Re: [PATCH] net: Remove a noisy printk

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Rusty Russell <rusty@rustcorp.com.au>
Cc: Dave Jones <davej@redhat.com>,
	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
	Jan Engelhardt <jengelh@medozas.de>,
	David Miller <davem@davemloft.net>,
	ajax@redhat.com, linux-kernel@vger.kernel.org,
	netdev@vger.kernel.org, netfilter-devel@vger.kernel.org
Subject: Re: [PATCH] net: Remove a noisy printk
Date: Mon, 12 Jan 2009 06:02:48 +0100	[thread overview]
Message-ID: <496ACEF8.2030605@trash.net> (raw)
In-Reply-To: <200812191151.55607.rusty@rustcorp.com.au>

[-- Attachment #1: Type: text/plain, Size: 954 bytes --]

Rusty Russell wrote:
> On Monday 15 December 2008 06:33:53 Dave Jones wrote:
>> On Sun, Dec 14, 2008 at 06:09:17PM +0100, Jozsef Kadlecsik wrote:
>>  > In a >normal< system one usually does not use raw sockets. So if a root 
>>  > process do use raw socket, at least netfilter sends a notification and 
>>  > there's a chance that someone take notice it by checking the kernel logs.
>>
>> 'normal' systems are irrelevant here. This message is triggerable remotely.
> 
> I don't think it can be.  This is for truncated locally-generated outgoing
> packets, which can only happen when root is playing with raw sockets.

Yes, it can only be triggered locally by root.

> As you can probably tell, I was the one who wrote this printk :)  IMHO,
> one reasonable complaint is sufficient to have it removed, so just remove
> it.  If anyone thinks it's valuable, put a static counter < 5 around it
> and add pid/comm info.

I've queued this patch to remove it.


[-- Attachment #2: 01.diff --]
[-- Type: text/x-patch, Size: 3605 bytes --]

commit ea1926cabd0076846119a7e10f29070907fc296c
Author: Patrick McHardy <kaber@trash.net>
Date:   Mon Jan 12 06:01:48 2009 +0100

    netfilter: remove "happy cracking" message
    
    Don't spam logs for locally generated short packets. these can only
    be generated by root.
    
    Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c
index c922431..52cb693 100644
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -93,13 +93,8 @@ ipt_local_out_hook(unsigned int hook,
 {
 	/* root is playing with raw sockets. */
 	if (skb->len < sizeof(struct iphdr) ||
-	    ip_hdrlen(skb) < sizeof(struct iphdr)) {
-		if (net_ratelimit())
-			printk("iptable_filter: ignoring short SOCK_RAW "
-			       "packet.\n");
+	    ip_hdrlen(skb) < sizeof(struct iphdr))
 		return NF_ACCEPT;
-	}
-
 	return ipt_do_table(skb, hook, in, out,
 			    dev_net(out)->ipv4.iptable_filter);
 }
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index 69f2c42..3929d20 100644
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -132,12 +132,8 @@ ipt_local_hook(unsigned int hook,
 
 	/* root is playing with raw sockets. */
 	if (skb->len < sizeof(struct iphdr)
-	    || ip_hdrlen(skb) < sizeof(struct iphdr)) {
-		if (net_ratelimit())
-			printk("iptable_mangle: ignoring short SOCK_RAW "
-			       "packet.\n");
+	    || ip_hdrlen(skb) < sizeof(struct iphdr))
 		return NF_ACCEPT;
-	}
 
 	/* Save things which could affect route */
 	mark = skb->mark;
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c
index 8faebfe..7f65d18 100644
--- a/net/ipv4/netfilter/iptable_raw.c
+++ b/net/ipv4/netfilter/iptable_raw.c
@@ -65,12 +65,8 @@ ipt_local_hook(unsigned int hook,
 {
 	/* root is playing with raw sockets. */
 	if (skb->len < sizeof(struct iphdr) ||
-	    ip_hdrlen(skb) < sizeof(struct iphdr)) {
-		if (net_ratelimit())
-			printk("iptable_raw: ignoring short SOCK_RAW "
-			       "packet.\n");
+	    ip_hdrlen(skb) < sizeof(struct iphdr))
 		return NF_ACCEPT;
-	}
 	return ipt_do_table(skb, hook, in, out,
 			    dev_net(out)->ipv4.iptable_raw);
 }
diff --git a/net/ipv4/netfilter/iptable_security.c b/net/ipv4/netfilter/iptable_security.c
index 36f3be3..a52a35f 100644
--- a/net/ipv4/netfilter/iptable_security.c
+++ b/net/ipv4/netfilter/iptable_security.c
@@ -96,12 +96,8 @@ ipt_local_out_hook(unsigned int hook,
 {
 	/* Somebody is playing with raw sockets. */
 	if (skb->len < sizeof(struct iphdr)
-	    || ip_hdrlen(skb) < sizeof(struct iphdr)) {
-		if (net_ratelimit())
-			printk(KERN_INFO "iptable_security: ignoring short "
-			       "SOCK_RAW packet.\n");
+	    || ip_hdrlen(skb) < sizeof(struct iphdr))
 		return NF_ACCEPT;
-	}
 	return ipt_do_table(skb, hook, in, out,
 			    dev_net(out)->ipv4.iptable_security);
 }
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index b2141e1..4beb04f 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -145,11 +145,8 @@ static unsigned int ipv4_conntrack_local(unsigned int hooknum,
 {
 	/* root is playing with raw sockets. */
 	if (skb->len < sizeof(struct iphdr) ||
-	    ip_hdrlen(skb) < sizeof(struct iphdr)) {
-		if (net_ratelimit())
-			printk("ipt_hook: happy cracking.\n");
+	    ip_hdrlen(skb) < sizeof(struct iphdr))
 		return NF_ACCEPT;
-	}
 	return nf_conntrack_in(dev_net(out), PF_INET, hooknum, skb);
 }

     prev parent reply	other threads:[~2009-01-12  5:03 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <1229033625-30825-1-git-send-email-ajax@redhat.com>
2008-12-12  4:32 ` [PATCH] net: Remove a noisy printk David Miller
2008-12-13 22:13   ` Jan Engelhardt
2008-12-14 17:09     ` Jozsef Kadlecsik
2008-12-14 18:06       ` Jan Engelhardt
2008-12-14 20:15         ` Jozsef Kadlecsik
2008-12-15 12:23           ` Patrick McHardy
2008-12-15 13:25             ` Jozsef Kadlecsik
2008-12-15 13:32               ` Patrick McHardy
2008-12-14 20:03       ` Dave Jones
2008-12-16 19:59         ` Jozsef Kadlecsik
2008-12-16 20:03           ` Jan Engelhardt
2008-12-16 20:00         ` Jan Engelhardt
2008-12-17  8:26           ` Jozsef Kadlecsik
2008-12-19  1:21         ` Rusty Russell
2009-01-12  5:02           ` Patrick McHardy [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c922431 dfblob:52cb693 dfblob:69f2c42 dfblob:3929d20
dfblob:8faebfe dfblob:7f65d18 dfblob:36f3be3 dfblob:a52a35f
dfblob:b2141e1 dfblob:4beb04f )
 OR (
bs:"Re: [PATCH] net: Remove a noisy printk" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=496ACEF8.2030605@trash.net \
    --to=kaber@trash.net \
    --cc=ajax@redhat.com \
    --cc=davej@redhat.com \
    --cc=davem@davemloft.net \
    --cc=jengelh@medozas.de \
    --cc=kadlec@blackhole.kfki.hu \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=rusty@rustcorp.com.au \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).