-24 16:01 UTC (permalink / raw)
To: David Miller
Cc: netdev, Neal Cardwell, Yuchung Cheng, Julien Goodwin, Eric Dumazet
From: Eric Dumazet <edumazet@google.com>
Adds SNMP counter for drops caused by MD5 mismatches.
The current syslog might help, but a counter is more precise and helps
monitoring.
Signed-off-by: Eric Dumazet <edumazet@google.com>
---
include/uapi/linux/snmp.h | 1 +
net/ipv4/proc.c | 1 +
net/ipv4/tcp_ipv4.c | 1 +
net/ipv6/tcp_ipv6.c | 1 +
4 files changed, 4 insertions(+)
diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h
index 25a9ad8bcef1240915f2553a8acade447186d869..e7a31f8306903f53bc5881ae4c271f85cad2e361 100644
--- a/include/uapi/linux/snmp.h
+++ b/include/uapi/linux/snmp.h
@@ -235,6 +235,7 @@ enum
LINUX_MIB_TCPSPURIOUSRTOS, /* TCPSpuriousRTOs */
LINUX_MIB_TCPMD5NOTFOUND, /* TCPMD5NotFound */
LINUX_MIB_TCPMD5UNEXPECTED, /* TCPMD5Unexpected */
+ LINUX_MIB_TCPMD5FAILURE, /* TCPMD5Failure */
LINUX_MIB_SACKSHIFTED,
LINUX_MIB_SACKMERGED,
LINUX_MIB_SACKSHIFTFALLBACK,
diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c
index 9f665b63a927202b9aaf2b6b3d42205058a2ae59..1ed015e4bc792acdd520a5df95ffac33ebefc4db 100644
--- a/net/ipv4/proc.c
+++ b/net/ipv4/proc.c
@@ -257,6 +257,7 @@ static const struct snmp_mib snmp4_net_list[] = {
SNMP_MIB_ITEM("TCPSpuriousRTOs", LINUX_MIB_TCPSPURIOUSRTOS),
SNMP_MIB_ITEM("TCPMD5NotFound", LINUX_MIB_TCPMD5NOTFOUND),
SNMP_MIB_ITEM("TCPMD5Unexpected", LINUX_MIB_TCPMD5UNEXPECTED),
+ SNMP_MIB_ITEM("TCPMD5Failure", LINUX_MIB_TCPMD5FAILURE),
SNMP_MIB_ITEM("TCPSackShifted", LINUX_MIB_SACKSHIFTED),
SNMP_MIB_ITEM("TCPSackMerged", LINUX_MIB_SACKMERGED),
SNMP_MIB_ITEM("TCPSackShiftFallback", LINUX_MIB_SACKSHIFTFALLBACK),
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 32b048e524d6773538918eca175b3f422f9c2aa7..45aac7ada13592c6f1c9f28aea4426b40520e0c8 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1169,6 +1169,7 @@ static bool tcp_v4_inbound_md5_hash(const struct sock *sk,
NULL, skb);
if (genhash || memcmp(hash_location, newhash, 16) != 0) {
+ NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE);
net_info_ratelimited("MD5 Hash failed for (%pI4, %d)->(%pI4, %d)%s\n",
&iph->saddr, ntohs(th->source),
&iph->daddr, ntohs(th->dest),
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index e0f46439e391f2a8b2fac2e13b6f61a11c082715..60a65d058349c93fb66275434f6fe162a621782e 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -671,6 +671,7 @@ static bool tcp_v6_inbound_md5_hash(const struct sock *sk,
NULL, skb);
if (genhash || memcmp(hash_location, newhash, 16) != 0) {
+ NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMD5FAILURE);
net_info_ratelimited("MD5 Hash %s for [%pI6c]:%u->[%pI6c]:%u\n",
genhash ? "failed" : "mismatch",
&ip6h->saddr, ntohs(th->source),
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH net-next] tcp: md5: add LINUX_MIB_TCPMD5FAILURE counter
2016-08-24 16:01 [PATCH net-next] tcp: md5: add LINUX_MIB_TCPMD5FAILURE counter Eric Dumazet
@ 2016-08-24 17:35 ` Stephen Hemminger
2016-08-24 17:50 ` Eric Dumazet
2016-08-25 23:43 ` David Miller
1 sibling, 1 reply; 4+ messages in thread
From: Stephen Hemminger @ 2016-08-24 17:35 UTC (permalink / raw)
To: Eric Dumazet
Cc: David Miller, netdev, Neal Cardwell, Yuchung Cheng,
Julien Goodwin, Eric Dumazet
On Wed, 24 Aug 2016 09:01:23 -0700
Eric Dumazet <eric.dumazet@gmail.com> wrote:
> From: Eric Dumazet <edumazet@google.com>
>
> Adds SNMP counter for drops caused by MD5 mismatches.
