From: Andrew Morton <akpm@osdl.org>
To: NeilBrown <neilb@suse.de>
Cc: nfs@lists.sourceforge.net, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 010 of 14] knfsd: SUNRPC: add a "generic" function to see if the peer uses a secure port
Date: Tue, 12 Dec 2006 17:42:07 -0800 [thread overview]
Message-ID: <20061212174207.6180df0f.akpm@osdl.org> (raw)
In-Reply-To: <1061212235927.21484@suse.de>
On Wed, 13 Dec 2006 10:59:27 +1100
NeilBrown <neilb@suse.de> wrote:
> From: Chuck Lever <chuck.lever@oracle.com>
> The only reason svcsock.c looks at a sockaddr's port is to check whether
> the remote peer is connecting from a privileged port. Refactor this check
> to hide processing that is specific to address format.
>
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> Cc: Aurelien Charbon <aurelien.charbon@ext.bull.net>
> Signed-off-by: Neil Brown <neilb@suse.de>
>
> ### Diffstat output
> ./net/sunrpc/svcsock.c | 20 +++++++++++++++++---
> 1 file changed, 17 insertions(+), 3 deletions(-)
>
> diff .prev/net/sunrpc/svcsock.c ./net/sunrpc/svcsock.c
> --- .prev/net/sunrpc/svcsock.c 2006-12-13 10:32:15.000000000 +1100
> +++ ./net/sunrpc/svcsock.c 2006-12-13 10:32:17.000000000 +1100
> @@ -926,6 +926,20 @@ svc_tcp_data_ready(struct sock *sk, int
> wake_up_interruptible(sk->sk_sleep);
> }
>
> +static inline int svc_port_is_privileged(struct sockaddr *sin)
> +{
> + switch (sin->sa_family) {
> + case AF_INET:
> + return ntohs(((struct sockaddr_in *)sin)->sin_port) < 1024;
> +#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
> + case AF_INET6:
> + return ntohs(((struct sockaddr_in6 *)sin)->sin6_port) < 1024;
> +#endif
> + default:
> + return 0;
> + }
> +}
I'm a bit surprised to see this test implemented in sunrpc - it's the sort
of thing which core networking should implement?
And should that "1024" be PROT_SOCK?
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
WARNING: multiple messages have this Message-ID (diff)
From: Andrew Morton <akpm@osdl.org>
To: NeilBrown <neilb@suse.de>
Cc: nfs@lists.sourceforge.net, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 010 of 14] knfsd: SUNRPC: add a "generic" function to see if the peer uses a secure port
Date: Tue, 12 Dec 2006 17:42:07 -0800 [thread overview]
Message-ID: <20061212174207.6180df0f.akpm@osdl.org> (raw)
In-Reply-To: <1061212235927.21484@suse.de>
On Wed, 13 Dec 2006 10:59:27 +1100
NeilBrown <neilb@suse.de> wrote:
> From: Chuck Lever <chuck.lever@oracle.com>
> The only reason svcsock.c looks at a sockaddr's port is to check whether
> the remote peer is connecting from a privileged port. Refactor this check
> to hide processing that is specific to address format.
>
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> Cc: Aurelien Charbon <aurelien.charbon@ext.bull.net>
> Signed-off-by: Neil Brown <neilb@suse.de>
>
> ### Diffstat output
> ./net/sunrpc/svcsock.c | 20 +++++++++++++++++---
> 1 file changed, 17 insertions(+), 3 deletions(-)
>
> diff .prev/net/sunrpc/svcsock.c ./net/sunrpc/svcsock.c
> --- .prev/net/sunrpc/svcsock.c 2006-12-13 10:32:15.000000000 +1100
> +++ ./net/sunrpc/svcsock.c 2006-12-13 10:32:17.000000000 +1100
> @@ -926,6 +926,20 @@ svc_tcp_data_ready(struct sock *sk, int
> wake_up_interruptible(sk->sk_sleep);
> }
>
> +static inline int svc_port_is_privileged(struct sockaddr *sin)
> +{
> + switch (sin->sa_family) {
> + case AF_INET:
> + return ntohs(((struct sockaddr_in *)sin)->sin_port) < 1024;
> +#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
> + case AF_INET6:
> + return ntohs(((struct sockaddr_in6 *)sin)->sin6_port) < 1024;
> +#endif
> + default:
> + return 0;
> + }
> +}
I'm a bit surprised to see this test implemented in sunrpc - it's the sort
of thing which core networking should implement?
