kernel: ipt_hook: happy cracking.

From: Valdis . Kletnieks
Date: Fri Nov 07 2003 - 19:39:04 EST

Next message: Johannes Stezenbach: "[PATCH] ioctl compile warnings in userspace"
Previous message: Ingo Molnar: "Re: [PATCH] SMP signal latency fix up."
Next in thread: James Morris: "Re: kernel: ipt_hook: happy cracking."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

So I look in my syslogs, and I find a lot of:

Nov 6 14:36:37 turing-police kernel: ipt_hook: happy cracking.

messages. A quick grep finds it's ipv4/netfilter/iptable_filter.c:

/* root is playing with raw sockets. */
if ((*pskb)->len < sizeof(struct iphdr)
|| (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) {
if (net_ratelimit())
printk("ipt_hook: happy cracking.\n");
return NF_ACCEPT;
}

The only problem is that root wasn't doing any playing at the time. The real
culprit was an iptables filter with '-j REJECT'. (Yes, usually a '-j DROP' is
my preference, but I get SYN packets from some places on our net where sending
an RST is more polite than waiting for retransmits).

I admit not being positively clear on how this manages to trigger, as
I'm not sure who's supposed to set the ->len field on the new pskb
allocated by ipt_REJECT.c:send_reset() (AFAICT, ->ihl should be OK
after skb_copy_bits() gets called).

Hardly 'cracking' - but after yesterday's CVS scare, I had to double
check this code was in 2.4.18 too before my pulse came down.. :)

Attachment: pgp00001.pgp
Description: PGP signature

Next message: Johannes Stezenbach: "[PATCH] ioctl compile warnings in userspace"
Previous message: Ingo Molnar: "Re: [PATCH] SMP signal latency fix up."
Next in thread: James Morris: "Re: kernel: ipt_hook: happy cracking."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]