On Thursday 2008-10-16 07:28, Jesper Bengtsson wrote: > >The ipt_error_target structure is defined in both user space (iptables) >and kernel space. The problem is that the member 'errorname' has >different length in the two definitions. Iptables: char >error[TABLE_MAXNAMELEN]; which is 32 bytes. Kernel: char >errorname[IPT_FUNCTION_MAXNAMELEN]; which is 30 bytes. Oh :/ I had assumed that userspace uses IPT_FUNCTION_MAXNAMELEN too, but *aligned it* to a boundary of at least 2, since there was a recent report that ARM also had strange alignments in a way such that alignment in userspace was different than alignment in the kernel: http://marc.info/?l=netfilter-devel&m=122309437709848&w=2 But! 12:11 nuqneh:~/Coding/iptables > grep -r '\b'TABLE_MAXNAME . ./libiptc/libip4tc.c:#define TABLE_MAXNAMELEN IPT_TABLE_MAXNAMELEN ./libiptc/libip6tc.c:#define TABLE_MAXNAMELEN IP6T_TABLE_MAXNAMELEN So TABLE_MAXNAMELEN seems to be the same as IPT_TABLE_MAXNAMELEN, so TABLE_MAXNAMELEN too is 30, is not it? >> Resolve the indirect macro - use XT_TABLE_MAXNAMELEN. > >Why not use the macro? I meant: use XT_TABLE_MAXNAMELEN over IPT_TABLE_MAXNAMELEN, since the latter is just a redirect. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
