Re: [patch 3/4] Make sure ip_vs_ftp ports are valid
Horms wrote:
Here is the revised patch.
[IPVS] Make sure ip_vs_ftp ports are valid
I'm not entirely sure what happens in the case of a valid port,
at best it'll be silently ignored. This patch ensures that
the port values are unsigned short values, and thus always valid.
Cc: Patrick McHardy [EMAIL PROTECTED]
Signed-Off-By: Simon Horman [EMAIL PROTECTED]
Index: linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c
===
--- linux-2.6.orig/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-04
10:47:09.0 +0900
+++ linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-04 10:59:30.0
+0900
@@ -44,8 +44,8 @@
* List of ports (up to IP_VS_APP_MAX_PORTS) to be handled by helper
* First port is set to the default port.
*/
-static int ports[IP_VS_APP_MAX_PORTS] = {21, 0};
-module_param_array(ports, int, NULL, 0);
+static unsigned short ports[IP_VS_APP_MAX_PORTS] = {21, 0};
+module_param_array(ports, ushort, NULL, 0);
MODULE_PARM_DESC(ports, Ports to monitor for FTP control commands);
/*
It looks like the wrong patch went in:
http://marc.theaimsgroup.com/?l=git-commits-headm=115862407021941w=2
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [patch 3/4] Make sure ip_vs_ftp ports are valid
On Wed, Sep 20, 2006 at 12:29:45PM +0200, Patrick McHardy wrote:
Horms wrote:
Here is the revised patch.
[IPVS] Make sure ip_vs_ftp ports are valid
I'm not entirely sure what happens in the case of a valid port,
at best it'll be silently ignored. This patch ensures that
the port values are unsigned short values, and thus always valid.
Cc: Patrick McHardy [EMAIL PROTECTED]
Signed-Off-By: Simon Horman [EMAIL PROTECTED]
Index: linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c
===
--- linux-2.6.orig/net/ipv4/ipvs/ip_vs_ftp.c2006-09-04
10:47:09.0 +0900
+++ linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-04 10:59:30.0
+0900
@@ -44,8 +44,8 @@
* List of ports (up to IP_VS_APP_MAX_PORTS) to be handled by helper
* First port is set to the default port.
*/
-static int ports[IP_VS_APP_MAX_PORTS] = {21, 0};
-module_param_array(ports, int, NULL, 0);
+static unsigned short ports[IP_VS_APP_MAX_PORTS] = {21, 0};
+module_param_array(ports, ushort, NULL, 0);
MODULE_PARM_DESC(ports, Ports to monitor for FTP control commands);
/*
It looks like the wrong patch went in:
http://marc.theaimsgroup.com/?l=git-commits-headm=115862407021941w=2
Thanks for pointing that out. I'll send out patches to reverse
the committed change, and add the newer incarntation.
--
Horms
H: http://www.vergenet.net/~horms/
W: http://www.valinux.co.jp/en/
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [patch 3/4] Make sure ip_vs_ftp ports are valid
Horms wrote:
I'm not entirely sure what happens in the case of a valid port,
at best it'll be silently ignored. This patch ignores them a little
more verbosely.
Signed-Off-By: Simon Horman [EMAIL PROTECTED]
Index: linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c
===
--- linux-2.6.orig/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-01 19:06:42.0
+0900
+++ linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-01 19:08:19.0
+0900
@@ -373,6 +373,12 @@
for (i=0; iIP_VS_APP_MAX_PORTS; i++) {
if (!ports[i])
continue;
+ if (ports[i] 0 || ports[i] 0x) {
+ IP_VS_WARNING(ip_vs_ftp: Ignoring invalid
+ configuration port[%d] = %d\n,
+ i, ports[i]);
+ continue;
+ }
How about just changing the module parameter type to ushort, similar to
what ip_conntrack_ftp does?
# modprobe ip_conntrack_ftp ports=999392
ip_conntrack_ftp: `999392' invalid for parameter `ports'
--
VGER BF report: H 0.41558
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [patch 3/4] Make sure ip_vs_ftp ports are valid
On Mon, Sep 04, 2006 at 01:09:59AM +0200, Patrick McHardy wrote:
Horms wrote:
I'm not entirely sure what happens in the case of a valid port,
at best it'll be silently ignored. This patch ignores them a little
more verbosely.
