Re: [PATCH net] ipvs: Improve robustness to the ipvs sysctl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello, Julian

On 2019/7/30 4:20, Julian Anastasov wrote:
> 
> 	Hello,
> 
> On Mon, 29 Jul 2019, Florian Westphal wrote:
> 
>>> diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
>>> index 741d91aa4a8d..e78fd05f108b 100644
>>> --- a/net/netfilter/ipvs/ip_vs_ctl.c
>>> +++ b/net/netfilter/ipvs/ip_vs_ctl.c
>>> @@ -1680,12 +1680,18 @@ proc_do_defense_mode(struct ctl_table *table, int write,
>>>  	int val = *valp;
>>>  	int rc;
>>>
>>> -	rc = proc_dointvec(table, write, buffer, lenp, ppos);
>>> +	struct ctl_table tmp = {
>>> +		.data = &val,
>>> +		.maxlen = sizeof(int),
>>> +		.mode = table->mode,
>>> +	};
>>> +
>>> +	rc = proc_dointvec(&tmp, write, buffer, lenp, ppos);
>>
>> Wouldn't it be better do use proc_dointvec_minmax and set the
>> constraints via .extra1,2 in the sysctl knob definition?
> 
> 	We store the 'ipvs' back-ptr in extra2, so may be we
> can not use it in the table for proc_do_defense_mode, only for
> tmp. proc_do_sync_mode may use extra1/2 in table for the
> proc_dointvec_minmax call.
> 
> Regards
> 
> --
> Julian Anastasov <ja@xxxxxx>
> 
> .
> 

I agree with you, in these four function, only proc_do_sync_mode can
use extra1/2 in table for the proc_dointvec_minmax,
i will update it in patch v2. Thank you for reply.

Regards,
Junwei




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux