Aeons ago, before namespaces, there was no need to ratelimit this: all of these error messages got triggered in response to iptables commands, which need CAP_NET_ADMIN. Nowadays we have namespaces, so its better to ratelimit these. This should also help fuzzing (syzkaller), as it can generate a large volume of error messages (which are useless there). The patches are split as follows: - first get rid of printks that should never be triggered, as userland doesn't generate such malformed rules anyway. - second, switch some printks to pr_debug. This is mostly for messages where it might make sense for developers to see what exactly went wrong. Rest of the patches swap remaining pr_foo with pr_foo_ratelimited(). Note that most patches introduce overly long lines, but splitting these would make it necessary to split the error messages which is worse. 46 files changed, 254 insertions(+), 257 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
