Re: [patch 3/4] Make sure ip_vs_ftp ports are valid
Horms wrote: Here is the revised patch. [IPVS] Make sure ip_vs_ftp ports are valid I'm not entirely sure what happens in the case of a valid port, at best it'll be silently ignored. This patch ensures that the port values are unsigned short values, and thus always valid. Cc: Patrick McHardy [EMAIL PROTECTED] Signed-Off-By: Simon Horman [EMAIL PROTECTED] Index: linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c === --- linux-2.6.orig/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-04 10:47:09.0 +0900 +++ linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-04 10:59:30.0 +0900 @@ -44,8 +44,8 @@ * List of ports (up to IP_VS_APP_MAX_PORTS) to be handled by helper * First port is set to the default port. */ -static int ports[IP_VS_APP_MAX_PORTS] = {21, 0}; -module_param_array(ports, int, NULL, 0); +static unsigned short ports[IP_VS_APP_MAX_PORTS] = {21, 0}; +module_param_array(ports, ushort, NULL, 0); MODULE_PARM_DESC(ports, Ports to monitor for FTP control commands); /* It looks like the wrong patch went in: http://marc.theaimsgroup.com/?l=git-commits-headm=115862407021941w=2 - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [patch 3/4] Make sure ip_vs_ftp ports are valid
On Wed, Sep 20, 2006 at 12:29:45PM +0200, Patrick McHardy wrote: Horms wrote: Here is the revised patch. [IPVS] Make sure ip_vs_ftp ports are valid I'm not entirely sure what happens in the case of a valid port, at best it'll be silently ignored. This patch ensures that the port values are unsigned short values, and thus always valid. Cc: Patrick McHardy [EMAIL PROTECTED] Signed-Off-By: Simon Horman [EMAIL PROTECTED] Index: linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c === --- linux-2.6.orig/net/ipv4/ipvs/ip_vs_ftp.c2006-09-04 10:47:09.0 +0900 +++ linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-04 10:59:30.0 +0900 @@ -44,8 +44,8 @@ * List of ports (up to IP_VS_APP_MAX_PORTS) to be handled by helper * First port is set to the default port. */ -static int ports[IP_VS_APP_MAX_PORTS] = {21, 0}; -module_param_array(ports, int, NULL, 0); +static unsigned short ports[IP_VS_APP_MAX_PORTS] = {21, 0}; +module_param_array(ports, ushort, NULL, 0); MODULE_PARM_DESC(ports, Ports to monitor for FTP control commands); /* It looks like the wrong patch went in: http://marc.theaimsgroup.com/?l=git-commits-headm=115862407021941w=2 Thanks for pointing that out. I'll send out patches to reverse the committed change, and add the newer incarntation. -- Horms H: http://www.vergenet.net/~horms/ W: http://www.valinux.co.jp/en/ - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [patch 3/4] Make sure ip_vs_ftp ports are valid
Horms wrote: I'm not entirely sure what happens in the case of a valid port, at best it'll be silently ignored. This patch ignores them a little more verbosely. Signed-Off-By: Simon Horman [EMAIL PROTECTED] Index: linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c === --- linux-2.6.orig/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-01 19:06:42.0 +0900 +++ linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-01 19:08:19.0 +0900 @@ -373,6 +373,12 @@ for (i=0; iIP_VS_APP_MAX_PORTS; i++) { if (!ports[i]) continue; + if (ports[i] 0 || ports[i] 0x) { + IP_VS_WARNING(ip_vs_ftp: Ignoring invalid + configuration port[%d] = %d\n, + i, ports[i]); + continue; + } How about just changing the module parameter type to ushort, similar to what ip_conntrack_ftp does? # modprobe ip_conntrack_ftp ports=999392 ip_conntrack_ftp: `999392' invalid for parameter `ports' -- VGER BF report: H 0.41558 - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [patch 3/4] Make sure ip_vs_ftp ports are valid
