Jan Engelhardt wrote:
On Monday 2009-06-22 08:31, Philip Craig wrote:
The problem is that state_mask in 'struct xt_conntrack_mtinfo1' is
only 8 bit, but XT_CONNTRACK_STATE_UNTRACKED == 256.
Unfortunately, gcc doesn't warn about this for '|=', only for '='.
I smell a gcc-missing-feature there.
Looks like we need a conntrack match v2 to fix this?
Sigh.
Here is the kernel patch, please apply. Userspace as a reply.
-----8<-----
parent deb9f8e170eff8fd0476536bac3bf9bdc222d4ed (v2.6.30-5372-gdeb9f8e)
commit 366d5a252fd0de33d7b3ef669551a8771748c9e3
Author: Jan Engelhardt <jengelh@xxxxxxxxxx>
Date: Thu Jun 25 18:35:39 2009 +0200
netfilter: xtables: conntrack revision 2
As reported by Philip, the UNTRACKED state bit does not fit within
the 8-bit state_mask member. Enlarge state_mask and give status_mask
a few more bits too.
Applied.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
