Florian Westphal wrote: > with 32 bit userland and 64 bit kernels, it is unlikely but possible > that insertion of new rules fails even tough there are only about 2000 > iptables rules. > > This happens because the compat delta is using a short int. > Easily reproducible via "iptables -m limit" ; after about 2050 > rules inserting new ones fails with -ELOOP. > > Note that compat_delta included 2 bytes of padding on x86_64, so > structure size remains the same. Also applied, thanks Florian. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
