提交 1b6cd671 编写于 作者: F Florian Westphal 提交者: Pablo Neira Ayuso

netfilter: x_tables: use pr ratelimiting in xt core

most messages are converted to info, since they occur in response to
wrong usage.

Size mismatch however is a real error (xtables ABI bug) that should not
occur.
Signed-off-by: NFlorian Westphal <fw@strlen.de>
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
上级 0cc9501f
...@@ -434,36 +434,35 @@ int xt_check_match(struct xt_mtchk_param *par, ...@@ -434,36 +434,35 @@ int xt_check_match(struct xt_mtchk_param *par,
* ebt_among is exempt from centralized matchsize checking * ebt_among is exempt from centralized matchsize checking
* because it uses a dynamic-size data set. * because it uses a dynamic-size data set.
*/ */
pr_err("%s_tables: %s.%u match: invalid size " pr_err_ratelimited("%s_tables: %s.%u match: invalid size %u (kernel) != (user) %u\n",
"%u (kernel) != (user) %u\n", xt_prefix[par->family], par->match->name,
xt_prefix[par->family], par->match->name, par->match->revision,
par->match->revision, XT_ALIGN(par->match->matchsize), size);
XT_ALIGN(par->match->matchsize), size);
return -EINVAL; return -EINVAL;
} }
if (par->match->table != NULL && if (par->match->table != NULL &&
strcmp(par->match->table, par->table) != 0) { strcmp(par->match->table, par->table) != 0) {
pr_err("%s_tables: %s match: only valid in %s table, not %s\n", pr_info_ratelimited("%s_tables: %s match: only valid in %s table, not %s\n",
xt_prefix[par->family], par->match->name, xt_prefix[par->family], par->match->name,
par->match->table, par->table); par->match->table, par->table);
return -EINVAL; return -EINVAL;
} }
if (par->match->hooks && (par->hook_mask & ~par->match->hooks) != 0) { if (par->match->hooks && (par->hook_mask & ~par->match->hooks) != 0) {
char used[64], allow[64]; char used[64], allow[64];
pr_err("%s_tables: %s match: used from hooks %s, but only " pr_info_ratelimited("%s_tables: %s match: used from hooks %s, but only valid from %s\n",
"valid from %s\n", xt_prefix[par->family], par->match->name,
xt_prefix[par->family], par->match->name, textify_hooks(used, sizeof(used),
textify_hooks(used, sizeof(used), par->hook_mask, par->hook_mask, par->family),
par->family), textify_hooks(allow, sizeof(allow),
textify_hooks(allow, sizeof(allow), par->match->hooks, par->match->hooks,
par->family)); par->family));
return -EINVAL; return -EINVAL;
} }
if (par->match->proto && (par->match->proto != proto || inv_proto)) { if (par->match->proto && (par->match->proto != proto || inv_proto)) {
pr_err("%s_tables: %s match: only valid for protocol %u\n", pr_info_ratelimited("%s_tables: %s match: only valid for protocol %u\n",
xt_prefix[par->family], par->match->name, xt_prefix[par->family], par->match->name,
par->match->proto); par->match->proto);
return -EINVAL; return -EINVAL;
} }
if (par->match->checkentry != NULL) { if (par->match->checkentry != NULL) {
...@@ -814,36 +813,35 @@ int xt_check_target(struct xt_tgchk_param *par, ...@@ -814,36 +813,35 @@ int xt_check_target(struct xt_tgchk_param *par,
int ret; int ret;
if (XT_ALIGN(par->target->targetsize) != size) { if (XT_ALIGN(par->target->targetsize) != size) {
pr_err("%s_tables: %s.%u target: invalid size " pr_err_ratelimited("%s_tables: %s.%u target: invalid size %u (kernel) != (user) %u\n",
"%u (kernel) != (user) %u\n", xt_prefix[par->family], par->target->name,
xt_prefix[par->family], par->target->name, par->target->revision,
par->target->revision, XT_ALIGN(par->target->targetsize), size);
XT_ALIGN(par->target->targetsize), size);
return -EINVAL; return -EINVAL;
} }
if (par->target->table != NULL && if (par->target->table != NULL &&
strcmp(par->target->table, par->table) != 0) { strcmp(par->target->table, par->table) != 0) {
pr_err("%s_tables: %s target: only valid in %s table, not %s\n", pr_info_ratelimited("%s_tables: %s target: only valid in %s table, not %s\n",
xt_prefix[par->family], par->target->name, xt_prefix[par->family], par->target->name,
par->target->table, par->table); par->target->table, par->table);
return -EINVAL; return -EINVAL;
} }
if (par->target->hooks && (par->hook_mask & ~par->target->hooks) != 0) { if (par->target->hooks && (par->hook_mask & ~par->target->hooks) != 0) {
char used[64], allow[64]; char used[64], allow[64];
pr_err("%s_tables: %s target: used from hooks %s, but only " pr_info_ratelimited("%s_tables: %s target: used from hooks %s, but only usable from %s\n",
"usable from %s\n", xt_prefix[par->family], par->target->name,
xt_prefix[par->family], par->target->name, textify_hooks(used, sizeof(used),
textify_hooks(used, sizeof(used), par->hook_mask, par->hook_mask, par->family),
par->family), textify_hooks(allow, sizeof(allow),
textify_hooks(allow, sizeof(allow), par->target->hooks, par->target->hooks,
par->family)); par->family));
return -EINVAL; return -EINVAL;
} }
if (par->target->proto && (par->target->proto != proto || inv_proto)) { if (par->target->proto && (par->target->proto != proto || inv_proto)) {
pr_err("%s_tables: %s target: only valid for protocol %u\n", pr_info_ratelimited("%s_tables: %s target: only valid for protocol %u\n",
xt_prefix[par->family], par->target->name, xt_prefix[par->family], par->target->name,
par->target->proto); par->target->proto);
return -EINVAL; return -EINVAL;
} }
if (par->target->checkentry != NULL) { if (par->target->checkentry != NULL) {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册
新手
引导
客服 返回
顶部