So I look in my syslogs, and I find a lot of:
Nov 6 14:36:37 turing-police kernel: ipt_hook: happy cracking.
messages. A quick grep finds it's ipv4/netfilter/iptable_filter.c:
/* root is playing with raw sockets. */
if ((*pskb)->len < sizeof(struct iphdr)
|| (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) {
if (net_ratelimit())
printk("ipt_hook: happy cracking.\n");
return NF_ACCEPT;
}
The only problem is that root wasn't doing any playing at the time. The real
culprit was an iptables filter with '-j REJECT'. (Yes, usually a '-j DROP' is
my preference, but I get SYN packets from some places on our net where sending
an RST is more polite than waiting for retransmits).
I admit not being positively clear on how this manages to trigger, as
I'm not sure who's supposed to set the ->len field on the new pskb
allocated by ipt_REJECT.c:send_reset() (AFAICT, ->ihl should be OK
after skb_copy_bits() gets called).
Hardly 'cracking' - but after yesterday's CVS scare, I had to double
check this code was in 2.4.18 too before my pulse came down.. :)
On Fri, 7 Nov 2003 [email protected] wrote:
> So I look in my syslogs, and I find a lot of:
>
> Nov 6 14:36:37 turing-police kernel: ipt_hook: happy cracking.
>
This is fixed in current bk, see
http://marc.theaimsgroup.com/?l=linux-netdev&m=106814126307516&w=2
- James
--
James Morris
<[email protected]>
On Fri, 07 Nov 2003 20:57:15 EST, James Morris said:
> > Nov 6 14:36:37 turing-police kernel: ipt_hook: happy cracking.
> This is fixed in current bk, see
> http://marc.theaimsgroup.com/?l=linux-netdev&m=106814126307516&w=2
Confirmed fixed, thanks...