commit 31b683b6444c4d207126b07f433e0e66da142264 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

fork atom

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6

David S. Miller 16 years ago 31b683b6 b7a9216c

+31 -25

5 changed files

expand all

unified split

net

bridge

netfilter

ebtables.c

netfilter

ipvs

Kconfig

ip_vs_ctl.c

ip_vs_wrr.c

nf_conntrack_ftp.c

net/bridge/netfilter/ebtables.c

··· 1406 { 1407 int ret; 1408 1409 switch(cmd) { 1410 case EBT_SO_SET_ENTRIES: 1411 ret = do_replace(sock_net(sk), user, len); ··· 1427 int ret; 1428 struct ebt_replace tmp; 1429 struct ebt_table *t; 1430 1431 if (copy_from_user(&tmp, user, sizeof(tmp))) 1432 return -EFAULT;

··· 1406 { 1407 int ret; 1408 1409 + if (!capable(CAP_NET_ADMIN)) 1410 + return -EPERM; 1411 + 1412 switch(cmd) { 1413 case EBT_SO_SET_ENTRIES: 1414 ret = do_replace(sock_net(sk), user, len); ··· 1424 int ret; 1425 struct ebt_replace tmp; 1426 struct ebt_table *t; 1427 + 1428 + if (!capable(CAP_NET_ADMIN)) 1429 + return -EPERM; 1430 1431 if (copy_from_user(&tmp, user, sizeof(tmp))) 1432 return -EFAULT;

+2 -1

net/netfilter/ipvs/Kconfig

··· 112 module, choose M here. If unsure, say N. 113 114 config IP_VS_WRR 115 - tristate "weighted round-robin scheduling" 116 ---help--- 117 The weighted robin-robin scheduling algorithm directs network 118 connections to different real servers based on server weights

··· 112 module, choose M here. If unsure, say N. 113 114 config IP_VS_WRR 115 + tristate "weighted round-robin scheduling" 116 + select GCD 117 ---help--- 118 The weighted robin-robin scheduling algorithm directs network 119 connections to different real servers based on server weights

+13 -1

net/netfilter/ipvs/ip_vs_ctl.c

··· 2077 if (!capable(CAP_NET_ADMIN)) 2078 return -EPERM; 2079 2080 if (len != set_arglen[SET_CMDID(cmd)]) { 2081 pr_err("set_ctl: len %u != %u\n", 2082 len, set_arglen[SET_CMDID(cmd)]); ··· 2356 { 2357 unsigned char arg[128]; 2358 int ret = 0; 2359 2360 if (!capable(CAP_NET_ADMIN)) 2361 return -EPERM; 2362 2363 if (*len < get_arglen[GET_CMDID(cmd)]) { 2364 pr_err("get_ctl: len %u < %u\n", ··· 2370 return -EINVAL; 2371 } 2372 2373 - if (copy_from_user(arg, user, get_arglen[GET_CMDID(cmd)]) != 0) 2374 return -EFAULT; 2375 2376 if (mutex_lock_interruptible(&__ip_vs_mutex))

··· 2077 if (!capable(CAP_NET_ADMIN)) 2078 return -EPERM; 2079 2080 + if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_SET_MAX) 2081 + return -EINVAL; 2082 + if (len < 0 || len > MAX_ARG_LEN) 2083 + return -EINVAL; 2084 if (len != set_arglen[SET_CMDID(cmd)]) { 2085 pr_err("set_ctl: len %u != %u\n", 2086 len, set_arglen[SET_CMDID(cmd)]); ··· 2352 { 2353 unsigned char arg[128]; 2354 int ret = 0; 2355 + unsigned int copylen; 2356 2357 if (!capable(CAP_NET_ADMIN)) 2358 return -EPERM; 2359 + 2360 + if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_GET_MAX) 2361 + return -EINVAL; 2362 2363 if (*len < get_arglen[GET_CMDID(cmd)]) { 2364 pr_err("get_ctl: len %u < %u\n", ··· 2362 return -EINVAL; 2363 } 2364 2365 + copylen = get_arglen[GET_CMDID(cmd)]; 2366 + if (copylen > 128) 2367 + return -EINVAL; 2368 + 2369 + if (copy_from_user(arg, user, copylen) != 0) 2370 return -EFAULT; 2371 2372 if (mutex_lock_interruptible(&__ip_vs_mutex))

+1 -14

net/netfilter/ipvs/ip_vs_wrr.c

··· 24 #include <linux/module.h> 25 #include <linux/kernel.h> 26 #include <linux/net.h> 27 28 #include <net/ip_vs.h> 29 ··· 38 int di; /* decreasing interval */ 39 }; 40 41 - 42 - /* 43 - * Get the gcd of server weights 44 - */ 45 - static int gcd(int a, int b) 46 - { 47 - int c; 48 - 49 - while ((c = a % b)) { 50 - a = b; 51 - b = c; 52 - } 53 - return b; 54 - } 55 56 static int ip_vs_wrr_gcd_weight(struct ip_vs_service *svc) 57 {

··· 24 #include <linux/module.h> 25 #include <linux/kernel.h> 26 #include <linux/net.h> 27 + #include <linux/gcd.h> 28 29 #include <net/ip_vs.h> 30 ··· 37 int di; /* decreasing interval */ 38 }; 39 40 41 static int ip_vs_wrr_gcd_weight(struct ip_vs_service *svc) 42 {

+9 -9

net/netfilter/nf_conntrack_ftp.c

··· 323 struct nf_ct_ftp_master *info, int dir, 324 struct sk_buff *skb) 325 { 326 - unsigned int i, oldest = NUM_SEQ_TO_REMEMBER; 327 328 /* Look for oldest: if we find exact match, we're done. */ 329 for (i = 0; i < info->seq_aft_nl_num[dir]; i++) { 330 if (info->seq_aft_nl[dir][i] == nl_seq) 331 return; 332 - 333 - if (oldest == info->seq_aft_nl_num[dir] || 334 - before(info->seq_aft_nl[dir][i], 335 - info->seq_aft_nl[dir][oldest])) 336 - oldest = i; 337 } 338 339 if (info->seq_aft_nl_num[dir] < NUM_SEQ_TO_REMEMBER) { 340 info->seq_aft_nl[dir][info->seq_aft_nl_num[dir]++] = nl_seq; 341 - } else if (oldest != NUM_SEQ_TO_REMEMBER && 342 - after(nl_seq, info->seq_aft_nl[dir][oldest])) { 343 - info->seq_aft_nl[dir][oldest] = nl_seq; 344 } 345 } 346

··· 323 struct nf_ct_ftp_master *info, int dir, 324 struct sk_buff *skb) 325 { 326 + unsigned int i, oldest; 327 328 /* Look for oldest: if we find exact match, we're done. */ 329 for (i = 0; i < info->seq_aft_nl_num[dir]; i++) { 330 if (info->seq_aft_nl[dir][i] == nl_seq) 331 return; 332 } 333 334 if (info->seq_aft_nl_num[dir] < NUM_SEQ_TO_REMEMBER) { 335 info->seq_aft_nl[dir][info->seq_aft_nl_num[dir]++] = nl_seq; 336 + } else { 337 + if (before(info->seq_aft_nl[dir][0], info->seq_aft_nl[dir][1])) 338 + oldest = 0; 339 + else 340 + oldest = 1; 341 + 342 + if (after(nl_seq, info->seq_aft_nl[dir][oldest])) 343 + info->seq_aft_nl[dir][oldest] = nl_seq; 344 } 345 } 346