From: Pablo Neira Ayuso <pablo@netfilter.org>
To: nicolas.bouchinet@clip-os.org
Cc: netdev@vger.kernel.org, netfilter-devel@vger.kernel.org,
coreteam@netfilter.org
Subject: Re: [PATCH v1 1/9] sysctl: Fixes nf_conntrack_max bounds
Date: Wed, 29 Jan 2025 00:00:34 +0100 [thread overview]
Message-ID: <Z5lhkiWI9-nP9O1g@calendula> (raw)
In-Reply-To: <20250127142014.37834-2-nicolas.bouchinet@clip-os.org>
Hi,
Please, collapse patch 1/9 and 2/9 and post it to
netfilter-devel@vger.kernel.org targeting at the nf-next tree.
Thanks.
On Mon, Jan 27, 2025 at 03:19:58PM +0100, nicolas.bouchinet@clip-os.org wrote:
> From: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
>
> Bound nf_conntrack_max sysctl writings between SYSCTL_ZERO
> and SYSCTL_INT_MAX.
>
> The proc_handler has thus been updated to proc_dointvec_minmax.
>
> Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
> ---
> net/netfilter/nf_conntrack_standalone.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
> index 7d4f0fa8b609d..40ed3ef9cb22d 100644
> --- a/net/netfilter/nf_conntrack_standalone.c
> +++ b/net/netfilter/nf_conntrack_standalone.c
> @@ -619,7 +619,9 @@ static struct ctl_table nf_ct_sysctl_table[] = {
> .data = &nf_conntrack_max,
> .maxlen = sizeof(int),
> .mode = 0644,
> - .proc_handler = proc_dointvec,
> + .proc_handler = proc_dointvec_minmax,
> + .extra1 = SYSCTL_ZERO,
> + .extra2 = SYSCTL_INT_MAX,
> },
> [NF_SYSCTL_CT_COUNT] = {
> .procname = "nf_conntrack_count",
> @@ -948,7 +950,9 @@ static struct ctl_table nf_ct_netfilter_table[] = {
> .data = &nf_conntrack_max,
> .maxlen = sizeof(int),
> .mode = 0644,
> - .proc_handler = proc_dointvec,
> + .proc_handler = proc_dointvec_minmax,
> + .extra1 = SYSCTL_ZERO,
> + .extra2 = SYSCTL_INT_MAX,
> },
> };
>
> --
> 2.48.1
>
>
next prev parent reply other threads:[~2025-01-28 23:00 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-27 14:19 [PATCH v1 0/9] Fixes multiple sysctl bound checks nicolas.bouchinet
2025-01-27 14:19 ` [PATCH v1 1/9] sysctl: Fixes nf_conntrack_max bounds nicolas.bouchinet
2025-01-28 23:00 ` Pablo Neira Ayuso [this message]
2025-01-27 14:19 ` [PATCH v1 2/9] sysctl: Fixes nf_conntrack_expect_max bounds nicolas.bouchinet
2025-01-27 14:20 ` [PATCH v1 3/9] sysctl: Fixes gc_thresh bounds nicolas.bouchinet
2025-01-27 14:20 ` [PATCH v1 4/9] sysctl: Fixes idmap_cache_timeout bounds nicolas.bouchinet
2025-01-27 14:20 ` [PATCH v1 5/9] sysctl: Fixes nsm_local_state bounds nicolas.bouchinet
2025-01-27 14:20 ` [PATCH v1 6/9] sysctl/coda: Fixes timeout bounds nicolas.bouchinet
2025-01-27 14:20 ` [PATCH v1 7/9] sysctl: Fixes scsi_logging_level bounds nicolas.bouchinet
2025-01-27 14:20 ` [PATCH v1 8/9] sysctl/infiniband: Fixes infiniband sysctl bounds nicolas.bouchinet
2025-01-27 14:20 ` [PATCH v1 9/9] sysctl: Fixes max-user-freq bounds nicolas.bouchinet
2025-01-27 18:05 ` [PATCH v1 0/9] Fixes multiple sysctl bound checks Joe Damato
2025-01-28 9:43 ` Nicolas Bouchinet
2025-01-27 20:00 ` Jakub Kicinski
2025-02-21 8:23 ` Joel Granados
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z5lhkiWI9-nP9O1g@calendula \
--to=pablo@netfilter.org \
--cc=coreteam@netfilter.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=nicolas.bouchinet@clip-os.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).