syslog spam: TCP segment has incorrect auth options set

From: Christian Kujau
Date: Thu Jan 04 2024 - 05:56:15 EST

Next message: Matti Vaittinen: "Re: [PATCH] uapi: regulator: Fix typo"
Previous message: Alexandre Ghiti: "Re: [PATCH 1/4] riscv: tlb: fix __p*d_free_tlb()"
Next in thread: Dmitry Safonov: "Re: syslog spam: TCP segment has incorrect auth options set"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ever since commit 2717b5adea9e ("net/tcp: Add tcp_hash_fail() ratelimited
logs") the following is printed, in waves of small floods, to syslog:

kernel: TCP: TCP segment has incorrect auth options set for XX.20.239.12.54681->XX.XX.90.103.80 [S]

This host is connected to the open internet and serves as a small HTTP and
SSH login server, not much traffic is happening here. So I'd assume these
messages to be the result of random internet scans and/or fingerprinting
attempts or the like. While not really a concern, these messages are
flooding the dmesg buffer over time :-(

Is there a way to adjust the severity of these messages?

* In include/net/tcp.h this gets logged with tcp_hash_fail(), which is
* defined in include/net/tcp_ao.h and calls net_info_ratelimited(), which
* is in turn defined in include/linux/net.h and calls pr_info().

Can e.g. net_dbg_ratelimited be used instead?

Thanks,
Christian.
--
BOFH excuse #78:

Yes, yes, its called a design limitation

Next message: Matti Vaittinen: "Re: [PATCH] uapi: regulator: Fix typo"
Previous message: Alexandre Ghiti: "Re: [PATCH 1/4] riscv: tlb: fix __p*d_free_tlb()"
Next in thread: Dmitry Safonov: "Re: syslog spam: TCP segment has incorrect auth options set"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]