netfilter buglog - Jul 2011 - [Bug 728] New: ip_tables: limit match: invalid size 40!=48

http://bugzilla.netfilter.org/show_bug.cgi?id=728

           Summary: ip_tables: limit match: invalid size 40!=48
           Product: netfilter/iptables
           Version: linux-2.6.x
          Platform: mips64
        OS/Version: Debian GNU/Linux
            Status: NEW
          Severity: critical
          Priority: P2
         Component: ip_tables (kernel)
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: wensy1009 at sina.com
   Estimated Hours: 0.0


I cross compiled iptables for mips(64bit) architecture and tried running
iptables in pizzabox.my linux kernel is 2.6.32,first use iptables 1.4.4,after
that i try iptables 1.4.11, problem still be there.when i set first entry which
has limit match,the value off=8(xt_compat_match_offset(match)) in function
xt_compat_match_from_user. After that ,i input another rule,it tells me
"iptables: Invalid argument". dmesg tell me "ip_tables: limit
match: invalid
size 40!=48 "
i open the DEBUG_IP_FIREWALL_USER in ip_tables.c,and add some print
information.
can you tell me how to fix this bug? 


=================print information:
$./iptables -A INPUT -p icmp -m limit --limit  6/m --limit-burst 7 -j ACCEPT
===print infromation:
t->private->number = 7
fun_into_compat_do_ipt_set_ctl
compat_do_replace_copy_from_user
copy from user:name filter,valid_hooks 14,number entries8,size
1480,hood_entry[5]:00100011520,underflow[5]:0848100011520,num_counters:7,counters:268608936,..
tmp.size:1480
fun_translate_compat_table
translate_compat_table: size 1480
check_compat_entry_size_and_hooks a8000000019e8000
check_compat_entry_size_and_hooks a8000000019e80e8
check_compat_entry_size_and_hooks a8000000019e81b0
check_compat_entry_size_and_hooks a8000000019e8278
check_compat_entry_size_and_hooks a8000000019e8350
check_compat_entry_size_and_hooks a8000000019e83e8
check_compat_entry_size_and_hooks a8000000019e8480
check_compat_entry_size_and_hooks a8000000019e8518
Finished chain 1
Finished chain 2
Finished chain 3
xt_table_newinfo:size1488,number8,initial_entries0,hookentry[5]:00100811600,underflow[5]:0856100811600..
newinfo->size:1488,i:8,ret:0
ret:0,tmp.valid_hooks:14,tmp.size:1480,tmp.num_entries:8compat_do_replace:
Translated table
do_replace: oldnum=7, initnum=4, newnum=8

$./iptables -N syn_flood  
=========than print Ivalid arguments
t->private->number = 8
fun_into_compat_do_ipt_set_ctl
compat_do_replace_copy_from_user
copy from user:name filter,valid_hooks 14,number entries10,size
1816,hood_entry[5]:00100811600,underflow[5]:0856100811600,num_counters:8,counters:268608600,..
tmp.size:1816
fun_translate_compat_table
translate_compat_table: size 1816
check_compat_entry_size_and_hooks a8000000019e8800
check_compat_entry_size_and_hooks a8000000019e88e8
check_compat_entry_size_and_hooks a8000000019e89b0
check_compat_entry_size_and_hooks a8000000019e8a78
check_compat_entry_size_and_hooks a8000000019e8b58
check_compat_entry_size_and_hooks a8000000019e8bf0
check_compat_entry_size_and_hooks a8000000019e8c88
check_compat_entry_size_and_hooks a8000000019e8d20
check_compat_entry_size_and_hooks a8000000019e8dd0
check_compat_entry_size_and_hooks a8000000019e8e68
Finished chain 1
Finished chain 2
Finished chain 3
ip_tables: limit match: invalid size 40 != 48
ip_tables: check failed for `par.match->name'.
xt_table_newinfo:size1824,number10,initial_entries0,hookentry[5]:00101611680,underflow[5]:0864101611680..
newinfo->size:1824,i:3,ret:-22
ret:-22,tmp.valid_hooks:14,tmp.size:1816,tmp.num_entries:10
compat_do_replace
compat_do_ipt_set_ctl_end,ret:-22


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

http://bugzilla.netfilter.org/show_bug.cgi?id=728


Jan Engelhardt <jengelh at medozas.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jengelh at medozas.de




--- Comment #1 from Jan Engelhardt <jengelh at medozas.de>  2011-07-21
11:53:09 ---
Are you combining a 64-bit userspace with a 32-bit kernel or something?


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

http://bugzilla.netfilter.org/show_bug.cgi?id=728





--- Comment #2 from huwenxin <wensy1009 at sina.com>  2011-07-21 13:03:51
---
(In reply to comment #1)
> Are you combining a 64-bit userspace with a 32-bit kernel or something?
> i used 32-bit userspace with a 64-bit kernel mips architecture.

-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

http://bugzilla.netfilter.org/show_bug.cgi?id=728





--- Comment #3 from Jan Engelhardt <jengelh at medozas.de>  2011-07-21
15:42:55 ---
Outputting 48 at all is highly surprising. Please compile and run cctypeinfo
from the hxtools distribution:
http://dev.medozas.de/gitweb.cgi?p=hxtools;a=blob;f=sdevel/cctypeinfo.c;hb=HEAD


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

http://bugzilla.netfilter.org/show_bug.cgi?id=728


Jan Engelhardt <jengelh at medozas.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WORKSFORME




-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.