diff options
| author | Alexey Dobriyan <adobriyan@gmail.com> | 2010-02-08 11:17:22 -0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@suse.de> | 2010-02-23 07:37:53 -0800 |
| commit | 51d3a347944f76bc2f304e0622d61b9b39fec585 (patch) | |
| tree | 1cec1d179455a95d6b1968b1a491e64dad6975bd /net/netfilter | |
| parent | 747edef00c9b2147ca0b3d5bc33e9291a9a6d86e (diff) | |
netfilter: nf_conntrack: restrict runtime expect hashsize modifications
commit 13ccdfc2af03e09e60791f7d4bc4ccf53398af7c upstream.
Expectation hashtable size was simply glued to a variable with no code
to rehash expectations, so it was a bug to allow writing to it.
Make "expect_hashsize" readonly.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/nf_conntrack_expect.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c index 2032dfe25ca..1b8ed66aa0b 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c @@ -569,7 +569,7 @@ static void exp_proc_remove(struct net *net) #endif /* CONFIG_PROC_FS */ } -module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0600); +module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0400); int nf_conntrack_expect_init(struct net *net) { |