On 1/4/2010 5:59, Patrick McHardy wrote:

[sorry for the late response, just got back from a good holiday, which means no work email access ;-) ]

Simon Horman wrote:

quoted

I agree with Julian's assessment that your patch shouldn't be
necessary, but on the other hand I think that the checks are
reasonable. Your original patch made checks of the form of
"cmd>  IP_VS_SO_GET_MAX + 1". I have updated this to
"cmd>  IP_VS_SO_GET_MAX", as suggested by Julian, as the optmax
elements of struct nf_sockopt_ops set a non-inclusive range.

http://lkml.indiana.edu/hypermail/linux/kernel/0910.0/00852.html

Index: net-next-2.6/net/netfilter/ipvs/ip_vs_ctl.c

As a bugfix, this seems more appropriate for net-2.6.git. Please let
me know which tree you want me to apply this to.

this really ought to go into 2.6.33.....