From: Andrew Morton <akpm@linux-foundation.org>
To: David Miller <davem@davemloft.net>
Cc: aarapov@redhat.com, linux-kernel@vger.kernel.org,
linux-netdev@vger.kernel.org, davem@redhat.com,
jgarzik@redhat.com
Subject: Re: [PATCH] ipv4: kernel panic when only one unsecured port available
Date: Mon, 15 Oct 2007 14:00:25 -0700 [thread overview]
Message-ID: <20071015140025.84e73297.akpm@linux-foundation.org> (raw)
In-Reply-To: <20071015.130614.129757419.davem@davemloft.net>
On Mon, 15 Oct 2007 13:06:14 -0700 (PDT)
David Miller <davem@davemloft.net> wrote:
> From: Andrew Morton <akpm@linux-foundation.org>
> Date: Mon, 15 Oct 2007 12:49:19 -0700
>
> > This code has recently been reworked, but from my reading, that
> > divide-by-zero can still occur. And given that the numbers in
> > /proc/sys/net/ipv4/ip_local_port_range are inclusive, the arithmetic in
> > inet_csk_get_port() seems to just be wrong?
> >
> > So we have this, against David's current devel tree:
>
> I'm pretty sure we took care of this, but maybe not :-)
<looks>
OK, in ipv4_local_port_range() we have
if (range[1] <= range[0])
ret = -EINVAL;
which will prevent the crashes.
But is it good to disallow high=low? This disallows a port range of one
single port. Unless "high" is exclusive. But
Documentation/filesystems/proc.txt says
: ip_local_port_range
: -------------------
:
: Range of ports used by TCP and UDP to choose the local port. Contains two
: numbers, the first number is the lowest port, the second number the highest
: local port. Default is 1024-4999. Should be changed to 32768-61000 for
: high-usage systems.
ie: inclusive.
Documentation/networking/ip-sysctl.txt says
: ip_local_port_range - 2 INTEGERS
: Defines the local port range that is used by TCP and UDP to
: choose the local port. The first number is the first, the
: second the last local port number. Default value depends on
: amount of memory available on the system:
: > 128Mb 32768-61000
: < 128Mb 1024-4999 or even less.
: This number defines number of active connections, which this
: system can issue simultaneously to systems not supporting
: TCP extensions (timestamps). With tcp_tw_recycle enabled
: (i.e. by default) range 1024-4999 is enough to issue up to
: 2000 connections per second to systems supporting timestamps.
also inclusive.
next prev parent reply other threads:[~2007-10-15 21:01 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-09 13:59 [PATCH] ipv4: kernel panic when only one unsecured port available Anton Arapov
2007-10-15 19:49 ` Andrew Morton
2007-10-15 20:06 ` David Miller
2007-10-15 21:00 ` Andrew Morton [this message]
2007-10-16 5:59 ` Anton Arapov
-- strict thread matches above, loose matches on Subject: below --
2007-10-09 14:01 Anton Arapov
2007-10-10 6:54 ` Denis V. Lunev
2007-10-10 8:19 ` Anton Arapov
2007-10-10 8:27 ` Denis V. Lunev
2007-10-10 8:31 ` Anton Arapov
2007-10-10 8:38 ` Denis V. Lunev
2007-10-10 8:44 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071015140025.84e73297.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=aarapov@redhat.com \
--cc=davem@davemloft.net \
--cc=davem@redhat.com \
--cc=jgarzik@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.