Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp7634559rdb;
        Thu, 4 Jan 2024 02:56:18 -0800 (PST)
X-Google-Smtp-Source: AGHT+IGkvysHxSmHjunobSljfXvLcYPGcBz0OezKQ0P8Tpfqb2dnLRdjPHOu7hk+/s4k2LcgGMOk
X-Received: by 2002:a05:6830:71a3:b0:6db:fc35:54f5 with SMTP id el35-20020a05683071a300b006dbfc3554f5mr419063otb.42.1704365778220;
        Thu, 04 Jan 2024 02:56:18 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1704365778; cv=none;
        d=google.com; s=arc-20160816;
        b=heM4GwOdoxuAm6z41uHxz7lMKzWVvUlABUMmoNIdQQxWEKfC1D9xVrgynE5EjQc1Cb
         /frFjiarz5ne2SFE+BHVDqKm1L+WZ6/Gvgr9DL70gaCbvM4TbNd6BBlvnY2t+Y2cfoWa
         51hZrSt0Uqj0IkGibOP5R9sembQyuzFBDkx0FWAKf7Vc6a2WhuouS4wIgIMWq7f7GY9t
         Z7zuk18paYWhrfL/uYDECzRrAawVYSf7sJCZB3Rp7Hkj9oI3TQJyXqhKr4sD01j3ThZq
         dzGj3mnC67hHsbHXe5oXi3pPtbc622RhxHZdvzni3R3QxusTTmAU0WEy6UbMlNh73VXv
         s7Pg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=mime-version:list-unsubscribe:list-subscribe:list-id:precedence
         :message-id:subject:cc:to:from:date:dkim-signature:dkim-signature;
        bh=yBmrPPpyuWfFEuChsbZrj8mF9EgX0kLD8+GWYeLFums=;
        fh=p3d051isysIBG2tRnNEVBlRR4EfIoPqVsSD/uGiKItg=;
        b=RsGtE9qW/kjxLopqgG6p9MsurNLJLy4Sluof2XfxqA/WG7xPjC+ntPKP+pg/Q84isT
         AKJuq+ZVG6ZpIFA1142cEu1Yk4E0C8yHkiKj5FS/NTck+eCwdNbugGDIhc5bfzWdrxWF
         8QoBRfIcGSG53f84mFHnFR9UNZ1R7KhFYiCadPm9w505A6vHUCTJf+S4H2BklU+Jmk8m
         HTLBfmhhdReIop5anKrKXSdtZnt2GPglsPe0E398CZ6DFHiGIX8DaPIUGz5pbhLTTexr
         Ewv+YRnHm8YzcScj5wxPXehSm0vAsH+O60pVux37Fzxn5tsR1hVnyZmOM2UbiKMlGr/C
         eUsw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (no key) header.i=@nerdbynature.de header.s=key1 header.b=XhXAcV6q;
       dkim=pass header.i=@nerdbynature.de header.s=key0 header.b=H7UmfpeM;
       spf=pass (google.com: domain of linux-kernel+bounces-16545-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-16545-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nerdbynature.de
Return-Path: <linux-kernel+bounces-16545-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
        by mx.google.com with ESMTPS id c17-20020ac87dd1000000b004282727f2e8si7193389qte.129.2024.01.04.02.56.18
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 04 Jan 2024 02:56:18 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-16545-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
       dkim=neutral (no key) header.i=@nerdbynature.de header.s=key1 header.b=XhXAcV6q;
       dkim=pass header.i=@nerdbynature.de header.s=key0 header.b=H7UmfpeM;
       spf=pass (google.com: domain of linux-kernel+bounces-16545-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-16545-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=nerdbynature.de
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id EF4DF1C216CD
	for <linux.lists.archive@gmail.com>; Thu,  4 Jan 2024 10:56:17 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id F2F9F2110E;
	Thu,  4 Jan 2024 10:55:57 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=permerror (0-bit key) header.d=nerdbynature.de header.i=@nerdbynature.de header.b="XhXAcV6q";
