lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sat, 01 Sep 2007 07:28:26 +0200
From:	Patrick McHardy <>
To:	Meelis Roos <>
	Netfilter Development Mailinglist 
Subject: Re: ipv4_get_l4proto: Frag of proto 17

Meelis Roos wrote:
>>> Yesterdays git snapsot on a normal home PC spams dmesg with the following
>>> line:
>>> ipv4_get_l4proto: Frag of proto 17
>> In what situation does this happen?
> It happens some times every hour on the average. Seems to be some UDP 
> traffic. Firewall allows in any UDP that is ESTABLISHEFD,RELATED, DHCP 
> (some more UDP rules with counter 0 so not important). Additionally 
> there is internal netowkr that sometimes has a laptop but usually not 
> and the messages have appeared also when there is nothin in the internal 
> network.
> Locally mldonkey is probably using UDP, and lsof -i | grep UDP tells 
> that named, avahi-daemon, dhcpd, chronyd, nmbd and cupsd are listening 
> on UDP sockets (most of them on internal network).
> But I have no idea what application is causing the messages.

I'm guessing that its ICMP errors containing UDP fragments.

Could you add a WARN_ON(1) to ipv4_get_l4proto() in
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c to verify

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists