Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 88843104 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller
Browse files

netfilter 01/09: remove "happy cracking" message 



Don't spam logs for locally generated short packets. these can only
be generated by root.

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 985ebdb5

net/ipv4/netfilter/iptable_filter.c

+1 −6
Original line number Diff line number Diff line
@@ -93,13 +93,8 @@ ipt_local_out_hook(unsigned int hook, 
{

	/* root is playing with raw sockets. */

	if (skb->len < sizeof(struct iphdr) ||

	    ip_hdrlen(skb) < sizeof(struct iphdr)) {

		if (net_ratelimit())

			printk("iptable_filter: ignoring short SOCK_RAW "

			       "packet.\n");

	    ip_hdrlen(skb) < sizeof(struct iphdr))

		return NF_ACCEPT;

	}



	return ipt_do_table(skb, hook, in, out,

			    dev_net(out)->ipv4.iptable_filter);

}

net/ipv4/netfilter/iptable_mangle.c

+1 −5
Original line number Diff line number Diff line
@@ -132,12 +132,8 @@ ipt_local_hook(unsigned int hook, 


	/* root is playing with raw sockets. */

	if (skb->len < sizeof(struct iphdr)

	    || ip_hdrlen(skb) < sizeof(struct iphdr)) {

		if (net_ratelimit())

			printk("iptable_mangle: ignoring short SOCK_RAW "

			       "packet.\n");

	    || ip_hdrlen(skb) < sizeof(struct iphdr))

		return NF_ACCEPT;

	}



	/* Save things which could affect route */

	mark = skb->mark;

net/ipv4/netfilter/iptable_raw.c

+1 −5
Original line number Diff line number Diff line
@@ -65,12 +65,8 @@ ipt_local_hook(unsigned int hook, 
{

	/* root is playing with raw sockets. */

	if (skb->len < sizeof(struct iphdr) ||

	    ip_hdrlen(skb) < sizeof(struct iphdr)) {

		if (net_ratelimit())

			printk("iptable_raw: ignoring short SOCK_RAW "

			       "packet.\n");

	    ip_hdrlen(skb) < sizeof(struct iphdr))

		return NF_ACCEPT;

	}

	return ipt_do_table(skb, hook, in, out,

			    dev_net(out)->ipv4.iptable_raw);

}

net/ipv4/netfilter/iptable_security.c

+1 −5
Original line number Diff line number Diff line
@@ -96,12 +96,8 @@ ipt_local_out_hook(unsigned int hook, 
{

	/* Somebody is playing with raw sockets. */

	if (skb->len < sizeof(struct iphdr)

	    || ip_hdrlen(skb) < sizeof(struct iphdr)) {

		if (net_ratelimit())

			printk(KERN_INFO "iptable_security: ignoring short "

			       "SOCK_RAW packet.\n");

	    || ip_hdrlen(skb) < sizeof(struct iphdr))

		return NF_ACCEPT;

	}

	return ipt_do_table(skb, hook, in, out,

			    dev_net(out)->ipv4.iptable_security);

}

net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c

+1 −4
Original line number Diff line number Diff line
@@ -145,11 +145,8 @@ static unsigned int ipv4_conntrack_local(unsigned int hooknum, 
{

	/* root is playing with raw sockets. */

	if (skb->len < sizeof(struct iphdr) ||

	    ip_hdrlen(skb) < sizeof(struct iphdr)) {

		if (net_ratelimit())

			printk("ipt_hook: happy cracking.\n");

	    ip_hdrlen(skb) < sizeof(struct iphdr))

		return NF_ACCEPT;

	}

	return nf_conntrack_in(dev_net(out), PF_INET, hooknum, skb);

}