On Sunday 2011-11-06 15:23, Ruben Kerkhof wrote: >Hi all, > >I've been trying to use the ebtables limits module as follows: > >ebtables -A INPUT -p IPv4 --ip-proto udp --ip-dport 80 --limit 10/second -j DROP >This triggers the following kernel message: eb_tables: limit.0 match: >invalid size 40 (kernel) != (user) 32 >and ebtables responds with: > >This only happens when the ebt_limit.ko is not loaded, and the >iptables xt_limit module is loaded >If I either modprobe the ebt_limit module, or unload the xt_limit, >inserting the rule succeeds. ebtables searching for limit r0 NFPROTO_BRIDGE match is satifiable by xt_limit.c's r0 NFPROTO_UNSPEC (and by ebt_limit.c's r0 NFPROTO_BRIDGE). The nearest solution here is to move ebt_limit's NFPROTO_BRIDGE specialization into xt_limit.c. This is a good reason why the names should carry a unified prefix (as I had already proposed in http://www.spinics.net/lists/netfilter-devel/msg16637.html ) -- having two xt_limits would have immediately made it obvious there is a clash. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
