Hello,
I just found out that 32bit (x86) ip6tables does not work with a 64bit
kernel. I'm currenly using 2.6.24-rc4-g94545bad, but the structures
involved haven't been touched recently.
Before you read on: I see that IPv6 code is missing compat* stuff, so is
this configuration supported?
A simple "ip6tables -L" fails with:
ip6tables v1.3.8: can't initialize ip6tables table `filter': Bad file
descriptor
kernel says:
get_entries: 892 != 896 (this is do_ip6t_get_ctl)
The problem is that GCC changes the layout of a couple of structures
when compiling 64bit code.
Compiler version - in case it started doing this recently - is:
gcc (GCC) 4.2.2 (Debian 4.2.2-1)
This is what userspace (32bit) is using:
sizeof(struct ip6t_entry) = 164
ipv6 0
nfcache 136
target_offset 140
next_offset 142
comefrom 144
counters 148
elems 164
sizeof(struct ip6t_get_entries) = 36
name 0
size 32
entrytable 36
sizeof(struct xt_counters) = 16
And this is what the kernel (64bit) expects:
sizeof(struct ip6t_entry) = 168
ipv6 0
nfcache 136
target_offset 140
next_offset 142
comefrom 144
counters 152 <--- ouch
elems 168
sizeof(struct ip6t_get_entries) = 40
name 0
size 32
entrytable 40
sizeof(struct xt_counters) = 16
It seems that the compiler - in 64 bit mode - goes for 8 bytes alignment
for "counters" (which contains a couple of int64); I guess that
ip6t_get_entries is changed to keep the very same field (in entrytable)
aligned.
Luca
--
The trouble with computers is that they do what you tell them,
not what you want.
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
