On 12/05/2016 04:35 PM, Blanquicet-Melendez Jose (MM) wrote:
>> iptables already implements a function to get struct
>> pointer from a struct ipt_entry pointer in iptables.h:
>> static __inline__ struct xt_entry_target *
>> ipt_get_target(struct ipt_entry *e)
>> return (void *)e + e->target_offset;
>> Then, two of the error could be solve doing this:
>> - error = (struct error_target *) entry_head->elems;
>> + error = (struct error_target *) ipt_get_target(entry_head);
>> - standard = (struct ipt_standard_target *) entry_return->elems;
>> + standard = (struct ipt_standard_target *)
>> Do you agree?
> That make sense.
However, analyzing better, ipt_get_target() will return a different
offset than what is currently done (Access directly entry_head->elems).
According to comments in iptables source code, in the variable elems of
ipt_entry struct, the matches (if any) are stored first and then the
target. Therefore, either current implementation is wrong because we are
accessing the memory space where is stored the matches and not the
target, or I am missing something and I misunderstood this.
I haven't looked too closely so the error is more likely on my side. It
was tricky to get it working in the first place. So I am not surprised
that there are subtle bugs still in there. That was the one of the main
motivation to add the nftable based code for this. So if you can switch
to nftables you don't have to fight this iptable crap. Obviously, we
need to get Marcel doing a release first. That reminds me to ping him on
this matter again :)
> I wont have time to spin a patches today. So I don't mind of
you send fixes
> instead :)
Even fixing these error as we discussed, there are more cast-align
errors when compilation goes forward. I thought these new errors could
be quickly fixed but it seems they could not and unfortunately I do not
have more time to continue digging in this. I apologize, but I have to
postponed this activity.
No problem. It wont run away.