Just a quick update, We are actually using kernel sanitized headers
for compilation, and we still see the same issue
Here is where it is failing exactly, in check_chainloops() function in
ebtables.c in the kernel
if (e->target_offset + sizeof(struct ebt_standard_target) >
e->next_offset) {
BUGPRINT("Standard target size too big\n");
return -1;
}
Thanks
Sharat
On Thu, May 1, 2014 at 10:09 AM, Sharat Masetty <sharat04@xxxxxxxxx> wrote:
> We are using a 3.10.0 kernel version which has CONFIG_COMPAT enabled.
> The ebtables version is 2.0.10-4. This is arm 63/32 not x86.
> I also have another question. Do we need to compile the userspace tool
> using the sanitized kernel headers?(uapi/linux) or should we be using
> headers provided in the ebtables user space package? The reason for
> asking this question is that I see some differences in the structure
> definitions between the ebtables packaged kernel header files and the
> header files exposed by the kernel.
>
> Please let me know what to watch out for
>
> Thanks
> Sharat
>
> On Thu, May 1, 2014 at 4:02 AM, Florian Westphal <fw@xxxxxxxxx> wrote:
>> Sharat Masetty <sharat04@xxxxxxxxx> wrote:
>>> I am seeing a problem when running ebtables in 32bit userspace and 64
>>> bit kernel space mode.
>>>
>>> The command I am trying to run is
>>> ebtables -t broute -A BROUTING -p IPv4 -j DROP
>>>
>>> Here is the log message I am seeing in userspace
>>>
>> [..]
>>
>>> I noticed that setsockopt() is failing . The message is also printed
>>> in kernel – Standard target size too big . This occurs because there
>>> is a mismatch in the size of the structures ebt_standard_target which
>>> is 48 bytes in kernel and 40 bytes in userspace.
>>>
>>> Can someone help us fix this issue?
>>
>> Please provide more information.
>>
>> Works fine for me on x86_64 with 32 bit binary:
>> # ~/bin32/ebtables -t broute -A BROUTING -p IPv4 -j DROP
>> # echo $?
>> 0
>> ebtables -L shows
>> Bridge chain: BROUTING, entries: 1, policy: ACCEPT
>> -p IPv4 -j DROP
>>
>> as expected. Linux 3.13.11 x86_64.
>>
>> Are you using an old kernel without ebt compat support?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
