Re: 2.6.16-rc1-mm3 / netfilter / firehol problems?

On Wed, Jan 25, 2006 at 09:59:01PM +0100, Jiri Slaby wrote:
> [email protected] wrote:
> >From: Andrew Morton <[email protected]>
> >Date: Tue, Jan 24, 2006 at 11:24:06PM -0800
> >> 
> >> http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.16-rc1/2.6.16-rc1-mm3/
> >> 
> >Is netfilter supposed to work again? I get weird error messages from
> >FireHOL that I didn't get with 2.6.16-rc1-mm2 with this patch added:
> Be patient, processing...
> See http://lkml.org/lkml/2006/1/20/198.

well, I think the bottleneck is that DaveM and Linus are at
linux.conf.au at this time. I have submitted a patch that according to
my tests works at least on i386, x86_64 and ppc32.

Just give them a bit more time.  Original patch attached again

-- 
- Harald Welte <[email protected]>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[NETFILTER] x_tables: Fix XT_ALIGN() macro on [at least] ppc32

To keep backwards compatibility with old iptables userspace programs,
the new XT_ALIGN macro always has to return the same value as IPT_ALIGN,
IP6T_ALIGN or ARPT_ALIGN in previous kernels.

However, in those kernels the macro was defined in dependency to the
respective layer3 specifi data structures, which we can no longer do with
x_tables.

The fix is an ugly kludge, but it has been tested to solve the problem. Yet
another reason to move away from the current {ip,ip6,arp,eb}tables like
data structures.

Signed-off-by: Harald Welte <[email protected]>

---
commit 470faeb379560fe877b685ca69be6a7e4f0e91ed
tree 5732ecd9bcab28469805752514e5c57ba26189a1
parent 44718bbfa186d58477163418d37df173aa2dd079
author Harald Welte <[email protected]> Fri, 20 Jan 2006 01:44:24 +0100
committer Harald Welte <[email protected]> Fri, 20 Jan 2006 01:44:24 +0100

 include/linux/netfilter/x_tables.h |   15 ++++++++++++++-
 1 files changed, 14 insertions(+), 1 deletions(-)

diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 472f048..65f9cd8 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -19,7 +19,20 @@ struct xt_get_revision
 /* For standard target */
 #define XT_RETURN (-NF_REPEAT - 1)
 
-#define XT_ALIGN(s) (((s) + (__alignof__(void *)-1)) & ~(__alignof__(void *)-1))
+/* this is a dummy structure to find out the alignment requirement for a struct
+ * containing all the fundamental data types that are used in ipt_entry, ip6t_entry
+ * and arpt_entry.  This sucks, and it is a hack.  It will be my personal pleasure
+ * to remove it -HW */
+struct _xt_align
+{
+	u_int8_t u8;
+	u_int16_t u16;
+	u_int32_t u32;
+	u_int64_t u64;
+};
+
+#define XT_ALIGN(s) (((s) + (__alignof__(struct _xt_align)-1)) 	\
+			& ~(__alignof__(struct _xt_align)-1))
 
 /* Standard return verdict, or do jump. */
 #define XT_STANDARD_TARGET ""

Attachment: pgpjEECMuerUA.pgp
Description: PGP signature

References:
- 2.6.16-rc1-mm3
  - From: Andrew Morton <[email protected]>
- Re: 2.6.16-rc1-mm3 / netfilter / firehol problems?
  - From: "Jiri Slaby" <[email protected]>

Prev by Date: Re: sched_yield() makes OpenLDAP slow
Next by Date: mptable irq info wrong on Tyan S5112, need advice
Previous by thread: Re: 2.6.16-rc1-mm3 / netfilter / firehol problems?
Next by thread: [BUG] Invalid sleeping function call in 2.6.16-rc1-mm3
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]