>
> The current syslog might help, but a counter is more precise and helps
> monitoring.
>
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> ---
> include/uapi/linux/snmp.h | 1 +
> net/ipv4/proc.c | 1 +
> net/ipv4/tcp_ipv4.c | 1 +
> net/ipv6/tcp_ipv6.c | 1 +
> 4 files changed, 4 insertions(+)
>
> diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h
> index 25a9ad8bcef1240915f2553a8acade447186d869..e7a31f8306903f53bc5881ae4c271f85cad2e361 100644
> --- a/include/uapi/linux/snmp.h
> +++ b/include/uapi/linux/snmp.h
> @@ -235,6 +235,7 @@ enum
> LINUX_MIB_TCPSPURIOUSRTOS, /* TCPSpuriousRTOs */
> LINUX_MIB_TCPMD5NOTFOUND, /* TCPMD5NotFound */
> LINUX_MIB_TCPMD5UNEXPECTED, /* TCPMD5Unexpected */
> + LINUX_MIB_TCPMD5FAILURE, /* TCPMD5Failure */
> LINUX_MIB_SACKSHIFTED,
> LINUX_MIB_SACKMERGED,
> LINUX_MIB_SACKSHIFTFALLBACK,
You can't add value in middle of user API enum without breaking
binary compatibility.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH net-next] tcp: md5: add LINUX_MIB_TCPMD5FAILURE counter
2016-08-24 17:35 ` Stephen Hemminger
@ 2016-08-24 17:50 ` Eric Dumazet
0 siblings, 0 replies; 4+ messages in thread
From: Eric Dumazet @ 2016-08-24 17:50 UTC (permalink / raw)
To: Stephen Hemminger
Cc: David Miller, netdev, Neal Cardwell, Yuchung Cheng,
Julien Goodwin, Eric Dumazet
On Wed, 2016-08-24 at 10:35 -0700, Stephen Hemminger wrote:
> You can't add value in middle of user API enum without breaking
> binary compatibility.
There is no binary compatibility here.
/proc/net/netstat is a text file with a defined format.
First line contains the headers.
If 'binary compatibility 'was an issue, we would not have added anything
in this file.
Programs need to be able to properly parse these TcpExt: lines.
nstat is doing the right thing.
I could put LINUX_MIB_TCPMD5FAILURE at the end, but 'nstat' would have
these MD5 counters in different places.
So for the few people (ie not programs) looking at nstat, it seems
better to place this MIB at this point.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH net-next] tcp: md5: add LINUX_MIB_TCPMD5FAILURE counter
2016-08-24 16:01 [PATCH net-next] tcp: md5: add LINUX_MIB_TCPMD5FAILURE counter Eric Dumazet
2016-08-24 17:35 ` Stephen Hemminger
@ 2016-08-25 23:43 ` David Miller
1 sibling, 0 replies; 4+ messages in thread
From: David Miller @ 2016-08-25 23:43 UTC (permalink / raw)
To: eric.dumazet; +Cc: netdev, ncardwell, ycheng, julieng, edumazet
From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Wed, 24 Aug 2016 09:01:23 -0700
> From: Eric Dumazet <edumazet@google.com>
>
> Adds SNMP counter for drops caused by MD5 mismatches.
>
> The current syslog might help, but a counter is more precise and helps
> monitoring.
>
> Signed-off-by: Eric Dumazet <edumazet@google.com>
Applied.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-08-25 23:43 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-08-24 16:01 [PATCH net-next] tcp: md5: add LINUX_MIB_TCPMD5FAILURE counter Eric Dumazet
2016-08-24 17:35 ` Stephen Hemminger
2016-08-24 17:50 ` Eric Dumazet
2016-08-25 23:43 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.