adulau/aha
1
0
Fork 0
mirror of https://github.com/adulau/aha.git synced 2025-01-01 13:46:24 +00:00
Code Issues Projects Releases Packages Wiki Activity

netfilter 01/09: remove "happy cracking" message

Browse source 
Don't spam logs for locally generated short packets. these can only
be generated by root.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Patrick McHardy 2009-01-12 00:06:00 +00:00 committed by David S. Miller
parent 985ebdb5ed
commit 88843104a1
5 changed files with 5 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
net/ipv4/netfilter/iptable_filter.c
View file

@ -93,13 +93,8 @@ ipt_local_out_hook(unsigned int hook,
{ {
/* root is playing with raw sockets. */ /* root is playing with raw sockets. */
if (skb->len < sizeof(struct iphdr) || if (skb->len < sizeof(struct iphdr) ||
ip_hdrlen(skb) < sizeof(struct iphdr)) { ip_hdrlen(skb) < sizeof(struct iphdr))
if (net_ratelimit())
printk("iptable_filter: ignoring short SOCK_RAW "
"packet.\n");
return NF_ACCEPT; return NF_ACCEPT;
}
return ipt_do_table(skb, hook, in, out, return ipt_do_table(skb, hook, in, out,
dev_net(out)->ipv4.iptable_filter); dev_net(out)->ipv4.iptable_filter);
} }

6
net/ipv4/netfilter/iptable_mangle.c
View file

@ -132,12 +132,8 @@ ipt_local_hook(unsigned int hook,
/* root is playing with raw sockets. */ /* root is playing with raw sockets. */
if (skb->len < sizeof(struct iphdr) if (skb->len < sizeof(struct iphdr)
|| ip_hdrlen(skb) < sizeof(struct iphdr)) { || ip_hdrlen(skb) < sizeof(struct iphdr))
if (net_ratelimit())
printk("iptable_mangle: ignoring short SOCK_RAW "
"packet.\n");
return NF_ACCEPT; return NF_ACCEPT;
}
/* Save things which could affect route */ /* Save things which could affect route */
mark = skb->mark; mark = skb->mark;

6
net/ipv4/netfilter/iptable_raw.c
View file

@ -65,12 +65,8 @@ ipt_local_hook(unsigned int hook,
{ {
/* root is playing with raw sockets. */ /* root is playing with raw sockets. */
if (skb->len < sizeof(struct iphdr) || if (skb->len < sizeof(struct iphdr) ||
ip_hdrlen(skb) < sizeof(struct iphdr)) { ip_hdrlen(skb) < sizeof(struct iphdr))
if (net_ratelimit())
printk("iptable_raw: ignoring short SOCK_RAW "
"packet.\n");
return NF_ACCEPT; return NF_ACCEPT;
}
return ipt_do_table(skb, hook, in, out, return ipt_do_table(skb, hook, in, out,
dev_net(out)->ipv4.iptable_raw); dev_net(out)->ipv4.iptable_raw);
} }

6
net/ipv4/netfilter/iptable_security.c
View file

@ -96,12 +96,8 @@ ipt_local_out_hook(unsigned int hook,
{ {
/* Somebody is playing with raw sockets. */ /* Somebody is playing with raw sockets. */
if (skb->len < sizeof(struct iphdr) if (skb->len < sizeof(struct iphdr)
|| ip_hdrlen(skb) < sizeof(struct iphdr)) { || ip_hdrlen(skb) < sizeof(struct iphdr))
if (net_ratelimit())
printk(KERN_INFO "iptable_security: ignoring short "
"SOCK_RAW packet.\n");
return NF_ACCEPT; return NF_ACCEPT;
}
return ipt_do_table(skb, hook, in, out, return ipt_do_table(skb, hook, in, out,
dev_net(out)->ipv4.iptable_security); dev_net(out)->ipv4.iptable_security);
} }

5
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
View file

@ -145,11 +145,8 @@ static unsigned int ipv4_conntrack_local(unsigned int hooknum,
{ {
/* root is playing with raw sockets. */ /* root is playing with raw sockets. */
if (skb->len < sizeof(struct iphdr) || if (skb->len < sizeof(struct iphdr) ||
ip_hdrlen(skb) < sizeof(struct iphdr)) { ip_hdrlen(skb) < sizeof(struct iphdr))
if (net_ratelimit())
printk("ipt_hook: happy cracking.\n");
return NF_ACCEPT; return NF_ACCEPT;
}
return nf_conntrack_in(dev_net(out), PF_INET, hooknum, skb); return nf_conntrack_in(dev_net(out), PF_INET, hooknum, skb);
} }