From a40cd9b784590ee09f1be4897f28bb0b2ce1096d Mon Sep 17 00:00:00 2001
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date: Thu, 6 Nov 2014 19:15:26 +0100
Subject: Alignment problem between 64bit kernel 32bit userspace

Sven-Haegar Koch reported the issue:

sims:~# iptables -A OUTPUT -m set --match-set testset src -j ACCEPT
iptables: Invalid argument. Run `dmesg' for more information.

In syslog:
x_tables: ip_tables: set.3 match: invalid size 48 (kernel) != (user) 32

which was introduced by the counter extension in ipset.

The patch fixes the alignment issue with introducing a new set match
revision with the fixed underlying 'struct ip_set_counter_match'
structure.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
---
 include/linux/netfilter/xt_set.h | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'include/linux/netfilter/xt_set.h')

diff --git a/include/linux/netfilter/xt_set.h b/include/linux/netfilter/xt_set.h
index d6a1df1f..4210c9bf 100644
--- a/include/linux/netfilter/xt_set.h
+++ b/include/linux/netfilter/xt_set.h
@@ -65,6 +65,15 @@ struct xt_set_info_target_v2 {
 /* Revision 3 match */
 
 struct xt_set_info_match_v3 {
+	struct xt_set_info match_set;
+	struct ip_set_counter_match0 packets;
+	struct ip_set_counter_match0 bytes;
+	__u32 flags;
+};
+
+/* Revision 4 match */
+
+struct xt_set_info_match_v4 {
 	struct xt_set_info match_set;
 	struct ip_set_counter_match packets;
 	struct ip_set_counter_match bytes;
-- 
cgit v1.2.3