提交 13ccdfc2 编写于 作者: A Alexey Dobriyan 提交者: David S. Miller

netfilter: nf_conntrack: restrict runtime expect hashsize modifications

Expectation hashtable size was simply glued to a variable with no code
to rehash expectations, so it was a bug to allow writing to it.
Make "expect_hashsize" readonly.
Signed-off-by: NAlexey Dobriyan <adobriyan@gmail.com>
Cc: stable@kernel.org
Signed-off-by: NPatrick McHardy <kaber@trash.net>
上级 5b3501fa
...@@ -569,7 +569,7 @@ static void exp_proc_remove(struct net *net) ...@@ -569,7 +569,7 @@ static void exp_proc_remove(struct net *net)
#endif /* CONFIG_PROC_FS */ #endif /* CONFIG_PROC_FS */
} }
module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0600); module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0400);
int nf_conntrack_expect_init(struct net *net) int nf_conntrack_expect_init(struct net *net)
{ {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册