首頁 探索 說明
登入
GfA
/
linux_kernel
5
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
瀏覽代碼

netfilter: conntrack: don't log "invalid" icmpv6 connections

When enabling logging for invalid connections we currently also log most
icmpv6 types, which we don't track intentionally (e.g. neigh discovery).
"invalid" should really mean "invalid", i.e. short header or bad checksum.

We don't do any logging for icmp(v4) either, its just useless noise.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Florian Westphal 8 年之前
父節點
d3ad2c17b4
當前提交
e2f387d2df
共有 1 個文件被更改,包括 0 次插入5 次删除
統一視圖 顯示文件統計
  1. 0 5
      net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c

+ 0 - 5
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
查看文件 

@@ -121,11 +121,6 @@ static bool icmpv6_new(struct nf_conn *ct, const struct sk_buff *skb,
 
 		pr_debug("icmpv6: can't create new conn with type %u\n",
 
 		pr_debug("icmpv6: can't create new conn with type %u\n",
 
 			 type + 128);
 
 			 type + 128);
 
 		nf_ct_dump_tuple_ipv6(&ct->tuplehash[0].tuple);
 
 		nf_ct_dump_tuple_ipv6(&ct->tuplehash[0].tuple);
 
-		if (LOG_INVALID(nf_ct_net(ct), IPPROTO_ICMPV6))
 
-			nf_log_packet(nf_ct_net(ct), PF_INET6, 0, skb, NULL,
 
-				      NULL, NULL,
 
-				      "nf_ct_icmpv6: invalid new with type %d ",
 
-				      type + 128);
 
 		return false;
 
 		return false;
 
 	}
 
 	}
 
 	return true;
 
 	return true;