On Wed, Sep 03, 2003 at 08:04:26PM -0700, David S. Miller wrote:
> On Tue, 2 Sep 2003 21:16:41 +0200
> Bart De Schuymer <bdschuym@xxxxxxxxxx> wrote:
>
> > On Tuesday 02 September 2003 16:30, Arnaldo Carvalho de Melo wrote:
> > > The 1.786.1.54 changeset (i.e. the initial ipt_physdev.c one 8) created
> >
> > Does this fix it?
>
> You can't use this fix. This header and structure are used by
> userspace and "unsigned long" can be a different size in the
> kernel than it is in user space.
>
> Please, just remove the super-silly memcmp() optimization in
> the ipt_physdev.c code.
Dave, the respective code in ipt_physdev.c seems to be copied from
the ip_tables.c interface name match (which definitely has the same
alignment issues, btw).
The problem is that it is _not_ a simple reimplementation of memcmp(),
but a mask-compare.
People can do stuff like "-i ppp+", meaning that traffic from all
interfaces called "ppp<WHATEVER>" are matched.
--
- Harald Welte <laforge@xxxxxxxxxxxxx> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
pgpjGzQi5fuk2.pgp
Description: PGP signature
|