diff options
| author | Alexey Dobriyan <adobriyan@gmail.com> | 2010-02-04 12:24:06 -0500 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-02-04 12:24:06 -0500 |
| commit | 38c7233b287481dfb3327dde136801ce500aba58 (patch) | |
| tree | 5778bd7d0ab1a7002b95f2662b226bb00cace6d7 | |
| parent | ab59b19be78aac65cdd599fb5002c9019885e061 (diff) | |
netfilter: nf_conntrack: restrict runtime expect hashsize modifications
Expectation hashtable size was simply glued to a variable with no code
to rehash expectations, so it was a bug to allow writing to it.
Make "expect_hashsize" readonly.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Patrick McHardy <kaber@trash.net>
| -rw-r--r-- | net/netfilter/nf_conntrack_expect.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c index fdf5d2a1d9b4..4ad7d1d809af 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c | |||
| @@ -569,7 +569,7 @@ static void exp_proc_remove(struct net *net) | |||
| 569 | #endif /* CONFIG_PROC_FS */ | 569 | #endif /* CONFIG_PROC_FS */ |
| 570 | } | 570 | } |
| 571 | 571 | ||
| 572 | module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0600); | 572 | module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0400); |
| 573 | 573 | ||
| 574 | int nf_conntrack_expect_init(struct net *net) | 574 | int nf_conntrack_expect_init(struct net *net) |
| 575 | { | 575 | { |