diff options
| author | Juliana Rodrigueiro <juliana.rodrigueiro@intra2net.com> | 2019-08-20 13:30:39 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-08-20 13:38:43 +0200 |
| commit | 64e88114437072b29bed8aae9eb04ed5e773708f (patch) | |
| tree | c40ab5277e720d3e2c840bf1f819b3a95d3591ee /extensions | |
| parent | a982226bcf2e19b9ab35c2b8403a01fb73c15e37 (diff) | |
extensions: nfacct: Fix alignment mismatch in xt_nfacct_match_info
When running a 64-bit kernel with a 32-bit iptables binary, the
size of the xt_nfacct_match_info struct diverges.
kernel: sizeof(struct xt_nfacct_match_info) : 40
iptables: sizeof(struct xt_nfacct_match_info)) : 36
This patch is the userspace fix of the memory misalignment.
It introduces a v1 ABI with the correct alignment and stays
compatible with unfixed revision 0 kernels.
Signed-off-by: Juliana Rodrigueiro <juliana.rodrigueiro@intra2net.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions')
| -rw-r--r-- | extensions/libxt_nfacct.c | 40 |
1 files changed, 28 insertions, 12 deletions
diff --git a/extensions/libxt_nfacct.c b/extensions/libxt_nfacct.c index 2ad59d52..d9c0309a 100644 --- a/extensions/libxt_nfacct.c +++ b/extensions/libxt_nfacct.c @@ -70,20 +70,36 @@ static void nfacct_save(const void *ip, const struct xt_entry_match *match) nfacct_print_name(info, "--"); } -static struct xtables_match nfacct_match = { - .family = NFPROTO_UNSPEC, - .name = "nfacct", - .version = XTABLES_VERSION, - .size = XT_ALIGN(sizeof(struct xt_nfacct_match_info)), - .userspacesize = offsetof(struct xt_nfacct_match_info, nfacct), - .help = nfacct_help, - .x6_parse = nfacct_parse, - .print = nfacct_print, - .save = nfacct_save, - .x6_options = nfacct_opts, +static struct xtables_match nfacct_matches[] = { + { + .family = NFPROTO_UNSPEC, + .revision = 0, + .name = "nfacct", + .version = XTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_nfacct_match_info)), + .userspacesize = offsetof(struct xt_nfacct_match_info, nfacct), + .help = nfacct_help, + .x6_parse = nfacct_parse, + .print = nfacct_print, + .save = nfacct_save, + .x6_options = nfacct_opts, + }, + { + .family = NFPROTO_UNSPEC, + .revision = 1, + .name = "nfacct", + .version = XTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_nfacct_match_info_v1)), + .userspacesize = offsetof(struct xt_nfacct_match_info_v1, nfacct), + .help = nfacct_help, + .x6_parse = nfacct_parse, + .print = nfacct_print, + .save = nfacct_save, + .x6_options = nfacct_opts, + }, }; void _init(void) { - xtables_register_match(&nfacct_match); + xtables_register_matches(nfacct_matches, ARRAY_SIZE(nfacct_matches)); } |