Hi Marcelo,
2016-06-20 23:48 GMT+08:00 Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx>:
>
> A different check/log is made for ip6:
> nf_reject_ip6_tcphdr_get():
> /* IP header checks: fragment, too short. */
> if (proto != IPPROTO_TCP || *otcplen < sizeof(struct tcphdr)) {
> pr_debug("proto(%d) != IPPROTO_TCP or too short (len = %d)\n",
> proto, *otcplen);
> return NULL;
> }
>
> Would be nice to have some consistency on this log message as it
> increases debug-ability.
>
Thanks for your opinion.
But you can see, there are many inconsistent things between
nf_reject_ip6_tcphdr_get and nf_reject_ip_tcphdr_get.
For example, when tcp->rst is set, reject_ip6 will call
pr_debug("RST is set\n"), while there's nothing in reject_ip4.
IMO, these debug informations are almost useless, so there's
no need to add this debug info only for consistent with nf_reject_ip6.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