On Mon, Sep 04, 2006 at 01:09:59AM +0200, Patrick McHardy wrote: Horms wrote: I'm not entirely sure what happens in the case of a valid port, at best it'll be silently ignored. This patch ignores them a little more verbosely. Signed-Off-By: Simon Horman [EMAIL PROTECTED] Index: linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c === --- linux-2.6.orig/net/ipv4/ipvs/ip_vs_ftp.c2006-09-01 19:06:42.0 +0900 +++ linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-01 19:08:19.0 +0900 @@ -373,6 +373,12 @@ for (i=0; iIP_VS_APP_MAX_PORTS; i++) { if (!ports[i]) continue; + if (ports[i] 0 || ports[i] 0x) { + IP_VS_WARNING(ip_vs_ftp: Ignoring invalid + configuration port[%d] = %d\n, + i, ports[i]); + continue; + } How about just changing the module parameter type to ushort, similar to what ip_conntrack_ftp does? Sure. I wasn't sure if that was possible or not. But as it is, I will make it so. -- Horms H: http://www.vergenet.net/~horms/ W: http://www.valinux.co.jp/en/ -- VGER BF report: U 0.575956 - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [patch 3/4] Make sure ip_vs_ftp ports are valid
On Mon, Sep 04, 2006 at 09:44:02AM +0900, Horms wrote: On Mon, Sep 04, 2006 at 01:09:59AM +0200, Patrick McHardy wrote: Horms wrote: I'm not entirely sure what happens in the case of a valid port, at best it'll be silently ignored. This patch ignores them a little more verbosely. Signed-Off-By: Simon Horman [EMAIL PROTECTED] Index: linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c === --- linux-2.6.orig/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-01 19:06:42.0 +0900 +++ linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-01 19:08:19.0 +0900 @@ -373,6 +373,12 @@ for (i=0; iIP_VS_APP_MAX_PORTS; i++) { if (!ports[i]) continue; + if (ports[i] 0 || ports[i] 0x) { + IP_VS_WARNING(ip_vs_ftp: Ignoring invalid + configuration port[%d] = %d\n, + i, ports[i]); + continue; + } How about just changing the module parameter type to ushort, similar to what ip_conntrack_ftp does? Sure. I wasn't sure if that was possible or not. But as it is, I will make it so. Here is the revised patch. -- Horms H: http://www.vergenet.net/~horms/ W: http://www.valinux.co.jp/en/ [IPVS] Make sure ip_vs_ftp ports are valid I'm not entirely sure what happens in the case of a valid port, at best it'll be silently ignored. This patch ensures that the port values are unsigned short values, and thus always valid. Cc: Patrick McHardy [EMAIL PROTECTED] Signed-Off-By: Simon Horman [EMAIL PROTECTED] Index: linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c === --- linux-2.6.orig/net/ipv4/ipvs/ip_vs_ftp.c2006-09-04 10:47:09.0 +0900 +++ linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-04 10:59:30.0 +0900 @@ -44,8 +44,8 @@ * List of ports (up to IP_VS_APP_MAX_PORTS) to be handled by helper * First port is set to the default port. */ -static int ports[IP_VS_APP_MAX_PORTS] = {21, 0}; -module_param_array(ports, int, NULL, 0); +static unsigned short ports[IP_VS_APP_MAX_PORTS] = {21, 0}; +module_param_array(ports, ushort, NULL, 0); MODULE_PARM_DESC(ports, Ports to monitor for FTP control commands); /* -- VGER BF report: U 0.832414 - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
[patch 3/4] Make sure ip_vs_ftp ports are valid
I'm not entirely sure what happens in the case of a valid port, at best it'll be silently ignored. This patch ignores them a little more verbosely. Signed-Off-By: Simon Horman [EMAIL PROTECTED] Index: linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c === --- linux-2.6.orig/net/ipv4/ipvs/ip_vs_ftp.c2006-09-01 19:06:42.0 +0900 +++ linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-01 19:08:19.0 +0900 @@ -373,6 +373,12 @@ for (i=0; iIP_VS_APP_MAX_PORTS; i++) { if (!ports[i]) continue; + if (ports[i] 0 || ports[i] 0x) { + IP_VS_WARNING(ip_vs_ftp: Ignoring invalid + configuration port[%d] = %d\n, + i, ports[i]); + continue; + } ret = register_ip_vs_app_inc(app, app-protocol, ports[i]); if (ret) break; -- -- Horms H: http://www.vergenet.net/~horms/ W: http://www.valinux.co.jp/en/ - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html