From: Horms <horms@verge.net.au>
To: Patrick McHardy <kaber@trash.net>
Cc: netdev@vger.kernel.org, Wensong Zhang <wensong@linux-vs.org>,
Julian Anastasov <ja@ssi.bg>, David Miller <davem@davemloft.net>,
Joseph Mack NA3T <jmack@wm7d.net>
Subject: Re: [patch 3/4] Make sure ip_vs_ftp ports are valid
Date: Mon, 4 Sep 2006 11:02:54 +0900 [thread overview]
Message-ID: <20060904020253.GA8761@verge.net.au> (raw)
In-Reply-To: <20060904004401.GD30287@verge.net.au>
On Mon, Sep 04, 2006 at 09:44:02AM +0900, Horms wrote:
> On Mon, Sep 04, 2006 at 01:09:59AM +0200, Patrick McHardy wrote:
> > Horms wrote:
> > > I'm not entirely sure what happens in the case of a valid port,
> > > at best it'll be silently ignored. This patch ignores them a little
> > > more verbosely.
> > >
> > > Signed-Off-By: Simon Horman <horms@verge.net.au>
> > > Index: linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c
> > > ===================================================================
> > > --- linux-2.6.orig/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-01 19:06:42.000000000 +0900
> > > +++ linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-01 19:08:19.000000000 +0900
> > > @@ -373,6 +373,12 @@
> > > for (i=0; i<IP_VS_APP_MAX_PORTS; i++) {
> > > if (!ports[i])
> > > continue;
> > > + if (ports[i] < 0 || ports[i] > 0xffff) {
> > > + IP_VS_WARNING("ip_vs_ftp: Ignoring invalid "
> > > + "configuration port[%d] = %d\n",
> > > + i, ports[i]);
> > > + continue;
> > > + }
> >
> > How about just changing the module parameter type to ushort, similar to
> > what ip_conntrack_ftp does?
>
> Sure. I wasn't sure if that was possible or not.
> But as it is, I will make it so.
Here is the revised patch.
--
Horms
H: http://www.vergenet.net/~horms/
W: http://www.valinux.co.jp/en/
[IPVS] Make sure ip_vs_ftp ports are valid
I'm not entirely sure what happens in the case of a valid port,
at best it'll be silently ignored. This patch ensures that
the port values are unsigned short values, and thus always valid.
Cc: Patrick McHardy <kaber@trash.net>
Signed-Off-By: Simon Horman <horms@verge.net.au>
Index: linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c
===================================================================
--- linux-2.6.orig/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-04 10:47:09.000000000 +0900
+++ linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-04 10:59:30.000000000 +0900
@@ -44,8 +44,8 @@
* List of ports (up to IP_VS_APP_MAX_PORTS) to be handled by helper
* First port is set to the default port.
*/
-static int ports[IP_VS_APP_MAX_PORTS] = {21, 0};
-module_param_array(ports, int, NULL, 0);
+static unsigned short ports[IP_VS_APP_MAX_PORTS] = {21, 0};
+module_param_array(ports, ushort, NULL, 0);
MODULE_PARM_DESC(ports, "Ports to monitor for FTP control commands");
/*
--
VGER BF report: U 0.832414
next prev parent reply other threads:[~2006-09-04 2:11 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-01 10:10 [patch 0/4] ip_vs_ftp cleanups Horms
2006-09-01 10:10 ` [patch 1/4] Document the ports option to ip_vs_ftp in kernel-parameters.txt Horms
2006-09-01 10:10 ` [patch 2/4] auto-help for ip_vs_ftp Horms
2006-09-01 10:10 ` [patch 3/4] Make sure ip_vs_ftp ports are valid Horms
2006-09-03 23:09 ` Patrick McHardy
2006-09-04 0:44 ` Horms
2006-09-04 2:02 ` Horms [this message]
2006-09-20 10:29 ` Patrick McHardy
2006-09-20 14:49 ` Horms
2006-09-01 10:10 ` [patch 4/4] remove the debug option go ip_vs_ftp Horms
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060904020253.GA8761@verge.net.au \
--to=horms@verge.net.au \
--cc=davem@davemloft.net \
--cc=ja@ssi.bg \
--cc=jmack@wm7d.net \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=wensong@linux-vs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.