• Matthias Schiffer's avatar
    net: l2tp: reduce log level of messages in receive path, add counter instead · 3e59e885
    Matthias Schiffer authored
    Commit 5ee759cd ("l2tp: use standard API for warning log messages")
    changed a number of warnings about invalid packets in the receive path
    so that they are always shown, instead of only when a special L2TP debug
    flag is set. Even with rate limiting these warnings can easily cause
    significant log spam - potentially triggered by a malicious party
    sending invalid packets on purpose.
    
    In addition these warnings were noticed by projects like Tunneldigger [1],
    which uses L2TP for its data path, but implements its own control
    protocol (which is sufficiently different from L2TP data packets that it
    would always be passed up to userspace even with future extensions of
    L2TP).
    
    Some of the warnings were already redundant, as l2tp_stats has a counter
    for these packets. This commit adds one additional counter for invalid
    packets that are passed up to userspace. Packets with unknown session are
    not counted as invalid, as there is nothing wrong with the format of
    these packets.
    
    With the additional counter, all of these messages are either redundant
    or benign, so we reduce them to pr_debug_ratelimited().
    
    [1] https://github.com/wlanslovenija/tunneldigger/issues/160
    
    Fixes: 5ee759cd ("l2tp: use standard API for warning log messages")
    Signed-off-by: default avatarMatthias Schiffer <mschiffer@universe-factory.net>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    3e59e885
l2tp_netlink.c 27 KB