On Thursday 2008-04-10 22:11, Bart De Schuymer wrote: >Op wo, 09-04-2008 te 15:08 +0200, schreef Patrick McHardy: >> Jan Engelhardt wrote: >> > Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx> >> >> >> I like these patches (modulo the small NFPROTO_ARP nitpicks), >> I'd like to get an ACK from Bart before applying them though. >> >> I assume this doesn't affect userspace compatibility? > >I'm wondering why the checks for the size of the match info is removed >in every module, >If it isn't wrong, I presume there is an obvious way for someone to find >out this is required? Because this is now done inside x_tables.c in the xt_check_match() function by means of checking the .matchsize/.targetsize parameters in struct xt_match/xt_target. Except for ebt_among which seems to go against all other 85 modules do... and uses a dynamic size for its data. >I didn't check the xtables specific stuff too much but I presume Jan >tested this with a released ebtables version... Not quite. ebt_among's dynamic size is unbelivably creepy. I might just even state the corollary that it causes the kernel to oops if the condition is right, and there is no chance to fix it without completely rewriting the private structure it uses. That being said, the patch currently causes a warning to be issued whenever an among rule is inserted, which I probably should address. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
