linux/net/l2tp
Matthias Schiffer 3e59e88567 net: l2tp: reduce log level of messages in receive path, add counter instead
Commit 5ee759cda5 ("l2tp: use standard API for warning log messages")
changed a number of warnings about invalid packets in the receive path
so that they are always shown, instead of only when a special L2TP debug
flag is set. Even with rate limiting these warnings can easily cause
significant log spam - potentially triggered by a malicious party
sending invalid packets on purpose.

In addition these warnings were noticed by projects like Tunneldigger [1],
which uses L2TP for its data path, but implements its own control
protocol (which is sufficiently different from L2TP data packets that it
would always be passed up to userspace even with future extensions of
L2TP).

Some of the warnings were already redundant, as l2tp_stats has a counter
for these packets. This commit adds one additional counter for invalid
packets that are passed up to userspace. Packets with unknown session are
not counted as invalid, as there is nothing wrong with the format of
these packets.

With the additional counter, all of these messages are either redundant
or benign, so we reduce them to pr_debug_ratelimited().

[1] https://github.com/wlanslovenija/tunneldigger/issues/160

Fixes: 5ee759cda5 ("l2tp: use standard API for warning log messages")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-03-03 16:55:02 -08:00
..
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
l2tp_core.c net: l2tp: reduce log level of messages in receive path, add counter instead 2021-03-03 16:55:02 -08:00
l2tp_core.h net: l2tp: reduce log level of messages in receive path, add counter instead 2021-03-03 16:55:02 -08:00
l2tp_debugfs.c l2tp: remove tunnel and session debug flags field 2020-08-22 12:44:37 -07:00
l2tp_eth.c l2tp: remove header length param from l2tp_xmit_skb 2020-09-03 12:19:03 -07:00
l2tp_ip6.c lsm,selinux: pass flowi_common instead of flowi to the LSM hooks 2020-11-23 18:36:21 -05:00
l2tp_ip.c l2tp: make magic feather checks more useful 2020-09-03 12:19:03 -07:00
l2tp_netlink.c net: l2tp: reduce log level of messages in receive path, add counter instead 2021-03-03 16:55:02 -08:00
l2tp_ppp.c l2tp: make magic feather checks more useful 2020-09-03 12:19:03 -07:00
Makefile l2tp: add tracepoint infrastructure to core 2020-08-22 12:44:37 -07:00
trace.h l2tp: add tracepoint definitions in trace.h 2020-08-22 12:44:37 -07:00