Re: [PATCH net v2] net: l2tp: reduce log level of messages in receive path, add counter instead

[Tom Parkin]

On  Wed, Mar 03, 2021 at 16:50:49 +0100, Matthias Schiffer wrote:
> Commit 5ee759cda51b ("l2tp: use standard API for warning log messages")
> changed a number of warnings about invalid packets in the receive path
> so that they are always shown, instead of only when a special L2TP debug
> flag is set. Even with rate limiting these warnings can easily cause
> significant log spam - potentially triggered by a malicious party
> sending invalid packets on purpose.
> 
> In addition these warnings were noticed by projects like Tunneldigger [1],
> which uses L2TP for its data path, but implements its own control
> protocol (which is sufficiently different from L2TP data packets that it
> would always be passed up to userspace even with future extensions of
> L2TP).
> 
> Some of the warnings were already redundant, as l2tp_stats has a counter
> for these packets. This commit adds one additional counter for invalid
> packets that are passed up to userspace. Packets with unknown session are
> not counted as invalid, as there is nothing wrong with the format of
> these packets.
> 
> With the additional counter, all of these messages are either redundant
> or benign, so we reduce them to pr_debug_ratelimited().

This looks good to me -- thanks Matthias! :-)

Attachment: signature.asc
Description: PGP signature