[BUG] ipt_SAME rule can't be deleted
hno at marasystems.com
Tue Dec 7 16:47:26 CET 2004
On Tue, 7 Dec 2004, Pablo Neira wrote:
> In iptables, target_difference() complains because, in the case of ipt_same,
> iparray isn't NULL. Same thing with iplimit. I think that in pkttables we
> need a private info part for match/targets which is not shared with user
As already pointed out iptables actually have a similar concept, but the
kernel data must be at the end, and userspace must know the total size to
allocate it properly within the table..
limit uses this correctly.
SAME does not.
In addition, pointers is hazardous as the opinion on the size may differ
between kernel and userland on certain architectures. Only fixed size
items should be used in iptables target/match info structures. C unions
can make this somewhat manageable.
More information about the netfilter-devel