Florian Westphal wrote: > ebtables can be compiled to perform userspace-side padding of > structures. In that case, all the structures are already in the > 'native' format expected by the kernel. > > This tries to determine what format the userspace program is > using. > > For most set/getsockopts, this can be done by re-trying the > native handler once the compat_ version returns an error. > > In case of EBT_SO_GET_ENTRIES, the native handler is tried first, > it should error out very early when checking the *len argument > (the compat version has to defer this check until after > iterating over the kernel data set once, to adjust for all > the structure size differences). Can't we place an explicit check somewhere instead of "probing" for compatibility? Checking the size of struct ebt_replace for compat tasks should be suitable. Alternatively we could declare the userspace attempts to fix up the ruleset broken and ignore this case. This is what we did for iptables. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
