| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 01 Sep 2007 07:28:26 +0200 From: Patrick McHardy <kaber@...sh.net> To: Meelis Roos <mroos@...ux.ee> CC: netdev@...r.kernel.org, Netfilter Development Mailinglist <netfilter-devel@...ts.netfilter.org> Subject: Re: ipv4_get_l4proto: Frag of proto 17 Meelis Roos wrote: >>> Yesterdays git snapsot on a normal home PC spams dmesg with the following >>> line: >>> ipv4_get_l4proto: Frag of proto 17 >> In what situation does this happen? > > It happens some times every hour on the average. Seems to be some UDP > traffic. Firewall allows in any UDP that is ESTABLISHEFD,RELATED, DHCP > (some more UDP rules with counter 0 so not important). Additionally > there is internal netowkr that sometimes has a laptop but usually not > and the messages have appeared also when there is nothin in the internal > network. > > Locally mldonkey is probably using UDP, and lsof -i | grep UDP tells > that named, avahi-daemon, dhcpd, chronyd, nmbd and cupsd are listening > on UDP sockets (most of them on internal network). > > But I have no idea what application is causing the messages. I'm guessing that its ICMP errors containing UDP fragments. Could you add a WARN_ON(1) to ipv4_get_l4proto() in net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c to verify this? - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists