[IPV4]: Add sysctl for per-socket limit on number of mcast src filters.

dc2a3808 · David Stevens · David S. Miller · 416ecb64 · dc2a3808 · dc2a3808
Commit dc2a3808 authored Mar 04, 2004 by David Stevens Committed by David S. Miller Mar 04, 2004
Showing with 26 additions and 4 deletions

include/linux/sysctl.h include/linux/sysctl.h +1 -0

net/ipv4/igmp.c net/ipv4/igmp.c +7 -1

net/ipv4/ip_sockglue.c net/ipv4/ip_sockglue.c +9 -3

net/ipv4/sysctl_net_ipv4.c net/ipv4/sysctl_net_ipv4.c +9 -0

No files found.
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -321,6 +321,7 @@ enum
 	NET_TCP_LOW_LATENCY=93,
 	NET_IPV4_IPFRAG_SECRET_INTERVAL=94,
 	NET_TCP_WESTWOOD=95,
+	NET_IPV4_IGMP_MAX_MSF=96,
 };

 enum {

--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -106,6 +106,7 @@
 #endif

 #define IP_MAX_MEMBERSHIPS	20
+#define IP_MAX_MSF		10

 #ifdef CONFIG_IP_MULTICAST
 /* Parameter names and values are taken from igmp-v2-06 draft */
@@ -1325,6 +1326,7 @@ static struct in_device * ip_mc_find_dev(struct ip_mreqn *imr)
 *	Join a socket to a group
 */
 int sysctl_igmp_max_memberships = IP_MAX_MEMBERSHIPS;
+int sysctl_igmp_max_msf = IP_MAX_MSF;


 static int ip_mc_del1_src(struct ip_mc_list *pmc, int sfmode,
@@ -1790,6 +1792,10 @@ int ip_mc_source(int add, int omode, struct sock *sk, struct
 	}
 	/* else, add a new source to the filter */

+	if (psl && psl->sl_count >= sysctl_igmp_max_msf) {
+		err = -ENOBUFS;
+		goto done;
+	}
 	if (!psl || psl->sl_count == psl->sl_max) {
 		struct ip_sf_socklist *newpsl;
 		int count = IP_SFBLOCK;

--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -618,6 +618,7 @@ int ip_setsockopt(struct sock *sk, int level, int optname, char *optval, int opt
 		case IP_MSFILTER:
 		{
 			extern int sysctl_optmem_max;
+			extern int sysctl_igmp_max_msf;
 			struct ip_msfilter *msf;

 			if (optlen < IP_MSFILTER_SIZE(0))
@@ -636,9 +637,14 @@ int ip_setsockopt(struct sock *sk, int level, int optname, char *optval, int opt
 				kfree(msf);
 				break;
 			}
-			if (IP_MSFILTER_SIZE(msf->imsf_numsrc) < 
-			    IP_MSFILTER_SIZE(0) ||
-			    IP_MSFILTER_SIZE(msf->imsf_numsrc) > optlen) {
+			/* numsrc >= (1G-4) overflow in 32 bits */
+			if (msf->imsf_numsrc >= 0x3ffffffcU ||
+			    msf->imsf_numsrc > sysctl_igmp_max_msf) {
+				kfree(msf);
+				err = -ENOBUFS;
+				break;
+			}
+			if (IP_MSFILTER_SIZE(msf->imsf_numsrc) > optlen) {
 				kfree(msf);
 				err = -EINVAL;
 				break;

--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -39,6 +39,7 @@ extern int sysctl_icmp_ratemask;

 /* From igmp.c */
 extern int sysctl_igmp_max_memberships;
+extern int sysctl_igmp_max_msf;

 /* From inetpeer.c */
 extern int inet_peer_threshold;
@@ -411,6 +412,14 @@ ctl_table ipv4_table[] = {
 	},

 #endif
+	{
+		.ctl_name	= NET_IPV4_IGMP_MAX_MSF,
+		.procname	= "igmp_max_msf",
+		.data		= &sysctl_igmp_max_msf,
+		.maxlen		= sizeof(int),
+		.mode		= 0644,
+		.proc_handler	= &proc_dointvec
+	},
 	{
 		.ctl_name	= NET_IPV4_INET_PEER_THRESHOLD,
 		.procname	= "inet_peer_threshold",