{"id":809442,"url":"http://patchwork.ozlabs.org/api/1.2/patches/809442/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/1504478574-13281-9-git-send-email-pablo@netfilter.org/","project":{"id":26,"url":"http://patchwork.ozlabs.org/api/1.2/projects/26/?format=json","name":"Netfilter Development","link_name":"netfilter-devel","list_id":"netfilter-devel.vger.kernel.org","list_email":"netfilter-devel@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<1504478574-13281-9-git-send-email-pablo@netfilter.org>","list_archive_url":null,"date":"2017-09-03T22:42:51","name":"[44/47] netfilter: conntrack: don't log \"invalid\" icmpv6 connections","commit_ref":null,"pull_url":null,"state":"accepted","archived":false,"hash":"d60eebeb2512dd7b7a4ae483f76cca07a16ff0eb","submitter":{"id":1315,"url":"http://patchwork.ozlabs.org/api/1.2/people/1315/?format=json","name":"Pablo Neira Ayuso","email":"pablo@netfilter.org"},"delegate":{"id":6139,"url":"http://patchwork.ozlabs.org/api/1.2/users/6139/?format=json","username":"pablo","first_name":"Pablo","last_name":"Neira","email":"pablo@netfilter.org"},"mbox":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/1504478574-13281-9-git-send-email-pablo@netfilter.org/mbox/","series":[{"id":1282,"url":"http://patchwork.ozlabs.org/api/1.2/series/1282/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=1282","date":"2017-09-03T22:40:11","name":null,"version":1,"mbox":"http://patchwork.ozlabs.org/series/1282/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/809442/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/809442/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netfilter-devel-owner@vger.kernel.org;\n\treceiver=)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xlp0r5WlYz9s06\n\tfor ;\n\tMon, 4 Sep 2017 08:43:24 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1753519AbdICWnX (ORCPT );\n\tSun, 3 Sep 2017 18:43:23 -0400","from mail.us.es ([193.147.175.20]:53062 \"EHLO mail.us.es\"\n\trhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP\n\tid S1753506AbdICWnO (ORCPT );\n\tSun, 3 Sep 2017 18:43:14 -0400","from antivirus1-rhel7.int (unknown [192.168.2.11])\n\tby mail.us.es (Postfix) with ESMTP id 0A509190F66\n\tfor ;\n\tMon, 4 Sep 2017 00:42:48 +0200 (CEST)","from antivirus1-rhel7.int (localhost [127.0.0.1])\n\tby antivirus1-rhel7.int (Postfix) with ESMTP id F0C7CB502D\n\tfor ;\n\tMon, 4 Sep 2017 00:42:47 +0200 (CEST)","by antivirus1-rhel7.int (Postfix, from userid 99)\n\tid E6253B5027; Mon, 4 Sep 2017 00:42:47 +0200 (CEST)","from antivirus1-rhel7.int (localhost [127.0.0.1])\n\tby antivirus1-rhel7.int (Postfix) with ESMTP id D3036B502A;\n\tMon, 4 Sep 2017 00:42:45 +0200 (CEST)","from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int\n\t(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); \n\tMon, 04 Sep 2017 00:42:45 +0200 (CEST)","from salvia.here (unknown [31.4.193.113])\n\t(Authenticated sender: pneira@us.es)\n\tby entrada.int (Postfix) with ESMTPA id 8D03F4265A20;\n\tMon, 4 Sep 2017 00:42:45 +0200 (CEST)"],"X-Spam-Checker-Version":"SpamAssassin 3.4.1 (2015-04-28) on\n\tantivirus1-rhel7.int","X-Spam-Level":"","X-Spam-Status":"No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50,\n\tSMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1","X-Virus-Status":"clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int)","X-SMTPAUTHUS":"auth mail.us.es","From":"Pablo Neira Ayuso ","To":"netfilter-devel@vger.kernel.org","Cc":"davem@davemloft.net, netdev@vger.kernel.org","Subject":"[PATCH 44/47] netfilter: conntrack: don't log \"invalid\" icmpv6\n\tconnections","Date":"Mon, 4 Sep 2017 00:42:51 +0200","Message-Id":"<1504478574-13281-9-git-send-email-pablo@netfilter.org>","X-Mailer":"git-send-email 2.1.4","In-Reply-To":"<1504478574-13281-1-git-send-email-pablo@netfilter.org>","References":"<1504478574-13281-1-git-send-email-pablo@netfilter.org>","X-Virus-Scanned":"ClamAV using ClamSMTP","Sender":"netfilter-devel-owner@vger.kernel.org","Precedence":"bulk","List-ID":"","X-Mailing-List":"netfilter-devel@vger.kernel.org"},"content":"From: Florian Westphal \n\nWhen enabling logging for invalid connections we currently also log most\nicmpv6 types, which we don't track intentionally (e.g. neigh discovery).\n\"invalid\" should really mean \"invalid\", i.e. short header or bad checksum.\n\nWe don't do any logging for icmp(v4) either, its just useless noise.\n\nSigned-off-by: Florian Westphal \nSigned-off-by: Pablo Neira Ayuso \n---\n net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 5 -----\n 1 file changed, 5 deletions(-)","diff":"diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c\nindex 808f63e2e1ff..43544b975eae 100644\n--- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c\n+++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c\n@@ -121,11 +121,6 @@ static bool icmpv6_new(struct nf_conn *ct, const struct sk_buff *skb,\n \t\tpr_debug(\"icmpv6: can't create new conn with type %u\\n\",\n \t\t\t type + 128);\n \t\tnf_ct_dump_tuple_ipv6(&ct->tuplehash[0].tuple);\n-\t\tif (LOG_INVALID(nf_ct_net(ct), IPPROTO_ICMPV6))\n-\t\t\tnf_log_packet(nf_ct_net(ct), PF_INET6, 0, skb, NULL,\n-\t\t\t\t NULL, NULL,\n-\t\t\t\t \"nf_ct_icmpv6: invalid new with type %d \",\n-\t\t\t\t type + 128);\n \t\treturn false;\n \t}\n \treturn true;\n","prefixes":["44/47"]}