aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6
diff options
context:
space:
mode:
authorStephen Hemminger <shemminger@linux-foundation.org>2007-10-10 20:30:46 -0400
committerDavid S. Miller <davem@davemloft.net>2007-10-10 20:30:46 -0400
commit227b60f5102cda4e4ab792b526a59c8cb20cd9f8 (patch)
tree2c9e372601ba794894833b0618bc531a9f5d57c4 /net/ipv6
parent06393009000779b00a558fd2f280882cc7dc2008 (diff)
[INET]: local port range robustness
Expansion of original idea from Denis V. Lunev <den@openvz.org> Add robustness and locking to the local_port_range sysctl. 1. Enforce that low < high when setting. 2. Use seqlock to ensure atomic update. The locking might seem like overkill, but there are cases where sysadmin might want to change value in the middle of a DoS attack. Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/inet6_hashtables.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c
index ae6b0e7eb488..1c2c27655435 100644
--- a/net/ipv6/inet6_hashtables.c
+++ b/net/ipv6/inet6_hashtables.c
@@ -254,18 +254,18 @@ int inet6_hash_connect(struct inet_timewait_death_row *death_row,
254 int ret; 254 int ret;
255 255
256 if (snum == 0) { 256 if (snum == 0) {
257 const int low = sysctl_local_port_range[0]; 257 int i, port, low, high, remaining;
258 const int high = sysctl_local_port_range[1];
259 const int range = high - low;
260 int i, port;
261 static u32 hint; 258 static u32 hint;
262 const u32 offset = hint + inet6_sk_port_offset(sk); 259 const u32 offset = hint + inet6_sk_port_offset(sk);
263 struct hlist_node *node; 260 struct hlist_node *node;
264 struct inet_timewait_sock *tw = NULL; 261 struct inet_timewait_sock *tw = NULL;
265 262
263 inet_get_local_port_range(&low, &high);
264 remaining = high - low;
265
266 local_bh_disable(); 266 local_bh_disable();
267 for (i = 1; i <= range; i++) { 267 for (i = 1; i <= remaining; i++) {
268 port = low + (i + offset) % range; 268 port = low + (i + offset) % remaining;
269 head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)]; 269 head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)];
270 spin_lock(&head->lock); 270 spin_lock(&head->lock);
271 271