Loading net/bridge/netfilter/ebtables.c +6 −0 Original line number Original line Diff line number Diff line Loading @@ -1406,6 +1406,9 @@ static int do_ebt_set_ctl(struct sock *sk, { { int ret; int ret; if (!capable(CAP_NET_ADMIN)) return -EPERM; switch(cmd) { switch(cmd) { case EBT_SO_SET_ENTRIES: case EBT_SO_SET_ENTRIES: ret = do_replace(sock_net(sk), user, len); ret = do_replace(sock_net(sk), user, len); Loading @@ -1425,6 +1428,9 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) struct ebt_replace tmp; struct ebt_replace tmp; struct ebt_table *t; struct ebt_table *t; if (!capable(CAP_NET_ADMIN)) return -EPERM; if (copy_from_user(&tmp, user, sizeof(tmp))) if (copy_from_user(&tmp, user, sizeof(tmp))) return -EFAULT; return -EFAULT; Loading net/netfilter/ipvs/Kconfig +2 −1 Original line number Original line Diff line number Diff line Loading @@ -113,6 +113,7 @@ config IP_VS_RR config IP_VS_WRR config IP_VS_WRR tristate "weighted round-robin scheduling" tristate "weighted round-robin scheduling" select GCD ---help--- ---help--- The weighted robin-robin scheduling algorithm directs network The weighted robin-robin scheduling algorithm directs network connections to different real servers based on server weights connections to different real servers based on server weights Loading net/netfilter/ipvs/ip_vs_ctl.c +13 −1 Original line number Original line Diff line number Diff line Loading @@ -2077,6 +2077,10 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) if (!capable(CAP_NET_ADMIN)) if (!capable(CAP_NET_ADMIN)) return -EPERM; return -EPERM; if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_SET_MAX) return -EINVAL; if (len < 0 || len > MAX_ARG_LEN) return -EINVAL; if (len != set_arglen[SET_CMDID(cmd)]) { if (len != set_arglen[SET_CMDID(cmd)]) { pr_err("set_ctl: len %u != %u\n", pr_err("set_ctl: len %u != %u\n", len, set_arglen[SET_CMDID(cmd)]); len, set_arglen[SET_CMDID(cmd)]); Loading Loading @@ -2352,17 +2356,25 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) { { unsigned char arg[128]; unsigned char arg[128]; int ret = 0; int ret = 0; unsigned int copylen; if (!capable(CAP_NET_ADMIN)) if (!capable(CAP_NET_ADMIN)) return -EPERM; return -EPERM; if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_GET_MAX) return -EINVAL; if (*len < get_arglen[GET_CMDID(cmd)]) { if (*len < get_arglen[GET_CMDID(cmd)]) { pr_err("get_ctl: len %u < %u\n", pr_err("get_ctl: len %u < %u\n", *len, get_arglen[GET_CMDID(cmd)]); *len, get_arglen[GET_CMDID(cmd)]); return -EINVAL; return -EINVAL; } } if (copy_from_user(arg, user, get_arglen[GET_CMDID(cmd)]) != 0) copylen = get_arglen[GET_CMDID(cmd)]; if (copylen > 128) return -EINVAL; if (copy_from_user(arg, user, copylen) != 0) return -EFAULT; return -EFAULT; if (mutex_lock_interruptible(&__ip_vs_mutex)) if (mutex_lock_interruptible(&__ip_vs_mutex)) Loading net/netfilter/ipvs/ip_vs_wrr.c +1 −14 Original line number Original line Diff line number Diff line Loading @@ -24,6 +24,7 @@ #include <linux/module.h> #include <linux/module.h> #include <linux/kernel.h> #include <linux/kernel.h> #include <linux/net.h> #include <linux/net.h> #include <linux/gcd.h> #include <net/ip_vs.h> #include <net/ip_vs.h> Loading @@ -38,20 +39,6 @@ struct ip_vs_wrr_mark { }; }; /* * Get the gcd of server weights */ static int