[PATCH net-next] net: tcp: update mib LISTENOVERFLOWS if syn flood

[PATCH net-next] net: tcp: update mib LISTENOVERFLOWS if syn flood

[yuan linyu]

From: yuan linyu <Linyu.Yuan@alcatel-sbell.com.cn>

it's better to update mib LISTENOVERFLOWS even if packet is flood

Signed-off-by: yuan linyu <Linyu.Yuan@alcatel-sbell.com.cn>
---
 net/ipv4/tcp_input.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 451ef3012636..581f5b03ae54 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -6220,6 +6220,7 @@ int tcp_conn_request(struct request_sock_ops *rsk_ops,
 	struct sock *fastopen_sk = NULL;
 	struct request_sock *req;
 	bool want_cookie = false;
+	bool want_drop = false;
 	struct dst_entry *dst;
 	struct flowi fl;
 
@@ -6231,14 +6232,17 @@ int tcp_conn_request(struct request_sock_ops *rsk_ops,
 	     inet_csk_reqsk_queue_is_full(sk)) && !isn) {
 		want_cookie = tcp_syn_flood_action(sk, skb, rsk_ops->slab_name);
 		if (!want_cookie)
-			goto drop;
+			want_drop = true;
 	}
 
 	if (sk_acceptq_is_full(sk)) {
 		NET_INC_STATS(sock_net(sk), LINUX_MIB_LISTENOVERFLOWS);
-		goto drop;
+		want_drop = true;
 	}
 
+	if (want_drop)
+		goto drop;
+
 	req = inet_reqsk_alloc(rsk_ops, sk, !want_cookie);
 	if (!req)
 		goto drop;
-- 
2.14.1

Re: [PATCH net-next] net: tcp: update mib LISTENOVERFLOWS if syn flood

[David Miller]

From: yuan linyu <cugyly@163.com>
Date: Thu, 29 Mar 2018 19:20:09 +0800

> From: yuan linyu <Linyu.Yuan@alcatel-sbell.com.cn>
> 
> it's better to update mib LISTENOVERFLOWS even if packet is flood
> 
> Signed-off-by: yuan linyu <Linyu.Yuan@alcatel-sbell.com.cn>

When we drop because of synflood we had no intention of trying to add
to the accept queue.  Therefore bumping the listen overflow counter
makes no sense.

I'm not applying this, sorry.