On Mon, Jan 21, 2019 at 12:54 PM Florian Westphal <fw@xxxxxxxxx> wrote:
>
> Unlike ip(6)tables ebtables only counts user-defined chains.
>
> The effect is that a 32bit ebtables binary on a 64bit kernel can do
> 'ebtables -N FOO' only after adding at least one rule, else the request
> fails with -EINVAL.
>
> This is a similar fix as done in
> 3f1e53abff84 ("netfilter: ebtables: don't attempt to allocate 0-sized compat array").
>
> Fixes: 7d7d7e02111e9 ("netfilter: compat: reject huge allocation requests")
> Reported-by: Francesco Ruggeri <fruggeri@xxxxxxxxxx>
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> ---
Thanks Florian, this patch does fix the problems I was seeing in my setup.
Francesco Ruggeri
