{"id":805713,"url":"http://patchwork.ozlabs.org/api/1.2/patches/805713/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/20170825005941.8773-1-fw@strlen.de/","project":{"id":26,"url":"http://patchwork.ozlabs.org/api/1.2/projects/26/?format=json","name":"Netfilter Development","link_name":"netfilter-devel","list_id":"netfilter-devel.vger.kernel.org","list_email":"netfilter-devel@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20170825005941.8773-1-fw@strlen.de>","list_archive_url":null,"date":"2017-08-25T00:59:41","name":"[nf-next] netfilter: conntrack: don't log \"invalid\" icmpv6 connections","commit_ref":null,"pull_url":null,"state":"accepted","archived":false,"hash":"d60eebeb2512dd7b7a4ae483f76cca07a16ff0eb","submitter":{"id":1025,"url":"http://patchwork.ozlabs.org/api/1.2/people/1025/?format=json","name":"Florian Westphal","email":"fw@strlen.de"},"delegate":{"id":6139,"url":"http://patchwork.ozlabs.org/api/1.2/users/6139/?format=json","username":"pablo","first_name":"Pablo","last_name":"Neira","email":"pablo@netfilter.org"},"mbox":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/20170825005941.8773-1-fw@strlen.de/mbox/","series":[],"comments":"http://patchwork.ozlabs.org/api/patches/805713/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/805713/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netfilter-devel-owner@vger.kernel.org;\n\treceiver=)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xdjVP0VjSz9t3m\n\tfor ;\n\tFri, 25 Aug 2017 10:59:25 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1753838AbdHYA7Y (ORCPT );\n\tThu, 24 Aug 2017 20:59:24 -0400","from Chamillionaire.breakpoint.cc ([146.0.238.67]:38486 \"EHLO\n\tChamillionaire.breakpoint.cc\" rhost-flags-OK-OK-OK-OK)\n\tby vger.kernel.org with ESMTP id S1753456AbdHYA7X (ORCPT\n\t);\n\tThu, 24 Aug 2017 20:59:23 -0400","from fw by Chamillionaire.breakpoint.cc with local (Exim 4.84_2)\n\t(envelope-from )\n\tid 1dl2vX-0003B6-TL; Fri, 25 Aug 2017 02:56:48 +0200"],"From":"Florian Westphal ","To":"","Cc":"Florian Westphal ","Subject":"[PATCH nf-next] netfilter: conntrack: don't log \"invalid\" icmpv6\n\tconnections","Date":"Fri, 25 Aug 2017 02:59:41 +0200","Message-Id":"<20170825005941.8773-1-fw@strlen.de>","X-Mailer":"git-send-email 2.13.0","Sender":"netfilter-devel-owner@vger.kernel.org","Precedence":"bulk","List-ID":"","X-Mailing-List":"netfilter-devel@vger.kernel.org"},"content":"When enabling logging for invalid connections we currently also log most\nicmpv6 types, which we don't track intentionally (e.g. neigh discovery).\n\"invalid\" should really mean \"invalid\", i.e. short header or bad checksum.\n\nWe don't do any logging for icmp(v4) either, its just useless noise.\n\nSigned-off-by: Florian Westphal \n---\n net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 5 -----\n 1 file changed, 5 deletions(-)","diff":"diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c\nindex 413c4a0093da..0ce826d8ebff 100644\n--- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c\n+++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c\n@@ -130,11 +130,6 @@ static bool icmpv6_new(struct nf_conn *ct, const struct sk_buff *skb,\n \t\tpr_debug(\"icmpv6: can't create new conn with type %u\\n\",\n \t\t\t type + 128);\n \t\tnf_ct_dump_tuple_ipv6(&ct->tuplehash[0].tuple);\n-\t\tif (LOG_INVALID(nf_ct_net(ct), IPPROTO_ICMPV6))\n-\t\t\tnf_log_packet(nf_ct_net(ct), PF_INET6, 0, skb, NULL,\n-\t\t\t\t NULL, NULL,\n-\t\t\t\t \"nf_ct_icmpv6: invalid new with type %d \",\n-\t\t\t\t type + 128);\n \t\treturn false;\n \t}\n \treturn true;\n","prefixes":["nf-next"]}