	dkim=pass (2048-bit key) header.d=nerdbynature.de header.i=@nerdbynature.de header.b="H7UmfpeM"
X-Original-To: linux-kernel@vger.kernel.org
Received: from trent.utfs.org (trent.utfs.org [94.185.90.103])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 562DC20DDF;
	Thu,  4 Jan 2024 10:55:52 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=nerdbynature.de
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nerdbynature.de
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple;
 d=nerdbynature.de; i=@nerdbynature.de; q=dns/txt; s=key1;
 t=1704365744; h=date : from : to : cc : subject : message-id :
 mime-version : content-type : from;
 bh=LtBoXJZU4S2EMXj5t+G2Mf6DrJOQ/owAGiFqMlThCAA=;
 b=XhXAcV6qnxiuRnDDa2JmX1GYuvGuWw2/5miOPEv2h6+a+8tBPzI0PeNNd1RVho8qZCtiy
 1H77RWVwa4UF6kgCw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nerdbynature.de;
 i=@nerdbynature.de; q=dns/txt; s=key0; t=1704365744; h=date : from :
 to : cc : subject : message-id : mime-version : content-type : from;
 bh=LtBoXJZU4S2EMXj5t+G2Mf6DrJOQ/owAGiFqMlThCAA=;
 b=H7UmfpeMf/A4ItKmV03WY69Jn1ym2CrPWnx8hwQgUrohE1AIqZKp4h5YCGFgPFB71cBc3
 uD+QnyaRY5H/KFNIfkBKEQj5x4StnH7dEICH3EWQbGaUr3FEg/HA09IE9ESBHfygL4JQxRA
 IaTZjY7SXIjh45VzMB/t+HDQ9hvU2ukE+Z/PV8akbFV1CnvKIOcnFSCxk/dOX9qpFYwfcjo
 LcGTKuDO1MOI/8Xr3OWjhFPUI2cuq0zyCF1bSq+wY/3XoaDyBOjtfuvcWECSfS5VAgSO89B
 FVovyjItePGm0qCOz8Elix8ljvc+P5Kdi/QaMXOUxI3tvM/mY9AXSU6dhFTg==
Received: from localhost (localhost [IPv6:::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by trent.utfs.org (Postfix) with ESMTPS id AA1B75FFB8;
	Thu,  4 Jan 2024 11:55:44 +0100 (CET)
Date: Thu, 4 Jan 2024 11:55:44 +0100 (CET)
From: Christian Kujau <lists@nerdbynature.de>
To: linux-kernel@vger.kernel.org
cc: netdev@vger.kernel.org, Dmitry Safonov <0x7f454c46@gmail.com>, 
    Francesco Ruggeri <fruggeri@arista.com>, 
    Salam Noureddine <noureddine@arista.com>, Dmitry Safonov <dima@arista.com>, 
    David Ahern <dsahern@kernel.org>
Subject: syslog spam: TCP segment has incorrect auth options set
Message-ID: <f6b59324-1417-566f-a976-ff2402718a8d@nerdbynature.de>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

Ever since commit 2717b5adea9e ("net/tcp: Add tcp_hash_fail() ratelimited 
logs") the following is printed, in waves of small floods, to syslog:

 kernel: TCP: TCP segment has incorrect auth options set for XX.20.239.12.54681->XX.XX.90.103.80 [S]

This host is connected to the open internet and serves as a small HTTP and 
SSH login server, not much traffic is happening here. So I'd assume these 
messages to be the result of random internet scans and/or fingerprinting 
attempts or the like. While not really a concern, these messages are 
flooding the dmesg buffer over time :-(

Is there a way to adjust the severity of these messages?

* In include/net/tcp.h this gets logged with tcp_hash_fail(), which is
* defined in include/net/tcp_ao.h and calls net_info_ratelimited(), which
* is in turn defined in include/linux/net.h and calls pr_info().

Can e.g. net_dbg_ratelimited be used instead?

Thanks,
Christian.
-- 
BOFH excuse #78:

Yes, yes, its called a design limitation