diff options
author | Alexey Dobriyan <adobriyan@gmail.com> | 2010-02-08 14:17:22 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-02-08 14:17:22 -0500 |
commit | 13ccdfc2af03e09e60791f7d4bc4ccf53398af7c (patch) | |
tree | 5b83b77e6b06e1dc845199227734a54eb2d857d3 | |
parent | 5b3501faa8741d50617ce4191c20061c6ef36cb3 (diff) |
netfilter: nf_conntrack: restrict runtime expect hashsize modifications
Expectation hashtable size was simply glued to a variable with no code
to rehash expectations, so it was a bug to allow writing to it.
Make "expect_hashsize" readonly.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r-- | net/netfilter/nf_conntrack_expect.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c index fdf5d2a1d9b4..4ad7d1d809af 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c | |||
@@ -569,7 +569,7 @@ static void exp_proc_remove(struct net *net) | |||
569 | #endif /* CONFIG_PROC_FS */ | 569 | #endif /* CONFIG_PROC_FS */ |
570 | } | 570 | } |
571 | 571 | ||
572 | module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0600); | 572 | module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0400); |
573 | 573 | ||
574 | int nf_conntrack_expect_init(struct net *net) | 574 | int nf_conntrack_expect_init(struct net *net) |
575 | { | 575 | { |