Eric Dumazet <eric.dumazet@xxxxxxxxx> wrote: > [PATCH] netfilter: fix ebtables > > commit 255d0dc34068a976 (netfilter: x_table: speedup compat operations) > made ebtables not working anymore. > > 1) xt_compat_calc_jump() is not an exact match lookup, and > 2) compat_table_info() has a typo in xt_compat_init_offsets() call > 3) compat_do_replace() misses a xt_compat_init_offsets() call Looks good, but > diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c > index 893669c..c66aa80 100644 > --- a/net/bridge/netfilter/ebtables.c > +++ b/net/bridge/netfilter/ebtables.c > @@ -1766,7 +1766,7 @@ static int compat_table_info(const struct ebt_table_info *info, > > newinfo->entries_size = size; > > - xt_compat_init_offsets(AF_INET, info->nentries); > + xt_compat_init_offsets(NFPROTO_BRIDGE, info->nentries /* + 4*/); using ninfo->nentries does not always work because ebtables compat can call xt_compat_add_offset() more than once per entry. That is of course not necessary; the ebt compat code should do better. I plan to look at this in the evening. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
