On Wed, Feb 07, 2018 at 02:48:21PM +0100, Florian Westphal wrote: > Aeons ago, before namespaces, there was no need to ratelimit this: > all of these error messages got triggered in response to iptables > commands, which need CAP_NET_ADMIN. > > Nowadays we have namespaces, so its better to ratelimit these. > This should also help fuzzing (syzkaller), as it can generate a large > volume of error messages (which are useless there). > > The patches are split as follows: > - first get rid of printks that should never be triggered, as userland > doesn't generate such malformed rules anyway. > - second, switch some printks to pr_debug. This is mostly for messages > where it might make sense for developers to see what exactly went > wrong. > > Rest of the patches swap remaining pr_foo with pr_foo_ratelimited(). > > Note that most patches introduce overly long lines, but splitting these > would make it necessary to split the error messages which is worse. > > 46 files changed, 254 insertions(+), 257 deletions(-) Series applied, thanks Florian. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