gcd(int a, int b) { int c; while ((c = a % b)) { a = b; b = c; } return b; } static int ip_vs_wrr_gcd_weight(struct ip_vs_service *svc) static int ip_vs_wrr_gcd_weight(struct ip_vs_service *svc) { { struct ip_vs_dest *dest; struct ip_vs_dest *dest; Loading net/netfilter/nf_conntrack_ftp.c +9 −9 Original line number Original line Diff line number Diff line Loading @@ -323,23 +323,23 @@ static void update_nl_seq(struct nf_conn *ct, u32 nl_seq, struct nf_ct_ftp_master *info, int dir, struct nf_ct_ftp_master *info, int dir, struct sk_buff *skb) struct sk_buff *skb) { { unsigned int i, oldest = NUM_SEQ_TO_REMEMBER; unsigned int i, oldest; /* Look for oldest: if we find exact match, we're done. */ /* Look for oldest: if we find exact match, we're done. */ for (i = 0; i < info->seq_aft_nl_num[dir]; i++) { for (i = 0; i < info->seq_aft_nl_num[dir]; i++) { if (info->seq_aft_nl[dir][i] == nl_seq) if (info->seq_aft_nl[dir][i] == nl_seq) return; return; if (oldest == info->seq_aft_nl_num[dir] || before(info->seq_aft_nl[dir][i], info->seq_aft_nl[dir][oldest])) oldest = i; } } if (info->seq_aft_nl_num[dir] < NUM_SEQ_TO_REMEMBER) { if (info->seq_aft_nl_num[dir] < NUM_SEQ_TO_REMEMBER) { info->seq_aft_nl[dir][info->seq_aft_nl_num[dir]++] = nl_seq; info->seq_aft_nl[dir][info->seq_aft_nl_num[dir]++] = nl_seq; } else if (oldest != NUM_SEQ_TO_REMEMBER && } else { after(nl_seq, info->seq_aft_nl[dir][oldest])) { if (before(info->seq_aft_nl[dir][0], info->seq_aft_nl[dir][1])) oldest = 0; else oldest = 1; if (after(nl_seq, info->seq_aft_nl[dir][oldest])) info->seq_aft_nl[dir][oldest] = nl_seq; info->seq_aft_nl[dir][oldest] = nl_seq; } } } } Loading Loading
net/bridge/netfilter/ebtables.c +6 −0 Original line number Original line Diff line number Diff line Loading @@ -1406,6 +1406,9 @@ static int do_ebt_set_ctl(struct sock *sk, { { int ret; int ret; if (!capable(CAP_NET_ADMIN)) return -EPERM; switch(cmd) { switch(cmd) { case EBT_SO_SET_ENTRIES: case EBT_SO_SET_ENTRIES: ret = do_replace(sock_net(sk), user, len); ret = do_replace(sock_net(sk), user, len); Loading @@ -1425,6 +1428,9 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) struct ebt_replace tmp; struct ebt_replace tmp; struct ebt_table *t; struct ebt_table *t; if (!capable(CAP_NET_ADMIN)) return -EPERM; if (copy_from_user(&tmp, user, sizeof(tmp))) if (copy_from_user(&tmp, user, sizeof(tmp))) return -EFAULT; return -EFAULT; Loading
net/netfilter/ipvs/Kconfig +2 −1 Original line number Original line Diff line number Diff line Loading @@ -113,6 +113,7 @@ config IP_VS_RR config IP_VS_WRR config IP_VS_WRR tristate "weighted round-robin scheduling" tristate "weighted round-robin scheduling" select GCD ---help--- ---help--- The weighted robin-robin scheduling algorithm directs network The weighted robin-robin scheduling algorithm directs network connections to different real servers based on server weights connections to different real servers based on server weights Loading