And should that "1024" be PROT_SOCK?
next prev parent reply other threads:[~2006-12-13 1:42 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-12 23:58 [PATCH 000 of 14] knfsd: Assorted nfsd patches for 2.6.20 - prepare for IPv6 and more NeilBrown
2006-12-12 23:58 ` NeilBrown
2006-12-12 23:58 ` [PATCH 001 of 14] knfsd: SUNRPC: update internal API: separate pmap register and temp sockets NeilBrown
2006-12-12 23:58 ` NeilBrown
2006-12-12 23:58 ` [PATCH 002 of 14] knfsd: SUNRPC: allow creating an RPC service without registering with portmapper NeilBrown
2006-12-12 23:58 ` NeilBrown
2006-12-12 23:58 ` [PATCH 003 of 14] knfsd: SUNRPC: Cache remote peer's address in svc_sock NeilBrown
2006-12-12 23:58 ` NeilBrown
2006-12-12 23:58 ` [PATCH 004 of 14] knfsd: SUNRPC: Don't set msg_name and msg_namelen when calling sock_recvmsg NeilBrown
2006-12-12 23:58 ` NeilBrown
2006-12-12 23:58 ` [PATCH 005 of 14] knfsd: SUNRPC: Use sockaddr_storage to store address in svc_deferred_req NeilBrown
2006-12-12 23:58 ` NeilBrown
2006-12-12 23:59 ` [PATCH 006 of 14] knfsd: SUNRPC: Add a function to format the address in an svc_rqst for printing NeilBrown
2006-12-12 23:59 ` NeilBrown
2006-12-12 23:59 ` [PATCH 007 of 14] knfsd: SUNRPC: Provide room in svc_rqst for larger addresses NeilBrown
2006-12-12 23:59 ` NeilBrown
2006-12-15 4:30 ` Andrew Morton
2006-12-15 4:30 ` Andrew Morton
2006-12-12 23:59 ` [PATCH 008 of 14] knfsd: SUNRPC: Make rq_daddr field address-version independent NeilBrown
2006-12-12 23:59 ` NeilBrown
2006-12-12 23:59 ` [PATCH 009 of 14] knfsd: SUNRPC: teach svc_sendto() to deal with IPv6 addresses NeilBrown
2006-12-12 23:59 ` NeilBrown
2006-12-17 15:15 ` Ingo Oeser
2006-12-17 15:15 ` Ingo Oeser
2006-12-12 23:59 ` [PATCH 010 of 14] knfsd: SUNRPC: add a "generic" function to see if the peer uses a secure port NeilBrown
2006-12-12 23:59 ` NeilBrown
2006-12-13 1:42 ` Andrew Morton [this message]
2006-12-13 1:42 ` Andrew Morton
2006-12-13 20:26 ` [NFS] " Chuck Lever
2006-12-12 23:59 ` [PATCH 011 of 14] knfsd: SUNRPC: Support IPv6 addresses in svc_tcp_accept NeilBrown
2006-12-12 23:59 ` NeilBrown
2006-12-12 23:59 ` [PATCH 012 of 14] knfsd: SUNRPC: support IPv6 addresses in RPC server's UDP receive path NeilBrown
2006-12-12 23:59 ` NeilBrown
2006-12-12 23:59 ` [PATCH 013 of 14] knfsd: SUNRPC: fix up svc_create_socket() to take a sockaddr struct + length NeilBrown
2006-12-12 23:59 ` NeilBrown
2006-12-12 23:59 ` [PATCH 014 of 14] knfsd: Don't mess with the 'mode' when storing a exclusive-create cookie NeilBrown
2006-12-12 23:59 ` NeilBrown
2006-12-13 5:40 ` [PATCH 000 of 14] knfsd: Assorted nfsd patches for 2.6.20 - prepare for IPv6 and more Jeff Garzik
2006-12-13 11:13 ` Neil Brown
2006-12-13 11:13 ` Neil Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20061212174207.6180df0f.akpm@osdl.org \
--to=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=neilb@suse.de \
--cc=nfs@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.