Cong Wang <xiyou.wangcong@xxxxxxxxx> wrote: > On Fri, Mar 9, 2018 at 2:58 PM, Eric Dumazet <eric.dumazet@xxxxxxxxx> wrote: > > > > > > On 03/09/2018 02:56 PM, Eric Dumazet wrote: > > > >> > >> I sent a patch a while back, but Pablo/Florian wanted more than that > >> simple fix. > >> > >> We also need to filter special characters like '/' > > proc_create_data() itself accepts '/', so it must be xt_hashlimit doesn't > want it. --hashimit-name / also triggers WARN for me. . or .. "work", (no crash), but cause appearance of 2nd ./.. in /proc/net/ipt_hashlimit , so I think its better to disallow that too. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
