On Wed, Mar 03, 2021 at 16:50:49 +0100, Matthias Schiffer wrote:
> Commit 5ee759cda51b ("l2tp: use standard API for warning log messages")
> changed a number of warnings about invalid packets in the receive path
> so that they are always shown, instead of only when a special L2TP debug
> flag is set. Even with rate limiting these warnings can easily cause
> significant log spam - potentially triggered by a malicious party
> sending invalid packets on purpose.
>
> In addition these warnings were noticed by projects like Tunneldigger [1],
> which uses L2TP for its data path, but implements its own control
> protocol (which is sufficiently different from L2TP data packets that it
> would always be passed up to userspace even with future extensions of
> L2TP).
>
> Some of the warnings were already redundant, as l2tp_stats has a counter
> for these packets. This commit adds one additional counter for invalid
> packets that are passed up to userspace. Packets with unknown session are
> not counted as invalid, as there is nothing wrong with the format of
> these packets.
>
> With the additional counter, all of these messages are either redundant
> or benign, so we reduce them to pr_debug_ratelimited().This looks good to me -- thanks Matthias! :-)
signature.asc
Description: PGP signature
