tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6

David S. Miller 31b683b6 b7a9216c

+31 -25
unified split
+6
net/bridge/netfilter/ebtables.c
··· 1406 1406 { 1407 1407 int ret; 1408 1408 1409 + if (!capable(CAP_NET_ADMIN)) 1410 + return -EPERM; 1411 + 1409 1412 switch(cmd) { 1410 1413 case EBT_SO_SET_ENTRIES: 1411 1414 ret = do_replace(sock_net(sk), user, len); ··· 1427 1424 int ret; 1428 1425 struct ebt_replace tmp; 1429 1426 struct ebt_table *t; 1427 + 1428 + if (!capable(CAP_NET_ADMIN)) 1429 + return -EPERM; 1430 1430 1431 1431 if (copy_from_user(&tmp, user, sizeof(tmp))) 1432 1432 return -EFAULT;
+2 -1
net/netfilter/ipvs/Kconfig
··· 112 112 module, choose M here. If unsure, say N. 113 113 114 114 config IP_VS_WRR 115 - tristate "weighted round-robin scheduling" 115 + tristate "weighted round-robin scheduling" 116 + select GCD 116 117 ---help--- 117 118 The weighted robin-robin scheduling algorithm directs network 118 119 connections to different real servers based on server weights
+13 -1
net/netfilter/ipvs/ip_vs_ctl.c
··· 2077 2077 if (!capable(CAP_NET_ADMIN)) 2078 2078 return -EPERM; 2079 2079 2080 + if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_SET_MAX) 2081 + return -EINVAL; 2082 + if (len < 0 || len > MAX_ARG_LEN) 2083 + return -EINVAL; 2080 2084 if (len != set_arglen[SET_CMDID(cmd)]) { 2081 2085 pr_err("set_ctl: len %u != %u\n", 2082 2086 len, set_arglen[SET_CMDID(cmd)]); ··· 2356 2352 { 2357 2353 unsigned char arg[128]; 2358 2354 int ret = 0; 2355 + unsigned int copylen; 2359 2356 2360 2357 if (!capable(CAP_NET_ADMIN)) 2361 2358 return -EPERM; 2359 + 2360 + if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_GET_MAX) 2361 + return -EINVAL; 2362 2362 2363 2363 if (*len < get_arglen[GET_CMDID(cmd)]) { 2364 2364 pr_err("get_ctl: len %u < %u\n", ··· 2370 2362 return -EINVAL; 2371 2363 } 2372 2364 2373 - if (copy_from_user(arg, user, get_arglen[GET_CMDID(cmd)]) != 0) 2365 + copylen = get_arglen[GET_CMDID(cmd)]; 2366 + if (copylen > 128) 2367 + return -EINVAL; 2368 + 2369 + if (copy_from_user(arg, user, copylen) != 0) 2374 2370 return -EFAULT; 2375 2371 2376 2372 if (mutex_lock_interruptible(&__ip_vs_mutex))
+1 -14
net/netfilter/ipvs/ip_vs_wrr.c
··· 24 24 #include <linux/module.h> 25 25 #include <linux/kernel.h> 26 26 #include <linux/net.h> 27 + #include <linux/gcd.h> 27 28 28 29 #include <net/ip_vs.h> 29 30 ··· 38 37 int di; /* decreasing interval */ 39 38 }; 40 39 41 - 42 - /* 43 - * Get the gcd of server weights 44 - */ 45 - static int gcd(int a, int b) 46 - { 47 - int c; 48 - 49 - while ((c = a % b)) { 50 - a = b; 51 - b = c; 52 - } 53 - return b; 54 - } 55 40 56 41 static int ip_vs_wrr_gcd_weight(struct ip_vs_service *svc) 57 42 {
+9 -9
net/netfilter/nf_conntrack_ftp.c
··· 323 323 struct nf_ct_ftp_master *info, int dir, 324 324 struct sk_buff *skb) 325 325 { 326 - unsigned int i, oldest = NUM_SEQ_TO_REMEMBER; 326 + unsigned int i, oldest; 327 327 328 328 /* Look for oldest: if we find exact match, we're done. */ 329 329 for (i = 0; i < info->seq_aft_nl_num[dir]; i++) { 330 330 if (info->seq_aft_nl[dir][i] == nl_seq) 331 331 return; 332 - 333 - if (oldest == info->seq_aft_nl_num[dir] || 334 - before(info->seq_aft_nl[dir][i], 335 - info->seq_aft_nl[dir][oldest])) 336 - oldest = i; 337 332 } 338 333 339 334 if (info->seq_aft_nl_num[dir] < NUM_SEQ_TO_REMEMBER) { 340 335 info->seq_aft_nl[dir][info->seq_aft_nl_num[dir]++] = nl_seq; 341 - } else if (oldest != NUM_SEQ_TO_REMEMBER && 342 - after(nl_seq, info->seq_aft_nl[dir][oldest])) { 343 - info->seq_aft_nl[dir][oldest] = nl_seq; 336 + } else { 337 + if (before(info->seq_aft_nl[dir][0], info->seq_aft_nl[dir][1])) 338 + oldest = 0; 339 + else 340 + oldest = 1; 341 + 342 + if (after(nl_seq, info->seq_aft_nl[dir][oldest])) 343 + info->seq_aft_nl[dir][oldest] = nl_seq; 344 344 } 345 345 } 346 346