RE: [PATCH] Fix ERROR target on CRIS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> >This patch corrects a problem with adding ERROR targets on
> architectures that don't align data structues, e.g. CRIS.
> >
> >Signed-off-by: Jesper Bengtsson <jesper.bengtsson@xxxxxxxx>
> >---
> >Index: linux-2.6/include/linux/netfilter_ipv4/ip_tables.h
> >===================================================================
> >RCS file:
> /usr/local/cvs/linux/os/linux-2.6/include/linux/netfilter_ipv4
> /ip_tables.h,v
> >retrieving revision 1.19
> >diff -b -u -p -r1.19 ip_tables.h
> >--- linux-2.6/include/linux/netfilter_ipv4/ip_tables.h 21
> Aug 2008 08:40:42 -0000 1.19
> >+++ linux-2.6/include/linux/netfilter_ipv4/ip_tables.h 15
> Oct 2008 12:55:31 -0000
> >@@ -259,7 +259,7 @@ struct ipt_standard
> > struct ipt_error_target
> > {
> >  struct ipt_entry_target target;
> >- char errorname[IPT_FUNCTION_MAXNAMELEN];
> >+ char errorname[IPT_TABLE_MAXNAMELEN];

First, my patch description was a bit incomplete. Sorry.
Here's a better description (I hope...).

The ipt_error_target structure is defined in both user space (iptables) and kernel space.
The problem is that the member 'errorname' has different length in the two definitions.
Iptables: char error[TABLE_MAXNAMELEN]; which is 32 bytes.
Kernel: char errorname[IPT_FUNCTION_MAXNAMELEN]; which is 30 bytes.

When trying to add an ERROR target, using iptables, the kernel will discard the request since the length doesn't match the kernel's error target. This problem doesn't show on an architecture that aligns data since the iptabels and kernel structures will have the same size.

I choose to change the kernel definition based on Patrick McHardy's suggestion:
http://marc.info/?l=netfilter-devel&m=122398633329014&w=2


> Resolve the indirect macro - use XT_TABLE_MAXNAMELEN.
Why not use the macro? The other structures defined in this file is using the macro. Shall those definitions also be changed?

> Fix up IPv6 too?
The corresponding ip6t_error_target structure definition is identical in iptables and kernel as far as I can tell.

> This looks not quite right to me though it is of course one way
> to achieve to goal.. How about this?:
>
>         char errorname[XT_ALIGN(XT_FUNCTION_MAXNAMELEN)]
The XT_ALIGN macro won't do any difference on the CRIS architecture since it's using 1 byte alignment.

Best regards,
Jesper
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux