From: Horms <horms@verge.net.au>
To: Patrick McHardy <kaber@trash.net>
Cc: netdev@vger.kernel.org, Wensong Zhang <wensong@linux-vs.org>,
Julian Anastasov <ja@ssi.bg>, David Miller <davem@davemloft.net>,
Joseph Mack NA3T <jmack@wm7d.net>
Subject: Re: [patch 3/4] Make sure ip_vs_ftp ports are valid
Date: Mon, 4 Sep 2006 11:02:54 +0900 [thread overview]
Message-ID: <20060904020253.GA8761@verge.net.au> (raw)
In-Reply-To: <20060904004401.GD30287@verge.net.au>
On Mon, Sep 04, 2006 at 09:44:02AM +0900, Horms wrote:
> On Mon, Sep 04, 2006 at 01:09:59AM +0200, Patrick McHardy wrote:
> > Horms wrote:
> > > I'm not entirely sure what happens in the case of a valid port,
> > > at best it'll be silently ignored. This patch ignores them a little
> > > more verbosely.
> > >
> > > Signed-Off-By: Simon Horman <horms@verge.net.au>
> > > Index: linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c
> > > ===================================================================
> > > --- linux-2.6.orig/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-01 19:06:42.000000000 +0900
> > > +++ linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-01 19:08:19.000000000 +0900
> > > @@ -373,6 +373,12 @@
> > > for (i=0; i<IP_VS_APP_MAX_PORTS; i++) {
> > > if (!ports[i])
> > > continue;
> > > + if (ports[i] < 0 || ports[i] > 0xffff) {
> > > + IP_VS_WARNING("ip_vs_ftp: Ignoring invalid "
> > > + "configuration port[%d] = %d\n",
> > > + i, ports[i]);
> > > + continue;
> > > + }
> >
> > How about just changing the module parameter type to ushort, similar to
> > what ip_conntrack_ftp does?
>
> Sure. I wasn't sure if that was possible or not.
> But as it is, I will make it so.
Here is the revised patch.
--
Horms
H: http://www.vergenet.net/~horms/
W: http://www.valinux.co.jp/en/
[IPVS] Make sure ip_vs_ftp ports are valid
I'm not entirely sure what happens in the case of a valid port,
at best it'll be silently ignored. This patch ensures that
the port values are unsigned short values, and thus always valid.
Cc: Patrick McHardy <kaber@trash.net>
Signed-Off-By: Simon Horman <horms@verge.net.au>
Index: linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c
===================================================================
--- linux-2.6.orig/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-04 10:47:09.000000000 +0900
+++ linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-04 10:59:30.000000000 +0900
@@ -44,8 +44,8 @@
* List of ports (up to IP_VS_APP_MAX_PORTS) to be handled by helper
* First port is set to the default port.
*/
-static int ports[IP_VS_APP_MAX_PORTS] = {21, 0};
-module_param_array(ports, int, NULL, 0);
+static unsigned short ports[IP_VS_APP_MAX_PORTS] = {21, 0};
+module_param_array(ports, ushort, NULL, 0);
MODULE_PARM_DESC(ports, "Ports to monitor for FTP control commands");
/*
--
VGER BF report: U 0.832414
next prev parent reply other threads:[~2006-09-04 2:11 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-01 10:10 [patch 0/4] ip_vs_ftp cleanups Horms
2006-09-01 10:10 ` [patch 1/4] Document the ports option to ip_vs_ftp in kernel-parameters.txt Horms
2006-09-01 10:10 ` [patch 2/4] auto-help for ip_vs_ftp Horms
2006-09-01 10:10 ` [patch 3/4] Make sure ip_vs_ftp ports are valid Horms
2006-09-03 23:09 ` Patrick McHardy
2006-09-04 0:44 ` Horms
2006-09-04 2:02 ` Horms [this message]
2006-09-20 10:29 ` Patrick McHardy
2006-09-20 14:49 ` Horms
2006-09-01 10:10 ` [patch 4/4] remove the debug option go ip_vs_ftp Horms
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060904020253.GA8761@verge.net.au \
--to=horms@verge.net.au \
--cc=davem@davemloft.net \
--cc=ja@ssi.bg \
--cc=jmack@wm7d.net \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=wensong@linux-vs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).