Commit 38c7233b authored Feb 04, 2010 by Alexey Dobriyan Committed by Patrick McHardy Feb 04, 2010

netfilter: nf_conntrack: restrict runtime expect hashsize modifications



Expectation hashtable size was simply glued to a variable with no code
to rehash expectations, so it was a bug to allow writing to it.
Make "expect_hashsize" readonly.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Patrick McHardy <kaber@trash.net>

parent ab59b19b

net/netfilter/nf_conntrack_expect.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -569,7 +569,7 @@ static void exp_proc_remove(struct net *net)
		#endif /* CONFIG_PROC_FS */
		}

		module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0600);
		module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0400);

		int nf_conntrack_expect_init(struct net *net)
		{