diff mbox

[net] netfilter: only warn once on wrong seqadj usage

Message ID 20140104130944.28481.30891.stgit@dragon
State Accepted
Headers show

Commit Message

Jesper Dangaard Brouer Jan. 4, 2014, 1:10 p.m. UTC 
Avoid potentially spamming the kernel log with WARN splash messages
when catching wrong usage of seqadj, by simply using WARN_ONCE.

This is a followup to commit db12cf274353 (netfilter: WARN about
wrong usage of sequence number adjustments)

Suggested-by: Flavio Leitner <fbl@redhat.com>
Suggested-by: Daniel Borkmann <dborkman@redhat.com>
Suggested-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
---
Nitpick found by internal RedHat review process ;-)

 net/netfilter/nf_conntrack_seqadj.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Patrick McHardy Jan. 4, 2014, 1:16 p.m. UTC | #1 
On Sat, Jan 04, 2014 at 02:10:43PM +0100, Jesper Dangaard Brouer wrote:
> Avoid potentially spamming the kernel log with WARN splash messages
> when catching wrong usage of seqadj, by simply using WARN_ONCE.
> 
> This is a followup to commit db12cf274353 (netfilter: WARN about
> wrong usage of sequence number adjustments)
> 
> Suggested-by: Flavio Leitner <fbl@redhat.com>
> Suggested-by: Daniel Borkmann <dborkman@redhat.com>
> Suggested-by: Florian Westphal <fw@strlen.de>
> Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
> ---
> Nitpick found by internal RedHat review process ;-)
> 
>  net/netfilter/nf_conntrack_seqadj.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/net/netfilter/nf_conntrack_seqadj.c b/net/netfilter/nf_conntrack_seqadj.c
> index b2d38da..f6e2ae9 100644
> --- a/net/netfilter/nf_conntrack_seqadj.c
> +++ b/net/netfilter/nf_conntrack_seqadj.c
> @@ -37,7 +37,7 @@ int nf_ct_seqadj_set(struct nf_conn *ct, enum ip_conntrack_info ctinfo,
>  		return 0;
>  
>  	if (unlikely(!seqadj)) {
> -		WARN(1, "Wrong seqadj usage, missing nfct_seqadj_ext_add()\n");
> +		WARN_ONCE(1, "Missing nfct_seqadj_ext_add() setup call\n");
>  		return 0;

I missed the patch that added the WARN. Since when do we add runtime checks
for API misuse instead of simply letting it crash?

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Jesper Dangaard Brouer Jan. 6, 2014, 7:32 a.m. UTC | #2 
On Sat, 4 Jan 2014 13:16:48 +0000
Patrick McHardy <kaber@trash.net> wrote:

> On Sat, Jan 04, 2014 at 02:10:43PM +0100, Jesper Dangaard Brouer wrote:
> > Avoid potentially spamming the kernel log with WARN splash messages
> > when catching wrong usage of seqadj, by simply using WARN_ONCE.
> > 
> > This is a followup to commit db12cf274353 (netfilter: WARN about
> > wrong usage of sequence number adjustments)
> > 
> > Suggested-by: Flavio Leitner <fbl@redhat.com>
> > Suggested-by: Daniel Borkmann <dborkman@redhat.com>
> > Suggested-by: Florian Westphal <fw@strlen.de>
> > Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
> > ---
> > Nitpick found by internal RedHat review process ;-)
> > 
> >  net/netfilter/nf_conntrack_seqadj.c |    2 +-
> >  1 files changed, 1 insertions(+), 1 deletions(-)
> > 
> > diff --git a/net/netfilter/nf_conntrack_seqadj.c b/net/netfilter/nf_conntrack_seqadj.c
> > index b2d38da..f6e2ae9 100644
> > --- a/net/netfilter/nf_conntrack_seqadj.c
> > +++ b/net/netfilter/nf_conntrack_seqadj.c
> > @@ -37,7 +37,7 @@ int nf_ct_seqadj_set(struct nf_conn *ct, enum ip_conntrack_info ctinfo,
> >  		return 0;
> >  
> >  	if (unlikely(!seqadj)) {
> > -		WARN(1, "Wrong seqadj usage, missing nfct_seqadj_ext_add()\n");
> > +		WARN_ONCE(1, "Missing nfct_seqadj_ext_add() setup call\n");
> >  		return 0;
> 
> I missed the patch that added the WARN. Since when do we add runtime checks
> for API misuse instead of simply letting it crash?

We changed an existing API which broke IPVS. And I think we still have
a use-case in IPVS, which can hit this case/bug, thus I added a stack
dump warning (instead of crashing), so I can catch this use-case and
fix it later.
Pablo Neira Ayuso Jan. 6, 2014, 1:23 p.m. UTC | #3 
On Sat, Jan 04, 2014 at 02:10:43PM +0100, Jesper Dangaard Brouer wrote:
> Avoid potentially spamming the kernel log with WARN splash messages
> when catching wrong usage of seqadj, by simply using WARN_ONCE.
> 
> This is a followup to commit db12cf274353 (netfilter: WARN about
> wrong usage of sequence number adjustments)
> 
> Suggested-by: Flavio Leitner <fbl@redhat.com>
> Suggested-by: Daniel Borkmann <dborkman@redhat.com>
> Suggested-by: Florian Westphal <fw@strlen.de>
> Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>

Applied, thanks Jesper.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/net/netfilter/nf_conntrack_seqadj.c b/net/netfilter/nf_conntrack_seqadj.c
index b2d38da..f6e2ae9 100644
--- a/net/netfilter/nf_conntrack_seqadj.c
+++ b/net/netfilter/nf_conntrack_seqadj.c
@@ -37,7 +37,7 @@  int nf_ct_seqadj_set(struct nf_conn *ct, enum ip_conntrack_info ctinfo,
 		return 0;
 
 	if (unlikely(!seqadj)) {
-		WARN(1, "Wrong seqadj usage, missing nfct_seqadj_ext_add()\n");
+		WARN_ONCE(1, "Missing nfct_seqadj_ext_add() setup call\n");
 		return 0;
 	}