Signed-Off-By: Simon Horman [EMAIL PROTECTED]
Index: linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c
===
--- linux-2.6.orig/net/ipv4/ipvs/ip_vs_ftp.c2006-09-01
19:06:42.0 +0900
+++ linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-01 19:08:19.0
+0900
@@ -373,6 +373,12 @@
for (i=0; iIP_VS_APP_MAX_PORTS; i++) {
if (!ports[i])
continue;
+ if (ports[i] 0 || ports[i] 0x) {
+ IP_VS_WARNING(ip_vs_ftp: Ignoring invalid
+ configuration port[%d] = %d\n,
+ i, ports[i]);
+ continue;
+ }
How about just changing the module parameter type to ushort, similar to
what ip_conntrack_ftp does?
Sure. I wasn't sure if that was possible or not.
But as it is, I will make it so.
--
Horms
H: http://www.vergenet.net/~horms/
W: http://www.valinux.co.jp/en/
--
VGER BF report: U 0.575956
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [patch 3/4] Make sure ip_vs_ftp ports are valid
On Mon, Sep 04, 2006 at 09:44:02AM +0900, Horms wrote:
On Mon, Sep 04, 2006 at 01:09:59AM +0200, Patrick McHardy wrote:
Horms wrote:
I'm not entirely sure what happens in the case of a valid port,
at best it'll be silently ignored. This patch ignores them a little
more verbosely.
Signed-Off-By: Simon Horman [EMAIL PROTECTED]
Index: linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c
===
--- linux-2.6.orig/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-01
19:06:42.0 +0900
+++ linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-01 19:08:19.0
+0900
@@ -373,6 +373,12 @@
for (i=0; iIP_VS_APP_MAX_PORTS; i++) {
if (!ports[i])
continue;
+ if (ports[i] 0 || ports[i] 0x) {
+ IP_VS_WARNING(ip_vs_ftp: Ignoring invalid
+ configuration port[%d] = %d\n,
+ i, ports[i]);
+ continue;
+ }
How about just changing the module parameter type to ushort, similar to
what ip_conntrack_ftp does?
Sure. I wasn't sure if that was possible or not.
But as it is, I will make it so.
Here is the revised patch.
--
Horms
H: http://www.vergenet.net/~horms/
W: http://www.valinux.co.jp/en/
[IPVS] Make sure ip_vs_ftp ports are valid
I'm not entirely sure what happens in the case of a valid port,
at best it'll be silently ignored. This patch ensures that
the port values are unsigned short values, and thus always valid.
Cc: Patrick McHardy [EMAIL PROTECTED]
Signed-Off-By: Simon Horman [EMAIL PROTECTED]
Index: linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c
===
--- linux-2.6.orig/net/ipv4/ipvs/ip_vs_ftp.c2006-09-04 10:47:09.0
+0900
+++ linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-04 10:59:30.0 +0900
@@ -44,8 +44,8 @@
* List of ports (up to IP_VS_APP_MAX_PORTS) to be handled by helper
* First port is set to the default port.
*/
-static int ports[IP_VS_APP_MAX_PORTS] = {21, 0};
-module_param_array(ports, int, NULL, 0);
+static unsigned short ports[IP_VS_APP_MAX_PORTS] = {21, 0};
+module_param_array(ports, ushort, NULL, 0);
MODULE_PARM_DESC(ports, Ports to monitor for FTP control commands);
/*
--
VGER BF report: U 0.832414
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
[patch 3/4] Make sure ip_vs_ftp ports are valid
I'm not entirely sure what happens in the case of a valid port,
at best it'll be silently ignored. This patch ignores them a little
more verbosely.
Signed-Off-By: Simon Horman [EMAIL PROTECTED]
Index: linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c
===
--- linux-2.6.orig/net/ipv4/ipvs/ip_vs_ftp.c2006-09-01 19:06:42.0
+0900
+++ linux-2.6/net/ipv4/ipvs/ip_vs_ftp.c 2006-09-01 19:08:19.0 +0900
@@ -373,6 +373,12 @@
for (i=0; iIP_VS_APP_MAX_PORTS; i++) {
if (!ports[i])
continue;
+ if (ports[i] 0 || ports[i] 0x) {
+ IP_VS_WARNING(ip_vs_ftp: Ignoring invalid
+ configuration port[%d] = %d\n,
+ i, ports[i]);
+ continue;
+ }
ret = register_ip_vs_app_inc(app, app-protocol, ports[i]);
if (ret)
break;
--
--
Horms
H: http://www.vergenet.net/~horms/
W: http://www.valinux.co.jp/en/
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
