Jan Engelhardt wrote:
On Thursday 2008-04-10 22:11, Bart De Schuymer wrote:
Op wo, 09-04-2008 te 15:08 +0200, schreef Patrick McHardy:
Jan Engelhardt wrote:
Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx>
I like these patches (modulo the small NFPROTO_ARP nitpicks),
I'd like to get an ACK from Bart before applying them though.
I assume this doesn't affect userspace compatibility?
I'm wondering why the checks for the size of the match info is removed
in every module,
If it isn't wrong, I presume there is an obvious way for someone to find
out this is required?
Because this is now done inside x_tables.c in the xt_check_match()
function by means of checking the .matchsize/.targetsize parameters
in struct xt_match/xt_target. Except for ebt_among which seems
to go against all other 85 modules do... and uses a
dynamic size for its data.
I didn't check the xtables specific stuff too much but I presume Jan
tested this with a released ebtables version...
Not quite. ebt_among's dynamic size is unbelivably creepy.
I might just even state the corollary that it causes the kernel
to oops if the condition is right, and there is no chance to fix
it without completely rewriting the private structure it uses.
That being said, the patch currently causes a warning to be
issued whenever an among rule is inserted, which I probably
should address.
Yes, that shouldn't happen.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
