Re: ip_conntrack_ftp messages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Rusty Russell wrote:
On Monday 24 November 2008 22:58:09 Patrick McHardy wrote:
Rusty Russell wrote:
		if (net_ratelimit())
			printk("conntrack_ftp: partial %s %u+%u\n",
			       search[dir][i].pattern,
			       ntohl(th->seq), datalen);
Its strange that FTP is apparently working since we drop those packets.
I'm not sure about downgrading that message, its there to inform the
user of an exceptional action (dropping of packets within conntrack).

Actually, we drop the packets *so* it will work. The idea is that they'll coalesce and send the whole packet next time.

I see. The only case in which I triggered it so far was when sending
incomplete PORT commands using telnet, so I missed this important
fact :)

If not, well, they don't get any more packes through, but without connection tracking the other connections wouldn't work anyway (if the conntrack is being used for NAT or filtering).

IIRC wu-ftpd used to trigger this (multiple write syscalls for the ip address and nagle sometimes hit in the middle; go figure).

Thanks for the explanation. I'll queue up a patch for 2.6.29 to change
it to pr_debug().
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux