When running a 64-bit kernel with a 32-bit iptables binary, the size of
the xt_nfacct_match_info struct diverges.
kernel: sizeof(struct xt_nfacct_match_info) : 40
iptables: sizeof(struct xt_nfacct_match_info)) : 36
Trying to append nfacct related rules results in an unhelpful message.
Although it is suggested to look for more information in dmesg, nothing
can be found there.
# iptables -A <chain> -m nfacct --nfacct-name <acct-object>
iptables: Invalid argument. Run `dmesg' for more information.
This patch fixes the memory misalignment by enforcing 8-byte alignment
within the struct. This solution is often used in many other uapi
netfilter headers.
Signed-off-by: Juliana Rodrigueiro <juliana.rodrigueiro@xxxxxxxxxxxxx>
---
include/uapi/linux/netfilter/xt_nfacct.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/linux/netfilter/xt_nfacct.h b/include/uapi/linux/netfilter/xt_nfacct.h
index 5c8a4d760ee3..576948f9bb6f 100644
--- a/include/uapi/linux/netfilter/xt_nfacct.h
+++ b/include/uapi/linux/netfilter/xt_nfacct.h
@@ -8,7 +8,7 @@ struct nf_acct;
struct xt_nfacct_match_info {
char name[NFACCT_NAME_MAX];
- struct nf_acct *nfacct;
+ struct nf_acct *nfacct __attribute__((aligned(8)));
};
#endif /* _XT_NFACCT_MATCH_H */
--
2.20.1
