From: Eric Leblond <eric@inl.fr>
Date: Wed, 18 Feb 2009 15:30:56 +0000 (+0100)
Subject: netfilter: log invalid new icmpv6 packet with nf_log_packet()
X-Git-Url: http://drtracing.org/?a=commitdiff_plain;h=55df4ac0c927c7f1f84e6d75532f0ca45d391e64;p=deliverable%2Flinux.git

netfilter: log invalid new icmpv6 packet with nf_log_packet()

This patch adds a logging message for invalid new icmpv6 packet.

Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---

diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
index c323643ffcf9..165b256a6fa0 100644
--- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
@@ -126,6 +126,10 @@ static bool icmpv6_new(struct nf_conn *ct, const struct sk_buff *skb,
 		pr_debug("icmpv6: can't create new conn with type %u\n",
 			 type + 128);
 		nf_ct_dump_tuple_ipv6(&ct->tuplehash[0].tuple);
+		if (LOG_INVALID(nf_ct_net(ct), IPPROTO_ICMPV6))
+			nf_log_packet(PF_INET6, 0, skb, NULL, NULL, NULL,
+				      "nf_ct_icmpv6: invalid new with type %d ",
+				      type + 128);
 		return false;
 	}
 	atomic_set(&ct->proto.icmp.count, 0);