net/netfilter/ipvs/ip_vs_ctl.c +13 −1 Original line number Original line Diff line number Diff line Loading @@ -2077,6 +2077,10 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) if (!capable(CAP_NET_ADMIN)) if (!capable(CAP_NET_ADMIN)) return -EPERM; return -EPERM; if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_SET_MAX) return -EINVAL; if (len < 0 || len > MAX_ARG_LEN) return -EINVAL; if (len != set_arglen[SET_CMDID(cmd)]) { if (len != set_arglen[SET_CMDID(cmd)]) { pr_err("set_ctl: len %u != %u\n", pr_err("set_ctl: len %u != %u\n", len, set_arglen[SET_CMDID(cmd)]); len, set_arglen[SET_CMDID(cmd)]); Loading Loading @@ -2352,17 +2356,25 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) { { unsigned char arg[128]; unsigned char arg[128]; int ret = 0; int ret = 0; unsigned int copylen; if (!capable(CAP_NET_ADMIN)) if (!capable(CAP_NET_ADMIN)) return -EPERM; return -EPERM; if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_GET_MAX) return -EINVAL; if (*len < get_arglen[GET_CMDID(cmd)]) { if (*len < get_arglen[GET_CMDID(cmd)]) { pr_err("get_ctl: len %u < %u\n", pr_err("get_ctl: len %u < %u\n", *len, get_arglen[GET_CMDID(cmd)]); *len, get_arglen[GET_CMDID(cmd)]); return -EINVAL; return -EINVAL; } } if (copy_from_user(arg, user, get_arglen[GET_CMDID(cmd)]) != 0) copylen = get_arglen[GET_CMDID(cmd)]; if (copylen > 128) return -EINVAL; if (copy_from_user(arg, user, copylen) != 0) return -EFAULT; return -EFAULT; if (mutex_lock_interruptible(&__ip_vs_mutex)) if (mutex_lock_interruptible(&__ip_vs_mutex)) Loading
net/netfilter/ipvs/ip_vs_wrr.c +1 −14 Original line number Original line Diff line number Diff line Loading @@ -24,6 +24,7 @@ #include <linux/module.h> #include <linux/module.h> #include <linux/kernel.h> #include <linux/kernel.h> #include <linux/net.h> #include <linux/net.h> #include <linux/gcd.h> #include <net/ip_vs.h> #include <net/ip_vs.h> Loading @@ -38,20 +39,6 @@ struct ip_vs_wrr_mark { }; }; /* * Get the gcd of server weights */ static int gcd(int a, int b) { int c; while ((c = a % b)) { a = b; b = c; } return b; } static int ip_vs_wrr_gcd_weight(struct ip_vs_service *svc) static int ip_vs_wrr_gcd_weight(struct ip_vs_service *svc) { { struct ip_vs_dest *dest; struct ip_vs_dest *dest; Loading
net/netfilter/nf_conntrack_ftp.c +9 −9 Original line number Original line Diff line number Diff line Loading @@ -323,23 +323,23 @@ static void update_nl_seq(struct nf_conn *ct, u32 nl_seq, struct nf_ct_ftp_master *info, int dir, struct nf_ct_ftp_master *info, int dir, struct sk_buff *skb) struct sk_buff *skb) { { unsigned int i, oldest = NUM_SEQ_TO_REMEMBER; unsigned int i, oldest; /* Look for oldest: if we find exact match, we're done. */ /* Look for oldest: if we find exact match, we're done. */ for (i = 0; i < info->seq_aft_nl_num[dir]; i++) { for (i = 0; i < info->seq_aft_nl_num[dir]; i++) { if (info->seq_aft_nl[dir][i] == nl_seq) if (info->seq_aft_nl[dir][i] == nl_seq) return; return; if (oldest == info->seq_aft_nl_num[dir] || before(info->seq_aft_nl[dir][i], info->seq_aft_nl[dir][oldest])) oldest = i; } } if (info->seq_aft_nl_num[dir] < NUM_SEQ_TO_REMEMBER) { if (info->seq_aft_nl_num[dir] < NUM_SEQ_TO_REMEMBER) { info->seq_aft_nl[dir][info->seq_aft_nl_num[dir]++] = nl_seq; info->seq_aft_nl[dir][info->seq_aft_nl_num[dir]++] = nl_seq; } else if (oldest != NUM_SEQ_TO_REMEMBER && } else { after(nl_seq, info->seq_aft_nl[dir][oldest])) { if (before(info->seq_aft_nl[dir][0], info->seq_aft_nl[dir][1])) oldest = 0; else oldest = 1; if (after(nl_seq, info->seq_aft_nl[dir][oldest])) info->seq_aft_nl[dir][oldest] = nl_seq; info->seq_aft_nl[dir][oldest] = nl_seq; } } } } Loading
