Hi Daniel,
>> I tried to figure out how to solve this. It seems the
canonical
>> way according the man pages is to use a cast like:
>>
>> - if (expired == 0xffffffff)
>> + if (expired == (time_t)0xffffffff)
>>
>> Wouldn't mind if someone with more knowledge could answer this question.
>
>
> Indeed, that is why I replied to this patch; maybe Patrik or Feng
> Wang could tell us if that casting could impact the normal behavior of
> this
> patch because I also thought the same solution but I do not actually
> know the context of this patch.
Well, it seem we both are not really sound in the casting theory here. Maybe
have a look at the resulting assembly. If our assumption is correct, I would
expect the same assembly.
> iptables already implements a function to get struct xt_entry_target
> pointer from a struct ipt_entry pointer in iptables.h:
>
> static __inline__ struct xt_entry_target *
> ipt_get_target(struct ipt_entry *e)
> {
> return (void *)e + e->target_offset;
> }
>
> Then, two of the error could be solve doing this:
>
> - error = (struct error_target *) entry_head->elems;
> + error = (struct error_target *) ipt_get_target(entry_head);
>
> - standard = (struct ipt_standard_target *) entry_return->elems;
> + standard = (struct ipt_standard_target *)
> ipt_get_target(entry_return);
>
> Do you agree?
That make sense.
However, analyzing better, ipt_get_target() will return a different offset than what is
currently done (Access directly entry_head->elems). According to comments in iptables
source code, in the variable elems of ipt_entry struct, the matches (if any) are stored
first and then the target. Therefore, either current implementation is wrong because we
are accessing the memory space where is stored the matches and not the target, or I am
missing something and I misunderstood this.
> On the other hand, to get the struct xt_entry_match pointer
from
> ipt_entry we could follow the same approach by defining a function like
> this:
>
> static __inline__ struct xt_entry_match *ipt_get_match(struct ipt_entry
> *e)
> {
> return (void *)e->elems;
> }
>
> What do you think? I would really appreciate if someone with much
> more knowledge on this could test those ideas or suggest a possible
> solution.
> In fact, I am not completely sure if this is actually an alignment
> problem or only a casting problem because of different struct type.
Yes, let's add this helper function as is defined in iptables.h. Best thing
we can do is mimic what iptables does. The 'API' is pretty hard to get
right, so it's better to be as close iptables as possible. That code should
be okay in respect to alignment.
I wont have time to spin a patches today. So I don't mind of you send fixes
instead :)
Even fixing these error as we discussed, there are more cast-align errors when compilation
goes forward. I thought these new errors could be quickly fixed but it seems they could
not and unfortunately I do not have more time to continue digging in this. I apologize,
but I have to postponed this activity.
Cheers,
Jose Blanquicet
VISITA IL NOSTRO SITO WEB! - VISIT OUR WEB SITE!
www.magnetimarelli.com Confidential
Notice: This message - including its attachments - may contain proprietary, confidential
and/or legally protected information and is intended solely for the use of the designated
addressee(s) above. If you are not the intended recipient be aware that any downloading,
copying, disclosure, distribution or use of the contents of the above information is
strictly prohibited. If you have received this communication by mistake, please forward
the message back to the sender at the email address above, delete the message from all
mailboxes and any other electronic storage medium and destroy all copies. Disclaimer
Notice: Internet communications cannot be guaranteed to be safe or error-free. Therefore
we do not assure that this message is complete or accurate and we do not accept liability
for any errors or omissions in the contents of this message.