On Wed, Jan 25, 2006 at 09:59:01PM +0100, Jiri Slaby wrote: > [email protected] wrote: > >From: Andrew Morton <[email protected]> > >Date: Tue, Jan 24, 2006 at 11:24:06PM -0800 > >> > >> http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.16-rc1/2.6.16-rc1-mm3/ > >> > >Is netfilter supposed to work again? I get weird error messages from > >FireHOL that I didn't get with 2.6.16-rc1-mm2 with this patch added: > Be patient, processing... > See http://lkml.org/lkml/2006/1/20/198. well, I think the bottleneck is that DaveM and Linus are at linux.conf.au at this time. I have submitted a patch that according to my tests works at least on i386, x86_64 and ppc32. Just give them a bit more time. Original patch attached again -- - Harald Welte <[email protected]> http://netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie
[NETFILTER] x_tables: Fix XT_ALIGN() macro on [at least] ppc32
To keep backwards compatibility with old iptables userspace programs,
the new XT_ALIGN macro always has to return the same value as IPT_ALIGN,
IP6T_ALIGN or ARPT_ALIGN in previous kernels.
However, in those kernels the macro was defined in dependency to the
respective layer3 specifi data structures, which we can no longer do with
x_tables.
The fix is an ugly kludge, but it has been tested to solve the problem. Yet
another reason to move away from the current {ip,ip6,arp,eb}tables like
data structures.
Signed-off-by: Harald Welte <[email protected]>
---
commit 470faeb379560fe877b685ca69be6a7e4f0e91ed
tree 5732ecd9bcab28469805752514e5c57ba26189a1
parent 44718bbfa186d58477163418d37df173aa2dd079
author Harald Welte <[email protected]> Fri, 20 Jan 2006 01:44:24 +0100
committer Harald Welte <[email protected]> Fri, 20 Jan 2006 01:44:24 +0100
include/linux/netfilter/x_tables.h | 15 ++++++++++++++-
1 files changed, 14 insertions(+), 1 deletions(-)
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 472f048..65f9cd8 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -19,7 +19,20 @@ struct xt_get_revision
/* For standard target */
#define XT_RETURN (-NF_REPEAT - 1)
-#define XT_ALIGN(s) (((s) + (__alignof__(void *)-1)) & ~(__alignof__(void *)-1))
+/* this is a dummy structure to find out the alignment requirement for a struct
+ * containing all the fundamental data types that are used in ipt_entry, ip6t_entry
+ * and arpt_entry. This sucks, and it is a hack. It will be my personal pleasure
+ * to remove it -HW */
+struct _xt_align
+{
+ u_int8_t u8;
+ u_int16_t u16;
+ u_int32_t u32;
+ u_int64_t u64;
+};
+
+#define XT_ALIGN(s) (((s) + (__alignof__(struct _xt_align)-1)) \
+ & ~(__alignof__(struct _xt_align)-1))
/* Standard return verdict, or do jump. */
#define XT_STANDARD_TARGET ""
Attachment:
pgpjEECMuerUA.pgp
Description: PGP signature
- References:
- 2.6.16-rc1-mm3
- From: Andrew Morton <[email protected]>
- Re: 2.6.16-rc1-mm3 / netfilter / firehol problems?
- From: "Jiri Slaby" <[email protected]>
- 2.6.16-rc1-mm3
- Prev by Date: Re: sched_yield() makes OpenLDAP slow
- Next by Date: mptable irq info wrong on Tyan S5112, need advice
- Previous by thread: Re: 2.6.16-rc1-mm3 / netfilter / firehol problems?
- Next by thread: [BUG] Invalid sleeping function call in 2.6.16-rc1-mm3
- Index(es):
 |