[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 2 Feb 2020 07:16:11 +0100
From: Florian Westphal <fw@...len.de>
To: Cong Wang <xiyou.wangcong@...il.com>
Cc: Florian Westphal <fw@...len.de>,
Linux Kernel Network Developers <netdev@...r.kernel.org>,
NetFilter <netfilter-devel@...r.kernel.org>,
syzbot <syzbot+adf6c6c2be1c3a718121@...kaller.appspotmail.com>,
Pablo Neira Ayuso <pablo@...filter.org>,
Jozsef Kadlecsik <kadlec@...filter.org>
Subject: Re: [Patch nf 3/3] xt_hashlimit: limit the max size of hashtable
Cong Wang <xiyou.wangcong@...il.com> wrote:
> > In order to prevent breaking userspace, perhaps make it so that the
> > kernel caps cfg.max at twice that value? Would allow storing up to
> > 16777216 addresses with an average chain depth of 16 (which is quite
> > large). We could increase the max limit in case someone presents a use
> > case.
> >
>
> Not sure if I understand this, I don't see how cap'ing cfg->max could
> help prevent breaking user-space? Are you suggesting to cap it with
> HASHLIMIT_MAX_SIZE too? Something like below?
>
> + if (cfg->max > 2 * HASHLIMIT_MAX_SIZE)
> + cfg->max = 2 * HASHLIMIT_MAX_SIZE;
>
Yes, thats what I meant, cap the user-provided value to something thats
going to be less of a problem.
But now that I read it, the "2 *" part looks really silly, so I suggst
to go with " > FOO_MAX", else its not a maximum value after all.
Powered by blists - more mailing lists