Re: 2.6.16-rc1-mm3 / netfilter / firehol problems?

From: Harald Welte
Date: Thu Jan 26 2006 - 03:28:01 EST

Next message: Rod Morison: "mptable irq info wrong on Tyan S5112, need advice"
Previous message: Helge Hafting: "Re: sched_yield() makes OpenLDAP slow"
In reply to: Jiri Slaby: "Re: 2.6.16-rc1-mm3 / netfilter / firehol problems?"
Next in thread: Peter Williams: "[BUG] Invalid sleeping function call in 2.6.16-rc1-mm3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 25, 2006 at 09:59:01PM +0100, Jiri Slaby wrote:
> thunder7@xxxxxxxxx wrote:
> >From: Andrew Morton <akpm@xxxxxxxx>
> >Date: Tue, Jan 24, 2006 at 11:24:06PM -0800
> >>
> >> http://www.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.16-rc1/2.6.16-rc1-mm3/
> >>
> >Is netfilter supposed to work again? I get weird error messages from
> >FireHOL that I didn't get with 2.6.16-rc1-mm2 with this patch added:
> Be patient, processing...
> See http://lkml.org/lkml/2006/1/20/198.

well, I think the bottleneck is that DaveM and Linus are at
linux.conf.au at this time. I have submitted a patch that according to
my tests works at least on i386, x86_64 and ppc32.

Just give them a bit more time. Original patch attached again

--
- Harald Welte <laforge@xxxxxxxxxxxxx> http://netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
[NETFILTER] x_tables: Fix XT_ALIGN() macro on [at least] ppc32

To keep backwards compatibility with old iptables userspace programs,
the new XT_ALIGN macro always has to return the same value as IPT_ALIGN,
IP6T_ALIGN or ARPT_ALIGN in previous kernels.

However, in those kernels the macro was defined in dependency to the
respective layer3 specifi data structures, which we can no longer do with
x_tables.

The fix is an ugly kludge, but it has been tested to solve the problem. Yet
another reason to move away from the current {ip,ip6,arp,eb}tables like
data structures.

Signed-off-by: Harald Welte <laforge@xxxxxxxxxxxxx>

---
commit 470faeb379560fe877b685ca69be6a7e4f0e91ed
tree 5732ecd9bcab28469805752514e5c57ba26189a1
parent 44718bbfa186d58477163418d37df173aa2dd079
author Harald Welte <laforge@xxxxxxxxxxxxx> Fri, 20 Jan 2006 01:44:24 +0100
committer Harald Welte <laforge@xxxxxxxxxxxxx> Fri, 20 Jan 2006 01:44:24 +0100

include/linux/netfilter/x_tables.h | 15 ++++++++++++++-
1 files changed, 14 insertions(+), 1 deletions(-)

diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 472f048..65f9cd8 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -19,7 +19,20 @@ struct xt_get_revision
/* For standard target */
#define XT_RETURN (-NF_REPEAT - 1)

-#define XT_ALIGN(s) (((s) + (__alignof__(void *)-1)) & ~(__alignof__(void *)-1))
+/* this is a dummy structure to find out the alignment requirement for a struct
+ * containing all the fundamental data types that are used in ipt_entry, ip6t_entry
+ * and arpt_entry. This sucks, and it is a hack. It will be my personal pleasure
+ * to remove it -HW */
+struct _xt_align
+{
+ u_int8_t u8;
+ u_int16_t u16;
+ u_int32_t u32;
+ u_int64_t u64;
+};
+
+#define XT_ALIGN(s) (((s) + (__alignof__(struct _xt_align)-1)) \
+ & ~(__alignof__(struct _xt_align)-1))

/* Standard return verdict, or do jump. */
#define XT_STANDARD_TARGET ""

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Rod Morison: "mptable irq info wrong on Tyan S5112, need advice"
Previous message: Helge Hafting: "Re: sched_yield() makes OpenLDAP slow"
In reply to: Jiri Slaby: "Re: 2.6.16-rc1-mm3 / netfilter / firehol problems?"
Next in thread: Peter Williams: "[BUG] Invalid sleeping function call in 2.6.16-rc1-mm3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]