ipt_error_target in kernel difers from that in user space and causing "ip_tables: ERROR target: invalid size 30 != 32"

David Wu davidwu at arcturusnetworks.com
Wed Apr 4 21:32:54 CEST 2007


Hello all,

I came across this problem when runing iptables-1.3.7 on 2.6.19 and 2.6.20  
kernel(MCF5329):
    ip_tables: ERROR target: invalid size 30 != 32
which comes from:
         xt_check_target() (net/netfilter/x_tables.c)

         if (XT_ALIGN(target->targetsize) != size) {
                 printk("%s_tables: %s target: invalid size %Zu != %u\n",
                        xt_prefix[family], target->name,
                        XT_ALIGN(target->targetsize), size);
                 return -EINVAL;
         }

I noticed that in libiptc/libiptc.c(iptables-1.3.7) ipt_error_target is  
defined as:
    struct ipt_error_target
    {
         STRUCT_ENTRY_TARGET t;
         char error[TABLE_MAXNAMELEN];
    };

while in the kernel it defined as:
    struct ipt_error_target
    {
         struct ipt_entry_target target;
         char errorname[IPT_FUNCTION_MAXNAMELEN];
    };

in net/ipv4/netfilter/ip_tables.c there is another:
    static struct ipt_target ipt_error_target = {
         .name           = IPT_ERROR_TARGET,
         .target         = ipt_error,
         .targetsize     = IPT_FUNCTION_MAXNAMELEN,
         .family         = AF_INET,
    };

TABLE_MAXNAMELEN and IPT_FUNCTION_MAXNAMELEN are not equal!!!

Is this a bug? Who can tell me which one is correct?

thanks,

-- 
David
davidwu at arcturusnetworks.com



More information about the netfilter mailing list