提交 88843104 编写于 作者: P Patrick McHardy 提交者: David S. Miller

netfilter 01/09: remove "happy cracking" message

Don't spam logs for locally generated short packets. these can only
be generated by root.
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 985ebdb5
...@@ -93,13 +93,8 @@ ipt_local_out_hook(unsigned int hook, ...@@ -93,13 +93,8 @@ ipt_local_out_hook(unsigned int hook,
{ {
/* root is playing with raw sockets. */ /* root is playing with raw sockets. */
if (skb->len < sizeof(struct iphdr) || if (skb->len < sizeof(struct iphdr) ||
ip_hdrlen(skb) < sizeof(struct iphdr)) { ip_hdrlen(skb) < sizeof(struct iphdr))
if (net_ratelimit())
printk("iptable_filter: ignoring short SOCK_RAW "
"packet.\n");
return NF_ACCEPT; return NF_ACCEPT;
}
return ipt_do_table(skb, hook, in, out, return ipt_do_table(skb, hook, in, out,
dev_net(out)->ipv4.iptable_filter); dev_net(out)->ipv4.iptable_filter);
} }
......
...@@ -132,12 +132,8 @@ ipt_local_hook(unsigned int hook, ...@@ -132,12 +132,8 @@ ipt_local_hook(unsigned int hook,
/* root is playing with raw sockets. */ /* root is playing with raw sockets. */
if (skb->len < sizeof(struct iphdr) if (skb->len < sizeof(struct iphdr)
|| ip_hdrlen(skb) < sizeof(struct iphdr)) { || ip_hdrlen(skb) < sizeof(struct iphdr))
if (net_ratelimit())
printk("iptable_mangle: ignoring short SOCK_RAW "
"packet.\n");
return NF_ACCEPT; return NF_ACCEPT;
}
/* Save things which could affect route */ /* Save things which could affect route */
mark = skb->mark; mark = skb->mark;
......
...@@ -65,12 +65,8 @@ ipt_local_hook(unsigned int hook, ...@@ -65,12 +65,8 @@ ipt_local_hook(unsigned int hook,
{ {
/* root is playing with raw sockets. */ /* root is playing with raw sockets. */
if (skb->len < sizeof(struct iphdr) || if (skb->len < sizeof(struct iphdr) ||
ip_hdrlen(skb) < sizeof(struct iphdr)) { ip_hdrlen(skb) < sizeof(struct iphdr))
if (net_ratelimit())
printk("iptable_raw: ignoring short SOCK_RAW "
"packet.\n");
return NF_ACCEPT; return NF_ACCEPT;
}
return ipt_do_table(skb, hook, in, out, return ipt_do_table(skb, hook, in, out,
dev_net(out)->ipv4.iptable_raw); dev_net(out)->ipv4.iptable_raw);
} }
......
...@@ -96,12 +96,8 @@ ipt_local_out_hook(unsigned int hook, ...@@ -96,12 +96,8 @@ ipt_local_out_hook(unsigned int hook,
{ {
/* Somebody is playing with raw sockets. */ /* Somebody is playing with raw sockets. */
if (skb->len < sizeof(struct iphdr) if (skb->len < sizeof(struct iphdr)
|| ip_hdrlen(skb) < sizeof(struct iphdr)) { || ip_hdrlen(skb) < sizeof(struct iphdr))
if (net_ratelimit())
printk(KERN_INFO "iptable_security: ignoring short "
"SOCK_RAW packet.\n");
return NF_ACCEPT; return NF_ACCEPT;
}
return ipt_do_table(skb, hook, in, out, return ipt_do_table(skb, hook, in, out,
dev_net(out)->ipv4.iptable_security); dev_net(out)->ipv4.iptable_security);
} }
......
...@@ -145,11 +145,8 @@ static unsigned int ipv4_conntrack_local(unsigned int hooknum, ...@@ -145,11 +145,8 @@ static unsigned int ipv4_conntrack_local(unsigned int hooknum,
{ {
/* root is playing with raw sockets. */ /* root is playing with raw sockets. */
if (skb->len < sizeof(struct iphdr) || if (skb->len < sizeof(struct iphdr) ||
ip_hdrlen(skb) < sizeof(struct iphdr)) { ip_hdrlen(skb) < sizeof(struct iphdr))
if (net_ratelimit())
printk("ipt_hook: happy cracking.\n");
return NF_ACCEPT; return NF_ACCEPT;
}
return nf_conntrack_in(dev_net(out), PF_INET, hooknum, skb); return nf_conntrack_in(dev_net(out), PF_INET, hooknum, skb);
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册