[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20071015140025.84e73297.akpm@linux-foundation.org>
Date: Mon, 15 Oct 2007 14:00:25 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: David Miller <davem@...emloft.net>
Cc: aarapov@...hat.com, linux-kernel@...r.kernel.org,
linux-netdev@...r.kernel.org, davem@...hat.com, jgarzik@...hat.com
Subject: Re: [PATCH] ipv4: kernel panic when only one unsecured port
available
On Mon, 15 Oct 2007 13:06:14 -0700 (PDT)
David Miller <davem@...emloft.net> wrote:
> From: Andrew Morton <akpm@...ux-foundation.org>
> Date: Mon, 15 Oct 2007 12:49:19 -0700
>
> > This code has recently been reworked, but from my reading, that
> > divide-by-zero can still occur. And given that the numbers in
> > /proc/sys/net/ipv4/ip_local_port_range are inclusive, the arithmetic in
> > inet_csk_get_port() seems to just be wrong?
> >
> > So we have this, against David's current devel tree:
>
> I'm pretty sure we took care of this, but maybe not :-)
<looks>
OK, in ipv4_local_port_range() we have
if (range[1] <= range[0])
ret = -EINVAL;
which will prevent the crashes.
But is it good to disallow high=low? This disallows a port range of one
single port. Unless "high" is exclusive. But
Documentation/filesystems/proc.txt says
: ip_local_port_range
: -------------------
:
: Range of ports used by TCP and UDP to choose the local port. Contains two
: numbers, the first number is the lowest port, the second number the highest
: local port. Default is 1024-4999. Should be changed to 32768-61000 for
: high-usage systems.
ie: inclusive.
Documentation/networking/ip-sysctl.txt says
: ip_local_port_range - 2 INTEGERS
: Defines the local port range that is used by TCP and UDP to
: choose the local port. The first number is the first, the
: second the last local port number. Default value depends on
: amount of memory available on the system:
: > 128Mb 32768-61000
: < 128Mb 1024-4999 or even less.
: This number defines number of active connections, which this
: system can issue simultaneously to systems not supporting
: TCP extensions (timestamps). With tcp_tw_recycle enabled
: (i.e. by default) range 1024-4999 is enough to issue up to
: 2000 connections per second to systems supporting timestamps.
also inclusive.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists