| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1292270912.2679.42.camel@edumazet-laptop>
Date: Mon, 13 Dec 2010 21:08:32 +0100
From: Eric Dumazet <eric.dumazet@...il.com>
To: David Miller <davem@...emloft.net>
Cc: netdev@...r.kernel.org
Subject: [PATCH net-next-2.6] net: add limits to ip_default_ttl
Le lundi 13 décembre 2010 à 10:04 -0800, David Miller a écrit :
> Always go through a new ip4_dst_hoplimit() helper, just like ipv6.
>
> This allowed several simplifications:
>
> 1) The interim dst_metric_hoplimit() can go as it's no longer
> userd.
>
> 2) The sysctl_ip_default_ttl entry no longer needs to use
> ipv4_doint_and_flush, since the sysctl is not cached in
> routing cache metrics any longer.
>
> 3) ipv4_doint_and_flush no longer needs to be exported and
> therefore can be marked static.
>
> When ipv4_doint_and_flush_strategy was removed some time ago,
> the external declaration in ip.h was mistakenly left around
> so kill that off too.
>
> We have to move the sysctl_ip_default_ttl declaration into
> ipv4's route cache definition header net/route.h, because
> currently net/ip.h (where the declaration lives now) has
> a back dependency on net/route.h
>
> Signed-off-by: David S. Miller <davem@...emloft.net>
> ---
> --- a/net/ipv4/sysctl_net_ipv4.c
> +++ b/net/ipv4/sysctl_net_ipv4.c
> @@ -155,7 +155,7 @@ static struct ctl_table ipv4_table[] = {
> .data = &sysctl_ip_default_ttl,
> .maxlen = sizeof(int),
> .mode = 0644,
> - .proc_handler = ipv4_doint_and_flush,
> + .proc_handler = proc_dointvec,
> .extra2 = &init_net,
> },
Please find following patch then, because extra2 is not anymore used.
BTW, I cant find where extra2 was set to actual struct net pointer in
net-2.6 kernel. I suspect a write on /proc/sys/net/ipv4/ip_default_ttl
was flushing routes of initial net only, not current one ?
I can see this extra2 param properly handled in
__devinet_sysctl_register() for /proc/net/ipv4/conf parameters, not for
ip_default_ttl.
For net-next-2.6, we could remove the line, or we could add sensible
limits ;)
[PATCH net-next-2.6] net: add limits to ip_default_ttl
ip_default_ttl should be between 1 and 255
Signed-off-by: Eric Dumazet <eric.dumazet@...il.com>
---
net/ipv4/sysctl_net_ipv4.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index e85ff59..1a45665 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -28,6 +28,8 @@ static int ip_local_port_range_min[] = { 1, 1 };
static int ip_local_port_range_max[] = { 65535, 65535 };
static int tcp_adv_win_scale_min = -31;
static int tcp_adv_win_scale_max = 31;
+static int ip_ttl_min = 1;
+static int ip_ttl_max = 255;
/* Update system visible IP port range */
static void set_local_port_range(int range[2])
@@ -155,8 +157,9 @@ static struct ctl_table ipv4_table[] = {
.data = &sysctl_ip_default_ttl,
.maxlen = sizeof(int),
.mode = 0644,
- .proc_handler = proc_dointvec,
- .extra2 = &init_net,
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = &ip_ttl_min,
+ .extra2 = &ip_ttl_max,
},
{
.procname = "ip_no_pmtu_disc",
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists