In linux-2.4.20-r7/include/linux/netfilter_ipv4/ip_conntrack_tuple.h there is: union ip_conntrack_manip_proto { /* Add other protocols here. */ u_int32_t all; struct { u_int16_t port; } tcp; struct { u_int16_t port; } udp; struct { u_int16_t id; } icmp; struct { u_int32_t key; } gre; }; Compare this with a vanilla 2.4 kernel: union ip_conntrack_manip_proto { /* Add other protocols here. */ u_int16_t all; struct { u_int16_t port; } tcp; struct { u_int16_t port; } udp; struct { u_int16_t id; } icmp; }; Notice how the gentoo struct is 2 bytes bigger? This structure is used by iptables. An iptables compiled against a vanilla kernel will not work properly (in some obscure cases involving masquerade) when used with a gentoo kernel, and vice versa. The gentoo structure also differs from that shipped by gentoo under /usr/include/linux. Does gre really need 32 bits? Reproducible: Always Steps to Reproduce: 1. 2. 3.
The extra 2 bytes are needed by gre. Any userland tool that is compiled against a specific kernel will always be fragile when upgrading kernels. Especially something like IPTables which references a lot of the Assembler directives.
Are there any more comments on this from the reporter? Is this still relevant?
Closing. Been too long with no response. There really isn't a point to this being open anymore.
