From: Jakub Kicinski <kuba@kernel.org>
To: Dmitry Safonov <dima@arista.com>
Cc: Eric Dumazet <edumazet@google.com>,
"David S. Miller" <davem@davemloft.net>,
Paolo Abeni <pabeni@redhat.com>,
Christian Kujau <lists@nerdbynature.de>,
Salam Noureddine <noureddine@arista.com>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
Dmitry Safonov <0x7f454c46@gmail.com>
Subject: Re: [PATCH] net/tcp: Only produce AO/MD5 logs if there are any keys
Date: Thu, 4 Jan 2024 08:58:55 -0800 [thread overview]
Message-ID: <20240104085855.4c5c5a1f@kernel.org> (raw)
In-Reply-To: <335a2669-6902-4f57-bf48-5650cbf55406@arista.com>
On Thu, 4 Jan 2024 16:42:05 +0000 Dmitry Safonov wrote:
> >> Keep silent and avoid logging when there aren't any keys in the system.
> >>
> >> Side-note: I also defined static_branch_tcp_*() helpers to avoid more
> >> ifdeffery, going to remove more ifdeffery further with their help.
> >
> > Wouldn't we be better off converting the prints to trace points.
> > The chances for hitting them due to malicious packets feels much
> > higher than dealing with a buggy implementation in the wild.
>
> Do you mean a proper stuff like in net/core/net-traces.c or just
> lowering the loglevel to net_dbg_ratelimited() [like Christian
> originally proposed], which in turns becomes runtime enabled/disabled?
I mean proper tracepoints.
> Both seem fine to me, albeit I was a bit reluctant to change it without
> a good reason as even pre- 2717b5adea9e TCP-MD5 messages were logged and
> some userspace may expect them. I guess we can try and see if anyone
> notices/complains over changes to these messages changes or not.
Hm. Perhaps we can do the conversion in net-next. Let me ping Eric :)
next prev parent reply other threads:[~2024-01-04 16:58 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-04 13:42 [PATCH] net/tcp: Only produce AO/MD5 logs if there are any keys Dmitry Safonov
2024-01-04 13:57 ` Dmitry Safonov
2024-01-04 15:57 ` Jakub Kicinski
2024-01-04 16:42 ` Dmitry Safonov
2024-01-04 16:58 ` Jakub Kicinski [this message]
2024-01-04 16:59 ` Eric Dumazet
2024-01-04 17:30 ` Dmitry Safonov
2024-01-04 17:20 ` patchwork-bot+netdevbpf
-- strict thread matches above, loose matches on Subject: below --
2024-01-06 12:11 kernel test robot
2024-01-07 11:52 ` Liu, Yujie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240104085855.4c5c5a1f@kernel.org \
--to=kuba@kernel.org \
--cc=0x7f454c46@gmail.com \
--cc=davem@davemloft.net \
--cc=dima@arista.com \
--cc=edumazet@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lists@nerdbynature.de \
--cc=netdev@vger.kernel.org \
--cc=noureddine@arista.com \
--cc=pabeni@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.