lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ea6e8939-5dc2-4322-a67f-207a6aa65da9@lunn.ch>
Date: Fri, 19 Jul 2024 05:31:54 +0200
From: Andrew Lunn <andrew@...n.ch>
To: Antonio Quartulli <antonio@...nvpn.net>
Cc: Sabrina Dubroca <sd@...asysnail.net>, netdev@...r.kernel.org,
	kuba@...nel.org, ryazanov.s.a@...il.com, pabeni@...hat.com,
	edumazet@...gle.com
Subject: Re: [PATCH net-next v5 17/25] ovpn: implement keepalive mechanism

On Thu, Jul 18, 2024 at 09:46:00AM +0200, Antonio Quartulli wrote:
> On 18/07/2024 04:01, Andrew Lunn wrote:
> > > > > +		if (ovpn_is_keepalive(skb)) {
> > > > > +			netdev_dbg(peer->ovpn->dev,
> > > > > +				   "ping received from peer %u\n", peer->id);
> > > > 
> > > > That should probably be _ratelimited, but it seems we don't have
> > > > _ratelimited variants for the netdev_* helpers.
> > > 
> > > Right.
> > > I have used the net_*_ratelimited() variants when needed.
> > > Too bad we don't have those.
> > 
> > If you think netdev_dbg_ratelimited() would be useful, i don't see why
> > you cannot add it.
> > 
> > I just did an search and found something interesting in the history:
> > 
> > https://lore.kernel.org/all/20190809002941.15341-1-liuhangbin@gmail.com/T/#u
> > 
> > Maybe limit it to netdev_dbg_ratelimited() to avoid the potential
> > abuse DaveM was worried about.
> 
> I see what Dave says however...
> 
> ...along the packet processing routine there are several messages (some are
> err or warn or info) which require ratelimiting.
> Otherwise you end up with a gazilion log entries in case of a long lasting
> issue.
> 
> Right now I am using net_dbg/warn/err/info_ratelimited(), therefore not
> having a netdev counterpart is not really helping with Dave's argument.

Yes, i think Dave' argument is weak because these alternatives
exist. Maybe they did not at the time? 

I suspect he was using it as a way to force fixing the real issue. A
driver should not be issues lots of err or info messages. Protocol
errors are part of normal behaviour, just increment a counter and keep
going. Peer devices disappearing is normal behaviour, count it and
keep going. _err is generally reserved for something fatal happened,
and there is no recovery, other than unload the kernel module and
reload it.

	Andrew

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