* [PATCH 0/2] fix invalid packet logging for icmpv6 conntrack @ 2009-01-29 20:36 Eric Leblond 2009-01-29 20:36 ` [PATCH 1/2] netfilter: fix nf_log_packet message in " Eric Leblond 2009-01-29 20:36 ` [PATCH 2/2] netfilter: log invalid new icmpv6 packet with nf_log_packet() Eric Leblond 0 siblings, 2 replies; 8+ messages in thread From: Eric Leblond @ 2009-01-29 20:36 UTC (permalink / raw) To: netfilter-devel Hi, This small patchset fixes a small issue with a nf_log_packet() message which was badly formatted and adds a message for invalid new icmpv6 packet. Patchset statistic: net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 9 +++++++-- 1 files changed, 7 insertions(+), 2 deletions(-) BR, -- Eric Leblond <eric@inl.fr> INL: http://www.inl.fr/ NuFW: http://www.nufw.org/ EdenWall: http://www.edenwall.com/ ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/2] netfilter: fix nf_log_packet message in icmpv6 conntrack. 2009-01-29 20:36 [PATCH 0/2] fix invalid packet logging for icmpv6 conntrack Eric Leblond @ 2009-01-29 20:36 ` Eric Leblond 2009-02-09 17:15 ` Patrick McHardy 2009-01-29 20:36 ` [PATCH 2/2] netfilter: log invalid new icmpv6 packet with nf_log_packet() Eric Leblond 1 sibling, 1 reply; 8+ messages in thread From: Eric Leblond @ 2009-01-29 20:36 UTC (permalink / raw) To: netfilter-devel; +Cc: Eric Leblond This patch fixes a trivial typo that was adding a new line at end of the nf_log_packet() prefix. It also make the logging conditionnal by adding a LOG_INVALID test. Signed-off-by: Eric Leblond <eric@inl.fr> --- net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c index c323643..72dbb6d 100644 --- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c +++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c @@ -201,8 +201,9 @@ icmpv6_error(struct net *net, struct sk_buff *skb, unsigned int dataoff, if (net->ct.sysctl_checksum && hooknum == NF_INET_PRE_ROUTING && nf_ip6_checksum(skb, hooknum, dataoff, IPPROTO_ICMPV6)) { - nf_log_packet(PF_INET6, 0, skb, NULL, NULL, NULL, - "nf_ct_icmpv6: ICMPv6 checksum failed\n"); + if (LOG_INVALID(net, IPPROTO_ICMPV6)) + nf_log_packet(PF_INET6, 0, skb, NULL, NULL, NULL, + "nf_ct_icmpv6: ICMPv6 checksum failed "); return -NF_ACCEPT; } -- 1.5.6.3 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 1/2] netfilter: fix nf_log_packet message in icmpv6 conntrack. 2009-01-29 20:36 ` [PATCH 1/2] netfilter: fix nf_log_packet message in " Eric Leblond @ 2009-02-09 17:15 ` Patrick McHardy 0 siblings, 0 replies; 8+ messages in thread From: Patrick McHardy @ 2009-02-09 17:15 UTC (permalink / raw) To: Eric Leblond; +Cc: netfilter-devel Eric Leblond wrote: > This patch fixes a trivial typo that was adding a new line at end of > the nf_log_packet() prefix. It also make the logging conditionnal by > adding a LOG_INVALID test. Applied, thanks Eric. ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 2/2] netfilter: log invalid new icmpv6 packet with nf_log_packet(). 2009-01-29 20:36 [PATCH 0/2] fix invalid packet logging for icmpv6 conntrack Eric Leblond 2009-01-29 20:36 ` [PATCH 1/2] netfilter: fix nf_log_packet message in " Eric Leblond @ 2009-01-29 20:36 ` Eric Leblond 2009-01-29 20:47 ` Alexey Dobriyan 1 sibling, 1 reply; 8+ messages in thread From: Eric Leblond @ 2009-01-29 20:36 UTC (permalink / raw) To: netfilter-devel; +Cc: Eric Leblond This patch adds a logging message for invalid new icmpv6 packet. Signed-off-by: Eric Leblond <eric@inl.fr> --- net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c index 72dbb6d..8b7059b 100644 --- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c +++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c @@ -126,6 +126,10 @@ static bool icmpv6_new(struct nf_conn *ct, const struct sk_buff *skb, pr_debug("icmpv6: can't create new conn with type %u\n", type + 128); nf_ct_dump_tuple_ipv6(&ct->tuplehash[0].tuple); + if (LOG_INVALID(&init_net, IPPROTO_ICMPV6)) + nf_log_packet(PF_INET6, 0, skb, NULL, NULL, NULL, + "nf_ct_icmpv6: invalid new with type %d ", + type + 128); return false; } atomic_set(&ct->proto.icmp.count, 0); -- 1.5.6.3 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] netfilter: log invalid new icmpv6 packet with nf_log_packet(). 2009-01-29 20:36 ` [PATCH 2/2] netfilter: log invalid new icmpv6 packet with nf_log_packet() Eric Leblond @ 2009-01-29 20:47 ` Alexey Dobriyan 2009-01-29 20:57 ` Eric Leblond 0 siblings, 1 reply; 8+ messages in thread From: Alexey Dobriyan @ 2009-01-29 20:47 UTC (permalink / raw) To: Eric Leblond; +Cc: netfilter-devel On Thu, Jan 29, 2009 at 09:36:22PM +0100, Eric Leblond wrote: > --- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c > +++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c > @@ -126,6 +126,10 @@ static bool icmpv6_new(struct nf_conn *ct, const struct sk_buff *skb, > pr_debug("icmpv6: can't create new conn with type %u\n", > type + 128); > nf_ct_dump_tuple_ipv6(&ct->tuplehash[0].tuple); > + if (LOG_INVALID(&init_net, IPPROTO_ICMPV6)) netns is nf_ct_net(ct) at this point, not &init_net. > + nf_log_packet(PF_INET6, 0, skb, NULL, NULL, NULL, > + "nf_ct_icmpv6: invalid new with type %d ", > + type + 128); ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] netfilter: log invalid new icmpv6 packet with nf_log_packet(). 2009-01-29 20:47 ` Alexey Dobriyan @ 2009-01-29 20:57 ` Eric Leblond 2009-01-29 20:59 ` [PATCH] " Eric Leblond 0 siblings, 1 reply; 8+ messages in thread From: Eric Leblond @ 2009-01-29 20:57 UTC (permalink / raw) To: Alexey Dobriyan; +Cc: netfilter-devel Hi, Alexey Dobriyan a écrit : > On Thu, Jan 29, 2009 at 09:36:22PM +0100, Eric Leblond wrote: >> --- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c >> +++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c >> @@ -126,6 +126,10 @@ static bool icmpv6_new(struct nf_conn *ct, const struct sk_buff *skb, >> pr_debug("icmpv6: can't create new conn with type %u\n", >> type + 128); >> nf_ct_dump_tuple_ipv6(&ct->tuplehash[0].tuple); >> + if (LOG_INVALID(&init_net, IPPROTO_ICMPV6)) > > netns is nf_ct_net(ct) at this point, not &init_net. Thanks a lot, updated patch to follow. BR, -- Eric Leblond <eric@inl.fr> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH] netfilter: log invalid new icmpv6 packet with nf_log_packet(). 2009-01-29 20:57 ` Eric Leblond @ 2009-01-29 20:59 ` Eric Leblond 2009-02-09 17:17 ` Patrick McHardy 0 siblings, 1 reply; 8+ messages in thread From: Eric Leblond @ 2009-01-29 20:59 UTC (permalink / raw) To: netfilter-devel; +Cc: Eric Leblond This patch adds a logging message for invalid new icmpv6 packet. Signed-off-by: Eric Leblond <eric@inl.fr> --- net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c index 72dbb6d..41b8a95 100644 --- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c +++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c @@ -126,6 +126,10 @@ static bool icmpv6_new(struct nf_conn *ct, const struct sk_buff *skb, pr_debug("icmpv6: can't create new conn with type %u\n", type + 128); nf_ct_dump_tuple_ipv6(&ct->tuplehash[0].tuple); + if (LOG_INVALID(nf_ct_net(ct), IPPROTO_ICMPV6)) + nf_log_packet(PF_INET6, 0, skb, NULL, NULL, NULL, + "nf_ct_icmpv6: invalid new with type %d ", + type + 128); return false; } atomic_set(&ct->proto.icmp.count, 0); -- 1.5.6.3 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] netfilter: log invalid new icmpv6 packet with nf_log_packet(). 2009-01-29 20:59 ` [PATCH] " Eric Leblond @ 2009-02-09 17:17 ` Patrick McHardy 0 siblings, 0 replies; 8+ messages in thread From: Patrick McHardy @ 2009-02-09 17:17 UTC (permalink / raw) To: Eric Leblond; +Cc: netfilter-devel Eric Leblond wrote: > This patch adds a logging message for invalid new icmpv6 packet. I've queued this one for 2.6.30 since its not really a fix. Thanks. ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2009-02-09 17:17 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2009-01-29 20:36 [PATCH 0/2] fix invalid packet logging for icmpv6 conntrack Eric Leblond 2009-01-29 20:36 ` [PATCH 1/2] netfilter: fix nf_log_packet message in " Eric Leblond 2009-02-09 17:15 ` Patrick McHardy 2009-01-29 20:36 ` [PATCH 2/2] netfilter: log invalid new icmpv6 packet with nf_log_packet() Eric Leblond 2009-01-29 20:47 ` Alexey Dobriyan 2009-01-29 20:57 ` Eric Leblond 2009-01-29 20:59 ` [PATCH] " Eric Leblond 2009-02-09 17:17 ` Patrick McHardy
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).