Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6
This commit is contained in:
commit
31b683b644
@ -1406,6 +1406,9 @@ static int do_ebt_set_ctl(struct sock *sk,
|
||||
{
|
||||
int ret;
|
||||
|
||||
if (!capable(CAP_NET_ADMIN))
|
||||
return -EPERM;
|
||||
|
||||
switch(cmd) {
|
||||
case EBT_SO_SET_ENTRIES:
|
||||
ret = do_replace(sock_net(sk), user, len);
|
||||
@ -1425,6 +1428,9 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
|
||||
struct ebt_replace tmp;
|
||||
struct ebt_table *t;
|
||||
|
||||
if (!capable(CAP_NET_ADMIN))
|
||||
return -EPERM;
|
||||
|
||||
if (copy_from_user(&tmp, user, sizeof(tmp)))
|
||||
return -EFAULT;
|
||||
|
||||
|
@ -112,7 +112,8 @@ config IP_VS_RR
|
||||
module, choose M here. If unsure, say N.
|
||||
|
||||
config IP_VS_WRR
|
||||
tristate "weighted round-robin scheduling"
|
||||
tristate "weighted round-robin scheduling"
|
||||
select GCD
|
||||
---help---
|
||||
The weighted robin-robin scheduling algorithm directs network
|
||||
connections to different real servers based on server weights
|
||||
|
@ -2077,6 +2077,10 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
|
||||
if (!capable(CAP_NET_ADMIN))
|
||||
return -EPERM;
|
||||
|
||||
if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_SET_MAX)
|
||||
return -EINVAL;
|
||||
if (len < 0 || len > MAX_ARG_LEN)
|
||||
return -EINVAL;
|
||||
if (len != set_arglen[SET_CMDID(cmd)]) {
|
||||
pr_err("set_ctl: len %u != %u\n",
|
||||
len, set_arglen[SET_CMDID(cmd)]);
|
||||
@ -2352,17 +2356,25 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
|
||||
{
|
||||
unsigned char arg[128];
|
||||
int ret = 0;
|
||||
unsigned int copylen;
|
||||
|
||||
if (!capable(CAP_NET_ADMIN))
|
||||
return -EPERM;
|
||||
|
||||
if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_GET_MAX)
|
||||
return -EINVAL;
|
||||
|
||||
if (*len < get_arglen[GET_CMDID(cmd)]) {
|
||||
pr_err("get_ctl: len %u < %u\n",
|
||||
*len, get_arglen[GET_CMDID(cmd)]);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (copy_from_user(arg, user, get_arglen[GET_CMDID(cmd)]) != 0)
|
||||
copylen = get_arglen[GET_CMDID(cmd)];
|
||||
if (copylen > 128)
|
||||
return -EINVAL;
|
||||
|
||||
if (copy_from_user(arg, user, copylen) != 0)
|
||||
return -EFAULT;
|
||||
|
||||
if (mutex_lock_interruptible(&__ip_vs_mutex))
|
||||
|
@ -24,6 +24,7 @@
|
||||
#include <linux/module.h>
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/net.h>
|
||||
#include <linux/gcd.h>
|
||||
|
||||
#include <net/ip_vs.h>
|
||||
|
||||
@ -38,20 +39,6 @@ struct ip_vs_wrr_mark {
|
||||
};
|
||||
|
||||
|
||||
/*
|
||||
* Get the gcd of server weights
|
||||
*/
|
||||
static int gcd(int a, int b)
|
||||
{
|
||||
int c;
|
||||
|
||||
while ((c = a % b)) {
|
||||
a = b;
|
||||
b = c;
|
||||
}
|
||||
return b;
|
||||
}
|
||||
|
||||
static int ip_vs_wrr_gcd_weight(struct ip_vs_service *svc)
|
||||
{
|
||||
struct ip_vs_dest *dest;
|
||||
|
@ -323,24 +323,24 @@ static void update_nl_seq(struct nf_conn *ct, u32 nl_seq,
|
||||
struct nf_ct_ftp_master *info, int dir,
|
||||
struct sk_buff *skb)
|
||||
{
|
||||
unsigned int i, oldest = NUM_SEQ_TO_REMEMBER;
|
||||
unsigned int i, oldest;
|
||||
|
||||
/* Look for oldest: if we find exact match, we're done. */
|
||||
for (i = 0; i < info->seq_aft_nl_num[dir]; i++) {
|
||||
if (info->seq_aft_nl[dir][i] == nl_seq)
|
||||
return;
|
||||
|
||||
if (oldest == info->seq_aft_nl_num[dir] ||
|
||||
before(info->seq_aft_nl[dir][i],
|
||||
info->seq_aft_nl[dir][oldest]))
|
||||
oldest = i;
|
||||
}
|
||||
|
||||
if (info->seq_aft_nl_num[dir] < NUM_SEQ_TO_REMEMBER) {
|
||||
info->seq_aft_nl[dir][info->seq_aft_nl_num[dir]++] = nl_seq;
|
||||
} else if (oldest != NUM_SEQ_TO_REMEMBER &&
|
||||
after(nl_seq, info->seq_aft_nl[dir][oldest])) {
|
||||
info->seq_aft_nl[dir][oldest] = nl_seq;
|
||||
} else {
|
||||
if (before(info->seq_aft_nl[dir][0], info->seq_aft_nl[dir][1]))
|
||||
oldest = 0;
|
||||
else
|
||||
oldest = 1;
|
||||
|
||||
if (after(nl_seq, info->seq_aft_nl[dir][oldest]))
|
||||
info->seq_aft_nl[dir][oldest] = nl_seq;
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user