On Wed, Feb 07, 2018 at 08:23:23PM +0100, Florian Westphal wrote:
> Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > > --- a/net/bridge/netfilter/ebt_among.c
> > > +++ b/net/bridge/netfilter/ebt_among.c
> > > @@ -187,17 +187,17 @@ static int ebt_among_mt_check(const struct xt_mtchk_param *par)
> > > expected_length += ebt_mac_wormhash_size(wh_src);
> > >
> > > if (em->match_size != EBT_ALIGN(expected_length)) {
> > > - pr_info("wrong size: %d against expected %d, rounded to %zd\n",
> > > - em->match_size, expected_length,
> > > - EBT_ALIGN(expected_length));
> > > + pr_info_ratelimited("wrong size: %d against expected %d, rounded to %zd\n",
> >
> > Shouldn't all these be pr_err_ratelimited instead?
>
> Don't know.
>
> This could even be pr_debug actually since this message is
> useless unless you're doing ebtables development work.
I see, I'm telling this because iptables says 'look at dmesg' when we
hit EINVAL, but there will be nothing.
[...]
> > > if (index == IPSET_INVALID_ID) {
> > > - pr_warn("Cannot find set identified by id %u to match\n",
> > > - info->match_set.index);
> > > + pr_warn_ratelimited("Cannot find set identified by id %u to match\n",
> > > + info->match_set.index);
> >
> > Use pr_err_ratelimited instead?
>
> I think we should settle on a single pr_foo, i suggest
> pr_info(_ratelimited).
OK.
> This is not an error condition, we only have these
> printks because we can't return a proper error to userspace.
>
> If this was netlink, it would be converted to extack instead...
Indeed, we have this primitive error reporting in iptables, we can do
better in nftables.
Thanks!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
