On Thu, Jan 12, 2012 at 3:30 AM, Jan Engelhardt <jengelh@xxxxxxxxxx> wrote: > >>I did more researches, and one thread in this list suggested I should >>use iptables < 1.4.8 for kernel < 2.6.35, so I tried iptables 1.4.7, >>but got the same result. Here is command-line output: >> >>$ iptables -t mangle -A PREROUTING -j TEE --gateway 192.9.200.29 -v >>TEE all opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 TEE gw:192.9.200.29 >>iptables: Invalid argument. Run `dmesg' for more information. > > Here is the fix I have come up with. Upload to SF is currently > out of order, so it is not yet in the git repository. > > parent aee5aedc63d0bc2d9a826c5e936b83295de20aa9 (v1.41) > commit a6b06502cace4f921a6b4f56cce81f09446cc34b > Author: Jan Engelhardt <jengelh@xxxxxxxxxx> > Date: Thu Jan 12 09:21:39 2012 +0100 > > compat_xtables: fixed mistranslation of checkentry return values > --- > doc/api/2.6.17.c | 4 ++-- > doc/api/2.6.19.c | 4 ++-- > doc/changelog.txt | 3 +++ > extensions/compat_xtables.c | 8 -------- > 4 files changed, 7 insertions(+), 12 deletions(-) > > diff --git a/doc/api/2.6.17.c b/doc/api/2.6.17.c > index 3b56e47..08a431d 100644 > --- a/doc/api/2.6.17.c > +++ b/doc/api/2.6.17.c > @@ -13,7 +13,7 @@ match: > int *hotdrop, > ); > > - /* error code */ > + /* true/false */ > int > (*checkentry)( > const char *tablename, > @@ -45,7 +45,7 @@ target: > void *userdata, > ); > > - /* error code */ > + /* true/false */ > int > (*checkentry)( > const char *tablename, > diff --git a/doc/api/2.6.19.c b/doc/api/2.6.19.c > index 9bc658f..5fd48da 100644 > --- a/doc/api/2.6.19.c > +++ b/doc/api/2.6.19.c > @@ -13,7 +13,7 @@ match: > int *hotdrop, > ); > > - /* error code */ > + /* true/false */ > int > (*checkentry)( > const char *tablename, > @@ -42,7 +42,7 @@ target: > const void *targinfo, > ); > > - /* error code */ > + /* true/false */ > int > (*checkentry)( > const char *tablename, > diff --git a/doc/changelog.txt b/doc/changelog.txt > index 2ece6be..48d5436 100644 > --- a/doc/changelog.txt > +++ b/doc/changelog.txt > @@ -1,6 +1,9 @@ > > HEAD > ==== > +Fixes: > +- compat_xtables: fixed mistranslation of checkentry return values > + (affected kernels < 2.6.23) > > > v1.41 (2012-01-04) > diff --git a/extensions/compat_xtables.c b/extensions/compat_xtables.c > index c5b67a4..26f6a00 100644 > --- a/extensions/compat_xtables.c > +++ b/extensions/compat_xtables.c > @@ -110,11 +110,7 @@ static bool xtnu_match_check(const char *table, const void *entry, > return false; > if (nm->checkentry == NULL) > return true; > -#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 23) > - return nm->checkentry(&local_par); > -#else > return nm->checkentry(&local_par) == 0; > -#endif > } > #endif > #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 28) && \ > @@ -322,11 +318,7 @@ static bool xtnu_target_check(const char *table, const void *entry, > if (nt->checkentry == NULL) > /* this is valid, just like if there was no function */ > return true; > -#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 23) > - return nt->checkentry(&local_par); > -#else > return nt->checkentry(&local_par) == 0; > -#endif > } > #endif > > -- > # Created with git-export-patch The fix is working! Thank you, Jan! -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
