Re: [PATCH] ipv4: kernel panic when only one unsecured port available

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: David Miller <davem@...>

Cc: <aarapov@...>, <linux-kernel@...>, <linux-netdev@...>, <davem@...>, <jgarzik@...>

Subject: Re: [PATCH] ipv4: kernel panic when only one unsecured port available

Date: Monday, October 15, 2007 - 5:00 pm

On Mon, 15 Oct 2007 13:06:14 -0700 (PDT)
David Miller <davem@davemloft.net> wrote:

quoted text> From: Andrew Morton <akpm@linux-foundation.org>
> Date: Mon, 15 Oct 2007 12:49:19 -0700
> 
> > This code has recently been reworked, but from my reading, that
> > divide-by-zero can still occur.  And given that the numbers in
> > /proc/sys/net/ipv4/ip_local_port_range are inclusive, the arithmetic in
> > inet_csk_get_port() seems to just be wrong?
> > 
> > So we have this, against David's current devel tree:
> 
> I'm pretty sure we took care of this, but maybe not :-)

<looks>

OK, in ipv4_local_port_range() we have 

                if (range[1] <= range[0])
                        ret = -EINVAL;

which will prevent the crashes.

But is it good to disallow high=low?  This disallows a port range of one
single port.  Unless "high" is exclusive.  But
Documentation/filesystems/proc.txt says

: ip_local_port_range
: -------------------
:
: Range of  ports  used  by  TCP  and UDP to choose the local port. Contains two
: numbers, the  first  number  is the lowest port, the second number the highest
: local port.  Default  is  1024-4999.  Should  be  changed  to  32768-61000 for
: high-usage systems.

ie: inclusive.

Documentation/networking/ip-sysctl.txt says

: ip_local_port_range - 2 INTEGERS
: 	Defines the local port range that is used by TCP and UDP to
: 	choose the local port. The first number is the first, the 
: 	second the last local port number. Default value depends on
: 	amount of memory available on the system:
: 	> 128Mb 32768-61000
: 	< 128Mb 1024-4999 or even less.
: 	This number defines number of active connections, which this
: 	system can issue simultaneously to systems not supporting
: 	TCP extensions (timestamps). With tcp_tw_recycle enabled
: 	(i.e. by default) range 1024-4999 is enough to issue up to
: 	2000 connections per second to systems supporting timestamps.

also inclusive.

-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH] ipv4: kernel panic when only one unsecured port avai..., Anton Arapov, (Tue Oct 9, 9:59 am)

Re: [PATCH] ipv4: kernel panic when only one unsecured port ..., Andrew Morton, (Mon Oct 15, 3:49 pm)

Re: [PATCH] ipv4: kernel panic when only one unsecured port ..., David Miller, (Mon Oct 15, 4:06 pm)

Re: [PATCH] ipv4: kernel panic when only one unsecured port ..., Andrew Morton, (Mon Oct 15, 5:00 pm)

Re: [PATCH] ipv4: kernel panic when only one unsecured port ..., Anton Arapov, (Tue Oct 16, 1:59 am)


linux-kernel:
Greg Kroah-Hartman	[PATCH 004/196] Chinese: add translation of SubmittingPatches
David Chinner	Re: [RFD] BIO_RW_BARRIER - what it means for devices, filesystems, and dm/md.
Andrew Morton	-mm merge plans for 2.6.23
Trent Piepho	Re: [PATCH] [POWERPC] Improve (in\|out)_beXX() asm code
git:

linux-netdev:
David Miller	Re: iptables very slow after commit784544739a25c30637397ace5489eeb6e15d7d49
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
David Miller	[GIT]: Networking
openbsd-misc:

Re: [PATCH] ipv4: kernel panic when only one unsecured port available

Online users