On Thu, Feb 02, 2006 at 04:47:03PM -0800, David S. Miller wrote:
> From: Stephen Hemminger <[EMAIL PROTECTED]>
> Date: Thu, 2 Feb 2006 16:35:01 -0800
>
> > If you are on a hostile network, or are running protocol tests, you can
> > easily get the logged swamped by messages about bad UDP and ICMP packets.
> > This turns those messages off unless a config option is enabled.
> >
> > Signed-off-by: Stephen Hemminger <[EMAIL PROTECTED]>
>
> NETDEBUG should print out something by default.
>
> We should fix the NETDEBUG() users. Dave Jones recently fixed
> a case in IGMP, for example.
>
> It should print out messages for cases that are impossible and really
> need investigation, and not for cases that can be triggered by random
> packets being sent from a remote system.
There's a number of cases that are still way too easy to trigger.
Looking at the box currently taking abuse..
UDP: short packet: From 192.168.79.115:46186 21196/1168 to 192.168.76.106:23453
UDP: short packet: From 192.168.79.115:38661 53808/1148 to 192.168.76.106:61471
UDP: bad checksum. From 192.168.79.115:28041 to 192.168.76.106:49667 ulen 245
UDP: bad checksum. From 192.168.79.115:45103 to 192.168.76.106:3621 ulen 145
192.168.79.115 sent an invalid ICMP type 11, code 171 error to a broadcast:
242.55.217.243 on eth0
svc: bad direction 1161958909, dropping request
ICMP: 160.23.75.159: Source Route Failed.
ICMP: 17.71.42.69: Source Route Failed.
ICMP: 136.227.103.241: Source Route Failed.
and a few thousand other similar entries..
Some (all?) of these are already subject to net_ratelimit(), but on a fast
enough network it's more or less useless right now.
Dave
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
