netfilter: xt_CT: fix usersize for v1 and v2 revision

While resurrecting the conntrack-tool test cases I found following bug:
In:
iptables -I OUTPUT -t raw -p 13 -j CT --timeout test-generic
Out:
[0:0] -A OUTPUT -p 13 -j CT --timeout test

Data after first four bytes of the timeout policy name is never
copied to userspace because its treated as kernel-only.

Fixes: ec2318904965 ("xtables: extend matches and targets with .usersize")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c
index 498f5871c84a0efd3e2498fc4da10ece1b150db9..d2aeacf94230f8970ce86ed14e548a320ebb3df9 100644 (file)
--- a/net/netfilter/xt_CT.c
+++ b/net/netfilter/xt_CT.c
@@ -354,7 +354,7 @@ static struct xt_target xt_ct_tg_reg[] __read_mostly = {
                .family         = NFPROTO_IPV4,
                .revision       = 1,
                .targetsize     = sizeof(struct xt_ct_target_info_v1),
-               .usersize       = offsetof(struct xt_ct_target_info, ct),
+               .usersize       = offsetof(struct xt_ct_target_info_v1, ct),
                .checkentry     = xt_ct_tg_check_v1,
                .destroy        = xt_ct_tg_destroy_v1,
                .target         = xt_ct_target_v1,
@@ -366,7 +366,7 @@ static struct xt_target xt_ct_tg_reg[] __read_mostly = {
                .family         = NFPROTO_IPV4,
                .revision       = 2,
                .targetsize     = sizeof(struct xt_ct_target_info_v1),
-               .usersize       = offsetof(struct xt_ct_target_info, ct),
+               .usersize       = offsetof(struct xt_ct_target_info_v1, ct),
                .checkentry     = xt_ct_tg_check_v2,
                .destroy        = xt_ct_tg_destroy_v1,
                .target         = xt_ct_target_v1,
@@ -398,7 +398,7 @@ static struct xt_target xt_ct_tg_reg[] __read_mostly = {
                .family         = NFPROTO_IPV6,
                .revision       = 1,
                .targetsize     = sizeof(struct xt_ct_target_info_v1),
-               .usersize       = offsetof(struct xt_ct_target_info, ct),
+               .usersize       = offsetof(struct xt_ct_target_info_v1, ct),
                .checkentry     = xt_ct_tg_check_v1,
                .destroy        = xt_ct_tg_destroy_v1,
                .target         = xt_ct_target_v1,
@@ -410,7 +410,7 @@ static struct xt_target xt_ct_tg_reg[] __read_mostly = {
                .family         = NFPROTO_IPV6,
                .revision       = 2,
                .targetsize     = sizeof(struct xt_ct_target_info_v1),
-               .usersize       = offsetof(struct xt_ct_target_info, ct),
+               .usersize       = offsetof(struct xt_ct_target_info_v1, ct),
                .checkentry     = xt_ct_tg_check_v2,
                .destroy        = xt_ct_tg_destroy_v1,
                .target         = xt_ct_target_v1,