On my ls1021 (ARMv7 Processor rev 5) running 4.14 kernel I can see some storm protection parameters for gianfar network driver.
/sys/devices/platform/soc/soc:ethernet@2d90000/net/eth0/stormprot_count /sys/devices/platform/soc/soc:ethernet@2d90000/net/eth0/stormprot_events /sys/devices/platform/soc/soc:ethernet@2d90000/net/eth0/stormprot_current /sys/devices/platform/soc/soc:ethernet@2d90000/net/eth0/stormprot_window /sys/devices/platform/soc/soc:ethernet@2d90000/net/eth0/stormprot_delay
Anybody known how this works and activate it.
FRAMEREJ_COUNT=60
FRAMEREJ_WINDOW=10
FRAMEREJ_DELAY=500
echo $FRAMEREJ_COUNT > /sys/class/net/eth1/stormprot_count
echo $FRAMEREJ_WINDOW > /sys/class/net/eth1/stormprot_window
echo $FRAMEREJ_DELAY > /sys/class/net/eth1/stormprot_delay
Then the kernel writes this in case of a network storm, instead of a reboot
2020-07-30T13:39:15.255130+0200 kernel: kern.warn: net_ratelimit: 2540 callbacks suppressed
2020-07-30T13:39:15.255190+0200 kernel: kern.warn: br0: received packet on eth1 with own address as source address (addr:00:26:77:01:ea:7e, vlan:0)
2020-07-30T13:39:15.255199+0200 kernel: kern.warn: br0: received packet on eth1 with own address as source address (addr:00:26:77:01:ea:7e, vlan:0)
It looks like that Linux does not have similar protection.
See the following pages about flood/storm protection:
https://javapipe.com/blog/iptables-ddos-protection/
https://serverfault.com/questions/459607/tune-linux-kernel-against-syn-flood-attack
https://www.cyberciti.biz/tips/howto-limit-linux-syn-attacks.html
https://linoxide.com/firewall/snapshot-syn-flood-attack/
Have a great day,
Pavel Chubakov
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------