|
The following patch adds a sysctl variable for administrators to set
limits on the number of per-socket multicast source filters for IPv4.
The in-line patch for review is for 2.4.25. Attached is the 2.4.25 version
and the 2.6.x version.
multiprotocol socket API version to follow soon.
+-DLS
diff -ruN linux-2.4.25F2/include/linux/sysctl.h linux-2.4.25F4/include/linux/sysctl.h
--- linux-2.4.25F2/include/linux/sysctl.h 2004-02-20 15:13:01.000000000 -0800
+++ linux-2.4.25F4/include/linux/sysctl.h 2004-03-04 17:02:54.000000000 -0800
@@ -312,6 +312,7 @@
NET_TCP_FRTO=92,
NET_TCP_LOW_LATENCY=93,
NET_IPV4_IPFRAG_SECRET_INTERVAL=94,
+ NET_IPV4_IGMP_MAX_MSF=96,
};
enum {
diff -ruN linux-2.4.25F2/net/ipv4/igmp.c linux-2.4.25F4/net/ipv4/igmp.c
--- linux-2.4.25F2/net/ipv4/igmp.c 2004-02-18 05:36:32.000000000 -0800
+++ linux-2.4.25F4/net/ipv4/igmp.c 2004-03-04 15:47:09.000000000 -0800
@@ -101,7 +101,8 @@
#endif
-#define IP_MAX_MEMBERSHIPS 20
+#define IP_MAX_MEMBERSHIPS 20
+#define IP_MAX_MSF 10
#ifdef CONFIG_IP_MULTICAST
/* Parameter names and values are taken from igmp-v2-06 draft */
@@ -1311,6 +1312,7 @@
* Join a socket to a group
*/
int sysctl_igmp_max_memberships = IP_MAX_MEMBERSHIPS;
+int sysctl_igmp_max_msf = IP_MAX_MSF;
static int ip_mc_del1_src(struct ip_mc_list *pmc, int sfmode,
@@ -1772,6 +1774,10 @@
}
/* else, add a new source to the filter */
+ if (psl && psl->sl_count >= sysctl_igmp_max_msf) {
+ err = -ENOBUFS;
+ goto done;
+ }
if (!psl || psl->sl_count == psl->sl_max) {
struct ip_sf_socklist *newpsl;
int count = IP_SFBLOCK;
diff -ruN linux-2.4.25F2/net/ipv4/ip_sockglue.c linux-2.4.25F4/net/ipv4/ip_sockglue.c
--- linux-2.4.25F2/net/ipv4/ip_sockglue.c 2004-02-23 17:03:10.000000000 -0800
+++ linux-2.4.25F4/net/ipv4/ip_sockglue.c 2004-03-04 19:29:33.000000000 -0800
@@ -609,6 +609,7 @@
case IP_MSFILTER:
{
extern int sysctl_optmem_max;
+ extern int sysctl_igmp_max_msf;
struct ip_msfilter *msf;
if (optlen < IP_MSFILTER_SIZE(0))
@@ -627,9 +628,14 @@
kfree(msf);
break;
}
- if (IP_MSFILTER_SIZE(msf->imsf_numsrc) <
- IP_MSFILTER_SIZE(0) ||
- IP_MSFILTER_SIZE(msf->imsf_numsrc) > optlen) {
+ /* numsrc >= (1G-4) overflow in 32 bits */
+ if (msf->imsf_numsrc >= 0x3ffffffcU ||
+ msf->imsf_numsrc > sysctl_igmp_max_msf) {
+ kfree(msf);
+ err = -ENOBUFS;
+ break;
+ }
+ if (IP_MSFILTER_SIZE(msf->imsf_numsrc) > optlen) {
kfree(msf);
err = -EINVAL;
break;
diff -ruN linux-2.4.25F2/net/ipv4/sysctl_net_ipv4.c linux-2.4.25F4/net/ipv4/sysctl_net_ipv4.c
--- linux-2.4.25F2/net/ipv4/sysctl_net_ipv4.c 2003-06-13 07:51:39.000000000 -0700
+++ linux-2.4.25F4/net/ipv4/sysctl_net_ipv4.c 2004-03-04 14:47:31.000000000 -0800
@@ -38,6 +38,7 @@
/* From igmp.c */
extern int sysctl_igmp_max_memberships;
+extern int sysctl_igmp_max_msf;
/* From inetpeer.c */
extern int inet_peer_threshold;
@@ -182,6 +183,8 @@
{NET_IPV4_IGMP_MAX_MEMBERSHIPS, "igmp_max_memberships",
&sysctl_igmp_max_memberships, sizeof(int), 0644, NULL, &proc_dointvec},
#endif
+ {NET_IPV4_IGMP_MAX_MSF, "igmp_max_msf",
+ &sysctl_igmp_max_msf, sizeof(int), 0644, NULL, &proc_dointvec},
{NET_IPV4_INET_PEER_THRESHOLD, "inet_peer_threshold",
&inet_peer_threshold, sizeof(int), 0644, NULL, &proc_dointvec},
{NET_IPV4_INET_PEER_MINTTL, "inet_peer_minttl",
(See attached file: 2.4.25igmpmsflimit2.patch)
(See attached file: 2.6.4rc2igmpmsflimit2.patch)
2.4.25igmpmsflimit2.patch
Description: Binary data
2.6.4rc2igmpmsflimit2.patch
Description: Binary data
|