Hi Michael, On Fri, May 24, 2024 at 03:24:51PM +0200, Michael Estner wrote: > I checked bitmask in the ebt_entry struct in iptables/xshared.h > Should be compared here since bitmask needs to be the first > field in the struct ebt_entry. The reason why 'bitmask' has to be the first field is that in kernel space, the first bit in it is used to distinguish list element types between 'struct ebt_entries' and 'struct ebt_entry'. See EBT_ENTRY_OR_ENTRIES define and the related comment in include/uapi/linux/netfilter_bridge/ebtables.h for reference. While it seems sensible to do, I wonder why things seem to work fine even without it. Do we find a corner-case which makes it necessary to compare 'bitmask'? Or the other way round, is there a case which breaks if we do? Cheers, Phil
