lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:	Fri, 2 May 2014 13:05:07 -0600
From:	Sharat Masetty <sharat04@...il.com>
To:	Linux Netdev List <netdev@...r.kernel.org>
Subject: ebtables issue in compat mode

I am seeing a problem when running ebtables in 32bit userspace and 64
bit kernel space mode.

The command I am trying to run is
ebtables -t broute -A BROUTING -p IPv4 -j DROP

Here is the log message I am seeing in userspace

The message (http://sourceforge.net/p/ebtables/code/ci/master/tree/userspace/ebtables2/communication.c
Line 243) in userspace is

        ebt_print_error("Unable to update the kernel. Two possible causes:\n"

                       "1. Multiple ebtables programs were executing
simultaneously. The ebtables\n"

                       "   userspace tool doesn't by default support
multiple ebtables programs running\n"

                       "   concurrently. The ebtables option
--concurrent or a tool like flock can be\n"

                       "   used to support concurrent scripts that
update the ebtables kernel tables.\n"

                       "2. The kernel doesn't support a certain
ebtables extension, consider\n"

                       "   recompiling your kernel or insmod the extension.\n");

I noticed that setsockopt() is failing . The message is also printed
in kernel – Standard target size too big . This occurs because there
is a mismatch in the size of the structures ebt_standard_target which
is 48 bytes in kernel and 40 bytes in userspace.
We are using a 3.10.0 kernel version which has CONFIG_COMPAT enabled.
The ebtables version is 2.0.10-4.  This is arm 63/32 not x86.


Here is where it is failing exactly, in check_chainloops() function in
ebtables.c in the kernel

if (e->target_offset + sizeof(struct ebt_standard_target) >
e->next_offset) {
BUGPRINT("Standard target size too big\n");
return -1;
}


Thanks
Sharat
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists