Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
GfA
/
linux_kernel
5
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Эх сурвалжийг харах

netfilter: x_tables: use pr ratelimiting in xt core

most messages are converted to info, since they occur in response to
wrong usage.

Size mismatch however is a real error (xtables ABI bug) that should not
occur.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Florian Westphal 7 жил өмнө
parent
0cc9501f94
commit
1b6cd67191
1 өөрчлөгдсөн 34 нэмэгдсэн , 36 устгасан
Өөрчлөлтийг ялгаж харах Өөрчлөлтийн статистик харах
  1. 34 36
      net/netfilter/x_tables.c

+ 34 - 36
net/netfilter/x_tables.c
Файл харах 

@@ -434,36 +434,35 @@ int xt_check_match(struct xt_mtchk_param *par,
 
 		 * ebt_among is exempt from centralized matchsize checking
 
 		 * because it uses a dynamic-size data set.
 
 		 */
 
-		pr_err("%s_tables: %s.%u match: invalid size "
 
-		       "%u (kernel) != (user) %u\n",
 
-		       xt_prefix[par->family], par->match->name,
 
-		       par->match->revision,
 
-		       XT_ALIGN(par->match->matchsize), size);
 
+		pr_err_ratelimited("%s_tables: %s.%u match: invalid size %u (kernel) != (user) %u\n",
 
+				   xt_prefix[par->family], par->match->name,
 
+				   par->match->revision,
 
+				   XT_ALIGN(par->match->matchsize), size);
 
 		return -EINVAL;
 
 	}
 
 	if (par->match->table != NULL &&
 
 	    strcmp(par->match->table, par->table) != 0) {
 
-		pr_err("%s_tables: %s match: only valid in %s table, not %s\n",
 
-		       xt_prefix[par->family], par->match->name,
 
-		       par->match->table, par->table);
 
+		pr_info_ratelimited("%s_tables: %s match: only valid in %s table, not %s\n",
 
+				    xt_prefix[par->family], par->match->name,
 
+				    par->match->table, par->table);
 
 		return -EINVAL;
 
 	}
 
 	if (par->match->hooks && (par->hook_mask & ~par->match->hooks) != 0) {
 
 		char used[64], allow[64];
 
 
-		pr_err("%s_tables: %s match: used from hooks %s, but only "
 
-		       "valid from %s\n",
 
-		       xt_prefix[par->family], par->match->name,
 
-		       textify_hooks(used, sizeof(used), par->hook_mask,
 
-		                     par->family),
 
-		       textify_hooks(allow, sizeof(allow), par->match->hooks,
 
-		                     par->family));
 
+		pr_info_ratelimited("%s_tables: %s match: used from hooks %s, but only valid from %s\n",
 
+				    xt_prefix[par->family], par->match->name,
 
+				    textify_hooks(used, sizeof(used),
 
+						  par->hook_mask, par->family),
 
+				    textify_hooks(allow, sizeof(allow),
 
+						  par->match->hooks,
 
+						  par->family));
 
 		return -EINVAL;
 
 	}
 
 	if (par->match->proto && (par->match->proto != proto || inv_proto)) {
 
-		pr_err("%s_tables: %s match: only valid for protocol %u\n",
 
-		       xt_prefix[par->family], par->match->name,
 
-		       par->match->proto);
 
+		pr_info_ratelimited("%s_tables: %s match: only valid for protocol %u\n",
 
+				    xt_prefix[par->family], par->match->name,
 
+				    par->match->proto);
 
 		return -EINVAL;
 
 	}
 
 	if (par->match->checkentry != NULL) {
 
@@ -814,36 +813,35 @@ int xt_check_target(struct xt_tgchk_param *par,
 
 	int ret;
 
 
 	if (XT_ALIGN(par->target->targetsize) != size) {
 
-		pr_err("%s_tables: %s.%u target: invalid size "
 
-		       "%u (kernel) != (user) %u\n",
 
-		       xt_prefix[par->family], par->target->name,
 
-		       par->target->revision,
 
-		       XT_ALIGN(par->target->targetsize), size);
 
+		pr_err_ratelimited("%s_tables: %s.%u target: invalid size %u (kernel) != (user) %u\n",
 
+				   xt_prefix[par->family], par->target->name,
 
+				   par->target->revision,
 
+				   XT_ALIGN(par->target->targetsize), size);
 
 		return -EINVAL;
 
 	}
 
 	if (par->target->table != NULL &&
 
 	    strcmp(par->target->table, par->table) != 0) {
 
-		pr_err("%s_tables: %s target: only valid in %s table, not %s\n",
 
-		       xt_prefix[par->family], par->target->name,
 
-		       par->target->table, par->table);
 
+		pr_info_ratelimited("%s_tables: %s target: only valid in %s table, not %s\n",
 
+				    xt_prefix[par->family], par->target->name,
 
+				    par->target->table, par->table);
 
 		return -EINVAL;
 
 	}
 
 	if (par->target->hooks && (par->hook_mask & ~par->target->hooks) != 0) {
 
 		char used[64], allow[64];
 
 
-		pr_err("%s_tables: %s target: used from hooks %s, but only "
 
-		       "usable from %s\n",
 
-		       xt_prefix[par->family], par->target->name,
 
-		       textify_hooks(used, sizeof(used), par->hook_mask,
 
-		                     par->family),
 
-		       textify_hooks(allow, sizeof(allow), par->target->hooks,
 
-		                     par->family));
 
+		pr_info_ratelimited("%s_tables: %s target: used from hooks %s, but only usable from %s\n",
 
+				    xt_prefix[par->family], par->target->name,
 
+				    textify_hooks(used, sizeof(used),
 
+						  par->hook_mask, par->family),
 
+				    textify_hooks(allow, sizeof(allow),
 
+						  par->target->hooks,
 
+						  par->family));
 
 		return -EINVAL;
 
 	}
 
 	if (par->target->proto && (par->target->proto != proto || inv_proto)) {
 
-		pr_err("%s_tables: %s target: only valid for protocol %u\n",
 
-		       xt_prefix[par->family], par->target->name,
 
-		       par->target->proto);
 
+		pr_info_ratelimited("%s_tables: %s target: only valid for protocol %u\n",
 
+				    xt_prefix[par->family], par->target->name,
 
+				    par->target->proto);
 
 		return -EINVAL;
 
 	}
 
 	if (par->target->checkentry != NULL) {