diff options
| author | Alexey Dobriyan <adobriyan@gmail.com> | 2010-02-04 20:24:06 +0300 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-02-04 20:24:06 +0300 |
| commit | 38c7233b287481dfb3327dde136801ce500aba58 (patch) | |
| tree | 5778bd7d0ab1a7002b95f2662b226bb00cace6d7 | |
| parent | ab59b19be78aac65cdd599fb5002c9019885e061 (diff) | |
| download | linux-38c7233b287481dfb3327dde136801ce500aba58.tar.xz | |
netfilter: nf_conntrack: restrict runtime expect hashsize modifications
Expectation hashtable size was simply glued to a variable with no code
to rehash expectations, so it was a bug to allow writing to it.
Make "expect_hashsize" readonly.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Patrick McHardy <kaber@trash.net>
| -rw-r--r-- | net/netfilter/nf_conntrack_expect.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c index fdf5d2a1d9b4..4ad7d1d809af 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c @@ -569,7 +569,7 @@ static void exp_proc_remove(struct net *net) #endif /* CONFIG_PROC_FS */ } -module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0600); +module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0400); int nf_conntrack_expect_init(struct net *net) { |