On 4/9/26 16:18, Florian Westphal wrote:
Gustavo A. R. Silva <[email protected]> wrote:diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index b39017c80548..9dd5957d9ed4 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -819,13 +819,15 @@ EXPORT_SYMBOL_GPL(xt_compat_match_to_user); /* non-compat version may have padding after verdict */ struct compat_xt_standard_target { - struct compat_xt_entry_target t; - compat_uint_t verdict; + TRAILING_OVERLAP(struct compat_xt_entry_target, t, data, + compat_uint_t verdict; + ); }; struct compat_xt_error_target { - struct compat_xt_entry_target t; - char errorname[XT_FUNCTION_MAXNAMELEN]; + TRAILING_OVERLAP(struct compat_xt_entry_target, t, data, + char errorname[XT_FUNCTION_MAXNAMELEN]; + ); }; You tell me what you prefer.I have no strong opinion. This compat code is needed to run 32bit iptables binaries on a 64 bit host, not many users these days I think. I still hope we can remove this eventually. But as the above diff is smaller I would prefer it.
Okay; I'll submit this as v3 then. Thanks for the feedback, -Gustavo
