Patchwork [1/5] netfilter: nf_conntrack: remove net_ratelimit() for LOG_INVALID()

login
register
mail settings
Submitter Patrick McHardy
Date July 28, 2013, 8:54 p.m.
Message ID <1375044851-12471-2-git-send-email-kaber@trash.net>
Download mbox | patch
Permalink /patch/262621/
State Accepted
Headers show

Comments

Patrick McHardy - July 28, 2013, 8:54 p.m.
Logging of invalid packets has to be explicitly enabled. Rate-limiting these
messages is inconsistent with other netfilter logging features and makes
debugging harder.

Signed-off-by: Patrick McHardy <kaber@trash.net>
---
 include/net/netfilter/nf_conntrack_l4proto.h | 7 -------
 1 file changed, 7 deletions(-)
Pablo Neira - July 31, 2013, 4:53 p.m.
On Sun, Jul 28, 2013 at 10:54:07PM +0200, Patrick McHardy wrote:
> Logging of invalid packets has to be explicitly enabled. Rate-limiting these
> messages is inconsistent with other netfilter logging features and makes
> debugging harder.

Applied, thanks Patrick!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/include/net/netfilter/nf_conntrack_l4proto.h b/include/net/netfilter/nf_conntrack_l4proto.h
index 914d8d9..b411d7b 100644
--- a/include/net/netfilter/nf_conntrack_l4proto.h
+++ b/include/net/netfilter/nf_conntrack_l4proto.h
@@ -148,17 +148,10 @@  extern int nf_ct_port_nlattr_tuple_size(void);
 extern const struct nla_policy nf_ct_port_nla_policy[];
 
 #ifdef CONFIG_SYSCTL
-#ifdef DEBUG_INVALID_PACKETS
 #define LOG_INVALID(net, proto)				\
 	((net)->ct.sysctl_log_invalid == (proto) ||	\
 	 (net)->ct.sysctl_log_invalid == IPPROTO_RAW)
 #else
-#define LOG_INVALID(net, proto)				\
-	(((net)->ct.sysctl_log_invalid == (proto) ||	\
-	  (net)->ct.sysctl_log_invalid == IPPROTO_RAW)	\
-	 && net_ratelimit())
-#endif
-#else
 static inline int LOG_INVALID(struct net *net, int proto) { return 0; }
 #endif /* CONFIG_SYSCTL */