Alignment problem between 64bit kernel 32bit userspace

Sven-Haegar Koch reported the issue: sims:~# iptables -A OUTPUT -m set --match-set testset src -j ACCEPT iptables: Invalid argument. Run `dmesg' for more information. In syslog: x_tables: ip_tables: set.3 match: invalid size 48 (kernel) != (user) 32 which was introduced by the counter extension in ipset. The patch fixes the alignment issue with introducing a new set match revision with the fixed underlying 'struct ip_set_counter_match' structure. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
author: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2014-11-06 19:15:26 +0100
committer: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2014-11-06 19:15:26 +0100
commit: a40cd9b784590ee09f1be4897f28bb0b2ce1096d (patch)
tree: 57cad29658356b7ea75daab99a2d2e6efccece1a /include/linux/netfilter/xt_set.h
parent: da6c162ce5fb42fa5439ae0b95c321fb476b9cb7 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/include/linux/netfilter/xt_set.h b/include/linux/netfilter/xt_set.h
index d6a1df1f..4210c9bf 100644
--- a/include/linux/netfilter/xt_set.h
+++ b/include/linux/netfilter/xt_set.h
@@ -66,6 +66,15 @@ struct xt_set_info_target_v2 {
 
 struct xt_set_info_match_v3 {
 	struct xt_set_info match_set;
+	struct ip_set_counter_match0 packets;
+	struct ip_set_counter_match0 bytes;
+	__u32 flags;
+};
+
+/* Revision 4 match */
+
+struct xt_set_info_match_v4 {
+	struct xt_set_info match_set;
 	struct ip_set_counter_match packets;
 	struct ip_set_counter_match bytes;
 	__u32 flags;
author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2014-11-06 19:15:26 +0100
committer	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2014-11-06 19:15:26 +0100
commit	a40cd9b784590ee09f1be4897f28bb0b2ce1096d (patch)
tree	57cad29658356b7ea75daab99a2d2e6efccece1a /include/linux/netfilter/xt_set.h
parent	da6c162ce5fb42fa5439ae0b95c321fb476b9cb7 (diff)