Re: [PATCH net] ipvs: Improve robustness to the ipvs sysctl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



	Hello,

On Mon, 29 Jul 2019, Florian Westphal wrote:

> > diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
> > index 741d91aa4a8d..e78fd05f108b 100644
> > --- a/net/netfilter/ipvs/ip_vs_ctl.c
> > +++ b/net/netfilter/ipvs/ip_vs_ctl.c
> > @@ -1680,12 +1680,18 @@ proc_do_defense_mode(struct ctl_table *table, int write,
> >  	int val = *valp;
> >  	int rc;
> > 
> > -	rc = proc_dointvec(table, write, buffer, lenp, ppos);
> > +	struct ctl_table tmp = {
> > +		.data = &val,
> > +		.maxlen = sizeof(int),
> > +		.mode = table->mode,
> > +	};
> > +
> > +	rc = proc_dointvec(&tmp, write, buffer, lenp, ppos);
> 
> Wouldn't it be better do use proc_dointvec_minmax and set the
> constraints via .extra1,2 in the sysctl knob definition?

	We store the 'ipvs' back-ptr in extra2, so may be we
can not use it in the table for proc_do_defense_mode, only for
tmp. proc_do_sync_mode may use extra1/2 in table for the
proc_dointvec_minmax call.

Regards

--
Julian Anastasov <ja@xxxxxx>



[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux