[2.6] Nonsense-messages from iptables + co.

[2.6] Nonsense-messages from iptables + co.

[Matthias Andree]

Who the heck added these unhelpful

"ipt_hook: happy cracking."

messages to iptables/mangling/connection tracking code? There are three
instances.

If the kernel has got something to say, it should be clear what the
kernel means, say, maximum <whatever> rate exceeded or something, not
such junk like this.

This is IMHO a MUST-FIX before 2.6.0.

-- 
Matthias Andree

Encrypt your mail: my GnuPG key ID is 0x052E7D95

Re: [2.6] Nonsense-messages from iptables + co.

[Patrick McHardy]

Matthias Andree wrote:

>Who the heck added these unhelpful
>
>"ipt_hook: happy cracking."
>
>messages to iptables/mangling/connection tracking code? There are three
>instances.
>
>If the kernel has got something to say, it should be clear what the
>kernel means, say, maximum <whatever> rate exceeded or something, not
>such junk like this.
>
>This is IMHO a MUST-FIX before 2.6.0.
>  
>

The bug that led to that message is already fixed. The message itself
might be stupid but is definitely not a must-fix item. Also, instead of
changing the message statistics should be added to conntrack etc. to
count unusual events instead of printing them to the console.

Best regards,
Patrick

Re: [2.6] Nonsense-messages from iptables + co.

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 1668 bytes --]

On Fri, Nov 14, 2003 at 02:20:54PM +0100, Matthias Andree wrote:
> Who the heck added these unhelpful
> 
> "ipt_hook: happy cracking."
> 
> messages to iptables/mangling/connection tracking code? There are three
> instances.

I guess it was Rusty.  The idea message is a funny way of telling you
that you are sending incomplete ip headers.  Something that is not
likely to occur unless you are trying to send corrupt packets via raw ip
sockets...

> If the kernel has got something to say, it should be clear what the
> kernel means, say, maximum <whatever> rate exceeded or something, not
> such junk like this.

There are people who do actually have fun developing linux code.  And
Rusty has a peculiar sense of humor... for further reference see the
comments like 'furniture shopping' throughout the netfilter/iptables
source code.  I sometimes wish I had the same humor like he has.

Yes, I know.  Stuff like this is not exactly useful in error messages.
I'd say it's one of the few remainders of the 2.3.x early development
time.  Like the "Rusty's brain broke" messages that have recently been
removed/replaced.

btw: *nix has a long history of funny error messages, like 'printer on
fire' or others.

> This is IMHO a MUST-FIX before 2.6.0.

It is even in 2.4.x, where it could have been fixed throughout the last
couple of years.  Nobody else has yet complained.

> Matthias Andree

-- 
- Harald Welte <laforge@gnumonks.org>               http://www.gnumonks.org/
============================================================================
Programming is like sex: One mistake and you have to support it your lifetime

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [2.6] Nonsense-messages from iptables + co.

[Tomas Szepe]

On Nov-14 2003, Fri, 14:20 +0100
Matthias Andree <matthias.andree@gmx.de> wrote:

> Who the heck added these unhelpful
> 
> "ipt_hook: happy cracking."
> 
> If the kernel has got something to say, it should be clear what the
> kernel means, say, maximum <whatever> rate exceeded or something, not
> such junk like this.

fprintf(stderr, "user lacks sense of humor, killing thread.\n");

Re: [2.6] Nonsense-messages from iptables + co.

[Valdis.Kletnieks]

[-- Attachment #1: Type: text/plain, Size: 1015 bytes --]

On Fri, 14 Nov 2003 16:10:04 +0100, Harald Welte said:
> > "ipt_hook: happy cracking."
> 
> I guess it was Rusty.  The idea message is a funny way of telling you
> that you are sending incomplete ip headers.  Something that is not
> likely to occur unless you are trying to send corrupt packets via raw ip
> sockets...

Actually, once I found the message, and saw the context, it was actually
clear and self-explanatory. It was actually the ipfilter code's fault
that it got generated in any context other than "trying to send an intentionall
busticated packet"...

> There are people who do actually have fun developing linux code.  And
> Rusty has a peculiar sense of humor... for further reference see the
> comments like 'furniture shopping' throughout the netfilter/iptables
> source code.  I sometimes wish I had the same humor like he has.

find arch/sparc* -name '*.[ch]'| xargs grep -i penguin

and then read through the files that finds (trap.c is particularly fun).

Somebody was having fun porting. ;)


[-- Attachment #2: Type: application/pgp-signature, Size: 226 bytes --]

Re: [2.6] Nonsense-messages from iptables + co.

[Maciej Soltysiak]

> > This is IMHO a MUST-FIX before 2.6.0.
>
> It is even in 2.4.x, where it could have been fixed throughout the last
> couple of years.  Nobody else has yet complained.
Well, I have noticed an increased amount of these 2 weeks ago, and I
belive it was Patrick McHardy, who found a bug that could cause these
to show, when no root process was creating any invalid packets.

AFAIK, it has been fixed in 2.6.0-test9-bk16 or around that.

The message stays though :-)

Maciej.

Re: [2.6] Nonsense-messages from iptables + co.

[Matthias Andree]

On Fri, 14 Nov 2003, Harald Welte wrote:

> On Fri, Nov 14, 2003 at 02:20:54PM +0100, Matthias Andree wrote:
> > Who the heck added these unhelpful
> > 
> > "ipt_hook: happy cracking."
> > 
> > messages to iptables/mangling/connection tracking code? There are three
> > instances.
> 
> I guess it was Rusty.  The idea message is a funny way of telling you
> that you are sending incomplete ip headers.

Am I? what's with the *_limit() function called before the printk?

> Something that is not
> likely to occur unless you are trying to send corrupt packets via raw ip
> sockets...

Not at the times when these occurred.

> > If the kernel has got something to say, it should be clear what the
> > kernel means, say, maximum <whatever> rate exceeded or something, not
> > such junk like this.
> 
> There are people who do actually have fun developing linux code.  And
> Rusty has a peculiar sense of humor... for further reference see the
> comments like 'furniture shopping' throughout the netfilter/iptables
> source code.  I sometimes wish I had the same humor like he has.
> 
> Yes, I know.  Stuff like this is not exactly useful in error messages.
> I'd say it's one of the few remainders of the 2.3.x early development
> time.  Like the "Rusty's brain broke" messages that have recently been
> removed/replaced.
> 
> btw: *nix has a long history of funny error messages, like 'printer on
> fire' or others.

I don't mind having fun developing or placing funny error messages, and
I hadn't taken that as "serious problem" message but rather as "someone
in the wild tries to cheat on us" but how do I know?  I'm a bit more
cautious with network related stuff, particular with packet filtering
and things like that. I'd suggest that the fun be put in the comments,
or that funny error messages are accompanied by a plain text explanation
in parentheses, or there is at least a "dictionary" of error messages in
the comments of the *.c files that a geek could find...

Re: [2.6] Nonsense-messages from iptables + co.

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 1068 bytes --]

On Fri, Nov 14, 2003 at 09:01:19PM +0100, Matthias Andree wrote:

> > I guess it was Rusty.  The idea message is a funny way of telling you
> > that you are sending incomplete ip headers.
> 
> Am I? what's with the *_limit() function called before the printk?

it's a generic network rate limiting function.  It prevents the same
message from being logged and logged again (and thus flooding your
syslog).

> > Something that is not likely to occur unless you are trying to send
> > corrupt packets via raw ip sockets...
> 
> Not at the times when these occurred.

there seemed to be a bug that I was unaware of, and according to other
mails in this thread it has been fixed.
 
-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]