Commit 31b683b6 authored by David S. Miller's avatar David S. Miller
parents b7a9216c dce766af
...@@ -1406,6 +1406,9 @@ static int do_ebt_set_ctl(struct sock *sk, ...@@ -1406,6 +1406,9 @@ static int do_ebt_set_ctl(struct sock *sk,
{ {
int ret; int ret;
if (!capable(CAP_NET_ADMIN))
return -EPERM;
switch(cmd) { switch(cmd) {
case EBT_SO_SET_ENTRIES: case EBT_SO_SET_ENTRIES:
ret = do_replace(sock_net(sk), user, len); ret = do_replace(sock_net(sk), user, len);
...@@ -1425,6 +1428,9 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) ...@@ -1425,6 +1428,9 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
struct ebt_replace tmp; struct ebt_replace tmp;
struct ebt_table *t; struct ebt_table *t;
if (!capable(CAP_NET_ADMIN))
return -EPERM;
if (copy_from_user(&tmp, user, sizeof(tmp))) if (copy_from_user(&tmp, user, sizeof(tmp)))
return -EFAULT; return -EFAULT;
......
...@@ -113,6 +113,7 @@ config IP_VS_RR ...@@ -113,6 +113,7 @@ config IP_VS_RR
config IP_VS_WRR config IP_VS_WRR
tristate "weighted round-robin scheduling" tristate "weighted round-robin scheduling"
select GCD
---help--- ---help---
The weighted robin-robin scheduling algorithm directs network The weighted robin-robin scheduling algorithm directs network
connections to different real servers based on server weights connections to different real servers based on server weights
......
...@@ -2077,6 +2077,10 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) ...@@ -2077,6 +2077,10 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
if (!capable(CAP_NET_ADMIN)) if (!capable(CAP_NET_ADMIN))
return -EPERM; return -EPERM;
if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_SET_MAX)
return -EINVAL;
if (len < 0 || len > MAX_ARG_LEN)
return -EINVAL;
if (len != set_arglen[SET_CMDID(cmd)]) { if (len != set_arglen[SET_CMDID(cmd)]) {
pr_err("set_ctl: len %u != %u\n", pr_err("set_ctl: len %u != %u\n",
len, set_arglen[SET_CMDID(cmd)]); len, set_arglen[SET_CMDID(cmd)]);
...@@ -2352,17 +2356,25 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) ...@@ -2352,17 +2356,25 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
{ {
unsigned char arg[128]; unsigned char arg[128];
int ret = 0; int ret = 0;
unsigned int copylen;
if (!capable(CAP_NET_ADMIN)) if (!capable(CAP_NET_ADMIN))
return -EPERM; return -EPERM;
if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_GET_MAX)
return -EINVAL;
if (*len < get_arglen[GET_CMDID(cmd)]) { if (*len < get_arglen[GET_CMDID(cmd)]) {
pr_err("get_ctl: len %u < %u\n", pr_err("get_ctl: len %u < %u\n",
*len, get_arglen[GET_CMDID(cmd)]); *len, get_arglen[GET_CMDID(cmd)]);
return -EINVAL; return -EINVAL;
} }
if (copy_from_user(arg, user, get_arglen[GET_CMDID(cmd)]) != 0) copylen = get_arglen[GET_CMDID(cmd)];
if (copylen > 128)
return -EINVAL;
if (copy_from_user(arg, user, copylen) != 0)
return -EFAULT; return -EFAULT;
if (mutex_lock_interruptible(&__ip_vs_mutex)) if (mutex_lock_interruptible(&__ip_vs_mutex))
......
...@@ -24,6 +24,7 @@ ...@@ -24,6 +24,7 @@
#include <linux/module.h> #include <linux/module.h>
#include <linux/kernel.h> #include <linux/kernel.h>
#include <linux/net.h> #include <linux/net.h>
#include <linux/gcd.h>
#include <net/ip_vs.h> #include <net/ip_vs.h>
...@@ -38,20 +39,6 @@ struct ip_vs_wrr_mark { ...@@ -38,20 +39,6 @@ struct ip_vs_wrr_mark {
}; };
/*
* Get the gcd of server weights
*/
static int gcd(int a, int b)
{
int c;
while ((c = a % b)) {
a = b;
b = c;
}
return b;
}
static int ip_vs_wrr_gcd_weight(struct ip_vs_service *svc) static int ip_vs_wrr_gcd_weight(struct ip_vs_service *svc)
{ {
struct ip_vs_dest *dest; struct ip_vs_dest *dest;
......
...@@ -323,23 +323,23 @@ static void update_nl_seq(struct nf_conn *ct, u32 nl_seq, ...@@ -323,23 +323,23 @@ static void update_nl_seq(struct nf_conn *ct, u32 nl_seq,
struct nf_ct_ftp_master *info, int dir, struct nf_ct_ftp_master *info, int dir,
struct sk_buff *skb) struct sk_buff *skb)
{ {
unsigned int i, oldest = NUM_SEQ_TO_REMEMBER; unsigned int i, oldest;
/* Look for oldest: if we find exact match, we're done. */ /* Look for oldest: if we find exact match, we're done. */
for (i = 0; i < info->seq_aft_nl_num[dir]; i++) { for (i = 0; i < info->seq_aft_nl_num[dir]; i++) {
if (info->seq_aft_nl[dir][i] == nl_seq) if (info->seq_aft_nl[dir][i] == nl_seq)
return; return;
if (oldest == info->seq_aft_nl_num[dir] ||
before(info->seq_aft_nl[dir][i],
info->seq_aft_nl[dir][oldest]))
oldest = i;
} }
if (info->seq_aft_nl_num[dir] < NUM_SEQ_TO_REMEMBER) { if (info->seq_aft_nl_num[dir] < NUM_SEQ_TO_REMEMBER) {
info->seq_aft_nl[dir][info->seq_aft_nl_num[dir]++] = nl_seq; info->seq_aft_nl[dir][info->seq_aft_nl_num[dir]++] = nl_seq;
} else if (oldest != NUM_SEQ_TO_REMEMBER && } else {
after(nl_seq, info->seq_aft_nl[dir][oldest])) { if (before(info->seq_aft_nl[dir][0], info->seq_aft_nl[dir][1]))
oldest = 0;
else
oldest = 1;
if (after(nl_seq, info->seq_aft_nl[dir][oldest]))
info->seq_aft_nl[dir][oldest] = nl_seq; info->seq_aft_nl[dir][oldest] = nl_seq;
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment