syslog spam: TCP segment has incorrect auth options set
From: Christian Kujau
Date: Thu Jan 04 2024 - 05:56:15 EST
Ever since commit 2717b5adea9e ("net/tcp: Add tcp_hash_fail() ratelimited
logs") the following is printed, in waves of small floods, to syslog:
kernel: TCP: TCP segment has incorrect auth options set for XX.20.239.12.54681->XX.XX.90.103.80 [S]
This host is connected to the open internet and serves as a small HTTP and
SSH login server, not much traffic is happening here. So I'd assume these
messages to be the result of random internet scans and/or fingerprinting
attempts or the like. While not really a concern, these messages are
flooding the dmesg buffer over time :-(
Is there a way to adjust the severity of these messages?
* In include/net/tcp.h this gets logged with tcp_hash_fail(), which is
* defined in include/net/tcp_ao.h and calls net_info_ratelimited(), which
* is in turn defined in include/linux/net.h and calls pr_info().
Can e.g. net_dbg_ratelimited be used instead?
Thanks,
Christian.
--
BOFH excuse #78:
Yes, yes, its called a design limitation