Aeons ago, before namespaces, there was no need to ratelimit this:
all of these error messages got triggered in response to iptables
commands, which need CAP_NET_ADMIN.
Nowadays we have namespaces, so its better to ratelimit these.
This should also help fuzzing (syzkaller), as it can generate a large
volume of error messages (which are useless there).
The patches are split as follows:
- first get rid of printks that should never be triggered, as userland
doesn't generate such malformed rules anyway.
- second, switch some printks to pr_debug. This is mostly for messages
where it might make sense for developers to see what exactly went
Rest of the patches swap remaining pr_foo with pr_foo_ratelimited().
Note that most patches introduce overly long lines, but splitting these
would make it necessary to split the error messages which is worse.
46 files changed, 254 insertions(+), 257 deletions(-)
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html